Skip to main content

Deploy Chatwoot on Kubernetes using Helm Charts

This guide will help you to deploy a production ready Chatwoot instance with Helm Charts.

To quickly try out the charts, follow the two steps below. For a production deployment, please make sure to pass in the required arguments to helm using your custom values.yaml file.

helm repo add chatwoot https://chatwoot.github.io/charts
helm install chatwoot chatwoot/chatwoot

Prerequisites

  • Kubernetes 1.16+
  • Helm 3.1.0+
  • PV provisioner support in the underlying infrastructure

The helm installation will create 3 "Persistent Volume Claims" for redis, rails and postgres. Setup up a default "Storage Class" (for automatic PV) or create 3 "Persistent Volumes" with the size of 8GB, before installing chatwoot. If the "Persistent Volume Claims" do not claim the "Persistent Volumes", leave storageClassName blank (inside the PV .yaml files).

Installing the chart

To install the chart with the release name chatwoot, use the following. To deploy it in chatwoot namespace, pass -n chatwoot to the command.

helm install chatwoot chatwoot/chatwoot -f <your-custom-values.yaml> #-n chatwoot

The command deploys Chatwoot on the Kubernetes cluster in the default configuration. The parameters section lists the parameters that can be configured during installation.

Tip: List all releases using helm list

Uninstalling the chart

To uninstall/delete the chatwoot deployment:

helm delete chatwoot

The command removes all the Kubernetes components associated with the chart and deletes the release.

Note: Persistent volumes are not deleted automatically. They need to be removed manually.

Parameters

Chatwoot Image parameters

NameDescriptionValue
image.repositoryChatwoot image repositorychatwoot/chatwoot
image.tagChatwoot image tag (immutable tags are recommended)v2.16.0
image.pullPolicyChatwoot image pull policyIfNotPresent

Chatwoot Environment Variables

NameTypeDefault Value
env.ACTIVE_STORAGE_SERVICEStorage service. local for disk. amazon for s3."local"
env.ASSET_CDN_HOSTSet if CDN is used for asset delivery.""
env.INSTALLATION_ENVSets chatwoot installation method."helm"
env.ENABLE_ACCOUNT_SIGNUPtrue : default option, allows sign ups, false : disables all the end points related to sign ups, api_only: disables the UI for signup but you can create sign ups via the account apis."false"
env.FORCE_SSLForce all access to the app over SSL, default is set to false."false"
env.FRONTEND_URLReplace with the URL you are planning to use for your app."http://0.0.0.0:3000/"
env.IOS_APP_IDChange this variable only if you are using a custom build for mobile app."6C953F3RX2.com.chatwoot.app"
env.ANDROID_BUNDLE_IDChange this variable only if you are using a custom build for mobile app."com.chatwoot.app"
env.ANDROID_SHA256_CERT_FINGERPRINTChange this variable only if you are using a custom build for mobile app."AC:73:8E:DE:EB:5............"
env.MAILER_SENDER_EMAILThe email from which all outgoing emails are sent.""
env.RAILS_ENVSets rails environment."production"
env.RAILS_MAX_THREADSNumber of threads each worker will use."5"
env.SECRET_KEY_BASEUsed to verify the integrity of signed cookies. Ensure a secure value is set.replace_with_your_super_duper_secret_key_base
env.SENTRY_DSNSentry data source name.""
env.SMTP_ADDRESSSet your smtp address.""
env.SMTP_AUTHENTICATIONAllowed values: plain,login,cram_md5"plain"
env.SMTP_ENABLE_STARTTLS_AUTODefaults to true."true"
env.SMTP_OPENSSL_VERIFY_MODECan be: none, peer, client_once, fail_if_no_peer_cert"none"
env.SMTP_PASSWORDSMTP password""
env.SMTP_PORTSMTP port"587"
env.SMTP_USERNAMESMTP username""
env.USE_INBOX_AVATAR_FOR_BOTBot customizations"true"

Email setup for conversation continuity (Incoming emails)

NameTypeDefault Value
env.MAILER_INBOUND_EMAIL_DOMAINThis is the domain set for the reply emails when conversation continuity is enabled.""
env.RAILS_INBOUND_EMAIL_SERVICESet this to appropriate ingress channel with regards to incoming emails. Possible values are relay, mailgun, mandrill, postmark and sendgrid.""
env.RAILS_INBOUND_EMAIL_PASSWORDPassword for the email service.""
env.MAILGUN_INGRESS_SIGNING_KEYSet if using mailgun for incoming conversations.""
env.MANDRILL_INGRESS_API_KEYSet if using mandrill for incoming conversations.""

