diff --git a/README.md b/README.md index 2ba8c0c..325eba3 100644 --- a/README.md +++ b/README.md @@ -1 +1,7 @@ # helm-charts + +# temporal +`./charts/temporal` contains the latest Helm chart for Temporal copied from [official Temporal repo](https://github.com/temporalio/helm-charts). +To upgrade it remove everything in `./charts/temporal` folder and copy it again from the **latest tag** (do not copy from unstable `main` branch❗). + +We do not use official temporal Helm template because Temporal team decided not to host it. They [discourage using Helm in production for Temporal](https://temporal.io/blog/temporal-and-kubernetes). \ No newline at end of file diff --git a/charts/temporal/.gitignore b/charts/temporal/.gitignore new file mode 100644 index 0000000..4bf54d4 --- /dev/null +++ b/charts/temporal/.gitignore @@ -0,0 +1,3 @@ +/charts +/Chart.lock +/.idea \ No newline at end of file diff --git a/charts/temporal/Chart.yaml b/charts/temporal/Chart.yaml index b52d502..8dd7461 100644 --- a/charts/temporal/Chart.yaml +++ b/charts/temporal/Chart.yaml @@ -26,11 +26,11 @@ dependencies: condition: cassandra.enabled - name: prometheus repository: https://prometheus-community.github.io/helm-charts - version: 11.0.4 + version: 15.1.3 condition: prometheus.enabled - name: elasticsearch repository: https://helm.elastic.co - version: 7.6.2 + version: 7.16.3 condition: elasticsearch.enabled - name: grafana repository: https://grafana.github.io/helm-charts @@ -49,8 +49,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.2.6 +version: 0.18.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 1.13.0 +appVersion: 1.18.0 diff --git a/charts/temporal/README.md b/charts/temporal/README.md index adf3b46..5d71add 100644 --- a/charts/temporal/README.md +++ b/charts/temporal/README.md @@ -3,9 +3,11 @@ Temporal is a distributed, scalable, durable, and highly available orchestration engine designed to execute asynchronous long-running business logic in a resilient way. -This repo contains a basic V3 [Helm](https://helm.sh) chart that deploys Temporal to a Kubernetes cluster. The dependencies that are bundled with this solution by default offer an easy way to experiment with Temporal software. This Helm chart can also be used to install just the Temporal server, configured to connect to dependencies (such as a Cassandra, MySQL database or PostgreSQL database) that you may already have available in your environment. +This repo contains a basic V3 [Helm](https://helm.sh) chart that deploys Temporal to a Kubernetes cluster. The dependencies that are bundled with this solution by default offer an easy way to experiment with Temporal software. This Helm chart can also be used to install just the Temporal server, configured to connect to dependencies (such as a Cassandra, MySQL, or PostgreSQL database) that you may already have available in your environment. -This Helm Chart code is tested by a dedictated test pipeline. It is also used extensively by other Temporal pipelines for testing various aspects of Temporal systems. Our test pipeline currently use Helm 3.1.1. +**We do not recommend using Helm for managing Temporal deployments in production**. Rather, we recommend it for templating/generating manifests for Temporal's internal services only. [See our recent discussion on this topic](https://docs.temporal.io/blog/temporal-and-kubernetes/). + +This Helm Chart code is tested by a dedicated test pipeline. It is also used extensively by other Temporal pipelines for testing various aspects of Temporal systems. Our test pipeline currently uses Helm 3.1.1. # Install Temporal service on a Kubernetes cluster @@ -33,15 +35,14 @@ Temporal can be configured to run with various dependencies. The default "Batter * Cassandra * ElasticSearch -* Kafka (with Zookeeper) -* Promethueus +* Prometheus * Grafana The sections that follow describe various deployment configurations, from a minimal one-replica installation using included dependencies, to a replicated deployment on existing infrastructure. ### Minimal installation with required dependencies only -To install Temporal in a limited but working and self-contained configuration (one replica of Cassandra and each of Temporal's services, no metrics or Elastic Search), you can run the following command +To install Temporal in a limited but working and self-contained configuration (one replica of Cassandra and each of Temporal's services, no metrics or ElasticSearch), you can run the following command ``` ~/temporal-helm$ helm install \ @@ -50,13 +51,12 @@ To install Temporal in a limited but working and self-contained configuration (o --set prometheus.enabled=false \ --set grafana.enabled=false \ --set elasticsearch.enabled=false \ - --set kafka.enabled=false \ temporaltest . --timeout 15m ``` This configuration consumes limited resources and it is useful for small scale tests (such as using minikube). -Below is an example of an enviroment installed in this configuration: +Below is an example of an environment installed in this configuration: ``` $ kubectl get pods @@ -75,7 +75,7 @@ temporaltest-worker-7c9d68f4cf-8tzfw 1/1 Running 2 11m This method requires a three node kubernetes cluster to successfully bring up all the dependencies. -By default, Temporal Helm Chart configures Temporal to run with a three node Cassandra cluster (for persistence) and ElasticSearch/Kafka (for "visibility" features), Prometheus, and Grafana. Kafka also depends on Zookeeper. By default, Temporal Helm Chart installs all dependencies, out of the box. +By default, Temporal Helm Chart configures Temporal to run with a three node Cassandra cluster (for persistence) and Elasticsearch (for "visibility" features), Prometheus, and Grafana. By default, Temporal Helm Chart installs all