diff --git a/charts/temporal/Chart.yaml b/charts/temporal/Chart.yaml index 9007a95..e87a842 100644 --- a/charts/temporal/Chart.yaml +++ b/charts/temporal/Chart.yaml @@ -49,8 +49,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.24.1 +version: 0.29.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 1.21.1 +appVersion: 1.22.1 diff --git a/charts/temporal/templates/_helpers.tpl b/charts/temporal/templates/_helpers.tpl index 74b7d0a..dbf2146 100644 --- a/charts/temporal/templates/_helpers.tpl +++ b/charts/temporal/templates/_helpers.tpl @@ -206,6 +206,17 @@ Source: https://stackoverflow.com/a/52024583/3027614 {{- print "password" -}} {{- end -}} +{{- define "temporal.persistence.sql.database" -}} +{{- $global := index . 0 -}} +{{- $store := index . 1 -}} +{{- $storeConfig := index $global.Values.server.config.persistence $store -}} +{{- if $storeConfig.sql.database -}} +{{- $storeConfig.sql.database -}} +{{- else -}} +{{- required (printf "Please specify database for %s store" $store) -}} +{{- end -}} +{{- end -}} + {{- define "temporal.persistence.sql.driver" -}} {{- $global := index . 0 -}} {{- $store := index . 1 -}} diff --git a/charts/temporal/templates/server-configmap.yaml b/charts/temporal/templates/server-configmap.yaml index 694fd31..8abf0f0 100644 --- a/charts/temporal/templates/server-configmap.yaml +++ b/charts/temporal/templates/server-configmap.yaml @@ -39,11 +39,9 @@ data: {{- toYaml . | nindent 12 }} {{- end }} {{- end }} - {{- if $.Values.server.config.persistence.faultinjection}} - {{- if $.Values.server.config.persistence.faultinjection.rate }} + {{- with $.Values.server.config.persistence.default.faultInjection}} faultInjection: - rate: {{ $.Values.server.config.persistence.faultinjection.rate }} - {{- end }} + {{- toYaml . | nindent 12 }} {{- end }} {{- if eq (include "temporal.persistence.driver" (list $ "default")) "sql" }} sql: @@ -122,6 +120,13 @@ data: listenAddress: "0.0.0.0:9090" {{- end }} + {{- if $.Values.server.config.tls }} + tls: + {{- with $.Values.server.config.tls }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} + services: frontend: rpc: diff --git a/charts/temporal/templates/server-job.yaml b/charts/temporal/templates/server-job.yaml index 3feb8d2..77c5e9b 100644 --- a/charts/temporal/templates/server-job.yaml +++ b/charts/temporal/templates/server-job.yaml @@ -55,7 +55,7 @@ spec: - name: create-{{ $store }}-store image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}" imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} - command: ['sh', '-c', 'temporal-cassandra-tool create -k {{ $storeConfig.cassandra.keyspace }} --replication-factor {{ $storeConfig.cassandra.replicationFactor }}'] + command: ['temporal-cassandra-tool', 'create', '-k', '{{ $storeConfig.cassandra.keyspace }}', '--replication-factor', '{{ $storeConfig.cassandra.replicationFactor }}'] env: - name: CASSANDRA_HOST value: {{ first (splitList "," (include "temporal.persistence.cassandra.hosts" (list $ $store))) }} @@ -80,6 +80,38 @@ spec: {{- end }} {{- end }} {{- end }} + {{- else if or (eq (include "temporal.persistence.driver" (list $ "default")) "sql") (eq (include "temporal.persistence.driver" (list $ "visibility")) "sql") }} + {{- range $store := (list "default" "visibility") }} + {{- $storeConfig := index $.Values.server.config.persistence $store }} + {{- if eq (include "temporal.persistence.driver" (list $ $store)) "sql" }} + - name: create-{{ $store }}-store + image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}" + imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} + command: ['temporal-sql-tool', '--database', '{{ include "temporal.persistence.sql.database" (list $ $store) }}', 'create-database'] + env: + - name: SQL_PLUGIN + value: {{ include "temporal.persistence.sql.driver" (list $ $store) }} + - name: SQL_HOST + value: {{ include "temporal.persistence.sql.host" (list $ $store) }} + - name: SQL_PORT + value: {{ include "temporal.persistence.sql.port" (list $ $store) | quote }} + {{- if $storeConfig.sql.user }} + - name: SQL_USER + value: {{ $storeConfig.sql.user }} + {{- end }} + {{- if (or $storeConfig.sql.password $storeConfig.sql.existingSecret) }} + - name: SQL_PASSWORD + {{- if $storeConfig.sql.