Merge branch 'main' into cassandra-tls

temporalio · Dec 11, 2024 · 714c120 · 714c120
2 parents 9a2d284 + 51cb16c
commit 714c120
Show file tree

Hide file tree

Showing 32 changed files with 994 additions and 101 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -21,9 +21,20 @@ jobs:
           python-version: '3.x'
           check-latest: true
 
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'charts/temporal/tests/go.mod'
+
       - name: Set up chart-testing
         uses: helm/[email protected]
 
+      - name: Add dependency repos
+        run: |
+          helm repo add incubator https://charts.helm.sh/incubator
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+          helm repo add elastic https://helm.elastic.co
+          helm repo add grafana https://grafana.github.io/helm-charts
+
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
@@ -35,3 +46,14 @@ jobs:
       - name: Run chart-testing (lint)
         if: steps.list-changed.outputs.changed == 'true'
         run: ct lint --check-version-increment=false --target-branch ${{ github.event.repository.default_branch }}
+
+      - name: Run template tests
+        working-directory: charts/temporal/tests
+        run: go test
+
+      - name: Install helm-unittest
+        run: helm plugin install https://github.com/helm-unittest/helm-unittest.git
+
+      - name: Run helm-unittest
+        working-directory: charts/temporal
+        run: helm unittest .
diff --git a/.github/workflows/publish-charts.yml b/.github/workflows/publish-charts.yml
@@ -10,7 +10,7 @@ on:
         description: "Temporal Admin Tools version to use for release (for example 1.24.1-tctl-1.18.1-cli-0.12.0)"
         required: true
       ui_version:
-        description: "Temporal UI version to use for release (for example 2.27.2)"
+        description: "Temporal UI version to use for release (for example 2.27.2). Please make sure to use version from https://github.com/temporalio/ui-server/releases!"
         required: true
       bump:
         description: "Chart version bump level"
@@ -105,6 +105,13 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@v3
 
+      - name: Add dependency repos
+        run: |
+          helm repo add incubator https://charts.helm.sh/incubator
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+          helm repo add elastic https://helm.elastic.co
+          helm repo add grafana https://grafana.github.io/helm-charts
+
       - name: Run chart-releaser
         uses: helm/[email protected]
         with:

diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+/Chart.lock
+/.idea
diff --git a/README.md b/README.md
@@ -110,7 +110,7 @@ helm install \
 
 ### Install with sidecar containers
 
-You may need to provide your own sidecar containers. 
+You may need to provide your own sidecar containers.
 
 For an example, review the values for Google's `cloud sql proxy` in the `values/values.cloudsqlproxy.yaml` and pass that file to `helm install`:
 
@@ -283,7 +283,7 @@ helm install \
 ```
 
 Note that if archival is enabled, it is also enabled for all newly created namespaces.
-Make sure to update the specific archival provider values file to set your configs. 
+Make sure to update the specific archival provider values file to set your configs.
 
 ### Install and configure Temporal
 
@@ -316,6 +316,29 @@ helm install \
   --wait
 ```
 
+### Enable SSO in Temporal UI
+
+To enable SSO in the temporal UI set following env variables in the `web.additionalEnv`:
+
+```yaml
+- name: TEMPORAL_AUTH_ENABLED
+  value: "true"
+- name: TEMPORAL_AUTH_PROVIDER_URL
+  value: "https://accounts.google.com"
+- name: TEMPORAL_AUTH_CLIENT_ID
+  value: "xxxxx-xxxx.apps.googleusercontent.com"
+- name: TEMPORAL_AUTH_CALLBACK_URL
+  value: "https://xxxx.com:8080/auth/sso/callback"
+```
+
+In the `web.additionalEnvSecretName` set the secret name, the secret should have following
+
+```yaml
+TEMPORAL_AUTH_CLIENT_SECRET: xxxxxxxxxxxxxxx
+```
+
+Reference: <https://docs.temporal.io/references/web-ui-server-env-vars>
+
 ## Play With It
 