dependencies, out of the box. To install Temporal with all of its dependencies run this command: @@ -83,19 +83,29 @@ To install Temporal with all of its dependencies run this command: ~/temporal-helm$ helm install temporaltest . --timeout 900s ``` -To use your own instance of ElasticSearch, MySQL. PostgreSQL, or Cassandra, please read the "Bring Your Own" sections below. +To use your own instance of ElasticSearch, MySQL, PostgreSQL, or Cassandra, please read the "Bring Your Own" sections below. -Other components (Prometheus, Kafka, Grafana) can be omitted from the installation by setting their corresponding 'enable' flag to `false` (and by pointing `server.kafka.host` to your existing instance of Kafka): +Other components (Prometheus, Grafana) can be omitted from the installation by setting their corresponding `enable` flag to `false`: ```bash -~/temporal-helm$ helm install +~/temporal-helm$ helm install \ --set prometheus.enabled=false \ --set grafana.enabled=false \ - --set kafka.enabled=false \ - --set server.kafka.host=mykafka-headless:9092 temporaltest . --timeout 900s ``` +### Install with sidecar containers + +You may need to provide your own sidecar containers. + +To do so, you may look at the example for Google's `cloud sql proxy` in the `values/values.cloudsqlproxy.yaml` and pass that file to `helm install`. + +Example: + +```bash +~/temporal-helm$ helm install -f values/values.cloudsqlproxy.yaml temporaltest . --timeout 900s +``` + ### Install with your own ElasticSearch You might already be operating an instance of ElasticSearch that you want to use with Temporal. @@ -241,16 +251,15 @@ The example below demonstrates a few things: 1. How to set values via the command line rather than the environment. 2. How to configure a database (shows Cassandra, but MySQL works the same way) 3. How to enable TLS for the database connection. +4. How to enable Auth for the Web UI ```bash helm install temporaltest \ -f values/values.cassandra.yaml \ -f values/values.elasticsearch.yaml \ - --set kafka.enabled=false \ --set grafana.enabled=false \ --set prometheus.enabled=false \ --set server.replicaCount=5 \ - --set server.kafka.host=kafkat-headless:9092 \ --set server.config.persistence.default.cassandra.hosts=cassandra.data.host.example \ --set server.config.persistence.default.cassandra.user=cassandra_user \ --set server.config.persistence.default.cassandra.password=cassandra_user_password \ @@ -282,8 +291,8 @@ NAME TYPE CLUSTER-IP EXTERNAL-IP ... temporaltest-admintools ClusterIP 172.20.237.59 22/TCP 15m temporaltest-frontend-headless ClusterIP None 7233/TCP,9090/TCP 15m -temporaltest-history-headless ClusterIP None 7934/TCP,9090/TCP 15m -temporaltest-matching-headless ClusterIP None 7935/TCP,9090/TCP 15m +temporaltest-history-headless ClusterIP None 7234/TCP,9090/TCP 15m +temporaltest-matching-headless ClusterIP None 7235/TCP,9090/TCP 15m temporaltest-worker-headless ClusterIP None 7239/TCP,9090/TCP 15m ... ``` @@ -380,12 +389,12 @@ Similarly to how you accessed Temporal front end via kubernetes port forwarding, To do so, forward your machine's local port to the Web service in your Temporal installation ``` -$ kubectl port-forward services/temporaltest-web 8088:8088 -Forwarding from 127.0.0.1:8088 -> 8088 -Forwarding from [::1]:8088 -> 8088 +$ kubectl port-forward services/temporaltest-web 8080:8080 +Forwarding from 127.0.0.1:8080 -> 8080 +Forwarding from [::1]:8080 -> 8080 ``` -and navigate to http://127.0.0.1:8088 in your browser. +and navigate to http://127.0.0.1:8080 in your browser. ### Exploring Metrics via Grafana @@ -437,6 +446,9 @@ You can use helm upgrade with the "--dry-run" option to generate the content for The dynamic-config ConfigMap is referenced as a mounted volume within the Temporal Containers, so any applied change will be automatically picked up by all pods within a few minutes without the need for pod recycling. See k8S documentation (https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#mounted-configmaps-are-updated-automatically) for more details on how this works. +### Updating Temporal Web Config +the config file `server/config.yml` for the temporal web ui is referenced as a mounted volume within the Temporal Web UI Container and can be populated by inserting values in the `web.config` section in the `values.yml` for possible config check (https://github.com/temporalio/web#configuring-authentication-optional) + ## Uninstalling Note: in this example chart, uninstalling a Temporal instance also removes all the data that might have been created during its lifetime. diff --git a/charts/temporal/templates/_helpers.tpl b/charts/temporal/templates/_helpers.tpl index 8a76d2e..74b7d0a 100644 --- a/charts/temporal/templates/_helpers.tpl +++ b/charts/temporal/templates/_helpers.tpl @@ -31,6 +31,22 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create the name of the service account +*/}} +{{- define "temporal.serviceAccountName" -}} +{{ default (include "temporal.fullname" .) .Values.serviceAccount.name }} +{{- end -}} + +{{/* +Define the service account as needed +*/}} +{{- define "temporal.serviceAccount" -}} +{{- if .Values.serviceAccount.create -}} +serviceAccountName: {{ include "temporal.serviceAccountName" . }} +{{- end -}} +{{- end -}} + {{/* Create a default fully qualified component name from the full app name and a component name. We truncate the full name at 63 - 1 (last dash) - len(component name) chars because some Kubernetes name fields are limited to this (by the DNS naming spec) diff --git a/charts/temporal/templates/admintools-deployment.yaml b/charts/temporal/templates/admintools-deployment.yaml index 41d62c2..6b6784b 100644 --- a/charts/temporal/templates/admintools-deployment.yaml +++ b/charts/temporal/templates/admintools-deployment.yaml @@ -1,3 +1,4 @@ +{{- if $.Values.admintools.enabled }} apiVersion: apps/v1 kind: Deployment metadata: @@ -27,7 +28,15 @@ spec: app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} app.kubernetes.io/component: admintools app.kubernetes.io/part-of: {{ .Chart.Name }} + {{- with $.Values.admintools.