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ include "temporal.persistence.secretName" (list $ $store) }} + key: {{ include "temporal.persistence.secretKey" (list $ $store) }} + {{- else }} + value: {{ $storeConfig.sql.password }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- else }} [] {{- end }} @@ -89,7 +121,7 @@ spec: - name: {{ $store }}-schema image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}" imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} - command: ["temporal-{{ include "temporal.persistence.driver" (list $ $store) }}-tool", "setup-schema", "-v", "0.0"] + command: ['temporal-{{ include "temporal.persistence.driver" (list $ $store) }}-tool', 'setup-schema', '-v', '0.0'] env: {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} - name: CASSANDRA_HOST @@ -113,6 +145,30 @@ spec: value: {{ $storeConfig.cassandra.password }} {{- end }} {{- end }} + {{- else if eq (include "temporal.persistence.driver" (list $ $store)) "sql" }} + - name: SQL_PLUGIN + value: {{ include "temporal.persistence.sql.driver" (list $ $store) }} + - name: SQL_HOST + value: {{ include "temporal.persistence.sql.host" (list $ $store) }} + - name: SQL_PORT + value: {{ include "temporal.persistence.sql.port" (list $ $store) | quote }} + - name: SQL_DATABASE + value: {{ include "temporal.persistence.sql.database" (list $ $store) }} + {{- if $storeConfig.sql.user }} + - name: SQL_USER + value: {{ $storeConfig.sql.user }} + {{- end }} + {{- if (or $storeConfig.sql.password $storeConfig.sql.existingSecret) }} + - name: SQL_PASSWORD + {{- if $storeConfig.sql.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ include "temporal.persistence.secretName" (list $ $store) }} + key: {{ include "temporal.persistence.secretKey" (list $ $store) }} + {{- else }} + value: {{ $storeConfig.sql.password }} + {{- end }} + {{- end }} {{- end }} {{- end }} {{- with .Values.schema.resources }} @@ -203,7 +259,15 @@ spec: image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}" imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} - command: ['sh', '-c', 'temporal-cassandra-tool update-schema -d /etc/temporal/schema/cassandra/{{ include "temporal.persistence.schema" $store }}/versioned'] + command: ['temporal-{{ include "temporal.persistence.driver" (list $ $store) }}-tool', 'update-schema', '--schema-dir', '/etc/temporal/schema/cassandra/{{ include "temporal.persistence.schema" $store }}/versioned'] + {{- else if eq (include "temporal.persistence.sql.driver" (list $ $store)) "mysql" }} + command: ['temporal-{{ include "temporal.persistence.driver" (list $ $store) }}-tool', 'update-schema', '--schema-dir', '/etc/temporal/schema/mysql/v57/{{ include "temporal.persistence.schema" $store }}/versioned'] + {{- else if eq (include "temporal.persistence.sql.driver" (list $ $store)) "mysql8" }} + command: ['temporal-{{ include "temporal.persistence.driver" (list $ $store) }}-tool', 'update-schema', '--schema-dir', '/etc/temporal/schema/mysql/v8/{{ include "temporal.persistence.schema" $store }}/versioned'] + {{- else if eq (include "temporal.persistence.sql.driver" (list $ $store)) "postgres" }} + command: ['temporal-{{ include "temporal.persistence.driver" (list $ $store) }}-tool', 'update-schema', '--schema-dir', '/etc/temporal/schema/postgresql/v96/{{ include "temporal.persistence.schema" $store }}/versioned'] + {{- else if eq (include "temporal.persistence.sql.driver" (list $ $store)) "postgres12" }} + command: ['temporal-{{ include "temporal.persistence.driver" (list $ $store) }}-tool', 'update-schema', '--schema-dir', '/etc/temporal/schema/postgresql/v12/{{ include "temporal.persistence.schema" $store }}/versioned'] {{- end }} env: {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} @@ -228,6 +292,30 @@ spec: value: {{ $storeConfig.cassandra.password }} {{- end }} {{- end }} + {{- else if eq (include "temporal.persistence.driver" (list $ $store)) "sql" }} + - name: SQL_PLUGIN + value: {{ include "temporal.persistence.sql.driver" (list $ $store) }} + - name: SQL_HOST + value: {{ include "temporal.persistence.sql.host" (list $ $store) }} + - name: SQL_PORT + value: {{ include "temporal.persistence.sql.port" (list $ $store) | quote }} + - name: SQL_DATABASE + value: {{ include "temporal.persistence.sql.database" (list $ $store) }} + {{- if $storeConfig.sql.user }} + - name: SQL_USER + value: {{ $storeConfig.sql.user }} + {{- end }} + {{- if (or $storeConfig.sql.password $storeConfig.sql.existingSecret) }} + - name: SQL_PASSWORD + {{- if $storeConfig.sql.