Skip to content

Dolibarr

Open-source ERP and CRM platform for small and medium businesses. Dolibarr covers invoicing, order management, stock, CRM contacts, project tracking, HR, and 500+ optional modules — all in a single PHP application backed by MySQL.

S3 backup covers MySQL only — documents and custom modules are not included

The built-in S3 backup CronJob runs mysqldump against the MySQL database. The two persistent volumes (persistence.documents and persistence.custom) — which contain uploaded files, generated documents (invoices, proposals, delivery notes), and custom PHP modules — are not included in this backup. Implement a separate backup strategy (e.g. Velero PVC snapshots) for both volumes.

Key Features

  • Unattended installationDOLI_* environment variables configure the full setup on first boot
  • Module selection — enable specific Dolibarr modules at install time via enableModules
  • Dual PVC storage — separate volumes for generated documents and custom PHP modules
  • MySQL backend — bundled HelmForge MySQL subchart or external MySQL/MariaDB
  • PHP tuning — configurable memory_limit, upload_max_filesize, post_max_size, and max_execution_time
  • Secret preservation — admin and runtime secrets survive upgrades via existingSecret
  • S3 backup — scheduled mysqldump CronJob to S3-compatible storage

Installation

HTTPS repository:

helm repo add helmforge https://repo.helmforge.dev
helm repo update
helm install dolibarr helmforge/dolibarr

OCI registry:

helm install dolibarr oci://ghcr.io/helmforgedev/helm/dolibarr

Deployment Examples

# values.yaml — Dolibarr with bundled MySQL and core ERP modules
dolibarr:
  siteUrl: 'https://erp.example.com'
  companyName: 'Acme Corp'
  companyCountryCode: 'US'
  timezone: 'America/New_York'
  installAuto: true
  prod: true
  # Enable core ERP modules on first boot
  enableModules: 'societe,produit,service,propal,commande,facture'

admin:
  login: admin
  password: 'change-me-now'

mysql:
  enabled: true
  auth:
    password: 'mysql-password'

persistence:
  documents:
    enabled: true
    size: 8Gi
  custom:
    enabled: true
    size: 2Gi

ingress:
  enabled: true
  ingressClassName: traefik
  hosts:
    - host: erp.example.com
      paths:
        - path: /
          pathType: Prefix
# values.yaml — Production Dolibarr with TLS, S3 backup, and secret management
dolibarr:
  siteUrl: 'https://erp.example.com'
  companyName: 'Acme Corp'
  companyCountryCode: 'US'
  timezone: 'America/Sao_Paulo'
  installAuto: true
  prod: true
  initDemo: false # never enable in production
  enableModules: 'societe,produit,service,propal,commande,facture,stock,projet'

admin:
  existingSecret: dolibarr-admin-secret
  existingSecretPasswordKey: admin-password

mysql:
  enabled: true
  auth:
    password: 'mysql-password'

persistence:
  documents:
    enabled: true
    size: 20Gi
  custom:
    enabled: true
    size: 2Gi

backup:
  enabled: true
  schedule: '0 3 * * *'
  s3:
    endpoint: https://s3.amazonaws.com
    bucket: my-dolibarr-backups
    prefix: dolibarr
    existingSecret: dolibarr-s3-credentials

resources:
  requests:
    memory: 256Mi
    cpu: 100m
  limits:
    memory: 1Gi
    cpu: 500m

ingress:
  enabled: true
  ingressClassName: traefik
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: erp.example.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: dolibarr-tls
      hosts:
        - erp.example.com
# values.yaml — Dolibarr with external managed MySQL or MariaDB
dolibarr:
  siteUrl: 'https://erp.example.com'
  companyName: 'Acme Corp'
  companyCountryCode: 'BR'

database:
  mode: external
  external:
    host: mysql.database.svc.cluster.local
    port: 3306
    name: dolibarr
    username: dolibarr
    existingSecret: dolibarr-db-credentials
    existingSecretPasswordKey: database-password

mysql:
  enabled: false

persistence:
  documents:
    enabled: true
    size: 20Gi
  custom:
    enabled: true
    size: 2Gi

ingress:
  enabled: true
  ingressClassName: traefik
  hosts:
    - host: erp.example.com
      paths:
        - path: /
          pathType: Prefix
# values.yaml — PHP limits tuned for large document and spreadsheet imports
# Default PHP upload_max_filesize is 2MB — insufficient for ERP use.
dolibarr:
  siteUrl: 'https://erp.example.com'
  companyName: 'Acme Corp'
  companyCountryCode: 'US'

php:
  memoryLimit: '512M'
  uploadMaxFilesize: '64M'
  postMaxSize: '64M'
  maxExecutionTime: '120'

mysql:
  enabled: true
  auth:
    password: 'mysql-password'

persistence:
  documents:
    enabled: true
    size: 20Gi
  custom:
    enabled: true
    size: 2Gi

Configuration Reference

Core

ParameterTypeDefaultDescription
nameOverridestring""Override the chart name.
fullnameOverridestring""Override the full release name.
commonLabelsobject{}Extra labels added to all resources.