 ### Exploring Your Cluster

diff --git a/charts/temporal/.gitignore b/charts/temporal/.gitignore
@@ -1,3 +1 @@
 /charts
-/Chart.lock
-/.idea
diff --git a/charts/temporal/.helmignore b/charts/temporal/.helmignore
@@ -20,3 +20,4 @@
 .idea/
 *.tmproj
 .vscode/
+tests/
diff --git a/charts/temporal/Chart.lock b/charts/temporal/Chart.lock
@@ -0,0 +1,15 @@
+dependencies:
+- name: cassandra
+  repository: https://charts.helm.sh/incubator
+  version: 0.14.3
+- name: prometheus
+  repository: https://prometheus-community.github.io/helm-charts
+  version: 25.22.0
+- name: elasticsearch
+  repository: https://helm.elastic.co
+  version: 7.17.3
+- name: grafana
+  repository: https://grafana.github.io/helm-charts
+  version: 8.0.2
+digest: sha256:f74565632d43941cad32e713f73481b3d8065d9c462473e80d86fd1f7c5049af
+generated: "2024-10-07T14:43:06.775398+01:00"
diff --git a/charts/temporal/Chart.yaml b/charts/temporal/Chart.yaml
@@ -39,7 +39,7 @@ dependencies:
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.44.0
+version: 0.52.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 1.24.2
+appVersion: 1.25.2
diff --git a/charts/temporal/templates/_admintools-env.yaml b/charts/temporal/templates/_admintools-env.yaml
@@ -1,13 +1,13 @@
 {{- define "temporal.admintools-env" -}}
 {{- $global := index . 0 -}}
 {{- $store := index . 1 -}}
-{{- $storeConfig := index $global.Values.server.config.persistence $store }}
+{{- $storeConfig := index $global.Values.server.config.persistence $store -}}
 {{- $driver := include "temporal.persistence.driver" (list $global $store) -}}
 {{- $driverConfig := index $storeConfig $driver }}
 {{- if eq $driver "elasticsearch" -}}
 {{- $driverConfig = $global.Values.elasticsearch -}}
 {{- end -}}
-{{- if eq $driver "cassandra" }}
+{{- if eq $driver "cassandra" -}}
 - name: CASSANDRA_HOST
   value: {{ first (splitList "," (include "temporal.persistence.cassandra.hosts" (list $global $store))) }}
 - name: CASSANDRA_PORT
@@ -33,7 +33,7 @@
   value: {{ not .enableHostVerification | quote }}
     {{- end }}
   {{- end }}
-{{- else if eq $driver "sql" }}
+{{- else if eq $driver "sql" -}}
 - name: SQL_PLUGIN
   value: {{ include "temporal.persistence.sql.driver" (list $global $store) }}
 - name: SQL_HOST
@@ -49,6 +49,10 @@
     secretKeyRef:
       name: {{ include "temporal.persistence.secretName" (list $global $store) }}
       key: {{ include "temporal.persistence.secretKey" (list $global $store) }}
+  {{- with $driverConfig.connectAttributes }}
+- name: SQL_CONNECT_ATTRIBUTES
+  value: {{ include "temporal.persistence.sql.connectAttributes" (list $global $store) | quote }}
+  {{- end }}
   {{- with $driverConfig.tls }}
 - name: SQL_TLS
   value: {{ .enabled | quote }}
@@ -71,7 +75,7 @@
   value: {{ not .enableHostVerification | quote }}
     {{- end }}
   {{- end }}
-{{- else if eq $driver "elasticsearch" }}
+{{- else if eq $driver "elasticsearch" -}}
 - name: ES_SCHEME
   value: {{ $driverConfig.scheme }}
 - name: ES_HOST

diff --git a/charts/temporal/templates/_helpers.tpl b/charts/temporal/templates/_helpers.tpl
@@ -35,17 +35,19 @@ Create chart name and version as used by the chart label.
 Create the name of the service account
 */}}
 {{- define "temporal.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
 {{ default (include "temporal.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+{{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
 {{- end -}}
 
 {{/*
 Define the service account as needed
 */}}
 {{- define "temporal.serviceAccount" -}}
-{{- if .Values.serviceAccount.name -}}
 serviceAccountName: {{ include "temporal.serviceAccountName" . }}
 {{- end -}}
-{{- end -}}
 
