Quickstart

Deploy Minimal

This documentation makes some assumumptions about the kubernetes cluster that tofutf is going to be installed on. If you find that the documentation does not work for you, please file an issue.

Create a file named values.yaml and paste the following contents inside of it.

# values.yaml
 
# The secret is used to sign sessions. It should be kept confidential, and 
# production installs of tofutf should have a randomly generated secret.
secret: 2876cb147697052eec5b3cdb56211681
 
# The siteToken is the special token that grants administrator access to 
# tofutf. Production installs of tofutf should have a randomly generated
# site token.
siteToken: site-token
 
# here we enable the bundled postgres instance, and configure it to provision
# a tofutf database.
postgres:
  enabled: true
  database: tofutf
 
# here we configure tofutf to connect to the bundled postgres instance. 
database: postgres://tofutf-postgresql/tofutf?user=postgres
databasePasswordFromSecret:
  name: tofutf-postgresql
  key: postgres-password

helm install my-release -f values.yaml oci://ghcr.io/tofutf/tofutf/charts/tofutf --version v0.8.0

Expose TofuTF

Open up a different terminal and run the following:

$ kubectl port-forward svc/my-release 8080:80

Navigate to the web app in your browser, http://tofutf.localhost:8080 (opens in a new tab):

You have now successfully installed tofutf and confirmed you can start tofutf with minimal configuration. Proceed to create your first organization.

Create organization

Navigate to the web app in your browser, http://tofutf.localhost:8080 (opens in a new tab):

Note it announces you have no authenticators configured. The normal method of login is to use SSO signin, via Github etc, but in this quickstart we're using the site admin account. Click on site admin in the bottom right, and use your token to login.

site admin enter token

site admin profile

Go to organizations > New Organization. Give the organization a name and create.

new organization enter name new organization created

Configure Certificates

The terraform CLI will be connecting to the server and it expects to make a verified SSL connection. Therefore we need to configure SSL first. Handling certificates can look different from cluster to cluster.

Self-Signing with mkcert

First ensure that mkcert (opens in a new tab) is installed.

Generate a self-signed SSL certificate and key:

$ mkcert -install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
 
$ mkcert tofutf.localhost
 
Created a new certificate valid for the following names 📜
 - "tofutf.localhost"
 
The certificate is at "./tofutf.localhost.pem" and the key at "./tofutf.localhost-key.pem" ✅
 
It will expire on 24 June 2026 🗓

Install the generated certificates in kubernetes.

$ kubectl create secret tls certs --cert=./tofutf.localhost.pem --key=./tofutf.localhost-key.pem
secret/certs created

Add the following to your values.yaml file:

caCerts:
  enabled: true

Redeploy tofutf.

$ helm upgrade my-release -f values.yaml oci://ghcr.io/tofutf/tofutf/charts/tofutf --version v0.8.0

Run Terraform

Terraform needs to use your token to authenticate with tofutfd:

terraform login tofutf.localhost:8080

Enter yes to proceed. A browser window is opened where you give consent to terraform to access your tofutf account:

terraform login consent

Once you give your consent you should be notified you can close the browser and return to the terminal:

terraform login flow complete

In the terminal you should see the confirmation of success:

Success! Terraform has obtained and saved an API token.

Now we'll write some terraform configuration. Configure the terraform backend and define a resource:

cat > main.tf <<EOF
terraform {
  cloud {
    hostname = "tofutf.localhost:8080"
    organization = "default"
 
    workspaces {
      name = "dev"
    }
  }
}
 
resource "null_resource" "quickstart" {}
EOF

Initialize terraform:

terraform init

Run a plan:

terraform plan

That starts a run on the server. You can click on the link to the run to view status and logs.

And apply:

terraform apply

This starts another run on the server. Again you can click on the link to see logs.

You have reached the end of this quickstart guide. Have a look at the remainder of the documentation to further complete the installation of tofutf, to setup SSO, run agents, etc.

Introduction TFC Migration