baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(temporal): install Temporal

Browse Source
This commit is contained in:
Masaki Yatsu
2025-12-07 16:18:50 +09:00
parent fb1e4c20fa
commit ca0a8dacba
8 changed files with 1060 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

204
temporal/temporal-values.gomplate.yaml Normal file
View File

@@ -0,0 +1,204 @@
server:
replicaCount: 1
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
config:
persistence:
default:
driver: "sql"
sql:
driver: "postgres12"
host: "postgres-cluster-rw.postgres"
port: 5432
database: temporal
user: temporal
existingSecret: temporal-postgres-auth
maxConns: 20
maxIdleConns: 20
maxConnLifetime: "1h"
visibility:
driver: "sql"
sql:
driver: "postgres12"
host: "postgres-cluster-rw.postgres"
port: 5432
database: temporal_visibility
user: temporal
existingSecret: temporal-postgres-auth
maxConns: 20
maxIdleConns: 20
maxConnLifetime: "1h"
{{- if .Env.MONITORING_ENABLED }}
metrics:
serviceMonitor:
enabled: true
additionalLabels:
release: kube-prometheus-stack
{{- end }}
frontend:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
history:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
matching:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
worker:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
admintools:
enabled: true
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 256Mi
web:
enabled: true
replicaCount: 1
service:
type: ClusterIP
port: 8080
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- {{ .Env.TEMPORAL_HOST }}
tls:
- secretName: temporal-web-tls
hosts:
- {{ .Env.TEMPORAL_HOST }}
additionalEnv:
- name: TEMPORAL_AUTH_ENABLED
value: "true"
- name: TEMPORAL_AUTH_PROVIDER_URL
value: "https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}"
- name: TEMPORAL_AUTH_SCOPES
value: "openid,profile,email"
- name: TEMPORAL_AUTH_CALLBACK_URL
value: "https://{{ .Env.TEMPORAL_HOST }}/auth/sso/callback"
additionalEnvSecretName: temporal-web-auth
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 256Mi
cassandra:
enabled: false
mysql:
enabled: false
postgresql:
enabled: false
elasticsearch:
enabled: false
prometheus:
enabled: false
grafana:
enabled: false
schema:
createDatabase:
enabled: false
setup:
enabled: true
backoffLimit: 100
update:
enabled: true
backoffLimit: 100
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false