server: replicaCount: 1 securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true seccompProfile: type: RuntimeDefault config: persistence: default: driver: "sql" sql: driver: "postgres12" host: "postgres-cluster-rw.postgres" port: 5432 database: temporal user: temporal existingSecret: temporal-postgres-auth maxConns: 20 maxIdleConns: 20 maxConnLifetime: "1h" visibility: driver: "sql" sql: driver: "postgres12" host: "postgres-cluster-rw.postgres" port: 5432 database: temporal_visibility user: temporal existingSecret: temporal-postgres-auth maxConns: 20 maxIdleConns: 20 maxConnLifetime: "1h" {{- if .Env.MONITORING_ENABLED }} metrics: serviceMonitor: enabled: true additionalLabels: release: kube-prometheus-stack {{- end }} frontend: containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi history: containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi matching: containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi worker: containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi admintools: enabled: true securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true seccompProfile: type: RuntimeDefault containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false resources: requests: cpu: 50m memory: 64Mi limits: cpu: 200m memory: 256Mi web: enabled: true replicaCount: 1 service: type: ClusterIP port: 8080 ingress: enabled: true className: traefik annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" hosts: - {{ .Env.TEMPORAL_HOST }} tls: - secretName: temporal-web-tls hosts: - {{ .Env.TEMPORAL_HOST }} additionalEnv: - name: TEMPORAL_AUTH_ENABLED value: "true" - name: TEMPORAL_AUTH_PROVIDER_URL value: "https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}" - name: TEMPORAL_AUTH_SCOPES value: "openid,profile,email" - name: TEMPORAL_AUTH_CALLBACK_URL value: "https://{{ .Env.TEMPORAL_HOST }}/auth/sso/callback" additionalEnvSecretName: temporal-web-auth resources: requests: cpu: 50m memory: 64Mi limits: cpu: 200m memory: 256Mi cassandra: enabled: false mysql: enabled: false postgresql: enabled: false elasticsearch: enabled: false prometheus: enabled: false grafana: enabled: false schema: createDatabase: enabled: false setup: enabled: true backoffLimit: 100 update: enabled: true backoffLimit: 100 securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true seccompProfile: type: RuntimeDefault containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false