diff --git a/Chart.yaml b/Chart.yaml index 1ec0ed2e..1616ca3f 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -49,8 +49,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.12.0 +version: 0.14.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 1.12.0 +appVersion: 1.14.0 diff --git a/README.md b/README.md index c9ae14a3..ccbe1f9f 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,8 @@ Temporal is a distributed, scalable, durable, and highly available orchestration This repo contains a basic V3 [Helm](https://helm.sh) chart that deploys Temporal to a Kubernetes cluster. The dependencies that are bundled with this solution by default offer an easy way to experiment with Temporal software. This Helm chart can also be used to install just the Temporal server, configured to connect to dependencies (such as a Cassandra, MySQL, or PostgreSQL database) that you may already have available in your environment. +**We do not recommend using Helm for managing Temporal deployments in production**. Rather, we recommend it for templating/generating manifests for Temporal's internal services only. [See our recent discussion on this topic](https://docs.temporal.io/blog/temporal-and-kubernetes/). + This Helm Chart code is tested by a dedicated test pipeline. It is also used extensively by other Temporal pipelines for testing various aspects of Temporal systems. Our test pipeline currently uses Helm 3.1.1. # Install Temporal service on a Kubernetes cluster diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 8a76d2e8..74b7d0a6 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -31,6 +31,22 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create the name of the service account +*/}} +{{- define "temporal.serviceAccountName" -}} +{{ default (include "temporal.fullname" .) .Values.serviceAccount.name }} +{{- end -}} + +{{/* +Define the service account as needed +*/}} +{{- define "temporal.serviceAccount" -}} +{{- if .Values.serviceAccount.create -}} +serviceAccountName: {{ include "temporal.serviceAccountName" . }} +{{- end -}} +{{- end -}} + {{/* Create a default fully qualified component name from the full app name and a component name. We truncate the full name at 63 - 1 (last dash) - len(component name) chars because some Kubernetes name fields are limited to this (by the DNS naming spec) diff --git a/templates/admintools-deployment.yaml b/templates/admintools-deployment.yaml index 41d62c26..875049de 100644 --- a/templates/admintools-deployment.yaml +++ b/templates/admintools-deployment.yaml @@ -1,3 +1,4 @@ +{{- if $.Values.admintools.enabled }} apiVersion: apps/v1 kind: Deployment metadata: @@ -28,6 +29,7 @@ spec: app.kubernetes.io/component: admintools app.kubernetes.io/part-of: {{ .Chart.Name }} spec: + {{ include "temporal.serviceAccount" . }} containers: - name: admin-tools image: "{{ .Values.admintools.image.repository }}:{{ .Values.admintools.image.tag }}" @@ -62,3 +64,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/templates/admintools-service.yaml b/templates/admintools-service.yaml index 860f0b6f..25ffa349 100644 --- a/templates/admintools-service.yaml +++ b/templates/admintools-service.yaml @@ -1,3 +1,4 @@ +{{- if $.Values.admintools.enabled }} apiVersion: v1 kind: Service metadata: @@ -22,4 +23,4 @@ spec: app.kubernetes.io/name: {{ include "temporal.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: admintools - +{{- end }} diff --git a/templates/server-configmap.yaml b/templates/server-configmap.yaml index fb3bf28e..acd69e08 100644 --- a/templates/server-configmap.yaml +++ b/templates/server-configmap.yaml @@ -1,36 +1,40 @@ {{- if $.Values.server.enabled }} +{{- range $service := (list "frontend" "history" "matching" "worker") }} apiVersion: v1 kind: ConfigMap metadata: - name: "{{ include "temporal.fullname" . }}-config" + name: "{{ include "temporal.componentname" (list $ $service) }}-config" labels: - app.kubernetes.io/name: {{ include "temporal.name" . }} - helm.sh/chart: {{ include "temporal.