Postgres variables

NameTypeDefault Value
postgresql.enabledSet to false if using external postgres and modify the below variables.true
postgresql.auth.databaseChatwoot database namechatwoot_production
postgresql.postgresqlHostPostgres host. Edit if using external postgres.""
postgresql.auth.postgresPasswordPostgres password. Edit if using external postgres.postgres
postgresql.postgresqlPortPostgres port5432
postgresql.auth.usernamePostgres username.postgres

Redis variables

NameTypeDefault Value
redis.auth.passwordPassword used for internal redis clusterredis
redis.enabledSet to false if using external redis and modify the below variables.true
redis.hostRedis host name""
redis.portRedis port""
redis.passwordRedis password""
env.REDIS_TLSSet to true if TLS(rediss://) is requiredfalse
env.REDIS_SENTINELSRedis Sentinel can be used by passing list of sentinel host and ports.""
env.REDIS_SENTINEL_MASTER_NAMERedis sentinel master name is required when using sentinel.""

Logging variables

NameTypeDefault Value
env.RAILS_LOG_TO_STDOUTstring"true"
env.LOG_LEVELstring"info"
env.LOG_SIZEstring"500"

Third party credentials

NameTypeDefault Value
env.S3_BUCKET_NAMES3 bucket name""
env.AWS_ACCESS_KEY_IDAmazon access key ID""
env.AWS_REGIONAmazon region""
env.AWS_SECRET_ACCESS_KEYAmazon secret key ID""
env.FB_APP_IDFor facebook channel https://www.chatwoot.com/docs/facebook-setup""
env.FB_APP_SECRETFor facebook channel""
env.FB_VERIFY_TOKENFor facebook channel""
env.SLACK_CLIENT_IDFor slack integration""
env.SLACK_CLIENT_SECRETFor slack integration""
env.TWITTER_APP_IDFor twitter channel""
env.TWITTER_CONSUMER_KEYFor twitter channel""
env.TWITTER_CONSUMER_SECRETFor twitter channel""
env.TWITTER_ENVIRONMENTFor twitter channel""

Autoscaling

NameTypeDefault Value
web.hpa.enabledHorizontal Pod Autoscaling for Chatwoot webfalse
web.hpa.cputhresholdCPU threshold for Chatwoot web80
web.hpa.minpodsMinimum number of pods for Chatwoot web1
web.hpa.maxpodsMaximum number of pods for Chatwoot web10
web.replicaCountNo of web pods if hpa is not enabled1
worker.hpa.enabledHorizontal Pod Autoscaling for Chatwoot workerfalse
worker.hpa.cputhresholdCPU threshold for Chatwoot worker80
worker.hpa.minpodsMinimum number of pods for Chatwoot worker2
worker.hpa.maxpodsMaximum number of pods for Chatwoot worker10
worker.replicaCountNo of worker pods if hpa is not enabled1

Other Parameters

KeyTypeDefaultDescription
affinityobject{}
existingEnvSecretstring""Allows the use of an existing secret to set env variables
fullnameOverridestring""
hooks.affinityobject{}
hooks.migrate.envlist[]
hooks.migrate.hookAnnotationstring"post-install,post-upgrade"
hooks.migrate.resources.limits.memorystring"1000Mi"
hooks.migrate.resources.requests.memorystring"1000Mi"
imagePullSecretslist[]
ingress.annotationsobject{}
ingress.enabledboolfalse
ingress.hosts[0].hoststring""
ingress.hosts[0].paths[0].backend.service.namestring"chatwoot"
ingress.hosts[0].paths[0].backend.service.port.numberint3000
ingress.hosts[0].paths[0].pathstring"/"
ingress.hosts[0].paths[0].pathTypestring"Prefix"
ingress.tlslist[]
nameOverridestring""
nodeSelectorobject{}
podAnnotationsobject{}
podSecurityContextobject{}
redis.master.persistence.enabledbooltrue
redis.nameOverridestring"chatwoot-redis"
resourcesobject{}
securityContextobject{}
service.portint80
service.typestring"ClusterIP"
serviceAccount.annotationsobject{}
serviceAccount.createbooltrue
serviceAccount.namestring""
services.annotationsobject{}
services.internalPortint3000
services.namestring"chatwoot"
services.targetPortint3000
services.typestring"LoadBalancer"
tolerationslist[]

Install with custom parameters

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

helm install my-release \
--set env.FRONTEND_URL="chat.yourdomain.com"\
chatwoot/chatwoot

The above command sets the Chatwoot server frontend URL to chat.yourdoamain.com.

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

helm install my-release -f values.yaml chatwoot/chatwoot

Tip You can use the default values.yaml file.

Postgres

PostgreSQL is installed along with the chart if you choose the default setup. To use an external Postgres DB, please set postgresql.enabled to false and set the variables under the Postgres section above.

Redis

Redis is installed along with the chart if you choose the default setup. To use an external Redis DB, please set redis.enabled to false and set the variables under the Redis section above. ActionController::InvalidAuthenticityToken HTTP Origin header https://mydomain.com didn't match request.base_url http://mydomain.comv

Autoscaling

To enable horizontal pod autoscaling, set web.hpa.enabled and worker.hpa.enabled to true. Also make sure to uncomment the values under, resources.limits and resources.requests. This assumes your k8s cluster is already having a metrics-server. If not, deploy metrics-server with the following command.

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

Upgrading

Do helm repo update and check the version of charts that is going to be installed. Helm charts follows semantic versioning and so if the MAJOR version is different from your installed version, there might be breaking changes. Please refer to the changelog before upgrading.

