Fetch from upstream

Chart.yaml

@@ -49,8 +49,8 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.12.0
+version: 0.14.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 1.12.0
+appVersion: 1.14.0

README.md

@@ -5,6 +5,8 @@ Temporal is a distributed, scalable, durable, and highly available orchestration
 
 This repo contains a basic V3 [Helm](https://helm.sh) chart that deploys Temporal to a Kubernetes cluster. The dependencies that are bundled with this solution by default offer an easy way to experiment with Temporal software. This Helm chart can also be used to install just the Temporal server, configured to connect to dependencies (such as a Cassandra, MySQL, or PostgreSQL database) that you may already have available in your environment.
 
+**We do not recommend using Helm for managing Temporal deployments in production**. Rather, we recommend it for templating/generating manifests for Temporal's internal services only. [See our recent discussion on this topic](https://docs.temporal.io/blog/temporal-and-kubernetes/).
+
 This Helm Chart code is tested by a dedicated test pipeline. It is also used extensively by other Temporal pipelines for testing various aspects of Temporal systems. Our test pipeline currently uses Helm 3.1.1.
 
 # Install Temporal service on a Kubernetes cluster

templates/_helpers.tpl

@@ -31,6 +31,22 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Create the name of the service account
+*/}}
+{{- define "temporal.serviceAccountName" -}}
+{{ default (include "temporal.fullname" .) .Values.serviceAccount.name }}
+{{- end -}}
+
+{{/*
+Define the service account as needed
+*/}}
+{{- define "temporal.serviceAccount" -}}
+{{- if .Values.serviceAccount.create -}}
+serviceAccountName: {{ include "temporal.serviceAccountName" . }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Create a default fully qualified component name from the full app name and a component name.
 We truncate the full name at 63 - 1 (last dash) - len(component name) chars because some Kubernetes name fields are limited to this (by the DNS naming spec)

templates/admintools-deployment.yaml

@@ -1,3 +1,4 @@
+{{- if $.Values.admintools.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -28,6 +29,7 @@ spec:
         app.kubernetes.io/component: admintools
         app.kubernetes.io/part-of: {{ .Chart.Name }}
     spec:
+      {{ include "temporal.serviceAccount" . }}
       containers:
         - name: admin-tools
           image: "{{ .Values.admintools.image.repository }}:{{ .Values.admintools.image.tag }}"
@@ -62,3 +64,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
+{{- end }}

templates/admintools-service.yaml

@@ -1,3 +1,4 @@
+{{- if $.Values.admintools.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -22,4 +23,4 @@ spec:
     app.kubernetes.io/name: {{ include "temporal.name" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/component: admintools
-
+{{- end }}

templates/server-configmap.yaml

@@ -1,36 +1,40 @@
 {{- if $.Values.server.enabled }}
+{{- range $service := (list "frontend" "history" "matching" "worker") }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: "{{ include "temporal.fullname" . }}-config"
+  name: "{{ include "temporal.componentname" (list $ $service) }}-config"
   labels:
-    app.kubernetes.io/name: {{ include "temporal.name" . }}
-    helm.sh/chart: {{ include "temporal.chart" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }}
-    app.kubernetes.io/part-of: {{ .Chart.Name }}
+    app.kubernetes.io/name: {{ include "temporal.name" $ }}
+    helm.sh/chart: {{ include "temporal.chart" $ }}
+    app.kubernetes.io/managed-by: {{ $.Release.Service }}
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+    app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }}
+    app.kubernetes.io/part-of: {{ $.Chart.Name }}
 data:
   config_template.yaml: |-
     log:
       stdout: true
-      level: {{ .Values.server.config.logLevel | quote }}
+      level: {{ $.Values.server.config.logLevel | quote }}
 