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/part-of: {{ .Chart.Name }} + app.kubernetes.io/name: {{ include "temporal.name" $ }} + helm.sh/chart: {{ include "temporal.chart" $ }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/part-of: {{ $.Chart.Name }} data: config_template.yaml: |- log: stdout: true - level: {{ .Values.server.config.logLevel | quote }} + level: {{ $.Values.server.config.logLevel | quote }} persistence: - defaultStore: default + defaultStore: {{ $.Values.server.config.persistence.defaultStore }} visibilityStore: visibility {{- if or $.Values.elasticsearch.enabled $.Values.elasticsearch.external }} advancedVisibilityStore: es-visibility {{- end }} - numHistoryShards: {{ .Values.server.config.numHistoryShards }} + numHistoryShards: {{ $.Values.server.config.numHistoryShards }} datastores: + {{- with $.Values.server.config.persistence.additionalStores }} + {{- toYaml . | nindent 8 }} + {{- end }} default: - {{- if eq (include "temporal.persistence.driver" (list . "default")) "cassandra" }} + {{- if eq (include "temporal.persistence.driver" (list $ "default")) "cassandra" }} cassandra: - hosts: "{{ include "temporal.persistence.cassandra.hosts" (list . "default") }}" - port: {{ include "temporal.persistence.cassandra.port" (list . "default") }} + hosts: "{{ include "temporal.persistence.cassandra.hosts" (list $ "default") }}" + port: {{ include "temporal.persistence.cassandra.port" (list $ "default") }} password: "{{ `{{ .Env.TEMPORAL_STORE_PASSWORD }}` }}" - {{- with (omit .Values.server.config.persistence.default.cassandra "hosts" "port" "password" "existingSecret") }} + {{- with (omit $.Values.server.config.persistence.default.cassandra "hosts" "port" "password" "existingSecret") }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} @@ -40,39 +44,39 @@ data: rate: {{ $.Values.server.config.persistence.faultinjection.rate }} {{- end }} {{- end }} - {{- if eq (include "temporal.persistence.driver" (list . "default")) "sql" }} + {{- if eq (include "temporal.persistence.driver" (list $ "default")) "sql" }} sql: - pluginName: "{{ include "temporal.persistence.sql.driver" (list . "default") }}" - driverName: "{{ include "temporal.persistence.sql.driver" (list . "default") }}" - databaseName: "{{ .Values.server.config.persistence.default.sql.database }}" - connectAddr: "{{ include "temporal.persistence.sql.host" (list . "default") }}:{{ include "temporal.persistence.sql.port" (list . "default") }}" + pluginName: "{{ include "temporal.persistence.sql.driver" (list $ "default") }}" + driverName: "{{ include "temporal.persistence.sql.driver" (list $ "default") }}" + databaseName: "{{ $.Values.server.config.persistence.default.sql.database }}" + connectAddr: "{{ include "temporal.persistence.sql.host" (list $ "default") }}:{{ include "temporal.persistence.sql.port" (list $ "default") }}" connectProtocol: "tcp" - user: {{ include "temporal.persistence.sql.user" (list . "default") }} + user: {{ include "temporal.persistence.sql.user" (list $ "default") }} password: "{{ `{{ .Env.TEMPORAL_STORE_PASSWORD }}` }}" - {{- with (omit .Values.server.config.persistence.default.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }} + {{- with (omit $.Values.server.config.persistence.default.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} visibility: - {{- if eq (include "temporal.persistence.driver" (list . "visibility")) "cassandra" }} + {{- if eq (include "temporal.persistence.driver" (list $ "visibility")) "cassandra" }} cassandra: - hosts: "{{ include "temporal.persistence.cassandra.hosts" (list . "visibility") }}" - port: {{ include "temporal.persistence.cassandra.port" (list . "visibility") }} + hosts: "{{ include "temporal.persistence.cassandra.hosts" (list $ "visibility") }}" + port: {{ include "temporal.persistence.cassandra.port" (list $ "visibility") }} password: "{{ `{{ .Env.TEMPORAL_VISIBILITY_STORE_PASSWORD }}` }}" - {{- with (omit .Values.server.config.persistence.visibility.cassandra "hosts" "port" "password" "existingSecret") }} + {{- with (omit $.Values.server.config.persistence.visibility.cassandra "hosts" "port" "password" "existingSecret") }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} - {{- if eq (include "temporal.persistence.driver" (list . "default")) "sql" }} + {{- if eq (include "temporal.persistence.driver" (list $ "default")) "sql" }} sql: - pluginName: "{{ include "temporal.persistence.sql.driver" (list . "visibility") }}" - driverName: "{{ include "temporal.persistence.sql.driver" (list . "visibility") }}" - databaseName: "{{ .Values.server.config.persistence.visibility.sql.database }}" - connectAddr: "{{ include "temporal.persistence.sql.host" (list . "visibility") }}:{{ include "temporal.persistence.sql.port" (list . "visibility") }}" + pluginName: "{{ include "temporal.persistence.sql.driver" (list $ "visibility") }}" + driverName: "{{ include "temporal.persistence.sql.driver" (list $ "visibility") }}" + databaseName: "{{ $.Values.server.config.persistence.visibility.sql.database }}" + connectAddr: "{{ include "temporal.persistence.sql.host" (list $ "visibility") }}:{{ include "temporal.persistence.sql.port" (list $ "visibility") }}" connectProtocol: "tcp" - user: "{{ include "temporal.persistence.sql.user" (list . "visibility") }}" + user: "{{ include "temporal.persistence.sql.user" (list $ "visibility") }}" password: "{{ `{{ .Env.TEMPORAL_VISIBILITY_STORE_PASSWORD }}` }}" - {{- with (omit .Values.server.config.persistence.visibility.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }} + {{- with (omit $.Values.server.config.persistence.visibility.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} @@ -99,60 +103,43 @@ data: pprof: port: 7936 + + metrics: + tags: + type: {{ $service }} + prometheus: + timerType: histogram + listenAddress: "0.0.0.0:9090" services: frontend: rpc: - grpcPort: {{ include "temporal.frontend.grpcPort" . }} - membershipPort: {{ include "temporal.frontend.membershipPort" . }} + grpcPort: {{ include "temporal.frontend.grpcPort" $ }} + membershipPort: {{ include "temporal.frontend.membershipPort" $ }} bindOnIP: "0.0.0.0" - metrics: - tags: - type: frontend - prometheus: - timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.frontend.metrics.prometheus.timerType }} - listenAddress: "0.0.0.0:9090" history: rpc: - grpcPort: {{ include "temporal.history.grpcPort" . }} - membershipPort: {{ include "temporal.history.membershipPort" . }} + grpcPort: {{ include "temporal.history.grpcPort" $ }} + membershipPort: {{ include "temporal.history.membershipPort" $ }} bindOnIP: "0.0.0.0" - metrics: - tags: - type: history - prometheus: - timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.history.metrics.prometheus.timerType }} - listenAddress: "0.0.0.0:9090" matching: rpc: - grpcPort: {{ include "temporal.matching.grpcPort" . }} - membershipPort: {{ include "temporal.matching.membershipPort" . }} + grpcPort: {{ include "temporal.matching.grpcPort" $ }} + membershipPort: {{ include "temporal.matching.membershipPort" $ }} bindOnIP: "0.0.0.0" - metrics: - tags: - type: matching - prometheus: - timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.matching.metrics.prometheus.timerType }} - listenAddress: "0.0.0.0:9090" worker: rpc: - grpcPort: {{ include "temporal.worker.grpcPort" . }} - membershipPort: {{ include "temporal.worker.membershipPort" . }} + grpcPort: {{ include "temporal.worker.grpcPort" $ }} + membershipPort: {{ include "temporal.worker.membershipPort" $ }} bindOnIP: "0.0.0.0" - metrics: - tags: - type: worker - prometheus: - timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.worker.metrics.prometheus.timerType }} - listenAddress: "0.0.0.0:9090" {{- if $.Values.server.config.clusterMetadata }} clusterMetadata: - {{- with .Values.server.config.clusterMetadata }} + {{- with $.Values.server.config.clusterMetadata }} {{- toYaml . | nindent 8 }} {{- end }} {{- else }} @@ -177,9 +164,12 @@ data: status: "disabled" publicClient: - hostPort: "{{ include "temporal.componentname" (list . "frontend") }}:{{ .Values.server.frontend.service.port }}" + hostPort: "{{ include "temporal.componentname" (list $ "frontend") }}:{{ $.Values.server.frontend.service.port }}" dynamicConfigClient: filepath: "/etc/temporal/dynamic_config/dynamic_config.yaml" pollInterval: "10s" +--- + +{{- end }} {{- end }} diff --git a/templates/server-deployment.yaml b/templates/server-deployment.yaml index 12691b81..c9b577d3 100644 --- a/templates/server-deployment.yaml +++ b/templates/server-deployment.yaml @@ -41,10 +41,13 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{ include "temporal.serviceAccount" $ }} {{- if or $.Values.cassandra.enabled (or $.Values.elasticsearch.enabled $.Values.elasticsearch.external)}} + {{- if semverCompare ">=1.13.0" $.Chart.AppVersion}} securityContext: fsGroup: 1000 #temporal group runAsUser: 1000 #temporal user + {{- end }} initContainers: {{- if $.Values.cassandra.enabled }} - name: check-cassandra-service @@ -146,7 +149,7 @@ spec: volumes: - name: config configMap: - name: "{{ include "temporal.fullname" $ }}-config" + name: "{{ include "temporal.componentname" (list $ $service) }}-config" - name: dynamic-config configMap: name: "{{ include "temporal.fullname" $ }}-dynamic-config" diff --git a/templates/server-job.yaml b/templates/server-job.yaml index ea366235..7459ace2 100644 --- a/templates/server-job.yaml +++ b/templates/server-job.yaml @@ -36,9 +36,10 @@ spec: app.kubernetes.io/component: database app.kubernetes.io/part-of: {{ .Chart.Name }} spec: + {{ include "temporal.serviceAccount" . }} restartPolicy: "OnFailure" initContainers: - {{- if or .Values.cassandra.enabled }} + {{- if or .Values.cassandra.enabled (eq (include "temporal.persistence.driver" (list $ "default")) "cassandra") (eq (include "temporal.persistence.driver" (list $ "visibility")) "cassandra") }} {{- if .Values.cassandra.enabled }} - name: check-cassandra-service image: busybox @@ -50,14 +51,12 @@ spec: {{- end }} {{- range $store := (list "default" "visibility") }} {{- $storeConfig := index $.Values.server.config.persistence $store }} + {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} - name: create-{{ $store }}-store image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}" imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} - {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} command: ['sh', '-c', 'temporal-cassandra-tool create -k {{ $storeConfig.cassandra.keyspace }} --replication-factor {{ $storeConfig.cassandra.replicationFactor }}'] - {{- end }} env: - {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} - name: CASSANDRA_HOST value: {{ first (splitList "," (include "temporal.persistence.cassandra.hosts" (list $ $store))) }} - name: CASSANDRA_PORT @@ -68,11 +67,18 @@ spec: - name: CASSANDRA_USER value: {{ $storeConfig.cassandra.user }} {{- end }} - {{- if $storeConfig.cassandra.password }} + {{- if (or $storeConfig.cassandra.password $storeConfig.cassandra.existingSecret) }} - name: CASSANDRA_PASSWORD + {{- if $storeConfig.cassandra.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ include "temporal.persistence.secretName" (list $ $store) }} + key: {{ include "temporal.persistence.secretKey" (list $ $store) }} + {{- else }} value: {{ $storeConfig.cassandra.password }} + {{- end }} {{- end }} - {{- end }} + {{- end }} {{- end }} {{- else }} [] @@ -96,9 +102,16 @@ spec: - name: CASSANDRA_USER value: {{ $storeConfig.cassandra.user }} {{- end }} - {{- if $storeConfig.cassandra.password }} + {{- if (or $storeConfig.cassandra.password $storeConfig.cassandra.existingSecret) }} - name: CASSANDRA_PASSWORD + {{- if $storeConfig.cassandra.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ include "temporal.persistence.secretName" (list $ $store) }} + key: {{ include "temporal.persistence.secretKey" (list $ $store) }} + {{- else }} value: {{ $storeConfig.cassandra.password }} + {{- end }} {{- end }} {{- end }} {{- end }} @@ -106,7 +119,18 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - + {{- with (default $.Values.server.nodeSelector) }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} --- {{- end }} {{- if .Values.schema.update.enabled }} @@ -146,6 +170,7 @@ spec: app.kubernetes.io/component: database app.kubernetes.io/part-of: {{ .Chart.Name }} spec: + {{ include "temporal.serviceAccount" . }} restartPolicy: "OnFailure" initContainers: {{- if .Values.cassandra.enabled }} @@ -180,13 +205,31 @@ spec: - name: CASSANDRA_USER value: {{ $storeConfig.cassandra.user }} {{- end }} - {{- if $storeConfig.cassandra.password }} + {{- if (or $storeConfig.cassandra.password $storeConfig.cassandra.existingSecret) }} - name: CASSANDRA_PASSWORD + {{- if $storeConfig.cassandra.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ include "temporal.persistence.secretName" (list $ $store) }} + key: {{ include "temporal.persistence.secretKey" (list $ $store) }} + {{- else }} value: {{ $storeConfig.cassandra.password }} + {{- end }} {{- end }} {{- end }} {{- end }} - + {{- with (default $.Values.admintools.nodeSelector) }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.admintools.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.admintools.