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ include "temporal.persistence.secretName" (list $ $store) }} + key: {{ include "temporal.persistence.secretKey" (list $ $store) }} + {{- else }} + value: {{ $storeConfig.sql.password }} + {{- end }} + {{- end }} {{- end }} {{- end }} {{- with .Values.schema.resources }} diff --git a/charts/temporal/templates/web-deployment.yaml b/charts/temporal/templates/web-deployment.yaml index bfce3bc..df01029 100644 --- a/charts/temporal/templates/web-deployment.yaml +++ b/charts/temporal/templates/web-deployment.yaml @@ -41,6 +41,9 @@ spec: - name: {{ .Chart.Name }}-web-config configMap: name: {{ include "temporal.componentname" (list . "web") }}-config + {{- if .Values.web.additionalVolumes }} + {{- toYaml .Values.web.additionalVolumes | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }}-web image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag }}" @@ -61,6 +64,10 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.web.additionalVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.web.securityContext }} securityContext: {{- toYaml . | nindent 8 }} diff --git a/charts/temporal/values.yaml b/charts/temporal/values.yaml index 7b6682e..3c3fb07 100644 --- a/charts/temporal/values.yaml +++ b/charts/temporal/values.yaml @@ -21,7 +21,7 @@ server: sidecarContainers: {} image: repository: temporalio/server - tag: 1.21.1 + tag: 1.22.1 pullPolicy: IfNotPresent # Global default settings (can be overridden per service) @@ -94,6 +94,35 @@ server: # IMPORTANT: This value cannot be changed, once it's set. numHistoryShards: 512 + # Define your TLS configuration here. See https://docs.temporal.io/references/configuration#tls + # for configuration options. You must also use `server.additionalVolumeMounts` and `server.additionalVolumes` + # to mount certificates (from Secret or ConfigMap etc) to the path you use below. + # tls: + # internode: + # server: + # certFile: /path/to/internode/cert/file + # keyFile: /path/to/internode/key/file + # requireClientAuth: true + # clientCaFiles: + # - /path/to/internode/serverCa + # client: + # serverName: dnsSanInInternodeCertificate + # rootCaFiles: + # - /path/to/internode/serverCa + # frontend: + # server: + # certFile: /path/to/frontend/cert/file + # keyFile: /path/to/frontend/key/file + # requireClientAuth: true + # clientCaFiles: + # - /path/to/internode/serverCa + # - /path/to/sdkClientPool1/ca + # - /path/to/sdkClientPool2/ca + # client: + # serverName: dnsSanInFrontendCertificate + # rootCaFiles: + # - /path/to/frontend/serverCa + persistence: defaultStore: default additionalStores: {} @@ -257,7 +286,7 @@ admintools: enabled: true image: repository: temporalio/admin-tools - tag: 1.21.1 + tag: 1.22.1 pullPolicy: IfNotPresent service: @@ -301,18 +330,14 @@ web: # loadBalancerIP: ingress: - enabled: true - className: alb + enabled: false + # className: annotations: {} - kubernetes.io/ingress.class: traefik - # ingress.kubernetes.io/ssl-redirect: "true" + # kubernetes.io/ingress.class: traefik + # ingress.kubernetes.io/ssl-redirect: "false" # traefik.frontend.rule.type: PathPrefix - # alb.ingress.kubernetes.io/scheme: "internet-facing" │ - # # # │alb.ingress.kubernetes.io/security-groups: "sg-042081a1c69c1d8be" │ - # alb.ingress.kubernetes.io/success-codes: "200" - hosts: - - "csw.integration.opengov.zone" + - "/" # - "domain.com/xyz" # - "domain.com" tls: [] @@ -341,6 +366,9 @@ web: affinity: {} + additionalVolumes: [] + additionalVolumeMounts: [] + additionalEnv: [] containerSecurityContext: {} diff --git a/charts/temporal/values/values.cassandra.yaml b/charts/temporal/values/values.cassandra.yaml index af622ca..4163698 100644 --- a/charts/temporal/values/values.cassandra.yaml +++ b/charts/temporal/values/values.cassandra.yaml @@ -8,6 +8,24 @@ server: default: driver: "cassandra" +# faultInjection: +# targets: +# dataStores: +# ExecutionStore: +# methods: +# GetCurrentExecution: +# errors: +# ResourceExhausted: 0.1 +# AppendHistoryNodes: +# errors: +# ResourceExhausted: 0.05 +# UpdateWorkflowExecution: +# errors: +# ResourceExhausted: 0.15 +# GetWorkflowExecution: +# errors: +# ResourceExhausted: 0.15 + cassandra: hosts: ["cassandra.default.svc.cluster.local"] port: 9042