Lumosviridi v20 kubernetes updates (#6356)

Updates for v20+ and misc terraform bug fixes. Also refactored to use terraform variables instead of locals which helps with readability and ease of use for new users. Terraform validation is currently passing: ![Screenshot 2024-07-21 at 13 18 37](https://github.com/user-attachments/assets/02aadc2d-d3f6-4e8b-9315-64e25191d9e6) Additionally added [terraform-docs](https://terraform-docs.io/) to generate a more helpful README for terraform specific configuration. Raw K8s manifests were updated with changes for v20+ as well. --------- Co-authored-by: Félix Malfait <felix.malfait@gmail.com>
2025-10-29 20:02:29 +00:00 · 2024-08-08 06:55:45 -05:00
parent 74229a80c8
commit c3bf94e4cc
19 changed files with 484 additions and 79 deletions
--- a/packages/twenty-docker/k8s/manifests/deployment-db.yaml
+++ b/packages/twenty-docker/k8s/manifests/deployment-db.yaml
@@ -37,8 +37,8 @@ spec:
        ports:
        - containerPort: 5432
          name: tcp
-          protocol: TCP    
-        resources: 
+          protocol: TCP
+        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
--- a/packages/twenty-docker/k8s/manifests/deployment-server.yaml
+++ b/packages/twenty-docker/k8s/manifests/deployment-server.yaml
@@ -31,6 +31,8 @@ spec:
          value: 3000
        - name: SERVER_URL
          value: "https://crm.example.com:443"
+        - name: FRONT_BASE_URL
+          value: "https://crm.example.com:443"
        - name: PG_DATABASE_URL
          value: "postgres://twenty:twenty@twenty-db.twentycrm.svc.cluster.local/default"
        - name: ENABLE_DB_MIGRATIONS
@@ -39,6 +41,8 @@ spec:
          value: "true"
        - name: STORAGE_TYPE
          value: "local"
+        - name: "MESSAGE_QUEUE_TYPE"
+          value: "pg-boss"
        - name: ACCESS_TOKEN_SECRET
          valueFrom:
            secretKeyRef:
@@ -65,8 +69,8 @@ spec:
        ports:
        - containerPort: 3000
          name: http-tcp
-          protocol: TCP    
-        resources: 
+          protocol: TCP
+        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
@@ -76,6 +80,8 @@ spec:
        stdin: true
        tty: true
        volumeMounts:
+        - mountPath: /app/docker-data
+          name: twentycrm-server-data
        - mountPath: /app/.local-storage
          name: twentycrm-server-data
      dnsPolicy: ClusterFirst
--- a/packages/twenty-docker/k8s/manifests/deployment-worker.yaml
+++ b/packages/twenty-docker/k8s/manifests/deployment-worker.yaml
@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: twentycrm-worker
+  name: twentycrm-worker
+  namespace: twentycrm
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: twentycrm-worker
+  template:
+    metadata:
+      labels:
+        app: twentycrm-worker
+    spec:
+      volumes:
+      - name: twentycrm-worker-data
+        persistentVolumeClaim:
+          claimName: twentycrm-worker-pvc
+      containers:
+      - env:
+        - name: SERVER_URL
+          value: "https://crm.example.com:443"
+        - name: FRONT_BASE_URL
+          value: "https://crm.example.com:443"
+        - name: PG_DATABASE_URL
+          value: "postgres://twenty:twenty@twenty-db.twentycrm.svc.cluster.local/default"
+        - name: ENABLE_DB_MIGRATIONS
+          value: "false" # it already runs on the server
+        - name: STORAGE_TYPE
+          value: "local"
+        - name: "MESSAGE_QUEUE_TYPE"
+          value: "pg-boss"
+        - name: ACCESS_TOKEN_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: tokens
+              key: accessToken
+        - name: LOGIN_TOKEN_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: tokens
+              key: loginToken
+        - name: REFRESH_TOKEN_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: tokens
+              key: refreshToken
+        - name: FILE_TOKEN_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: tokens
+              key: fileToken
+      - image: twentycrm/twenty:latest
+        imagePullPolicy: Always
+        name: twentycrm
+        command:
+        - yarn
+        - worker:prod