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} --- {{- end }} {{- if or $.Values.elasticsearch.enabled $.Values.elasticsearch.external }} @@ -226,6 +269,7 @@ spec: app.kubernetes.io/component: database app.kubernetes.io/part-of: {{ .Chart.Name }} spec: + {{ include "temporal.serviceAccount" . }} restartPolicy: "OnFailure" initContainers: - name: check-elasticsearch-service @@ -241,7 +285,19 @@ spec: imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} command: ['sh', '-c'] args: - - 'curl -X PUT --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/_template/temporal_visibility_v1_template -H "Content-Type: application/json" --data-binary "@schema/elasticsearch/visibility/index_template_{{ .Values.elasticsearch.version }}.json" 2>&1; - curl -X PUT --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/{{ .Values.elasticsearch.visibilityIndex }} 2>&1;' + - 'curl -X PUT --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/_template/temporal_visibility_v1_template -H "Content-Type: application/json" --data-binary "@schema/elasticsearch/visibility/index_template_{{ .Values.elasticsearch.version }}.json" 2>&1 && + curl -X PUT --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/{{ .Values.elasticsearch.visibilityIndex }} 2>&1' + {{- with (default $.Values.admintools.nodeSelector) }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.admintools.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.admintools.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- end }} diff --git a/templates/server-service-monitor.yaml b/templates/server-service-monitor.yaml index 5d6ce3a5..73909009 100644 --- a/templates/server-service-monitor.yaml +++ b/templates/server-service-monitor.yaml @@ -21,7 +21,7 @@ spec: endpoints: - port: metrics interval: {{ default $.Values.server.metrics.serviceMonitor.interval $serviceValues.metrics.serviceMonitor.interval }} - {{- with (default $.Values.server.metrics.serviceMonitor.metricRelabelings $serviceValues.metrics.serviceMonitor.interval) }} + {{- with (default $.Values.server.metrics.serviceMonitor.metricRelabelings $serviceValues.metrics.serviceMonitor.metricRelabelings) }} metricRelabelings: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml new file mode 100644 index 00000000..f44e51db --- /dev/null +++ b/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "temporal.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "temporal.name" . }} + helm.sh/chart: {{ include "temporal.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/part-of: {{ .Chart.Name }} + annotations: + helm.sh/hook: pre-install + helm.sh/hook-weight: "-10" + {{- with .Values.serviceAccount.extraAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/templates/web-deployment.yaml b/templates/web-deployment.yaml index c91f706a..a0dd8731 100644 --- a/templates/web-deployment.yaml +++ b/templates/web-deployment.yaml @@ -33,6 +33,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{ include "temporal.serviceAccount" . }} volumes: - name: {{ .Chart.Name }}-web-config configMap: diff --git a/templates/web-ingress.yaml b/templates/web-ingress.yaml index c6c08b6e..594cf163 100644 --- a/templates/web-ingress.yaml +++ b/templates/web-ingress.yaml @@ -25,7 +25,7 @@ spec: {{- range .Values.web.ingress.tls }} - hosts: {{- range .hosts }} - - {{ . }} + - {{ . | quote }} {{- end }} secretName: {{ .secretName }} {{- end }} diff --git a/values.yaml b/values.yaml index 0503c668..d3e9c847 100644 --- a/values.yaml +++ b/values.yaml @@ -5,12 +5,23 @@ fullnameOverride: "" # (eg. disable helm hook delete policy) debug: false +# Custom Service account management +serviceAccount: + # Whether to create service account or not + create: false + + # Name of the service account, default: temporal.fullname + name: + + # extraAnnotations would let users add additional annotations + extraAnnotations: + server: enabled: true sidecarContainers: image: repository: temporalio/server - tag: 1.12.0 + tag: 1.14.0 pullPolicy: IfNotPresent # Global default settings (can be overridden per service) @@ -76,6 +87,9 @@ server: numHistoryShards: 512 persistence: + defaultStore: default + additionalStores: {} + default: driver: "cassandra" @@ -219,13 +233,16 @@ admintools: enabled: true image: repository: temporalio/admin-tools - tag: 1.12.0 + tag: 1.14.0 pullPolicy: IfNotPresent service: type: ClusterIP port: 22 annotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} web: enabled: true @@ -242,7 +259,7 @@ web: image: repository: temporalio/web - tag: 1.11.0 + tag: 1.13.0 pullPolicy: IfNotPresent service: @@ -299,7 +316,7 @@ elasticsearch: replicas: 3 persistence: enabled: false - imageTag: 7.10.1 + imageTag: 7.16.2 host: elasticsearch-master-headless scheme: http port: 9200