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $.Values.admintools.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: + {{ include "temporal.serviceAccount" . }} containers: - name: admin-tools image: "{{ .Values.admintools.image.repository }}:{{ .Values.admintools.image.tag }}" @@ -62,3 +71,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/charts/temporal/templates/admintools-service.yaml b/charts/temporal/templates/admintools-service.yaml index 860f0b6..25ffa34 100644 --- a/charts/temporal/templates/admintools-service.yaml +++ b/charts/temporal/templates/admintools-service.yaml @@ -1,3 +1,4 @@ +{{- if $.Values.admintools.enabled }} apiVersion: v1 kind: Service metadata: @@ -22,4 +23,4 @@ spec: app.kubernetes.io/name: {{ include "temporal.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: admintools - +{{- end }} diff --git a/charts/temporal/templates/server-configmap.yaml b/charts/temporal/templates/server-configmap.yaml index 98d1e8d..acd69e0 100644 --- a/charts/temporal/templates/server-configmap.yaml +++ b/charts/temporal/templates/server-configmap.yaml @@ -1,39 +1,40 @@ {{- if $.Values.server.enabled }} +{{- range $service := (list "frontend" "history" "matching" "worker") }} apiVersion: v1 kind: ConfigMap metadata: - name: "{{ include "temporal.fullname" . }}-config" + name: "{{ include "temporal.componentname" (list $ $service) }}-config" labels: - app.kubernetes.io/name: {{ include "temporal.name" . }} - helm.sh/chart: {{ include "temporal.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/part-of: {{ .Chart.Name }} + app.kubernetes.io/name: {{ include "temporal.name" $ }} + helm.sh/chart: {{ include "temporal.chart" $ }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/part-of: {{ $.Chart.Name }} data: config_template.yaml: |- log: stdout: true - level: {{ .Values.server.config.logLevel | quote }} + level: {{ $.Values.server.config.logLevel | quote }} persistence: - defaultStore: {{ .Values.server.config.persistence.defaultStore }} + defaultStore: {{ $.Values.server.config.persistence.defaultStore }} visibilityStore: visibility {{- if or $.Values.elasticsearch.enabled $.Values.elasticsearch.external }} advancedVisibilityStore: es-visibility {{- end }} - numHistoryShards: {{ .Values.server.config.numHistoryShards }} + numHistoryShards: {{ $.Values.server.config.numHistoryShards }} datastores: - {{- with .Values.server.config.persistence.additionalStores }} + {{- with $.Values.server.config.persistence.additionalStores }} {{- toYaml . | nindent 8 }} {{- end }} default: - {{- if eq (include "temporal.persistence.driver" (list . "default")) "cassandra" }} + {{- if eq (include "temporal.persistence.driver" (list $ "default")) "cassandra" }} cassandra: - hosts: "{{ include "temporal.persistence.cassandra.hosts" (list . "default") }}" - port: {{ include "temporal.persistence.cassandra.port" (list . "default") }} + hosts: "{{ include "temporal.persistence.cassandra.hosts" (list $ "default") }}" + port: {{ include "temporal.persistence.cassandra.port" (list $ "default") }} password: "{{ `{{ .Env.TEMPORAL_STORE_PASSWORD }}` }}" - {{- with (omit .Values.server.config.persistence.default.cassandra "hosts" "port" "password" "existingSecret") }} + {{- with (omit $.Values.server.config.persistence.default.cassandra "hosts" "port" "password" "existingSecret") }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} @@ -43,39 +44,39 @@ data: rate: {{ $.Values.server.config.persistence.faultinjection.rate }} {{- end }} {{- end }} - {{- if eq (include "temporal.persistence.driver" (list . "default")) "sql" }} + {{- if eq (include "temporal.persistence.driver" (list $ "default")) "sql" }} sql: - pluginName: "{{ include "temporal.persistence.sql.driver" (list . "default") }}" - driverName: "{{ include "temporal.persistence.sql.driver" (list . "default") }}" - databaseName: "{{ .Values.server.config.persistence.default.sql.database }}" - connectAddr: "{{ include "temporal.persistence.sql.host" (list . "default") }}:{{ include "temporal.persistence.sql.port" (list . "default") }}" + pluginName: "{{ include "temporal.persistence.sql.driver" (list $ "default") }}" + driverName: "{{ include "temporal.persistence.sql.driver" (list $ "default") }}" + databaseName: "{{ $.Values.server.config.persistence.default.sql.database }}" + connectAddr: "{{ include "temporal.persistence.sql.host" (list $ "default") }}:{{ include "temporal.persistence.sql.port" (list $ "default") }}" connectProtocol: "tcp" - user: {{ include "temporal.persistence.sql.user" (list . "default") }} + user: {{ include "temporal.persistence.sql.user" (list $ "default") }} password: "{{ `{{ .Env.TEMPORAL_STORE_PASSWORD }}` }}" - {{- with (omit .Values.server.config.persistence.default.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }} + {{- with (omit $.Values.server.config.persistence.default.