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "1024Mi"
+            cpu: "1000m"
+        stdin: true
+        tty: true
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
--- a/packages/twenty-docker/k8s/manifests/ingress.yaml
+++ b/packages/twenty-docker/k8s/manifests/ingress.yaml
@@ -20,5 +20,5 @@ spec:
        backend:
          service:
            name: twentycrm-server
-            port: 
+            port:
              name: http-tcp
--- a/packages/twenty-docker/k8s/terraform/.terraform-docs.yml
+++ b/packages/twenty-docker/k8s/terraform/.terraform-docs.yml
@@ -0,0 +1,48 @@
+formatter: "markdown table" # this is required
+
+version: ""
+
+header-from: main.tf
+
+recursive:
+  enabled: false
+  path: modules
+
+output:
+  file: "README.md"
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    # TwentyCRM Terraform Docs
+
+    This file was generated by [terraform-docs](https://terraform-docs.io/), for more information on how to install, configure and use visit their website.
+
+    To update this `README.md` after changes to the Terraform code in this folder, run: `terraform-docs .`
+
+    To make configuration changes to how this doc is generated, see `./.terraform-docs.yml`
+    
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  from: "outputs.tf"
+
+sort:
+  enabled: true
+  by: required
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: true
+  escape: true
+  hide-empty: true
+  html: true
+  indent: 2
+  lockfile: true
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true
--- a/packages/twenty-docker/k8s/terraform/README.md
+++ b/packages/twenty-docker/k8s/terraform/README.md
@@ -0,0 +1,64 @@
+<!-- BEGIN_TF_DOCS -->
+# TwentyCRM Terraform Docs
+
+This file was generated by [terraform-docs](https://terraform-docs.io/), for more information on how to install, configure and use visit their website.
+
+To update this `README.md` after changes to the Terraform code in this folder, run: `terraform-docs .`
+
+To make configuration changes to how this doc is generated, see `./.terraform-docs.yml`
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.2 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.31.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.31.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [kubernetes_deployment.twentycrm_db](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
+| [kubernetes_deployment.twentycrm_server](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
+| [kubernetes_deployment.twentycrm_worker](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
+| [kubernetes_ingress.twentycrm](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress) | resource |
+| [kubernetes_namespace.twentycrm](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_persistent_volume.db](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume) | resource |
+| [kubernetes_persistent_volume.server](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume) | resource |
+| [kubernetes_persistent_volume_claim.db](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim) | resource |
+| [kubernetes_persistent_volume_claim.server](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim) | resource |
+| [kubernetes_secret.twentycrm_tokens](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [kubernetes_service.twentycrm_db](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service) | resource |
+| [kubernetes_service.twentycrm_server](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_twentycrm_app_hostname"></a> [twentycrm\_app\_hostname](#input\_twentycrm\_app\_hostname) | The protocol, DNS fully qualified hostname, and port used to access TwentyCRM in your environment. Ex: https://crm.example.com:443 | `string` | n/a | yes |
+| <a name="input_twentycrm_pgdb_admin_password"></a> [twentycrm\_pgdb\_admin\_password](#input\_twentycrm\_pgdb\_admin\_password) | TwentyCRM password for postgres database. | `string` | n/a | yes |
+| <a name="input_twentycrm_token_accessToken"></a> [twentycrm\_token\_accessToken](#input\_twentycrm\_token\_accessToken) | TwentyCRM access Token | `string` | n/a | yes |