Image

ParameterTypeDefaultDescription
image.repositorystringdocker.io/dolibarr/dolibarrDolibarr container image.
image.tagstring"23.0.0"Image tag.
image.pullPolicystringIfNotPresentImage pull policy.
imagePullSecretsarray[]Pull secrets for private registries.

Dolibarr Configuration

ParameterTypeDefaultDescription
dolibarr.siteUrlstring""Full public URL. Auto-detected from Ingress when empty.
dolibarr.companyNamestringDolibarrCompany name used in the unattended installation.
dolibarr.companyCountryCodestringUSISO country code for the company.
dolibarr.authstringdolibarrAuthentication method.
dolibarr.enableModulesstring""Comma-separated list of modules to enable on first boot. Empty = no modules.
dolibarr.installAutobooleantrueEnable unattended installation via DOLI_* environment variables.
dolibarr.initDemobooleanfalseLoad demo data on first boot. Never use true in production.
dolibarr.prodbooleantrueProduction mode. Disables debug output and developer warnings.
dolibarr.timezonestringUTCPHP timezone. Affects date/time display and report generation.
dolibarr.extraEnvarray[]Extra environment variables for the container.
Enable the modules you need on first boot

dolibarr.enableModules accepts a comma-separated list of internal module names. Common modules: societe (companies), produit (products), service (services), propal (proposals), commande (orders), facture (invoices), stock (inventory), projet (projects). If left empty, no modules are activated and the installation will appear empty — all modules must then be enabled manually from the UI.

Admin Credentials

ParameterTypeDefaultDescription
admin.loginstringadminAdmin username created on first install.
admin.passwordstring""Admin password. Auto-generated if empty.
admin.existingSecretstring""Existing secret containing the admin password.
admin.existingSecretPasswordKeystringadmin-passwordKey inside the existing secret for the admin password.

Runtime Secret

ParameterTypeDefaultDescription
runtime.existingSecretstring""Existing secret for the runtime instance unique ID.
runtime.existingSecretInstanceUniqueIdKeystringinstance-unique-idKey inside the existing secret.
runtime.instanceUniqueIdstring""Explicit instance unique ID. Auto-generated if empty.

Database

ParameterTypeDefaultDescription
database.modestringautoDatabase mode: auto, external, or mysql.
database.external.hoststring""External MySQL/MariaDB hostname.
database.external.portinteger3306External database port.
database.external.namestringdolibarrDatabase name on the external server.
database.external.usernamestringdolibarrUsername for the external database.
database.external.passwordstring""Password for the external database (prefer existingSecret).
database.external.existingSecretstring""Existing secret containing the database password.
database.external.existingSecretPasswordKeystringdatabase-passwordKey inside the existing secret.
database.external.sslbooleanfalseEnable SSL for external database connections.

MySQL Subchart

ParameterTypeDefaultDescription
mysql.enabledbooleantrueDeploy the bundled MySQL subchart.
mysql.architecturestringstandaloneMySQL architecture.
mysql.auth.databasestringdolibarrDatabase name created by the subchart.
mysql.auth.usernamestringdolibarrDatabase user created by the subchart.
mysql.auth.passwordstring""Database password. Auto-generated if empty.
mysql.auth.rootPasswordstring""MySQL root password. Auto-generated if empty.
mysql.primary.persistence.enabledbooleantrueEnable persistence for MySQL data.
mysql.primary.persistence.sizestring8GiPVC size for MySQL data.

Persistence

Dolibarr uses two separate PVCs. Both must be preserved in backups independently of the database.

ParameterTypeDefaultDescription
persistence.documents.enabledbooleantrueEnable PVC for /var/www/documents (generated files and uploads).
persistence.documents.sizestring8GiDocuments PVC size. Grows with invoices, proposals, and attachments.
persistence.documents.storageClassstring""StorageClass for the documents PVC.
persistence.documents.accessModestringReadWriteOncePVC access mode.
persistence.documents.existingClaimstring""Use an existing PVC for documents.
persistence.custom.enabledbooleantrueEnable PVC for /var/www/html/custom (custom PHP modules).
persistence.custom.sizestring2GiCustom modules PVC size.
persistence.custom.storageClassstring""StorageClass for the custom PVC.
persistence.custom.accessModestringReadWriteOncePVC access mode.
persistence.custom.existingClaimstring""Use an existing PVC for custom modules.

PHP Configuration

Default PHP upload limits are too small for ERP use

PHP defaults (upload_max_filesize: 2M, post_max_size: 8M) prevent uploading large spreadsheets, PDF contracts, and bulk imports. Set php.uploadMaxFilesize and php.postMaxSize to at least 32M for typical ERP workloads. Also increase php.maxExecutionTime for large import operations.

