Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor deployment templates to support additional env vars from Secret #603

Merged
merged 7 commits into from
Nov 7, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 25 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -110,7 +110,7 @@ helm install \

### Install with sidecar containers

You may need to provide your own sidecar containers.
You may need to provide your own sidecar containers.

For an example, review the values for Google's `cloud sql proxy` in the `values/values.cloudsqlproxy.yaml` and pass that file to `helm install`:

@@ -283,7 +283,7 @@ helm install \
```

Note that if archival is enabled, it is also enabled for all newly created namespaces.
Make sure to update the specific archival provider values file to set your configs.
Make sure to update the specific archival provider values file to set your configs.

### Install and configure Temporal

@@ -316,6 +316,29 @@ helm install \
--wait
```

### Enable SSO in Temporal UI

To enable SSO in the temporal UI set following env variables in the `web.additionalEnv`:

```yaml
- name: TEMPORAL_AUTH_ENABLED
value: "true"
- name: TEMPORAL_AUTH_PROVIDER_URL
value: "https://accounts.google.com"
- name: TEMPORAL_AUTH_CLIENT_ID
value: "xxxxx-xxxx.apps.googleusercontent.com"
- name: TEMPORAL_AUTH_CALLBACK_URL
value: "https://xxxx.com:8080/auth/sso/callback"
```

In the `web.additionalEnvSecretName` set the secret name, the secret should have following

```yaml
TEMPORAL_AUTH_CLIENT_SECRET: xxxxxxxxxxxxxxx
```

Reference: <https://docs.temporal.io/references/web-ui-server-env-vars>

## Play With It

### Exploring Your Cluster
5 changes: 5 additions & 0 deletions charts/temporal/templates/admintools-deployment.yaml
Original file line number Diff line number Diff line change
@@ -39,6 +39,11 @@ spec:
{{- if .Values.admintools.additionalEnv }}
{{- toYaml .Values.admintools.additionalEnv | nindent 12 }}
{{- end }}
{{- if .Values.admintools.additionalEnvSecretName }}
envFrom:
- secretRef:
name: {{ .Values.admintools.additionalEnvSecretName }}
{{- end }}
livenessProbe:
exec:
command:
5 changes: 5 additions & 0 deletions charts/temporal/templates/server-deployment.yaml
Original file line number Diff line number Diff line change
@@ -88,6 +88,11 @@ spec:
{{- if or $.Values.server.additionalEnv $serviceValues.additionalEnv }}
{{- toYaml (default $.Values.server.additionalEnv $serviceValues.additionalEnv) | nindent 12 }}
{{- end }}
{{- if $.Values.server.additionalEnvSecretName }}
envFrom:
- secretRef:
name: {{ $.Values.server.additionalEnvSecretName }}
{{- end }}
ports:
{{- if ne $service "worker" }}
- name: rpc
5 changes: 5 additions & 0 deletions charts/temporal/templates/web-deployment.yaml
Original file line number Diff line number Diff line change
@@ -36,6 +36,11 @@ spec:
{{- if .Values.web.additionalEnv }}
{{- toYaml .Values.web.additionalEnv | nindent 12 }}
{{- end }}
{{- if .Values.web.additionalEnvSecretName }}
envFrom:
- secretRef:
name: {{ .Values.web.additionalEnvSecretName }}
{{- end }}
ports:
- name: http
containerPort: 8080
3 changes: 3 additions & 0 deletions charts/temporal/values.yaml
Original file line number Diff line number Diff line change
@@ -263,6 +263,7 @@ server:
tolerations: []
affinity: {}
additionalEnv: []
additionalEnvSecretName: ""
robholland marked this conversation as resolved.
Show resolved Hide resolved
containerSecurityContext: {}
topologySpreadConstraints: []
podDisruptionBudget: {}
@@ -332,6 +333,7 @@ admintools:
tolerations: []
affinity: {}
additionalEnv: []
additionalEnvSecretName: ""
resources: {}
containerSecurityContext: {}
securityContext: {}
@@ -388,6 +390,7 @@ web:
# Adjust Web UI config with environment variables:
# https://docs.temporal.io/references/web-ui-environment-variables
additionalEnv: []
additionalEnvSecretName: ""
containerSecurityContext: {}
securityContext: {}
topologySpreadConstraints: []