+| <a name="input_twentycrm_token_fileToken"></a> [twentycrm\_token\_fileToken](#input\_twentycrm\_token\_fileToken) | TwentyCRM file Token | `string` | n/a | yes |
+| <a name="input_twentycrm_token_loginToken"></a> [twentycrm\_token\_loginToken](#input\_twentycrm\_token\_loginToken) | TwentyCRM login Token | `string` | n/a | yes |
+| <a name="input_twentycrm_token_refreshToken"></a> [twentycrm\_token\_refreshToken](#input\_twentycrm\_token\_refreshToken) | TwentyCRM refresh Token | `string` | n/a | yes |
+| <a name="input_twentycrm_app_name"></a> [twentycrm\_app\_name](#input\_twentycrm\_app\_name) | A friendly name prefix to use for every component deployed. | `string` | `"twentycrm"` | no |
+| <a name="input_twentycrm_db_image"></a> [twentycrm\_db\_image](#input\_twentycrm\_db\_image) | TwentyCRM image for database deployment. This defaults to latest. | `string` | `"twentycrm/twenty-postgres:latest"` | no |
+| <a name="input_twentycrm_db_pv_capacity"></a> [twentycrm\_db\_pv\_capacity](#input\_twentycrm\_db\_pv\_capacity) | Storage capacity provisioned for database persistent volume. | `string` | `"10Gi"` | no |
+| <a name="input_twentycrm_db_pv_path"></a> [twentycrm\_db\_pv\_path](#input\_twentycrm\_db\_pv\_path) | Local path to use to store the physical volume if using local storage on nodes. | `string` | `""` | no |
+| <a name="input_twentycrm_db_pvc_requests"></a> [twentycrm\_db\_pvc\_requests](#input\_twentycrm\_db\_pvc\_requests) | Storage capacity reservation for database persistent volume claim. | `string` | `"10Gi"` | no |
+| <a name="input_twentycrm_db_replicas"></a> [twentycrm\_db\_replicas](#input\_twentycrm\_db\_replicas) | Number of replicas for the TwentyCRM database deployment. This defaults to 1. | `number` | `1` | no |
+| <a name="input_twentycrm_namespace"></a> [twentycrm\_namespace](#input\_twentycrm\_namespace) | Namespace for all TwentyCRM resources | `string` | `"twentycrm"` | no |
+| <a name="input_twentycrm_server_data_mount_path"></a> [twentycrm\_server\_data\_mount\_path](#input\_twentycrm\_server\_data\_mount\_path) | TwentyCRM mount path for servers application data. Defaults to '/app/docker-data'. | `string` | `"/app/docker-data"` | no |
+| <a name="input_twentycrm_server_image"></a> [twentycrm\_server\_image](#input\_twentycrm\_server\_image) | TwentyCRM server image for the server deployment. This defaults to latest. This value is also used for the workers image. | `string` | `"twentycrm/twenty:latest"` | no |
+| <a name="input_twentycrm_server_pv_capacity"></a> [twentycrm\_server\_pv\_capacity](#input\_twentycrm\_server\_pv\_capacity) | Storage capacity provisioned for server persistent volume. | `string` | `"10Gi"` | no |
+| <a name="input_twentycrm_server_pv_path"></a> [twentycrm\_server\_pv\_path](#input\_twentycrm\_server\_pv\_path) | Local path to use to store the physical volume if using local storage on nodes. | `string` | `""` | no |
+| <a name="input_twentycrm_server_pvc_requests"></a> [twentycrm\_server\_pvc\_requests](#input\_twentycrm\_server\_pvc\_requests) | Storage capacity reservation for server persistent volume claim. | `string` | `"10Gi"` | no |
+| <a name="input_twentycrm_server_replicas"></a> [twentycrm\_server\_replicas](#input\_twentycrm\_server\_replicas) | Number of replicas for the TwentyCRM server deployment. This defaults to 1. | `number` | `1` | no |
+| <a name="input_twentycrm_worker_replicas"></a> [twentycrm\_worker\_replicas](#input\_twentycrm\_worker\_replicas) | Number of replicas for the TwentyCRM worker deployment. This defaults to 1. | `number` | `1` | no |
+<!-- END_TF_DOCS -->
--- a/packages/twenty-docker/k8s/terraform/deployment-db.tf
+++ b/packages/twenty-docker/k8s/terraform/deployment-db.tf
@@ -1,17 +1,17 @@
 resource "kubernetes_deployment" "twentycrm_db" {
  metadata {
-    name      = "${local.twentycrm_app_name}-db"
+    name      = "${var.twentycrm_app_name}-db"
    namespace = kubernetes_namespace.twentycrm.metadata.0.name
    labels = {
-      app = "${local.twentycrm_app_name}-db"
+      app = "${var.twentycrm_app_name}-db"
    }
  }

