bramw_baserow/docs/installation/install-with-k8s.md

# Install with K8S

## Community Maintained Helm Chart

We recommend you use the [community maintained helm chart](./install-with-helm.md) to
install Baserow on K8S.

## Raw K8S starting point

See below for a starting point for a K8S configuration file which deploys a production
ready Baserow.

It assumes you want the most performant version of Baserow possible and
so deploys separate wsgi and asgi backend services, separate async task workers etc.

You will need to also provide a redis and postgres instance configured using the
environment variables below. See [Configuring Baserow](./configuration.md) for more
details on these variables.

You should also set up and configure Baserow to use an S3 compatible storage service
for uploading and serving user uploaded files.

## Example baserow.yml

```yaml
# A secret containing all the required Baserow settings.
apiVersion: v1
kind: Secret
metadata:
  name: YOUR_ENV_SECRET_REF
type: Opaque
stringData:
  SECRET_KEY: "TODO"
  PRIVATE_BACKEND_URL: "http://backend-wsgi"
  PUBLIC_BACKEND_URL: "TODO"
  PUBLIC_WEB_FRONTEND_URL: "TODO"
  DATABASE_HOST: "TODO"
  DATABASE_USER: "TODO"
  DATABASE_PASSWORD: "TODO"
  DATABASE_PORT: "TODO"
  DATABASE_NAME: "TODO"
  REDIS_HOST: "TODO"
  REDIS_PORT: "TODO"
  REDIS_USER: "TODO"
  REDIS_PASSWORD: "TODO"
  REDIS_PROTOCOL: "TODO rediss or redis"
  BASEROW_AMOUNT_OF_GUNICORN_WORKERS: "5"
  # S3 Compatible storage is recommended with K8S to get the exports and file storage working
  # See the docs for more info https://baserow.io/docs/installation%2Fconfiguration#user-file-upload-configuration
  AWS_ACCESS_KEY_ID: "TODO"
  AWS_SECRET_ACCESS_KEY: "TODO"
  AWS_STORAGE_BUCKET_NAME: "TODO"

# An example ingress controller routing to the correct services
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: balancer
  annotations:
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "route"
    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
    nginx.ingress.kubernetes.io/proxy-body-size: 20m
    kubernetes.io/ingress.class: nginx
    # removed ssl settings, add in your own desired ones
spec:
  # TODO a tsl block
  rules:
    - host: REPLACE_WITH_YOUR_BACKEND_HOST
      http:
        paths:
          - pathType: Prefix
            path: "/ws/"
            backend:
              service:
                name: backend-asgi
                port:
                  number: 80
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: backend-wsgi
                port:
                  number: 80
    - host: REPLACE_WITH_YOUR_WEB_FRONTEND_HOST
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: web-frontend
                port:
                  number: 80

---
apiVersion: v1
kind: Service
metadata:
  name: backend-asgi
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8000
  selector:
    app: backend-asgi
---
apiVersion: v1
kind: Service
metadata:
  name: backend-wsgi
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8000
  selector:
    app: backend-wsgi
---
apiVersion: v1
kind: Service
metadata:
  name: web-frontend
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 3000
  selector:
    app: web-frontend

# The backend ASGI worker handling websockets
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend-asgi
  labels:
    app: backend-asgi
spec:
  replicas: 2
  selector:
    matchLabels:
      app: backend-asgi
  template:
    metadata:
      labels:
        app: backend-asgi
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 1
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app
                      operator: In
                      values:
                        - backend-asgi
                topologyKey: "kubernetes.io/hostname"
      containers:
        - name: backend-asgi
          image: baserow/backend:1.33.0
          workingDir: /baserow
          args:
            - "gunicorn"
          ports:
            - containerPort: 8000
              name: backend-asgi
          imagePullPolicy: Always
          readinessProbe:
            exec:
              command:
                - curl
                - --fail
                - --silent
                - http://localhost:8000/api/_health/
            initialDelaySeconds: 5
            periodSeconds: 5
            timeoutSeconds: 5
            successThreshold: 1
          envFrom:
            - secretRef:
                name: YOUR_ENV_SECRET_REF
      imagePullSecrets:
        - name: YOUR_PULL_SECRETS

# The backend WSGI worker handling normal http api requests 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend-wsgi
  labels:
    app: backend-wsgi
spec:
  replicas: 2
  selector:
    matchLabels:
      app: backend-wsgi
  template:
    metadata:
      labels:
        app: backend-wsgi
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 1
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app
                      operator: In
                      values:
                        - backend-wsgi
                topologyKey: "kubernetes.io/hostname"
      containers:
        - name: backend-wsgi
          image: baserow/backend:1.33.0
          workingDir: /baserow
          args:
            - "gunicorn-wsgi"
            - "--timeout"
            - "60"
          ports:
            - containerPort: 8000
              name: backend-wsgi
          imagePullPolicy: Always
          readinessProbe:
            exec:
              command:
                - curl
                - --fail
                - --silent
                - http://localhost:8000/api/_health/
            initialDelaySeconds: 5
            periodSeconds: 5
            timeoutSeconds: 5
            successThreshold: 1
          envFrom:
            - secretRef:
                name: YOUR_ENV_SECRET_REF
      imagePullSecrets:
        - name: YOUR_PULL_SECRETS
# A set of celery workers handling realtime events, cleanup, async tasks etc. 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend-worker
  labels:
    app: backend-worker
spec:
  replicas: 2
  selector:
    matchLabels:
      app: backend-worker
  template:
    metadata:
      labels:
        app: backend-worker
    spec:
      # Set affinities to ensure the different replicas end up on different nodes.
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 1
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app
                      operator: In
                      values:
                        - backend-worker
                topologyKey: "kubernetes.io/hostname"
      containers:
        - name: backend-worker
          image: baserow/backend:1.33.0
          args:
            - "celery-worker"
          imagePullPolicy: Always
          readinessProbe:
            exec:
              command:
                - /bin/bash
                - -c
                - /baserow/backend/docker/docker-entrypoint.sh celery-worker-healthcheck
            initialDelaySeconds: 10
            timeoutSeconds: 10
            periodSeconds: 10
          envFrom:
            - secretRef:
                name: YOUR_ENV_SECRET_REF
        - name: backend-export-worker
          image: baserow/backend:1.33.0
          args:
            - "celery-exportworker"
          imagePullPolicy: Always
          readinessProbe:
            exec:
              command:
                - /bin/bash
                - -c
                - /baserow/backend/docker/docker-entrypoint.sh celery-exportworker-healthcheck
            initialDelaySeconds: 10
            timeoutSeconds: 10
            periodSeconds: 10
          envFrom:
            - secretRef:
                name: YOUR_ENV_SECRET_REF
        - name: backend-beat-worker
          image: baserow/backend:1.33.0
          args:
            - "celery-beat"
          imagePullPolicy: Always
          envFrom:
            - secretRef:
                name: YOUR_ENV_SECRET_REF
      imagePullSecrets:
        - name: YOUR_PULL_SECRETS
# A web-frontend SSR server which renders the initial html/js when a client visits.
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-frontend
  labels:
    app: web-frontend
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web-frontend
  template:
    metadata:
      labels:
        app: web-frontend
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 1
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app
                      operator: In
                      values:
                        - web-frontend
                topologyKey: "kubernetes.io/hostname"
      containers:
        - name: web-frontend
          image: baserow/web-frontend:1.33.0
          args:
            - nuxt
          ports:
            - containerPort: 3000
              name: web-frontend
          imagePullPolicy: Always
          readinessProbe:
            httpGet:
              path: /_health
              port: 3000
            initialDelaySeconds: 5
            periodSeconds: 5
            successThreshold: 1
          envFrom:
            - secretRef:
                name: YOUR_ENV_SECRET_REF
      imagePullSecrets:
        - name: YOUR_PULL_SECRETS
```
Add k8s documentation for working file export download. 2022-12-20 06:36:20 +00:00			`# Install with K8S`
Add more self hosting docs 2022-07-05 13:45:31 +00:00
Resolve "Test and document community helm chart" 2023-03-02 08:46:41 +00:00			`## Community Maintained Helm Chart`