# update helm repositories
helm repo update
# list your current installed version
helm list
# show the latest version of charts that is going to be installed
helm search repo chatwoot
#if it is major version update, refer to the changelog before proceeding
helm upgrade chatwoot chatwoot/chatwoot -f <your-custom-values>.yaml

To 1.x.x

Make sure you are on Chatwoot helm charts version 0.9.0 before upgrading to version 1.x.x. If not, please upgrade to 0.9.0 before proceeding.

helm repo update
helm upgrade chatwoot chatwoot/chatwoot --version="0.9.0" -f <your-custom-values> --debug

This release changes the postgres and redis versions. This is a breaking change and requires manual data migration if you are not using external postgres and redis.

Note: This release also changes the postgres and redis auth paramaters values under .Values.redis and .Values.postgres. Make the necessary changes to your custom values.yaml file if any. Values.postgresqlDatabase is now Values.auth.postgresqlDatabase, Values.postgresqlUsername is now Values.auth.postgresqlUsername and Values.postgresqlPassword is renamed to Values.auth.postgresqlPassword.

Note: Append the kubectl commands with -n chatwoot, if you have deployed it under the chatwoot namespace.

Before updating,

  1. Set the replica count to 0 for both Chatwoot web(.Values.web.replicaCount) and worker(.Values.worker.replicaCount) replica sets. Applying this change will bring down the pods count to 0. This is to ensure the database will not be having any activity and is in a state to backup.
helm upgrade chatwoot chatwoot/chatwoot --version="0.9.0" --namespace ug3 -f values.ci.yaml --create-namespace --debug
  1. Log into the postgres pod and take a backup of your database.
kubectl exec -it chatwoot-chatwoot-postgresql-0 -- /bin/sh
env | grep -i postgres_password #get postgres password to use in next step
pg_dump -Fc --no-acl --no-owner -U postgres chatwoot_production > /tmp/cw.dump
exit
  1. Copy the backup to your local machine.
kubectl cp pod/chatwoot-chatwoot-postgresql-0:/tmp/cw.dump ./cw.dump
  1. Delete the deployments.
helm delete chatwoot
kubectl get pvc
# this will delete the database volumes
# make sure you have backed up before proceeding
kubectl delete pvc <data-postgres->
kubectl delete pvc <redis>
  1. Update and install new version of charts.
helm repo update
#reset web.replicaCount and worker.replicaCount to your previous values
helm install chatwoot chatwoot/chatwoot -f <your-values.yaml> #-n chatwoot
  1. Copy the local db backup into postgres pod.
kubectl cp cw.dump chatwoot-chatwoot-postgresql-0:/tmp/cw.dump
  1. Exec into the postgres pod and drop the database.
 kubectl exec -it chatwoot-chatwoot-postgresql-0 -- /bin/sh
psql -u postgres -d postgres
# this is a destructive action
# remove -- to take effect
-- DROP DATABASE chatwoot_production with (FORCE);
exit
  1. Restore the database from the backup. If you are seeing no errors, the databse has been restored and you are good to go.
 pg_restore --verbose --clean --no-acl --no-owner --create -U postgres -d postgres /tmp/cw.dump
  1. Exec into the web pod and remove the onboarding variable in redis.
kubectl exec -it chatwoot-web-xxxxxxxxxx -- /bin/sh
RAILS_ENV=production bundle exec rails c
::Redis::Alfred.delete(::Redis::Alfred::CHATWOOT_INSTALLATION_ONBOARDING)
  1. Load the Chatwoot web url, log in using the old credentials and verify the contents. Voila! Thats it!!

To 0.9.x

This release adds support for horizontal pod autoscaling(hpa) for chatwoot-web and chatwoot-worker deployments. Also, this changes the default redis replica count to 1. The Values.web.replicas and Values.worker. replicas parameters where renamed to Values.web.replicaCount and Values.worker.replicaCount respectively. Also services.internlPort was renamed to services.internalPort.

Please make the necessary changes in your custom values file if needed.

To 0.8.x

Move from Kubernetes ConfigMap to Kubernetes Secrets for environment variables. This is not a breaking change.

To 0.6.x

Existing labels were causing issues with helm upgrade. 0.6.x introduces breaking changes related to selector labels used for deployements. Please delete your helm release and recreate. Deleting your helm release will not delete your persistent volumes used for redis and postgres and as such your data should be safe.

helm delete chatwoot
helm repo update
helm install chatwoot chatwoot/chatwoot

TroubleShooting

pod has unbound immediate PersistentVolumeClaims

Make sure the "Persistent Volume Claims" can be satisfied. Refer to prerequisites.

ActionController::InvalidAuthenticityToken HTTP Origin header

ActionController::InvalidAuthenticityToken HTTP Origin header (https://mydomain.com) didn't match request.base_url (http://mydomain.com)

If you are recieving the above error when trying to access the superadmin panel, configure your ingress controller to forward the protocol of the origin request. For nginx ingress, you can do this by setting the proxy_set_header X-Forwarded-Proto https; config. Refer this issue to learn more.