  spec {
-    replicas = 1
+    replicas = var.twentycrm_db_replicas
    selector {
      match_labels = {
-        app = "${local.twentycrm_app_name}-db"
+        app = "${var.twentycrm_app_name}-db"
      }
    }

@@ -26,17 +26,14 @@ resource "kubernetes_deployment" "twentycrm_db" {
    template {
      metadata {
        labels = {
-          app = "${local.twentycrm_app_name}-db"
+          app = "${var.twentycrm_app_name}-db"
        }
      }

      spec {
-        # security_context {
-        #   fs_group = 0
-        # }
        container {
-          image = local.twentycrm_db_image
-          name  = local.twentycrm_app_name
+          image = var.twentycrm_db_image
+          name  = var.twentycrm_app_name
          stdin = true
          tty   = true
          security_context {
@@ -45,7 +42,7 @@ resource "kubernetes_deployment" "twentycrm_db" {

          env {
            name  = "POSTGRES_PASSWORD"
-            value = "twenty"
+            value = var.twentycrm_pgdb_admin_password
          }
          env {
            name  = "BITNAMI_DEBUG"
@@ -69,16 +66,16 @@ resource "kubernetes_deployment" "twentycrm_db" {
          }

          volume_mount {
-            name       = "nfs-twentycrm-db-data"
+            name       = "db-data"
            mount_path = "/bitnami/postgresql"
          }
        }

        volume {
-          name = "nfs-twentycrm-db-data"
+          name = "db-data"

          persistent_volume_claim {
-            claim_name = "nfs-twentycrm-db-data-pvc"
+            claim_name = kubernetes_persistent_volume_claim.db.metadata.0.name
          }
        }

--- a/packages/twenty-docker/k8s/terraform/deployment-server.tf
+++ b/packages/twenty-docker/k8s/terraform/deployment-server.tf
@@ -1,17 +1,17 @@
 resource "kubernetes_deployment" "twentycrm_server" {
  metadata {
-    name      = "${local.twentycrm_app_name}-server"
+    name      = "${var.twentycrm_app_name}-server"
    namespace = kubernetes_namespace.twentycrm.metadata.0.name
    labels = {
-      app = "${local.twentycrm_app_name}-server"
+      app = "${var.twentycrm_app_name}-server"
    }
  }

  spec {
-    replicas = 1
+    replicas = var.twentycrm_server_replicas
    selector {
      match_labels = {
-        app = "${local.twentycrm_app_name}-server"
+        app = "${var.twentycrm_app_name}-server"
      }
    }

@@ -26,14 +26,14 @@ resource "kubernetes_deployment" "twentycrm_server" {
    template {
      metadata {
        labels = {
-          app = "${local.twentycrm_app_name}-server"
+          app = "${var.twentycrm_app_name}-server"
        }
      }

      spec {
        container {
-          image = local.twentycrm_server_image
-          name  = local.twentycrm_app_name
+          image = var.twentycrm_server_image
+          name  = var.twentycrm_app_name
          stdin = true
          tty   = true

