Skip to main content

Deploy Retool Using Helm Charts on SleakOps

Deploy Retool on a SleakOps Kubernetes cluster using Helm chart v6.3.6 .

info

This guide targets Helm Chart version 6.3.6. Check ArtifactHub for the latest version and any values changes.

Prerequisites

SleakOps prerequisites:

  • EBS CSI Driver installed (required for the PostgreSQL volume)
  • EFS CSI Driver installed (required for Retool's app and workflow storage)
  • A dedicated AMD64 NodePool created (Retool only runs on AMD64 architecture)

Kubernetes prerequisites:

  • Namespace retool created
  • Secret retool-keys created with the following keys:
    • encryption-key: generate with openssl rand -base64 36
    • jwt-secret: generate with openssl rand -base64 36
    • license-key: your Retool license key
  • Secret retool-postgresql created with:
    • password
    • postgres-password
    • replication-password
  • Google OAuth credentials (clientId and clientSecret) for SSO

Let's Start

Step 1 — Create the retool-values.yaml file

Replace all values highlighted with {...} for your deployment:

config:
  auth:
    google:
      clientId: xxxxxxxxxxxxxxxxx.apps.googleusercontent.com
      clientSecret: xxxxxxxxxxxxxxxxxxxxxxx
  encryption-key: <output of: openssl rand -hex 32>
  jwt-secret: <output of: openssl rand -hex 32>
  licenseKeySecretName: retool-keys
  useInsecureCookies: true   # required when TLS is terminated at the load balancer

env:
  ALLOW_SAME_ORIGIN_OPTION: "true"
  BASE_DOMAIN: https://retool.{domain}.com
  COOKIE_INSECURE: "true"   # required when TLS is terminated at the load balancer
  DOMAINS: https://retool.{domain}.com
  HOST_HEADER_NAME: x-forwarded-host
  SANDBOX_DOMAIN: https://retool.{domain}.com

image:
  pullPolicy: IfNotPresent
  repository: tryretool/backend
  tag: 3.114.13-stable   # replace with target version

ingress:
  enabled: true
  annotations:
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:111222333444:certificate/12121212-1212-1212-1212-121212232323
    alb.ingress.kubernetes.io/group.name: {group.name}-private
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/target-type: ip
  hosts:
  - host: retool.{domain}.com
    paths:
    - path: /
      pathType: Prefix
  ingressClassName: alb-ingressclass-private
  labels:
    app.kubernetes.io/name: retool{domain}com
  tls:
  - hosts:
    - retool.{domain}.com

nodeSelector:
  karpenter.sh/nodepool: {nodepool_name}   # e.g.: amd64-utilities
  kubernetes.io/arch: amd64

persistentVolumeClaim:
  enabled: true
  mountPath: /retool_backend/pv-data
  size: 15Gi
  storageClass: efs-sc-retain

postgresql:
  auth:
    username: postgres
    existingSecret: retool-postgresql
    secretKeys:
      adminPasswordKey: postgres-password
      replicationPasswordKey: replication-password
      userPasswordKey: password
  primary:
    tolerations:
    - key: karpenter.sh/nodepool
      operator: Equal
      value: {nodepool_name}   # e.g.: amd64-utilities

replicaCount: 1

resources:
  limits:
    cpu: 4096m
    memory: 8192Mi
  requests:
    cpu: 1024m
    memory: 2048Mi

serviceAccount:
  name: retool-sa

tolerations:
- key: karpenter.sh/nodepool
  operator: Equal
  value: {nodepool_name}   # e.g.: amd64-utilities

Step 2 — Deploy the chart

Add the Retool Helm repo and install:

helm repo add retool https://charts.retool.com
helm repo update

helm upgrade --install retool retool/retool \
  --version 6.3.6 \
  --namespace retool \
  --values retool-values.yaml

Step 3 — Verify the deployment

Check that the Pods are running:

kubectl get pods -n retool

Once the retool Pod is Running, open https://retool.{domain}.com to complete the initial setup.