			`We recommend you use the [community maintained helm chart](./install-with-helm.md) to`
			`install Baserow on K8S.`

			`## Raw K8S starting point`

Add more self hosting docs 2022-07-05 13:45:31 +00:00			`See below for a starting point for a K8S configuration file which deploys a production`
Add k8s documentation for working file export download. 2022-12-20 06:36:20 +00:00			`ready Baserow.`
Add more self hosting docs 2022-07-05 13:45:31 +00:00
			`It assumes you want the most performant version of Baserow possible and`
			`so deploys separate wsgi and asgi backend services, separate async task workers etc.`

Add k8s documentation for working file export download. 2022-12-20 06:36:20 +00:00			`You will need to also provide a redis and postgres instance configured using the`
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`environment variables below. See [Configuring Baserow](./configuration.md) for more`
			`details on these variables.`

Resolve "Test and document community helm chart" 2023-03-02 08:46:41 +00:00			`You should also set up and configure Baserow to use an S3 compatible storage service`
			`for uploading and serving user uploaded files.`

Add more self hosting docs 2022-07-05 13:45:31 +00:00			`## Example baserow.yml`

			```yaml
			`# A secret containing all the required Baserow settings.`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: YOUR_ENV_SECRET_REF`
			`type: Opaque`
			`stringData:`
			`SECRET_KEY: "TODO"`
Fixed private backend URL in k8s config 2023-11-21 20:24:06 +00:00			`PRIVATE_BACKEND_URL: "http://backend-wsgi"`
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`PUBLIC_BACKEND_URL: "TODO"`
			`PUBLIC_WEB_FRONTEND_URL: "TODO"`
			`DATABASE_HOST: "TODO"`
			`DATABASE_USER: "TODO"`
			`DATABASE_PASSWORD: "TODO"`
			`DATABASE_PORT: "TODO"`
			`DATABASE_NAME: "TODO"`
			`REDIS_HOST: "TODO"`
			`REDIS_PORT: "TODO"`
			`REDIS_USER: "TODO"`
			`REDIS_PASSWORD: "TODO"`
			`REDIS_PROTOCOL: "TODO rediss or redis"`
			`BASEROW_AMOUNT_OF_GUNICORN_WORKERS: "5"`
Add k8s documentation for working file export download. 2022-12-20 06:36:20 +00:00			`# S3 Compatible storage is recommended with K8S to get the exports and file storage working`
			`# See the docs for more info https://baserow.io/docs/installation%2Fconfiguration#user-file-upload-configuration`
			`AWS_ACCESS_KEY_ID: "TODO"`
			`AWS_SECRET_ACCESS_KEY: "TODO"`
			`AWS_STORAGE_BUCKET_NAME: "TODO"`
Add more self hosting docs 2022-07-05 13:45:31 +00:00
			`# An example ingress controller routing to the correct services`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: balancer`
			`annotations:`
			`nginx.ingress.kubernetes.io/affinity: "cookie"`
			`nginx.ingress.kubernetes.io/session-cookie-name: "route"`
			`nginx.ingress.kubernetes.io/session-cookie-expires: "172800"`
			`nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"`
			`nginx.ingress.kubernetes.io/proxy-body-size: 20m`
			`kubernetes.io/ingress.class: nginx`
			`# removed ssl settings, add in your own desired ones`
			`spec:`
			`# TODO a tsl block`
			`rules:`
			`- host: REPLACE_WITH_YOUR_BACKEND_HOST`
			`http:`
			`paths:`
			`- pathType: Prefix`
			`path: "/ws/"`
			`backend:`
			`service:`
			`name: backend-asgi`
			`port:`
			`number: 80`
			`- pathType: Prefix`
			`path: "/"`
			`backend:`
			`service:`
			`name: backend-wsgi`
			`port:`
			`number: 80`
			`- host: REPLACE_WITH_YOUR_WEB_FRONTEND_HOST`
			`http:`
			`paths:`
			`- pathType: Prefix`
			`path: "/"`
			`backend:`
			`service:`