     persistence:
-      defaultStore: default
+      defaultStore: {{ $.Values.server.config.persistence.defaultStore }}
       visibilityStore: visibility
     {{- if or $.Values.elasticsearch.enabled $.Values.elasticsearch.external }}
       advancedVisibilityStore: es-visibility
     {{- end }}
-      numHistoryShards: {{ .Values.server.config.numHistoryShards }}
+      numHistoryShards: {{ $.Values.server.config.numHistoryShards }}
       datastores:
+        {{- with $.Values.server.config.persistence.additionalStores }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
         default:
-          {{- if eq (include "temporal.persistence.driver" (list . "default")) "cassandra" }}
+          {{- if eq (include "temporal.persistence.driver" (list $ "default")) "cassandra" }}
           cassandra:
-            hosts: "{{ include "temporal.persistence.cassandra.hosts" (list . "default") }}"
-            port: {{ include "temporal.persistence.cassandra.port" (list . "default") }}
+            hosts: "{{ include "temporal.persistence.cassandra.hosts" (list $ "default") }}"
+            port: {{ include "temporal.persistence.cassandra.port" (list $ "default") }}
             password: "{{ `{{ .Env.TEMPORAL_STORE_PASSWORD }}` }}"
-            {{- with (omit .Values.server.config.persistence.default.cassandra "hosts" "port" "password" "existingSecret") }}
+            {{- with (omit $.Values.server.config.persistence.default.cassandra "hosts" "port" "password" "existingSecret") }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
           {{- end }}
@@ -40,39 +44,39 @@ data:
             rate: {{ $.Values.server.config.persistence.faultinjection.rate }}
           {{- end }}
           {{- end }}
-          {{- if eq (include "temporal.persistence.driver" (list . "default")) "sql" }}
+          {{- if eq (include "temporal.persistence.driver" (list $ "default")) "sql" }}
           sql:
-            pluginName: "{{ include "temporal.persistence.sql.driver" (list . "default") }}"
-            driverName: "{{ include "temporal.persistence.sql.driver" (list . "default") }}"
-            databaseName: "{{ .Values.server.config.persistence.default.sql.database }}"
-            connectAddr: "{{ include "temporal.persistence.sql.host" (list . "default") }}:{{ include "temporal.persistence.sql.port" (list . "default") }}"
+            pluginName: "{{ include "temporal.persistence.sql.driver" (list $ "default") }}"
+            driverName: "{{ include "temporal.persistence.sql.driver" (list $ "default") }}"
+            databaseName: "{{ $.Values.server.config.persistence.default.sql.database }}"
+            connectAddr: "{{ include "temporal.persistence.sql.host" (list $ "default") }}:{{ include "temporal.persistence.sql.port" (list $ "default") }}"
             connectProtocol: "tcp"
-            user: {{ include "temporal.persistence.sql.user" (list . "default") }}
+            user: {{ include "temporal.persistence.sql.user" (list $ "default") }}
             password: "{{ `{{ .Env.TEMPORAL_STORE_PASSWORD }}` }}"
-            {{- with (omit .Values.server.config.persistence.default.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }}
+            {{- with (omit $.Values.server.config.persistence.default.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
           {{- end }}
         visibility:
-          {{- if eq (include "temporal.persistence.driver" (list . "visibility")) "cassandra" }}
+          {{- if eq (include "temporal.persistence.driver" (list $ "visibility")) "cassandra" }}
           cassandra:
-            hosts: "{{ include "temporal.persistence.cassandra.hosts" (list . "visibility") }}"
-            port: {{ include "temporal.persistence.cassandra.port" (list . "visibility") }}
+            hosts: "{{ include "temporal.persistence.cassandra.hosts" (list $ "visibility") }}"
+            port: {{ include "temporal.persistence.cassandra.port" (list $ "visibility") }}
             password: "{{ `{{ .Env.TEMPORAL_VISIBILITY_STORE_PASSWORD }}` }}"
-            {{- with (omit .Values.server.config.persistence.visibility.cassandra "hosts" "port" "password" "existingSecret") }}
+            {{- with (omit $.Values.server.config.persistence.visibility.cassandra "hosts" "port" "password" "existingSecret") }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
           {{- end }}
-          {{- if eq (include "temporal.persistence.driver" (list . "default")) "sql" }}
+          {{- if eq (include "temporal.persistence.driver" (list $ "default")) "sql" }}
           sql:
-            pluginName: "{{ include "temporal.persistence.sql.driver" (list . "visibility") }}"
-            driverName: "{{ include "temporal.persistence.sql.driver" (list . "visibility") }}"
-            databaseName: "{{ .Values.server.config.persistence.visibility.sql.database }}"
-            connectAddr: "{{ include "temporal.persistence.sql.host" (list . "visibility") }}:{{ include "temporal.persistence.sql.port" (list . "visibility") }}"
+            pluginName: "{{ include "temporal.persistence.sql.driver" (list $ "visibility") }}"
+            driverName: "{{ include "temporal.persistence.sql.driver" (list $ "visibility") }}"
+            databaseName: "{{ $.Values.server.config.persistence.visibility.sql.database }}"
+            connectAddr: "{{ include "temporal.persistence.sql.host" (list $ "visibility") }}:{{ include "temporal.persistence.sql.port" (list $ "visibility") }}"
             connectProtocol: "tcp"
-            user: "{{ include "temporal.persistence.sql.user" (list . "visibility") }}"
+            user: "{{ include "temporal.persistence.sql.user" (list $ "visibility") }}"
             password: "{{ `{{ .Env.TEMPORAL_VISIBILITY_STORE_PASSWORD }}` }}"
-            {{- with (omit .Values.server.config.persistence.visibility.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }}
+            {{- with (omit $.Values.server.config.persistence.visibility.sql "driver" "driverName" "host" "port" "connectAddr" "connectProtocol" "database" "databaseName" "user" "password" "existingSecret") }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
           {{- end }}
@@ -99,60 +103,43 @@ data:
 