@@ -54,22 +54,17 @@ resource "kubernetes_deployment" "twentycrm_server" {

          env {
            name  = "SERVER_URL"
-            value = "https://crm.example.com:443"
+            value = var.twentycrm_app_hostname
          }

          env {
            name  = "FRONT_BASE_URL"
-            value = "https://crm.example.com:443"
-          }
-
-          env {
-            name  = "BACKEND_SERVER_URL"
-            value = "https://crm.example.com:443"
+            value = var.twentycrm_app_hostname
          }

          env {
            name  = "PG_DATABASE_URL"
-            value = "postgres://twenty:twenty@twentycrm-db.twentycrm.svc.cluster.local/default"
+            value = "postgres://twenty:${var.twentycrm_pgdb_admin_password}@${var.twentycrm_app_name}-db.${kubernetes_namespace.twentycrm.metadata.0.name}.svc.cluster.local/default"
          }

          env {
@@ -86,7 +81,10 @@ resource "kubernetes_deployment" "twentycrm_server" {
            name  = "STORAGE_TYPE"
            value = "local"
          }
-
+          env {
+            name  = "MESSAGE_QUEUE_TYPE"
+            value = "pg-boss"
+          }
          env {
            name = "ACCESS_TOKEN_SECRET"
            value_from {
@@ -144,16 +142,16 @@ resource "kubernetes_deployment" "twentycrm_server" {
          }

          volume_mount {
-            name       = "nfs-twentycrm-server-data"
-            mount_path = "/app/.local-storage"
+            name       = "server-data"
+            mount_path = var.twentycrm_server_data_mount_path
          }
        }

        volume {
-          name = "nfs-twentycrm-server-data"
+          name = "server-data"

          persistent_volume_claim {
-            claim_name = "nfs-twentycrm-server-data-pvc"
+            claim_name = kubernetes_persistent_volume_claim.server.metadata.0.name
          }
        }

--- a/packages/twenty-docker/k8s/terraform/deployment-worker.tf
+++ b/packages/twenty-docker/k8s/terraform/deployment-worker.tf
@@ -0,0 +1,131 @@
+resource "kubernetes_deployment" "twentycrm_worker" {
+  metadata {
+    name      = "${var.twentycrm_app_name}-worker"
+    namespace = kubernetes_namespace.twentycrm.metadata.0.name
+    labels = {
+      app = "${var.twentycrm_app_name}-worker"
+    }
+  }
+
+  spec {
+    replicas = var.twentycrm_worker_replicas
+    selector {
+      match_labels = {
+        app = "${var.twentycrm_app_name}-worker"
+      }
+    }
+
+    strategy {
+      type = "RollingUpdate"
+      rolling_update {
+        max_surge       = "1"
+        max_unavailable = "1"
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          app = "${var.twentycrm_app_name}-worker"
+        }
+      }
+
+      spec {
+        container {
+          image   = var.twentycrm_server_image
+          name    = var.twentycrm_app_name
+          stdin   = true
+          tty     = true
+          command = ["yarn", "worker:prod"]
+
+          env {
+            name  = "SERVER_URL"
+            value = var.twentycrm_app_hostname
+          }
+
+          env {
+            name  = "FRONT_BASE_URL"
+            value = var.twentycrm_app_hostname
+          }
+
+          env {
+            name  = "PG_DATABASE_URL"
+            value = "postgres://twenty:${var.twentycrm_pgdb_admin_password}@${var.twentycrm_app_name}-db.${kubernetes_namespace.twentycrm.metadata.0.name}.svc.cluster.local/default"
+          }
+
+          env {
+            name  = "ENABLE_DB_MIGRATIONS"
+            value = "false" #it already runs on the server
+          }
+
+          env {
+            name  = "STORAGE_TYPE"
+            value = "local"
+          }
+          env {
+            name  = "MESSAGE_QUEUE_TYPE"
+            value = "pg-boss"
+          }
+
+          env {
+            name = "ACCESS_TOKEN_SECRET"
+            value_from {
+              secret_key_ref {
+                name = "tokens"
+                key  = "accessToken"
+              }
+            }
+          }
+
+          env {
+            name = "LOGIN_TOKEN_SECRET"
+            value_from {
+              secret_key_ref {
+                name = "tokens"
+                key  = "loginToken"
+              }
+            }
+          }
+
+          env {
+            name = "REFRESH_TOKEN_SECRET"
+            value_from {
+              secret_key_ref {
+                name = "tokens"
+                key  = "refreshToken"
+              }
+            }
+          }
+
+          env {
+            name = "FILE_TOKEN_SECRET"
+            value_from {
+              secret_key_ref {
+                name = "tokens"
+                key  = "fileToken"
+              }
+            }
+          }
+
+          resources {
+            requests = {
+              cpu    = "250m"
+              memory = "256Mi"
+            }
+            limits = {
+              cpu    = "1000m"
+              memory = "1024Mi"
+            }
+          }
+        }
+
+        dns_policy     = "ClusterFirst"
+        restart_policy = "Always"
+      }
+    }
+  }
+  depends_on = [
+    kubernetes_deployment.twentycrm_db,
+    kubernetes_secret.twentycrm_tokens
+  ]
+}
--- a/packages/twenty-docker/k8s/terraform/ingress.tf
+++ b/packages/twenty-docker/k8s/terraform/ingress.tf
@@ -1,7 +1,7 @@
 resource "kubernetes_ingress" "twentycrm" {
  wait_for_load_balancer = true
  metadata {
-    name      = "${local.twentycrm_app_name}-ingress"
+    name      = "${var.twentycrm_app_name}-ingress"
    namespace = kubernetes_namespace.twentycrm.metadata.0.name
    annotations = {
      "kubernetes.io/ingress.class"                       = "nginx"
@@ -15,7 +15,7 @@ resource "kubernetes_ingress" "twentycrm" {
  spec {
    ingress_class_name = "nginx"
    rule {
-      host = local.twentycrm_app_hostname
+      host = var.twentycrm_app_hostname
      http {
        path {
          path = "/*"
--- a/packages/twenty-docker/k8s/terraform/main.tf
+++ b/packages/twenty-docker/k8s/terraform/main.tf
@@ -5,32 +5,15 @@ provider "kubernetes" {
  config_path = "~/.kube/config"
 }