			`name: web-frontend`
			`port:`
			`number: 80`

			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: backend-asgi`
			`spec:`
			`type: ClusterIP`
			`ports:`
			`- port: 80`
			`targetPort: 8000`
			`selector:`
			`app: backend-asgi`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: backend-wsgi`
			`spec:`
			`type: ClusterIP`
			`ports:`
			`- port: 80`
			`targetPort: 8000`
			`selector:`
			`app: backend-wsgi`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: web-frontend`
			`spec:`
			`type: ClusterIP`
			`ports:`
			`- port: 80`
			`targetPort: 3000`
			`selector:`
			`app: web-frontend`
Add k8s documentation for working file export download. 2022-12-20 06:36:20 +00:00
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`# The backend ASGI worker handling websockets`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: backend-asgi`
			`labels:`
			`app: backend-asgi`
			`spec:`
			`replicas: 2`
			`selector:`
			`matchLabels:`
			`app: backend-asgi`
			`template:`
			`metadata:`
			`labels:`
			`app: backend-asgi`
			`spec:`
			`affinity:`
			`podAntiAffinity:`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- weight: 1`
			`podAffinityTerm:`
			`labelSelector:`
			`matchExpressions:`
			`- key: app`
			`operator: In`
			`values:`
			`- backend-asgi`
			`topologyKey: "kubernetes.io/hostname"`
			`containers:`
			`- name: backend-asgi`
Prepare for 1.33.0 2025-04-29 19:09:59 +00:00			`image: baserow/backend:1.33.0`
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`workingDir: /baserow`
			`args:`
			`- "gunicorn"`
			`ports:`
			`- containerPort: 8000`
			`name: backend-asgi`
			`imagePullPolicy: Always`
			`readinessProbe:`
			`exec:`
			`command:`
			`- curl`
			`- --fail`
			`- --silent`
			`- http://localhost:8000/api/_health/`
			`initialDelaySeconds: 5`
			`periodSeconds: 5`
			`timeoutSeconds: 5`
			`successThreshold: 1`
			`envFrom:`
			`- secretRef:`
			`name: YOUR_ENV_SECRET_REF`
			`imagePullSecrets:`
			`- name: YOUR_PULL_SECRETS`
Add k8s documentation for working file export download. 2022-12-20 06:36:20 +00:00
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`# The backend WSGI worker handling normal http api requests`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: backend-wsgi`
			`labels:`
			`app: backend-wsgi`
			`spec:`
			`replicas: 2`
			`selector:`
			`matchLabels:`
			`app: backend-wsgi`
			`template:`
			`metadata:`
			`labels:`
			`app: backend-wsgi`
			`spec:`
			`affinity:`
			`podAntiAffinity:`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- weight: 1`
			`podAffinityTerm:`
			`labelSelector:`
			`matchExpressions:`
			`- key: app`
			`operator: In`
			`values:`
			`- backend-wsgi`
			`topologyKey: "kubernetes.io/hostname"`
			`containers:`
			`- name: backend-wsgi`
Prepare for 1.33.0 2025-04-29 19:09:59 +00:00			`image: baserow/backend:1.33.0`
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`workingDir: /baserow`
			`args:`
			`- "gunicorn-wsgi"`
			`- "--timeout"`
			`- "60"`
			`ports:`
			`- containerPort: 8000`
			`name: backend-wsgi`
			`imagePullPolicy: Always`
			`readinessProbe:`
			`exec:`
			`command:`
			`- curl`
			`- --fail`
			`- --silent`
			`- http://localhost:8000/api/_health/`
			`initialDelaySeconds: 5`
			`periodSeconds: 5`
			`timeoutSeconds: 5`
			`successThreshold: 1`
			`envFrom:`
			`- secretRef:`
Add k8s documentation for working file export download. 2022-12-20 06:36:20 +00:00			`name: YOUR_ENV_SECRET_REF`
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`imagePullSecrets:`
