Quickstart
Deploy Minimal
This documentation makes some assumumptions about the kubernetes cluster that
tofutfis going to be installed on. If you find that the documentation does not work for you, please file an issue.
Create a file named values.yaml and paste the following contents inside of it.
# values.yaml
# The secret is used to sign sessions. It should be kept confidential, and
# production installs of tofutf should have a randomly generated secret.
secret: 2876cb147697052eec5b3cdb56211681
# The siteToken is the special token that grants administrator access to
# tofutf. Production installs of tofutf should have a randomly generated
# site token.
siteToken: site-token
# here we enable the bundled postgres instance, and configure it to provision
# a tofutf database.
postgres:
enabled: true
database: tofutf
# here we configure tofutf to connect to the bundled postgres instance.
database: postgres://tofutf-postgresql/tofutf?user=postgres
databasePasswordFromSecret:
name: tofutf-postgresql
key: postgres-passwordhelm install my-release -f values.yaml oci://ghcr.io/tofutf/tofutf/charts/tofutf --version v0.8.0Expose TofuTF
Open up a different terminal and run the following:
$ kubectl port-forward svc/my-release 8080:80Navigate to the web app in your browser, http://tofutf.localhost:8080:
You have now successfully installed tofutf and confirmed you can start tofutf with minimal configuration. Proceed to create your first organization.
Create organization
Navigate to the web app in your browser, http://tofutf.localhost:8080:
Note it announces you have no authenticators configured. The normal method of login is to use SSO signin, via Github etc, but in this quickstart we're using the site admin account. Click on site admin in the bottom right, and use your token to login.
Go to organizations > New Organization. Give the organization a name and create.
Configure Certificates
The terraform CLI will be connecting to the server and it expects to make a verified SSL connection. Therefore we need to configure SSL first. Handling certificates can look different from cluster to cluster.
Self-Signing with mkcert
First ensure that mkcert (opens in a new tab) is installed.
Generate a self-signed SSL certificate and key:
$ mkcert -install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
$ mkcert tofutf.localhost
Created a new certificate valid for the following names 📜
- "tofutf.localhost"
The certificate is at "./tofutf.localhost.pem" and the key at "./tofutf.localhost-key.pem" ✅
It will expire on 24 June 2026 🗓Install the generated certificates in kubernetes.
$ kubectl create secret tls certs --cert=./tofutf.localhost.pem --key=./tofutf.localhost-key.pem
secret/certs createdAdd the following to your values.yaml file:
caCerts:
enabled: trueRedeploy tofutf.
$ helm upgrade my-release -f values.yaml oci://ghcr.io/tofutf/tofutf/charts/tofutf --version v0.8.0Run Terraform
Terraform needs to use your token to authenticate with tofutfd:
terraform login tofutf.localhost:8080Enter yes to proceed. A browser window is opened where you give consent to terraform to access your tofutf account:
Once you give your consent you should be notified you can close the browser and return to the terminal:
In the terminal you should see the confirmation of success:
Success! Terraform has obtained and saved an API token.Now we'll write some terraform configuration. Configure the terraform backend and define a resource:
cat > main.tf <<EOF
terraform {
cloud {
hostname = "tofutf.localhost:8080"
organization = "default"
workspaces {
name = "dev"
}
}
}
resource "null_resource" "quickstart" {}
EOFInitialize terraform:
terraform initRun a plan:
terraform planThat starts a run on the server. You can click on the link to the run to view status and logs.
And apply:
terraform applyThis starts another run on the server. Again you can click on the link to see logs.
You have reached the end of this quickstart guide. Have a look at the remainder of the documentation to further complete the installation of tofutf, to setup SSO, run agents, etc.