kube_grist

Beta

Direct

Grist

This module deploys a Grist instance to the Kubernetes cluster.

Usage

Auth

When you first set up Grist, you will set a root_email. This should be your email address as this will provide you the necessary permissions to configure the Grist instance via the Web UI.

While authentication is linked to Panfactum SSO (via Vault), permissions for each user must be manually set within Grist. In other words, a user's ability to access Grist will be gated by central Panfactum IdP, but the permissions assigned thereafter are not automatically computed as in many of the other Panfactum-managed systems.

Note that when you first install Grist, your name will be set to "Support." You can change this manually in the web UI. All other users will have their names automatically set when they first log in.

If you lose access to the root_email, you may lose admin access to your Grist instance. Be sure to add additional owners if the root_email must change. See warning.

Providers

The following providers are needed by this module:

aws (5.80.0)
helm (2.12.1)
kubectl (2.1.3)
kubernetes (2.34.0)
pf (0.0.7)
random (3.6.3)
vault (4.5.0)

Required Inputs

The following input variables are required:

domain

Description: The domain from which Grist will serve traffic

Type: string

organization_name

Description: Name of the organization to set up in Grist.

Type: string

root_email

Description: The email address to use for the root Grist administrator. Warning: must be changed manually once applied.

Type: string

vault_domain

Description: The domain of the Vault instance running in the cluster.

Type: string

Optional Inputs

The following input variables are optional (have default values):

action_history_max_gb

Description: Maximum number of gigabytes allowed in ActionHistory before pruning.

Type: number

Default: 1

action_history_max_rows

Description: Maximum number of rows allowed in ActionHistory before pruning.

Type: number

Default: 1000

aws_iam_ip_allow_list

Description: A list of IPs that can use the service account token to authenticate with AWS API

Type: list(string)

Default: []

cdn_mode_enabled

Description: Whether to enable CDN mode for the Vault ingress

Type: bool

Default: true

db_recovery_directory

Description: The name of the directory in the backup bucket that contains the PostgreSQL backups and WAL archives

Type: string

Default: null

db_recovery_mode_enabled

Description: Whether to enable recovery mode for the PostgreSQL database

Type: bool

Default: false

db_recovery_target_time

Description: If provided, will recover the PostgreSQL database to the indicated target time in RFC 3339 format rather than to the latest data.

Type: string

Default: null

debug_logs_enabled

Description: Whether debug logs are enabled.

Type: bool

Default: false

geo_restriction_list

Description: A list of ISO 3166 country codes for the geographic restriction list (works for both whitelist and blacklist)

Type: list(string)

Default: []

geo_restriction_type

Description: What type of geographic restrictions to you want to apply to CDN clients

Type: string

Default: "none"

grist_version

Description: The version of Grist to use

Type: string

Default: "1.3.2"

hidden_ui_elements

Description: UI elements to hide. See GRIST_HIDE_UI_ELEMENTS.

Type: list(string)

Default:

[
  "billing",
  "createSite",
  "multiSite"
]

ingress_enabled

Description: Whether to enable ingress to the Grist server

Type: bool

Default: true

log_level

Description: The log level for the Grist pods

Type: string

Default: "debug"

minimum_memory_mb

Description: The memory floor for the Grist servers (in MB).

Type: number

Default: 300

monitoring_enabled

Description: Whether to add active monitoring to the deployed systems

Type: bool

Default: false

namespace

Description: Kubernetes namespace to deploy the resources into

Type: string

Default: "grist"

panfactum_scheduler_enabled

Description: Whether to use the Panfactum pod scheduler with enhanced bin-packing

Type: bool

Default: true

pull_through_cache_enabled

Description: Whether to use the ECR pull through cache for the deployed images

Type: bool

Default: true

session_max_length_hours

Description: The max length of the user session before requiring re-authentication.

Type: number

Default: 16

sla_target

Description: The Panfactum SLA level for the module deployment. 1 = lowest uptime (99.9%), lowest cost -- 3 = highest uptime (99.999%), highest Cost

Type: number

Default: 3

telemetry_enabled

Description: Whether usage data will be reported to Grist for product-improvement purposes.

Type: bool

Default: true

vpa_enabled

Description: Whether the VPA resources should be enabled

Type: bool

Default: true

Outputs

The following outputs are exported:

db_admin_role

Description: n/a

db_reader_role

Description: n/a

db_recovery_directory

Description: The name of the directory in the backup bucket that contains the PostgreSQL backups and WAL archives

db_superuser_role

Description: n/a

domain

Description: n/a

namespace

Description: The name of the namespace where NocoDB will be deployed.

redis_admin_role

Description: n/a

redis_reader_role

Description: n/a

redis_superuser_role

Description: n/a

root_email

Description: The email for the superuser user.

Usage

No notes