Add k8s documentation for working file export download. 2022-12-20 06:36:20 +00:00			`- name: YOUR_PULL_SECRETS`
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`# A set of celery workers handling realtime events, cleanup, async tasks etc.`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: backend-worker`
			`labels:`
			`app: backend-worker`
			`spec:`
			`replicas: 2`
			`selector:`
			`matchLabels:`
			`app: backend-worker`
			`template:`
			`metadata:`
			`labels:`
			`app: backend-worker`
			`spec:`
			`# Set affinities to ensure the different replicas end up on different nodes.`
			`affinity:`
			`podAntiAffinity:`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- weight: 1`
			`podAffinityTerm:`
			`labelSelector:`
			`matchExpressions:`
			`- key: app`
			`operator: In`
			`values:`
			`- backend-worker`
			`topologyKey: "kubernetes.io/hostname"`
			`containers:`
			`- name: backend-worker`
Prepare for 1.33.0 2025-04-29 19:09:59 +00:00			`image: baserow/backend:1.33.0`
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`args:`
			`- "celery-worker"`
			`imagePullPolicy: Always`
			`readinessProbe:`
			`exec:`
			`command:`
			`- /bin/bash`
			`- -c`
			`- /baserow/backend/docker/docker-entrypoint.sh celery-worker-healthcheck`
			`initialDelaySeconds: 10`
			`timeoutSeconds: 10`
			`periodSeconds: 10`
			`envFrom:`
			`- secretRef:`
			`name: YOUR_ENV_SECRET_REF`
			`- name: backend-export-worker`
Prepare for 1.33.0 2025-04-29 19:09:59 +00:00			`image: baserow/backend:1.33.0`
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`args:`
			`- "celery-exportworker"`
			`imagePullPolicy: Always`
			`readinessProbe:`
			`exec:`
			`command:`
			`- /bin/bash`
			`- -c`
			`- /baserow/backend/docker/docker-entrypoint.sh celery-exportworker-healthcheck`
			`initialDelaySeconds: 10`
			`timeoutSeconds: 10`
			`periodSeconds: 10`
			`envFrom:`
			`- secretRef:`
			`name: YOUR_ENV_SECRET_REF`
			`- name: backend-beat-worker`
Prepare for 1.33.0 2025-04-29 19:09:59 +00:00			`image: baserow/backend:1.33.0`
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`args:`
			`- "celery-beat"`
			`imagePullPolicy: Always`
			`envFrom:`
			`- secretRef:`
			`name: YOUR_ENV_SECRET_REF`
			`imagePullSecrets:`
			`- name: YOUR_PULL_SECRETS`
			`# A web-frontend SSR server which renders the initial html/js when a client visits.`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: web-frontend`
			`labels:`
			`app: web-frontend`
			`spec:`
			`replicas: 3`
			`selector:`
			`matchLabels:`
			`app: web-frontend`
			`template:`
			`metadata:`
			`labels:`
			`app: web-frontend`
			`spec:`
			`affinity:`
			`podAntiAffinity:`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- weight: 1`
			`podAffinityTerm:`
			`labelSelector:`
			`matchExpressions:`
			`- key: app`
			`operator: In`
			`values:`
			`- web-frontend`
			`topologyKey: "kubernetes.io/hostname"`
			`containers:`
			`- name: web-frontend`
Prepare for 1.33.0 2025-04-29 19:09:59 +00:00			`image: baserow/web-frontend:1.33.0`
Add more self hosting docs 2022-07-05 13:45:31 +00:00			`args:`
			`- nuxt`
			`ports:`
			`- containerPort: 3000`
			`name: web-frontend`
			`imagePullPolicy: Always`
			`readinessProbe:`
			`httpGet:`
			`path: /_health`
			`port: 3000`
			`initialDelaySeconds: 5`
			`periodSeconds: 5`
			`successThreshold: 1`
			`envFrom:`
			`- secretRef:`
			`name: YOUR_ENV_SECRET_REF`
			`imagePullSecrets:`
			`- name: YOUR_PULL_SECRETS`
			```
No results found.