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} visibility: - {{- if eq (include "temporal.persistence.driver" (list . "visibility")) "cassandra" }} + {{- if eq (include "temporal.persistence.driver" (list $ "visibility")) "cassandra" }} cassandra: - hosts: "{{ include "temporal.persistence.cassandra.hosts" (list . "visibility") }}" - port: {{ include "temporal.persistence.cassandra.port" (list . "visibility") }} + hosts: "{{ include "temporal.persistence.cassandra.hosts" (list $ "visibility") }}" + port: {{ include "temporal.persistence.cassandra.port" (list $ "visibility") }} password: "{{ `{{ .Env.TEMPORAL_VISIBILITY_STORE_PASSWORD }}` }}" - {{- with (omit .Values.server.config.persistence.visibility.cassandra "hosts" "port" "password" "existingSecret") }} + {{- with (omit $.Values.server.config.persistence.visibility.cassandra "hosts" "port" "password" "existingSecret") }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} - {{- if eq (include "temporal.persistence.driver" (list . "default")) "sql" }} + {{- if eq (include "temporal.persistence.driver" (list $ "default")) "sql" }} sql: - pluginName: "{{ include "temporal.persistence.sql.driver" (list . "visibility") }}" - driverName: "{{ include "temporal.persistence.sql.driver" (list . "visibility") }}" - databaseName: "{{ .Values.server.config.persistence.visibility.sql.database }}" - connectAddr: "{{ include "temporal.persistence.sql.host" (list . "visibility") }}:{{ include "temporal.persistence.sql.port" (list . "visibility") }}" + pluginName: "{{ include "temporal.persistence.sql.driver" (list $ "visibility") }}" + driverName: "{{ include "temporal.persistence.sql.driver" (list $ "visibility") }}" + databaseName: "{{ $.Values.server.config.persistence.visibility.sql.database }}" + connectAddr: "{{ include "temporal.persistence.sql.host" (list $ "visibility") }}:{{ include "temporal.persistence.sql.port" (list $ "visibility") }}" connectProtocol: "tcp" - user: "{{ include "temporal.persistence.sql.user" (list . "visibility") }}" + user: "{{ include "temporal.persistence.sql.user" (list $ "visibility") }}" password: "{{ `{{ .Env.TEMPORAL_VISIBILITY_STORE_PASSWORD }}` }}" - {{- with (omit .Values.server.config.persistence.visibility.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }} + {{- with (omit $.Values.server.config.persistence.visibility.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} @@ -102,60 +103,43 @@ data: pprof: port: 7936 + + metrics: + tags: + type: {{ $service }} + prometheus: + timerType: histogram + listenAddress: "0.0.0.0:9090" services: frontend: rpc: - grpcPort: {{ include "temporal.frontend.grpcPort" . }} - membershipPort: {{ include "temporal.frontend.membershipPort" . }} + grpcPort: {{ include "temporal.frontend.grpcPort" $ }} + membershipPort: {{ include "temporal.frontend.membershipPort" $ }} bindOnIP: "0.0.0.0" - metrics: - tags: - type: frontend - prometheus: - timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.frontend.metrics.prometheus.timerType }} - listenAddress: "0.0.0.0:9090" history: rpc: - grpcPort: {{ include "temporal.history.grpcPort" . }} - membershipPort: {{ include "temporal.history.membershipPort" . }} + grpcPort: {{ include "temporal.history.grpcPort" $ }} + membershipPort: {{ include "temporal.history.membershipPort" $ }} bindOnIP: "0.0.0.0" - metrics: - tags: - type: history - prometheus: - timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.history.metrics.prometheus.timerType }} - listenAddress: "0.0.0.0:9090" matching: rpc: - grpcPort: {{ include "temporal.matching.grpcPort" . }} - membershipPort: {{ include "temporal.matching.membershipPort" . }} + grpcPort: {{ include "temporal.matching.grpcPort" $ }} + membershipPort: {{ include "temporal.matching.membershipPort" $ }} bindOnIP: "0.0.0.0" - metrics: - tags: - type: matching - prometheus: - timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.matching.metrics.prometheus.timerType }} - listenAddress: "0.0.0.0:9090" worker: rpc: - grpcPort: {{ include "temporal.worker.grpcPort" . }} - membershipPort: {{ include "temporal.worker.membershipPort" . }} + grpcPort: {{ include "temporal.worker.grpcPort" $ }} + membershipPort: {{ include "temporal.worker.membershipPort" $ }} bindOnIP: "0.0.0.0" - metrics: - tags: - type: worker - prometheus: - timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.worker.metrics.prometheus.timerType }} - listenAddress: "0.0.0.0:9090" {{- if $.Values.server.config.clusterMetadata }} clusterMetadata: - {{- with .Values.server.config.clusterMetadata }} + {{- with $.Values.server.config.clusterMetadata }} {{- toYaml . | nindent 8 }} {{- end }} {{- else }} @@ -180,9 +164,12 @@ data: status: "disabled" publicClient: - hostPort: "{{ include "temporal.componentname" (list . "frontend") }}:{{ .Values.server.frontend.service.port }}" + hostPort: "{{ include "temporal.componentname" (list $ "frontend") }}:{{ $.Values.server.frontend.service.port }}" dynamicConfigClient: filepath: "/etc/temporal/dynamic_config/dynamic_config.yaml" pollInterval: "10s" +--- + +{{- end }} {{- end }} diff --git a/charts/temporal/templates/server-deployment.yaml b/charts/temporal/templates/server-deployment.yaml index 77ade46..ffc8f36 100644 --- a/charts/temporal/templates/server-deployment.yaml +++ b/charts/temporal/templates/server-deployment.yaml @@ -30,6 +30,9 @@ spec: app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} app.kubernetes.io/component: {{ $service }} app.kubernetes.io/part-of: {{ $.Chart.Name }} + {{- with (default $.Values.server.podLabels $serviceValues.