-#################
-# Global Locals #
-#################
-locals {
-  twentycrm_app_name            = "twentycrm"
-  twentycrm_app_hostname        = "crm.example.com"
-  twentycrm_server_image        = "twentycrm/twenty:v0.10.4"
-  twentycrm_db_image            = "twentycrm/twenty-postgres:v0.10.4"
-  twentycrm_db_pv_path          = "/path/to/mystorage"
-  twentycrm_db_pv_capacity      = "10Gi"
-  twentycrm_db_pvc_requests     = "10Gi"
-  twentycrm_server_pv_path      = "/path/to/mystorage"
-  twentycrm_server_pv_capacity  = "10Gi"
-  twentycrm_server_pvc_requests = "10Gi"
-}
-
 ####################
 # Terraform Config #
 ####################
 terraform {
-  required_version = ">= 1.7.4"
+  required_version = ">= 1.9.2"
  required_providers {
    kubernetes = {
      source  = "hashicorp/kubernetes"
-      version = ">= 2.23.0"
+      version = ">= 2.31.0"
    }
  }
-
 }
--- a/packages/twenty-docker/k8s/terraform/namespace.tf
+++ b/packages/twenty-docker/k8s/terraform/namespace.tf
@@ -1,9 +1,9 @@
 resource "kubernetes_namespace" "twentycrm" {
  metadata {
    annotations = {
-      name = "twentycrm"
+      name = var.twentycrm_namespace
    }