       pprof:
         port: 7936
+
+      metrics:
+        tags:
+          type: {{ $service }}
+        prometheus:
+          timerType: histogram
+          listenAddress: "0.0.0.0:9090"
 
 
     services:
       frontend:
         rpc:
-          grpcPort: {{ include "temporal.frontend.grpcPort" . }}
-          membershipPort: {{ include "temporal.frontend.membershipPort" . }}
+          grpcPort: {{ include "temporal.frontend.grpcPort" $ }}
+          membershipPort: {{ include "temporal.frontend.membershipPort" $ }}
           bindOnIP: "0.0.0.0"
-        metrics:
-          tags:
-            type: frontend
-          prometheus:
-            timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.frontend.metrics.prometheus.timerType }}
-            listenAddress: "0.0.0.0:9090"
 
       history:
         rpc:
-          grpcPort: {{ include "temporal.history.grpcPort" . }}
-          membershipPort: {{ include "temporal.history.membershipPort" . }}
+          grpcPort: {{ include "temporal.history.grpcPort" $ }}
+          membershipPort: {{ include "temporal.history.membershipPort" $ }}
           bindOnIP: "0.0.0.0"
-        metrics:
-          tags:
-            type: history
-          prometheus:
-            timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.history.metrics.prometheus.timerType }}
-            listenAddress: "0.0.0.0:9090"
 
       matching:
         rpc:
-          grpcPort: {{ include "temporal.matching.grpcPort" . }}
-          membershipPort: {{ include "temporal.matching.membershipPort" . }}
+          grpcPort: {{ include "temporal.matching.grpcPort" $ }}
+          membershipPort: {{ include "temporal.matching.membershipPort" $ }}
           bindOnIP: "0.0.0.0"
-        metrics:
-          tags:
-            type: matching
-          prometheus:
-            timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.matching.metrics.prometheus.timerType }}
-            listenAddress: "0.0.0.0:9090"
 
       worker:
         rpc:
-          grpcPort: {{ include "temporal.worker.grpcPort" . }}
-          membershipPort: {{ include "temporal.worker.membershipPort" . }}
+          grpcPort: {{ include "temporal.worker.grpcPort" $ }}
+          membershipPort: {{ include "temporal.worker.membershipPort" $ }}
           bindOnIP: "0.0.0.0"
-        metrics:
-          tags:
-            type: worker
-          prometheus:
-            timerType: {{ default .Values.server.metrics.prometheus.timerType .Values.server.worker.metrics.prometheus.timerType }}
-            listenAddress: "0.0.0.0:9090"
 
     {{- if $.Values.server.config.clusterMetadata }}
     clusterMetadata:
-    {{- with .Values.server.config.clusterMetadata }}
+    {{- with $.Values.server.config.clusterMetadata }}
     {{- toYaml . | nindent 8 }}
     {{- end }}
     {{- else }}
@@ -177,9 +164,12 @@ data:
       status: "disabled"
 
     publicClient:
-      hostPort: "{{ include "temporal.componentname" (list . "frontend") }}:{{ .Values.server.frontend.service.port }}"
+      hostPort: "{{ include "temporal.componentname" (list $ "frontend") }}:{{ $.Values.server.frontend.service.port }}"
 
     dynamicConfigClient:
       filepath: "/etc/temporal/dynamic_config/dynamic_config.yaml"
       pollInterval: "10s"
+---
+
+{{- end }}
 {{- end }}

templates/server-deployment.yaml

@@ -41,10 +41,13 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
+      {{ include "temporal.serviceAccount" $ }}
       {{- if or $.Values.cassandra.enabled (or $.Values.elasticsearch.enabled $.Values.elasticsearch.external)}}
+      {{- if semverCompare ">=1.13.0" $.Chart.AppVersion}}
       securityContext:
         fsGroup: 1000 #temporal group
         runAsUser: 1000 #temporal user
+      {{- end }}
       initContainers:
         {{- if $.Values.cassandra.enabled }}
         - name: check-cassandra-service
@@ -146,7 +149,7 @@ spec:
       volumes:
         - name: config
           configMap:
-            name: "{{ include "temporal.fullname" $ }}-config"
+            name: "{{ include "temporal.componentname" (list $ $service) }}-config"
         - name: dynamic-config
           configMap:
             name: "{{ include "temporal.fullname" $ }}-dynamic-config"