 {{/*
 Create a default fully qualified component name from the full app name and a component name.
@@ -69,6 +71,34 @@ Define the AppVersion
 {{- end -}}
 {{- end -}}
 
+{{/*
+Create the annotations for all resources
+*/}}
+{{- define "temporal.resourceAnnotations" -}}
+{{- $global := index . 0 -}}
+{{- $scope := index . 1 -}}
+{{- $resourceType := index . 2 -}}
+{{- $component := "server" -}}
+{{- if (or (eq $scope "admintools") (eq $scope "web")) -}}
+{{- $component = $scope -}}
+{{- end -}}
+{{- with $resourceType -}}
+{{- $resourceTypeKey := printf "%sAnnotations" . -}}
+{{- $componentAnnotations := (index $global.Values $component $resourceTypeKey) -}}
+{{- $scopeAnnotations := dict -}}
+{{- if hasKey (index $global.Values $component) $scope -}}
+{{- $scopeAnnotations = (index $global.Values $component $scope $resourceTypeKey) -}}
+{{- end -}}
+{{- $resourceAnnotations := merge $scopeAnnotations $componentAnnotations -}}
+{{- range $annotation_name, $annotation_value := $resourceAnnotations }}
+{{ $annotation_name }}: {{ $annotation_value | quote }}
+{{- end -}}
+{{- end -}}
+{{- range $annotation_name, $annotation_value := $global.Values.additionalAnnotations }}
+{{ $annotation_name }}: {{ $annotation_value | quote }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Create the labels for all resources
 */}}
@@ -91,25 +121,18 @@ app.kubernetes.io/version: {{ include "temporal.appVersion" $global }}
 app.kubernetes.io/part-of: {{ $global.Chart.Name }}
 {{- with $resourceType -}}
 {{- $resourceTypeKey := printf "%sLabels" . -}}
-{{- $resourceLabels := dict -}}
-{{- if or (eq $scope "") (ne $component "server") -}}
-{{- $resourceLabels = (index $global.Values $component $resourceTypeKey) -}}
-{{- else -}}
-{{- $resourceLabels = (index $global.Values $component $scope $resourceTypeKey) -}}
+{{- $componentLabels := (index $global.Values $component $resourceTypeKey) -}}
+{{- $scopeLabels := dict -}}
+{{- if hasKey (index $global.Values $component) $scope -}}
+{{- $scopeLabels = (index $global.Values $component $scope $resourceTypeKey) -}}
 {{- end -}}
-{{- range $label_name, $label_value := $resourceLabels -}}
-{{ $label_name}}: {{ $label_value }}
+{{- $resourceLabels := merge $scopeLabels $componentLabels -}}
+{{- range $label_name, $label_value := $resourceLabels }}
+{{ $label_name}}: {{ $label_value | quote }}
 {{- end -}}
 {{- end -}}
-{{ include "temporal.additionalResourceLabels" $global }}
-{{- end -}}
-
-{{/*
-Additonal user specified labels for all resources
-*/}}
-{{- define "temporal.additionalResourceLabels" -}}
-{{- range $label_name, $label_value := .Values.additionalLabels }}
-{{ $label_name }}: {{ $label_value }}
+{{- range $label_name, $label_value := $global.Values.additionalLabels }}
+{{ $label_name }}: {{ $label_value | quote }}
 {{- end -}}
 {{- end -}}
 
@@ -337,6 +360,18 @@ Source: https://stackoverflow.com/a/52024583/3027614
 {{- end -}}
 {{- end -}}
 