-    name = "twentycrm"
+    name = var.twentycrm_namespace
  }
 }
--- a/packages/twenty-docker/k8s/terraform/pv-db.tf
+++ b/packages/twenty-docker/k8s/terraform/pv-db.tf
@@ -1,18 +1,18 @@
 resource "kubernetes_persistent_volume" "db" {
  metadata {
-    name = "${local.twentycrm_app_name}-db-pv"
+    name = "${var.twentycrm_app_name}-db-pv"
  }
  spec {
    storage_class_name = "default"
    capacity = {
-      storage = local.twentycrm_db_pv_capacity
+      storage = var.twentycrm_db_pv_capacity
    }
    access_modes = ["ReadWriteOnce"]
-    # refer to Terraform Docs for your specific implementation requirements 
+    # refer to Terraform Docs for your specific implementation requirements
    # https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume
    persistent_volume_source {
      local {
-        path = local.twentycrm_db_pv_path
+        path = var.twentycrm_db_pv_path
      }
    }
  }
--- a/packages/twenty-docker/k8s/terraform/pv-server.tf
+++ b/packages/twenty-docker/k8s/terraform/pv-server.tf
@@ -1,18 +1,18 @@
 resource "kubernetes_persistent_volume" "server" {
  metadata {
-    name = "${local.twentycrm_app_name}-server-pv"
+    name = "${var.twentycrm_app_name}-server-pv"
  }
  spec {
    storage_class_name = "default"
    capacity = {
-      storage = local.twentycrm_server_pv_capacity
+      storage = var.twentycrm_server_pv_capacity
    }
    access_modes = ["ReadWriteOnce"]
-    # refer to Terraform Docs for your specific implementation requirements 
+    # refer to Terraform Docs for your specific implementation requirements
    # https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume
    persistent_volume_source {
      local {
-        path = local.twentycrm_server_pv_path
+        path = var.twentycrm_server_pv_path
      }
    }
  }
--- a/packages/twenty-docker/k8s/terraform/pvc-db.tf
+++ b/packages/twenty-docker/k8s/terraform/pvc-db.tf
@@ -1,13 +1,13 @@
 resource "kubernetes_persistent_volume_claim" "db" {
  metadata {
-    name      = "${local.twentycrm_app_name}-db-pvc"
+    name      = "${var.twentycrm_app_name}-db-pvc"
    namespace = kubernetes_namespace.twentycrm.metadata.0.name
  }
  spec {
    access_modes = ["ReadWriteOnce"]
    resources {
      requests = {
-        storage = local.twentycrm_db_pvc_requests
+        storage = var.twentycrm_db_pvc_requests
      }
    }
    volume_name = kubernetes_persistent_volume.db.metadata.0.name
--- a/packages/twenty-docker/k8s/terraform/pvc-server.tf
+++ b/packages/twenty-docker/k8s/terraform/pvc-server.tf
@@ -1,13 +1,13 @@
 resource "kubernetes_persistent_volume_claim" "server" {
  metadata {
-    name      = "${local.twentycrm_app_name}-server-pvc"
+    name      = "${var.twentycrm_app_name}-server-pvc"
    namespace = kubernetes_namespace.twentycrm.metadata.0.name
  }
  spec {
    access_modes = ["ReadWriteOnce"]
    resources {
      requests = {
-        storage = local.twentycrm_server_pvc_requests
+        storage = var.twentycrm_server_pvc_requests
      }
    }
    volume_name = kubernetes_persistent_volume.server.metadata.0.name
--- a/packages/twenty-docker/k8s/terraform/service-db.tf
+++ b/packages/twenty-docker/k8s/terraform/service-db.tf
@@ -1,11 +1,11 @@
 resource "kubernetes_service" "twentycrm_db" {
  metadata {
-    name      = "${local.twentycrm_app_name}-db"
+    name      = "${var.twentycrm_app_name}-db"
    namespace = kubernetes_namespace.twentycrm.metadata.0.name
  }
  spec {
    selector = {
-      app = "${local.twentycrm_app_name}-db"
+      app = "${var.twentycrm_app_name}-db"
    }
    session_affinity = "ClientIP"
    port {
--- a/packages/twenty-docker/k8s/terraform/service-server.tf
+++ b/packages/twenty-docker/k8s/terraform/service-server.tf
@@ -1,11 +1,11 @@
 resource "kubernetes_service" "twentycrm_server" {
  metadata {
-    name      = "${local.twentycrm_app_name}-server"
+    name      = "${var.twentycrm_app_name}-server"
    namespace = kubernetes_namespace.twentycrm.metadata.0.name
  }
  spec {
    selector = {
-      app = "${local.twentycrm_app_name}-server"
+      app = "${var.twentycrm_app_name}-server"
    }
    session_affinity = "ClientIP"
    port {
--- a/packages/twenty-docker/k8s/terraform/variables.tf
+++ b/packages/twenty-docker/k8s/terraform/variables.tf
@@ -1,24 +1,124 @@
+######################
+# Required Variables #
+######################
 variable "twentycrm_token_accessToken" {
  type        = string
  description = "TwentyCRM access Token"
+  sensitive   = true
 }