ParameterTypeDefaultDescription
php.memoryLimitstring""PHP memory limit (e.g. 512M). Empty = PHP default.
php.uploadMaxFilesizestring""Maximum upload file size (e.g. 64M). Empty = 2M.
php.postMaxSizestring""Maximum POST body size (e.g. 64M). Empty = 8M.
php.maxExecutionTimestring""Maximum script execution time in seconds. Empty = 30.

Backup

ParameterTypeDefaultDescription
backup.enabledbooleanfalseEnable scheduled MySQL S3 backup CronJob.
backup.schedulestring"0 3 * * *"Cron schedule for backups.
backup.suspendbooleanfalseSuspend the CronJob without deleting it.
backup.concurrencyPolicystringForbidCronJob concurrency policy.
backup.successfulJobsHistoryLimitinteger3Successful job records to keep.
backup.failedJobsHistoryLimitinteger3Failed job records to keep.
backup.backoffLimitinteger1Job retry limit.
backup.archivePrefixstringdolibarrPrefix for backup archive filenames.
backup.images.mysqlstringdocker.io/library/mysql:8.4Image for mysqldump.
backup.images.uploaderstringdocker.io/helmforge/mc:1.0.0Image for S3 upload.
backup.resourcesobject{}Resources for backup containers.
backup.database.mysqldumpArgsstring--single-transaction --routines --triggersExtra args passed to mysqldump.
backup.s3.endpointstring""S3-compatible endpoint URL.
backup.s3.bucketstring""Target bucket name.
backup.s3.prefixstringdolibarrKey prefix within the bucket.
backup.s3.createBucketIfNotExistsbooleantrueCreate the bucket if it does not exist.
backup.s3.existingSecretstring""Existing secret with S3 access and secret keys.
backup.s3.existingSecretAccessKeyKeystringaccess-keyKey for the S3 access key.
backup.s3.existingSecretSecretKeyKeystringsecret-keyKey for the S3 secret key.
backup.s3.accessKeystring""Inline S3 access key (ignored when existingSecret is set).
backup.s3.secretKeystring""Inline S3 secret key (ignored when existingSecret is set).

Service

ParameterTypeDefaultDescription
service.typestringClusterIPKubernetes service type.
service.portinteger80Service port exposed to the cluster.
service.annotationsobject{}Annotations for the Service.

Ingress

ParameterTypeDefaultDescription
ingress.enabledbooleanfalseEnable an Ingress resource.
ingress.ingressClassNamestring""Ingress class name. Must be set explicitly.
ingress.annotationsobject{}Annotations for the Ingress (e.g. cert-manager).
ingress.hostsarray[]Ingress host and path rules.
ingress.tlsarray[]TLS configuration.

Probes

ParameterTypeDefaultDescription
startupProbe.enabledbooleantrueEnable startup probe.
startupProbe.initialDelaySecondsinteger20Startup probe initial delay.
startupProbe.periodSecondsinteger10Startup probe period.
startupProbe.timeoutSecondsinteger5Startup probe timeout.
startupProbe.failureThresholdinteger30Startup probe failure threshold.
livenessProbe.enabledbooleantrueEnable liveness probe.
livenessProbe.initialDelaySecondsinteger0Liveness probe initial delay.
livenessProbe.periodSecondsinteger20Liveness probe period.
livenessProbe.timeoutSecondsinteger5Liveness probe timeout.
livenessProbe.failureThresholdinteger3Liveness probe failure threshold.
readinessProbe.enabledbooleantrueEnable readiness probe.
readinessProbe.initialDelaySecondsinteger0Readiness probe initial delay.
readinessProbe.periodSecondsinteger10Readiness probe period.
readinessProbe.timeoutSecondsinteger5Readiness probe timeout.
readinessProbe.failureThresholdinteger3Readiness probe failure threshold.

Resources and Security

ParameterTypeDefaultDescription
resourcesobject{}CPU and memory requests and limits.
podSecurityContextobject{}Pod-level security context.
securityContextobject{}Container-level security context.

Service Account

ParameterTypeDefaultDescription
serviceAccount.createbooleanfalseCreate a dedicated ServiceAccount.
serviceAccount.namestring""Override the ServiceAccount name.
serviceAccount.annotationsobject{}Annotations for the ServiceAccount.

Scheduling

ParameterTypeDefaultDescription
nodeSelectorobject{}Node selector for scheduling.
tolerationsarray[]Tolerations for scheduling.
affinityobject{}Affinity rules.
topologySpreadConstraintsarray[]Topology spread constraints.
priorityClassNamestring""PriorityClass for the pod.
terminationGracePeriodSecondsinteger30Termination grace period.
podLabelsobject{}Extra labels for the pod.
podAnnotationsobject{}Extra annotations for the pod.

Extra

ParameterTypeDefaultDescription
extraVolumesarray[]Extra volumes to attach to the pod.
extraVolumeMountsarray[]Extra volume mounts for the container.
extraManifestsarray[]Extra Kubernetes manifests deployed alongside the chart.

More Information

Edit this page on GitHub