+{{- define "temporal.persistence.sql.connectAttributes" -}}
+{{- $global := index . 0 -}}
+{{- $store := index . 1 -}}
+{{- $storeConfig := index $global.Values.server.config.persistence $store -}}
+{{- $driverConfig := $storeConfig.sql -}}
+{{- $result := list -}}
+{{- range $key, $value := $driverConfig.connectAttributes -}}
+  {{- $result = append $result (printf "%s=%v" $key $value) -}}
+{{- end -}}
+{{- join "&" $result -}}
+{{- end -}}
+
 {{- define "temporal.persistence.elasticsearch.secretName" -}}
 {{- $global := index . 0 -}}
 {{- $store := index . 1 -}}

diff --git a/charts/temporal/templates/admintools-deployment.yaml b/charts/temporal/templates/admintools-deployment.yaml
@@ -2,26 +2,30 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "temporal.componentname" (list . "admintools") }}
+  name: {{ include "temporal.componentname" (list $ "admintools") }}
+  annotations:
+    {{- include "temporal.resourceAnnotations" (list $ "admintools" "deployment") | nindent 4 }}
   labels:
-    {{- include "temporal.resourceLabels" (list . "admintools" "") | nindent 4 }}
+    {{- include "temporal.resourceLabels" (list $ "admintools" "deployment") | nindent 4 }}
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "temporal.name" . }}
+      app.kubernetes.io/name: {{ include "temporal.name" $ }}
       app.kubernetes.io/instance: {{ .Release.Name }}
       app.kubernetes.io/component: admintools
   template:
     metadata:
-      labels:
-        {{- include "temporal.resourceLabels" (list . "admintools" "pod") | nindent 8 }}
-      {{- with $.Values.admintools.podAnnotations }}
       annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- include "temporal.resourceAnnotations" (list $ "admintools" "pod") | nindent 8 }}
+      labels:
+        {{- include "temporal.resourceLabels" (list $ "admintools" "pod") | nindent 8 }}
     spec:
-      {{ include "temporal.serviceAccount" . }}
+      {{ include "temporal.serviceAccount" $ }}
+      {{- if $.Values.admintools.additionalInitContainers }}
+      initContainers:
+        {{- toYaml $.Values.admintools.additionalInitContainers | nindent 8 }}
+      {{- end }}
       containers:
         - name: admin-tools
           image: "{{ .Values.admintools.image.repository }}:{{ .Values.admintools.image.tag }}"
@@ -33,22 +37,27 @@ spec:
           env:
             # TEMPORAL_CLI_ADDRESS is deprecated, use TEMPORAL_ADDRESS instead
             - name: TEMPORAL_CLI_ADDRESS
-              value: {{ include "temporal.fullname" . }}-frontend:{{ .Values.server.frontend.service.port }}
+              value: {{ include "temporal.fullname" $ }}-frontend:{{ .Values.server.frontend.service.port }}
             - name: TEMPORAL_ADDRESS
-              value: {{ include "temporal.fullname" . }}-frontend:{{ .Values.server.frontend.service.port }}
+              value: {{ include "temporal.fullname" $ }}-frontend:{{ .Values.server.frontend.service.port }}
           {{- if .Values.admintools.additionalEnv }}
           {{- toYaml .Values.admintools.additionalEnv | nindent 12 }}
           {{- end }}
+          {{- if .Values.admintools.additionalEnvSecretName }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.admintools.additionalEnvSecretName }}
+          {{- end }}
           livenessProbe:
               exec:
                 command:
                 - ls
                 - /
               initialDelaySeconds: 5
               periodSeconds: 5
-          {{- with .Values.admintools.additionalVolumeMounts }}
+          {{- if $.Values.admintools.additionalVolumeMounts }}
           volumeMounts:
-            {{- toYaml . | nindent 12 }}
+            {{- toYaml $.Values.admintools.additionalVolumeMounts | nindent 12}}
           {{- end }}
           {{- with .Values.admintools.resources }}
           resources:
@@ -66,9 +75,9 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.admintools.additionalVolumes }}
+      {{- if $.Values.admintools.additionalVolumes }}
       volumes:
-        {{- toYaml . | nindent 8 }}
+        {{- toYaml $.Values.admintools.additionalVolumes | nindent 8}}
       {{- end }}
       {{- with .Values.admintools.nodeSelector }}
       nodeSelector:
-Original file line number
+Diff line change
@@ Expand Up / @@ -20,3 +20,4 @@ @@
     .idea/
     *.tmproj
     .vscode/
+    tests/