 variable "twentycrm_token_loginToken" {
  type        = string
  description = "TwentyCRM login Token"
+  sensitive   = true
 }

 variable "twentycrm_token_refreshToken" {
  type        = string
  description = "TwentyCRM refresh Token"
+  sensitive   = true
 }

 variable "twentycrm_token_fileToken" {
  type        = string
  description = "TwentyCRM file Token"
+  sensitive   = true
 }

 variable "twentycrm_pgdb_admin_password" {
  type        = string
-  description = "TwentyCRM password for postgres database"
+  description = "TwentyCRM password for postgres database."
+  sensitive   = true
+}
+
+variable "twentycrm_app_hostname" {
+  type        = string
+  description = "The protocol, DNS fully qualified hostname, and port used to access TwentyCRM in your environment. Ex: https://crm.example.com:443"
+}
+
+######################
+# Optional Variables #
+######################
+variable "twentycrm_app_name" {
+  type        = string
+  default     = "twentycrm"
+  description = "A friendly name prefix to use for every component deployed."
+}
+
+variable "twentycrm_server_image" {
+  type        = string
+  default     = "twentycrm/twenty:latest"
+  description = "TwentyCRM server image for the server deployment. This defaults to latest. This value is also used for the workers image."
+}
+
+variable "twentycrm_db_image" {
+  type        = string
+  default     = "twentycrm/twenty-postgres:latest"
+  description = "TwentyCRM image for database deployment. This defaults to latest."
+}
+
+variable "twentycrm_server_replicas" {
+  type        = number
+  default     = 1
+  description = "Number of replicas for the TwentyCRM server deployment. This defaults to 1."
+}
+
+variable "twentycrm_worker_replicas" {
+  type        = number
+  default     = 1
+  description = "Number of replicas for the TwentyCRM worker deployment. This defaults to 1."
+}
+
+variable "twentycrm_db_replicas" {
+  type        = number
+  default     = 1
+  description = "Number of replicas for the TwentyCRM database deployment. This defaults to 1."
+}
+
+variable "twentycrm_server_data_mount_path" {
+  type        = string
+  default     = "/app/docker-data"
+  description = "TwentyCRM mount path for servers application data. Defaults to '/app/docker-data'."
+}
+
+variable "twentycrm_db_pv_path" {
+  type        = string
+  default     = ""
+  description = "Local path to use to store the physical volume if using local storage on nodes."
+}
+
+variable "twentycrm_server_pv_path" {
+  type        = string
+  default     = ""
+  description = "Local path to use to store the physical volume if using local storage on nodes."
+}
+
+variable "twentycrm_db_pv_capacity" {
+  type        = string
+  default     = "10Gi"
+  description = "Storage capacity provisioned for database persistent volume."
+}
+
+variable "twentycrm_db_pvc_requests" {
+  type        = string
+  default     = "10Gi"
+  description = "Storage capacity reservation for database persistent volume claim."
+}
+
+variable "twentycrm_server_pv_capacity" {
+  type        = string
+  default     = "10Gi"
+  description = "Storage capacity provisioned for server persistent volume."
+}
+
+variable "twentycrm_server_pvc_requests" {
+  type        = string
+  default     = "10Gi"
+  description = "Storage capacity reservation for server persistent volume claim."
+}
+
+variable "twentycrm_namespace" {
+  type        = string
+  default     = "twentycrm"
+  description = "Namespace for all TwentyCRM resources"
 }