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} annotations: checksum/config: {{ include (print $.Template.BasePath "/server-configmap.yaml") $ | sha256sum }} {{- if (default $.Values.server.metrics.annotations.enabled $serviceValues.metrics.annotations.enabled) }} @@ -41,6 +44,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{ include "temporal.serviceAccount" $ }} {{- if or $.Values.cassandra.enabled (or $.Values.elasticsearch.enabled $.Values.elasticsearch.external)}} {{- if semverCompare ">=1.13.0" $.Chart.AppVersion}} securityContext: @@ -148,7 +152,7 @@ spec: volumes: - name: config configMap: - name: "{{ include "temporal.fullname" $ }}-config" + name: "{{ include "temporal.componentname" (list $ $service) }}-config" - name: dynamic-config configMap: name: "{{ include "temporal.fullname" $ }}-dynamic-config" diff --git a/charts/temporal/templates/server-job.yaml b/charts/temporal/templates/server-job.yaml index 913221f..7459ace 100644 --- a/charts/temporal/templates/server-job.yaml +++ b/charts/temporal/templates/server-job.yaml @@ -36,9 +36,10 @@ spec: app.kubernetes.io/component: database app.kubernetes.io/part-of: {{ .Chart.Name }} spec: + {{ include "temporal.serviceAccount" . }} restartPolicy: "OnFailure" initContainers: - {{- if or .Values.cassandra.enabled }} + {{- if or .Values.cassandra.enabled (eq (include "temporal.persistence.driver" (list $ "default")) "cassandra") (eq (include "temporal.persistence.driver" (list $ "visibility")) "cassandra") }} {{- if .Values.cassandra.enabled }} - name: check-cassandra-service image: busybox @@ -50,14 +51,12 @@ spec: {{- end }} {{- range $store := (list "default" "visibility") }} {{- $storeConfig := index $.Values.server.config.persistence $store }} + {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} - name: create-{{ $store }}-store image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}" imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} - {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} command: ['sh', '-c', 'temporal-cassandra-tool create -k {{ $storeConfig.cassandra.keyspace }} --replication-factor {{ $storeConfig.cassandra.replicationFactor }}'] - {{- end }} env: - {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} - name: CASSANDRA_HOST value: {{ first (splitList "," (include "temporal.persistence.cassandra.hosts" (list $ $store))) }} - name: CASSANDRA_PORT @@ -68,11 +67,18 @@ spec: - name: CASSANDRA_USER value: {{ $storeConfig.cassandra.user }} {{- end }} - {{- if $storeConfig.cassandra.password }} + {{- if (or $storeConfig.cassandra.password $storeConfig.cassandra.existingSecret) }} - name: CASSANDRA_PASSWORD + {{- if $storeConfig.cassandra.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ include "temporal.persistence.secretName" (list $ $store) }} + key: {{ include "temporal.persistence.secretKey" (list $ $store) }} + {{- else }} value: {{ $storeConfig.cassandra.password }} + {{- end }} {{- end }} - {{- end }} + {{- end }} {{- end }} {{- else }} [] @@ -96,9 +102,16 @@ spec: - name: CASSANDRA_USER value: {{ $storeConfig.cassandra.user }} {{- end }} - {{- if $storeConfig.cassandra.password }} + {{- if (or $storeConfig.cassandra.password $storeConfig.cassandra.existingSecret) }} - name: CASSANDRA_PASSWORD + {{- if $storeConfig.cassandra.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ include "temporal.persistence.secretName" (list $ $store) }} + key: {{ include "temporal.persistence.secretKey" (list $ $store) }} + {{- else }} value: {{ $storeConfig.cassandra.password }} + {{- end }} {{- end }} {{- end }} {{- end }} @@ -157,6 +170,7 @@ spec: app.kubernetes.io/component: database app.kubernetes.io/part-of: {{ .Chart.Name }} spec: + {{ include "temporal.serviceAccount" . }} restartPolicy: "OnFailure" initContainers: {{- if .Values.cassandra.enabled }} @@ -191,9 +205,16 @@ spec: - name: CASSANDRA_USER value: {{ $storeConfig.cassandra.user }} {{- end }} - {{- if $storeConfig.cassandra.password }} + {{- if (or $storeConfig.cassandra.password $storeConfig.cassandra.existingSecret) }} - name: CASSANDRA_PASSWORD + {{- if $storeConfig.cassandra.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ include "temporal.persistence.secretName" (list $ $store) }} + key: {{ include "temporal.persistence.secretKey" (list $ $store) }} + {{- else }} value: {{ $storeConfig.cassandra.password }} + {{- end }} {{- end }} {{- end }} {{- end }} @@ -248,6 +269,7 @@ spec: app.kubernetes.io/component: database app.kubernetes.io/part-of: {{ .Chart.Name }} spec: + {{ include "temporal.serviceAccount" . }} restartPolicy: "OnFailure" initContainers: - name: check-elasticsearch-service @@ -263,8 +285,8 @@ spec: imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} command: ['sh', '-c'] args: - - 'curl -X PUT --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/_template/temporal_visibility_v1_template -H "Content-Type: application/json" --data-binary "@schema/elasticsearch/visibility/index_template_{{ .Values.elasticsearch.version }}.json" 2>&1; - curl -X PUT --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/{{ .Values.elasticsearch.visibilityIndex }} 2>&1;' + - 'curl -X PUT --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/_template/temporal_visibility_v1_template -H "Content-Type: application/json" --data-binary "@schema/elasticsearch/visibility/index_template_{{ .Values.elasticsearch.version }}.json" 2>&1 && + curl -X PUT --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/{{ .Values.elasticsearch.visibilityIndex }} 2>&1' {{- with (default $.Values.admintools.nodeSelector) }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/temporal/templates/server-service-monitor.yaml b/charts/temporal/templates/server-service-monitor.yaml index 5d6ce3a..7390900 100644 --- a/charts/temporal/templates/server-service-monitor.yaml +++ b/charts/temporal/templates/server-service-monitor.yaml @@ -21,7 +21,7 @@ spec: endpoints: - port: metrics interval: {{ default $.Values.server.metrics.serviceMonitor.interval $serviceValues.metrics.serviceMonitor.interval }} - {{- with (default $.Values.server.metrics.serviceMonitor.metricRelabelings $serviceValues.metrics.serviceMonitor.interval) }} + {{- with (default $.Values.server.metrics.serviceMonitor.metricRelabelings $serviceValues.metrics.serviceMonitor.metricRelabelings) }} metricRelabelings: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/temporal/templates/serviceaccount.yaml b/charts/temporal/templates/serviceaccount.yaml new file mode 100644 index 0000000..f44e51d --- /dev/null +++ b/charts/temporal/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "temporal.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "temporal.name" . }} + helm.sh/chart: {{ include "temporal.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/part-of: {{ .Chart.Name }} + annotations: + helm.sh/hook: pre-install + helm.sh/hook-weight: "-10" + {{- with .Values.serviceAccount.extraAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/temporal/templates/web-deployment.yaml b/charts/temporal/templates/web-deployment.yaml index c91f706..67e647f 100644 --- a/charts/temporal/templates/web-deployment.yaml +++ b/charts/temporal/templates/web-deployment.yaml @@ -28,11 +28,15 @@ spec: app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} app.kubernetes.io/component: web app.kubernetes.io/part-of: {{ .Chart.Name }} + {{- with .Values.web.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.web.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{ include "temporal.serviceAccount" . }} volumes: - name: {{ .Chart.Name }}-web-config configMap: @@ -42,15 +46,11 @@ spec: image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag }}" imagePullPolicy: {{ .Values.web.image.pullPolicy }} env: - - name: TEMPORAL_GRPC_ENDPOINT + - name: TEMPORAL_ADDRESS value: "{{ include "temporal.fullname" . }}-frontend.{{ .Release.Namespace }}.svc:{{ .Values.server.frontend.service.port }}" - volumeMounts: - - name: {{ .Chart.Name }}-web-config - mountPath: /usr/app/server/config.yml - subPath: config.yml ports: - name: http - containerPort: 8088 + containerPort: 8080 protocol: TCP resources: {{- toYaml .Values.web.resources | nindent 12 }} diff --git a/charts/temporal/templates/web-ingress.yaml b/charts/temporal/templates/web-ingress.yaml index c6c08b6..68c52cd 100644 --- a/charts/temporal/templates/web-ingress.yaml +++ b/charts/temporal/templates/web-ingress.yaml @@ -1,5 +1,7 @@ {{- if .Values.web.ingress.enabled -}} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +apiVersion: networking.k8s.io/v1 + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} apiVersion: networking.k8s.io/v1beta1 {{- else if .Capabilities.APIVersions.Has "extensions/v1beta1" }} apiVersion: extensions/v1beta1 @@ -20,12 +22,15 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} spec: + {{- with .Values.web.ingress.className }} + ingressClassName: {{ . | quote }} + {{- end }} {{- if .Values.web.ingress.tls }} tls: {{- range .Values.web.ingress.tls }} - hosts: {{- range .hosts }} - - {{ . }} + - {{ . | quote }} {{- end }} secretName: {{ .secretName }} {{- end }} @@ -37,8 +42,17 @@ spec: http: paths: - path: /{{ rest $url | join "/" }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + pathType: Prefix + backend: + service: + name: {{ include "temporal.fullname" $ }}-web + port: + number: {{ $.Values.web.service.port }} + {{- else if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} backend: serviceName: {{ include "temporal.fullname" $ }}-web servicePort: {{ $.Values.web.service.port }} - {{- end}} - {{- end }} + {{- end }} + {{- end}} + {{- end }} diff --git a/charts/temporal/values.yaml b/charts/temporal/values.yaml index 96be0de..2695141 100644 --- a/charts/temporal/values.yaml +++ b/charts/temporal/values.yaml @@ -5,12 +5,23 @@ fullnameOverride: "" # (eg. disable helm hook delete policy) debug: false +# Custom Service account management +serviceAccount: + # Whether to create service account or not + create: false + + # Name of the service account, default: temporal.fullname + name: + + # extraAnnotations would let users add additional annotations + extraAnnotations: + server: enabled: true sidecarContainers: image: repository: temporalio/server - tag: 1.13.0 + tag: 1.18.0 pullPolicy: IfNotPresent # Global default settings (can be overridden per service) @@ -51,6 +62,7 @@ server: prometheus: timerType: histogram podAnnotations: {} + podLabels: {} resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -159,6 +171,7 @@ server: prometheus: {} # timerType: histogram podAnnotations: {} + podLabels: {} resources: {} nodeSelector: {} tolerations: [] @@ -177,6 +190,7 @@ server: prometheus: {} # timerType: histogram podAnnotations: {} + podLabels: {} resources: {} nodeSelector: {} tolerations: [] @@ -195,6 +209,7 @@ server: prometheus: {} # timerType: histogram podAnnotations: {} + podLabels: {} resources: {} nodeSelector: {} tolerations: [] @@ -213,6 +228,7 @@ server: prometheus: {} # timerType: histogram podAnnotations: {} + podLabels: {} resources: {} nodeSelector: {} tolerations: [] @@ -222,13 +238,15 @@ admintools: enabled: true image: repository: temporalio/admin-tools - tag: 1.13.0 + tag: 1.18.0 pullPolicy: IfNotPresent service: type: ClusterIP port: 22 annotations: {} + podLabels: {} + podAnnotations: {} nodeSelector: {} tolerations: [] affinity: {} @@ -247,18 +265,21 @@ web: replicaCount: 1 image: - repository: temporalio/web - tag: 1.13.0 + repository: temporalio/ui + tag: latest pullPolicy: IfNotPresent service: + # set type to NodePort if access to web needs access from outside the cluster + # for more info see https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: ClusterIP - port: 8088 + port: 8080 annotations: {} # loadBalancerIP: ingress: enabled: false + # className: annotations: {} # kubernetes.io/ingress.class: traefik # ingress.kubernetes.io/ssl-redirect: "false" @@ -273,6 +294,7 @@ web: # - chart-example.local podAnnotations: {} + podLabels: {} resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -305,7 +327,7 @@ elasticsearch: replicas: 3 persistence: enabled: false - imageTag: 7.10.1 + imageTag: 7.16.2 host: elasticsearch-master-headless scheme: http port: 9200 @@ -352,23 +374,29 @@ grafana: isDefault: true dashboards: default: - frontend-github: - url: https://raw.githubusercontent.com/temporalio/temporal-dashboards/master/dashboards/frontend.json + server-general-github: + url: https://raw.githubusercontent.com/temporalio/dashboards/helm/server/server-general.json + datasource: TemporalMetrics + sdk-general-github: + url: https://raw.githubusercontent.com/temporalio/dashboards/helm/sdk/sdk-general.json + datasource: TemporalMetrics + misc-advanced-visibility-specific-github: + url: https://raw.githubusercontent.com/temporalio/dashboards/helm/misc/advanced-visibility-specific.json datasource: TemporalMetrics - temporal-github: - url: https://raw.githubusercontent.com/temporalio/temporal-dashboards/master/dashboards/temporal.json + misc-clustermonitoring-kubernetes-github: + url: https://raw.githubusercontent.com/temporalio/dashboards/helm/misc/clustermonitoring-kubernetes.json datasource: TemporalMetrics - history-github: - url: https://raw.githubusercontent.com/temporalio/temporal-dashboards/master/dashboards/history.json + misc-frontend-service-specific-github: + url: https://raw.githubusercontent.com/temporalio/dashboards/helm/misc/frontend-service-specific.json datasource: TemporalMetrics - matching-github: - url: https://raw.githubusercontent.com/temporalio/temporal-dashboards/master/dashboards/matching.json + misc-history-service-specific-github: + url: https://raw.githubusercontent.com/temporalio/dashboards/helm/misc/history-service-specific.json datasource: TemporalMetrics - clusteroverview-github: - url: https://raw.githubusercontent.com/temporalio/temporal-dashboards/master/dashboards/10000.json + misc-matching-service-specific-github: + url: https://raw.githubusercontent.com/temporalio/dashboards/helm/misc/matching-service-specific.json datasource: TemporalMetrics - common-github: - url: https://raw.githubusercontent.com/temporalio/temporal-dashboards/master/dashboards/common.json + misc-worker-service-specific-github: + url: https://raw.githubusercontent.com/temporalio/dashboards/helm/misc/worker-service-specific.json datasource: TemporalMetrics cassandra: @@ -391,4 +419,4 @@ cassandra: type: ClusterIP mysql: - enabled: false \ No newline at end of file + enabled: false diff --git a/charts/temporal/values/values.antiaffinity.yaml b/charts/temporal/values/values.antiaffinity.yaml new file mode 100644 index 0000000..29cd877 --- /dev/null +++ b/charts/temporal/values/values.antiaffinity.yaml @@ -0,0 +1,228 @@ +cassandra: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - frontend + - history + - matching + - worker + topologyKey: kubernetes.io/hostname + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - elasticsearch-master + topologyKey: kubernetes.io/hostname + - weight: 5 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - prometheus + topologyKey: kubernetes.io/hostname + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - grafana + topologyKey: kubernetes.io/hostname + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - cassandra + topologyKey: kubernetes.io/hostname + +server: + frontend: + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - history + - matching + - worker + topologyKey: kubernetes.io/hostname + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - cassandra + topologyKey: kubernetes.io/hostname + - weight: 75 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - elasticsearch-master + topologyKey: kubernetes.io/hostname + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - frontend + topologyKey: kubernetes.io/hostname + + history: + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - frontend + - matching + - worker + topologyKey: kubernetes.io/hostname + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - cassandra + topologyKey: kubernetes.io/hostname + - weight: 75 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - elasticsearch-master + topologyKey: kubernetes.io/hostname + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - history + topologyKey: kubernetes.io/hostname + + matching: + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - frontend + - history + - worker + topologyKey: kubernetes.io/hostname + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - cassandra + topologyKey: kubernetes.io/hostname + - weight: 75 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - elasticsearch-master + topologyKey: kubernetes.io/hostname + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - matching + topologyKey: kubernetes.io/hostname + + worker: + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - frontend + - matching + - history + topologyKey: kubernetes.io/hostname + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - cassandra + topologyKey: kubernetes.io/hostname + - weight: 75 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - elasticsearch-master + topologyKey: kubernetes.io/hostname + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - worker + topologyKey: kubernetes.io/hostname diff --git a/charts/temporal/values/values.aurora-mysql.yaml b/charts/temporal/values/values.aurora-mysql.yaml new file mode 100644 index 0000000..21b61b6 --- /dev/null +++ b/charts/temporal/values/values.aurora-mysql.yaml @@ -0,0 +1,47 @@ +server: + config: + persistence: + default: + driver: "sql" + + sql: + driver: "mysql" + host: _HOST_ + port: 3306 + database: temporal + user: _USERNAME_ + password: _PASSWORD_ + maxConns: 20 + maxConnLifetime: "1h" + connectAttributes: + tx_isolation: 'READ-COMMITTED' + + visibility: + driver: "sql" + + sql: + driver: "mysql" + host: _HOST_ + port: 3306 + database: temporal_visibility + user: _USERNAME_ + password: _PASSWORD_ + maxConns: 20 + maxConnLifetime: "1h" + connectAttributes: + tx_isolation: 'READ-COMMITTED' + +cassandra: + enabled: false + +mysql: + enabled: true + +postgresql: + enabled: false + +schema: + setup: + enabled: false + update: + enabled: false diff --git a/charts/temporal/values/values.cassandra.yaml b/charts/temporal/values/values.cassandra.yaml new file mode 100644 index 0000000..af622ca --- /dev/null +++ b/charts/temporal/values/values.cassandra.yaml @@ -0,0 +1,53 @@ +server: + config: + logLevel: "debug,info" + + numHistoryShards: 512 + + persistence: + default: + driver: "cassandra" + + cassandra: + hosts: ["cassandra.default.svc.cluster.local"] + port: 9042 + keyspace: temporal + user: "user" + password: "password" + existingSecret: "" + replicationFactor: 1 + consistency: + default: + consistency: "local_quorum" + serialConsistency: "local_serial" + + visibility: + driver: "cassandra" + + cassandra: + hosts: ["cassandra.default.svc.cluster.local"] + port: 9042 + keyspace: temporal_visibility + user: "user" + password: "password" + existingSecret: "" + replicationFactor: 1 + consistency: + default: + consistency: "local_quorum" + serialConsistency: "local_serial" + +cassandra: + enabled: false + +mysql: + enabled: false + +postgresql: + enabled: false + +schema: + setup: + enabled: false + update: + enabled: false diff --git a/charts/temporal/values/values.cloudsqlproxy.yaml b/charts/temporal/values/values.cloudsqlproxy.yaml new file mode 100644 index 0000000..967437d --- /dev/null +++ b/charts/temporal/values/values.cloudsqlproxy.yaml @@ -0,0 +1,20 @@ +server: + sidecarContainers: + - name: cloud-sql-proxy + image: gcr.io/cloudsql-docker/gce-proxy:1.17 + command: + - "/cloud_sql_proxy" + - "-ip_address_types=PRIVATE" + - "-instances=_PROJECTNAME_:_REGION_:_INSTANCENAME_=tcp:5432" + - "-credential_file=/etc/google-cloud-key/key.json" + securityContext: + runAsNonRoot: true + volumeMounts: + - name: google-cloud-key + mountPath: /etc/google-cloud-key + readOnly: true + + additionalVolumes: + - name: google-cloud-key + secret: + secretName: cloud-sql-proxy-sa diff --git a/charts/temporal/values/values.dynamic_config.yaml b/charts/temporal/values/values.dynamic_config.yaml new file mode 100644 index 0000000..df797cd --- /dev/null +++ b/charts/temporal/values/values.dynamic_config.yaml @@ -0,0 +1,8 @@ +server: + dynamicConfig: + matching.numTaskqueueReadPartitions: + - value: 5 + constraints: {} + matching.numTaskqueueWritePartitions: + - value: 5 + constraints: {} diff --git a/charts/temporal/values/values.elasticsearch.yaml b/charts/temporal/values/values.elasticsearch.yaml new file mode 100644 index 0000000..bd16922 --- /dev/null +++ b/charts/temporal/values/values.elasticsearch.yaml @@ -0,0 +1,8 @@ +elasticsearch: + enabled: false + external: true + host: "elasticsearch-master-headless" + port: "9200" + version: "v7" + scheme: "http" + logLevel: "error" diff --git a/charts/temporal/values/values.mysql.yaml b/charts/temporal/values/values.mysql.yaml new file mode 100644 index 0000000..8d22826 --- /dev/null +++ b/charts/temporal/values/values.mysql.yaml @@ -0,0 +1,43 @@ +server: + config: + persistence: + default: + driver: "sql" + + sql: + driver: "mysql" + host: _HOST_ + port: 3306 + database: temporal + user: _USERNAME_ + password: _PASSWORD_ + maxConns: 20 + maxConnLifetime: "1h" + + visibility: + driver: "sql" + + sql: + driver: "mysql" + host: _HOST_ + port: 3306 + database: temporal_visibility + user: _USERNAME_ + password: _PASSWORD_ + maxConns: 20 + maxConnLifetime: "1h" + +cassandra: + enabled: false + +mysql: + enabled: true + +postgresql: + enabled: false + +schema: + setup: + enabled: false + update: + enabled: false diff --git a/charts/temporal/values/values.ndc.yaml b/charts/temporal/values/values.ndc.yaml new file mode 100644 index 0000000..70d6758 --- /dev/null +++ b/charts/temporal/values/values.ndc.yaml @@ -0,0 +1,34 @@ +server: + config: + dcRedirectionPolicy: + policy: "selected-apis-forwarding" + toDC: "" + + clusterMetadata: + enableGlobalNamespace: true + replicationConsumer: + type: rpc + failoverVersionIncrement: 100 + masterClusterName: cluster_a + currentClusterName: # + # clusterInformation: + # : + # enabled: true + # initialFailoverVersion: + # rpcName: "frontend" + # rpcAddress: + # cluster_a: + # enabled: true + # initialFailoverVersion: 1 + # rpcName: "frontend" + # rpcAddress: "localhost:7233" + # cluster_b: + # enabled: true + # initialFailoverVersion: 2 + # rpcName: "frontend" + # rpcAddress: "localhost:8233" + # cluster_c: + # enabled: false + # initialFailoverVersion: 3 + # rpcName: "frontend" + # rpcAddress: "localhost:9233" diff --git a/charts/temporal/values/values.postgresql.yaml b/charts/temporal/values/values.postgresql.yaml new file mode 100644 index 0000000..2460e1a --- /dev/null +++ b/charts/temporal/values/values.postgresql.yaml @@ -0,0 +1,43 @@ +server: + config: + persistence: + default: + driver: "sql" + + sql: + driver: "postgres" + host: _HOST_ + port: 5432 + database: temporal + user: _USERNAME_ + password: _PASSWORD_ + maxConns: 20 + maxConnLifetime: "1h" + + visibility: + driver: "sql" + + sql: + driver: "postgres" + host: _HOST_ + port: 5432 + database: temporal_visibility + user: _USERNAME_ + password: _PASSWORD_ + maxConns: 20 + maxConnLifetime: "1h" + +cassandra: + enabled: false + +mysql: + enabled: false + +postgresql: + enabled: true + +schema: + setup: + enabled: false + update: + enabled: false diff --git a/charts/temporal/values/values.resources.yaml b/charts/temporal/values/values.resources.yaml new file mode 100644 index 0000000..8d0a9aa --- /dev/null +++ b/charts/temporal/values/values.resources.yaml @@ -0,0 +1,24 @@ +server: + frontend: + resources: + requests: + cpu: 100m + memory: 512Mi + + history: + resources: + requests: + cpu: 100m + memory: 512Mi + + matching: + resources: + requests: + cpu: 100m + memory: 512Mi + + worker: + resources: + requests: + cpu: 100m + memory: 512Mi