205 lines
4.1 KiB
YAML
205 lines
4.1 KiB
YAML
server:
|
|
replicaCount: 1
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
config:
|
|
persistence:
|
|
default:
|
|
driver: "sql"
|
|
sql:
|
|
driver: "postgres12"
|
|
host: "postgres-cluster-rw.postgres"
|
|
port: 5432
|
|
database: temporal
|
|
user: temporal
|
|
existingSecret: temporal-postgres-auth
|
|
maxConns: 20
|
|
maxIdleConns: 20
|
|
maxConnLifetime: "1h"
|
|
|
|
visibility:
|
|
driver: "sql"
|
|
sql:
|
|
driver: "postgres12"
|
|
host: "postgres-cluster-rw.postgres"
|
|
port: 5432
|
|
database: temporal_visibility
|
|
user: temporal
|
|
existingSecret: temporal-postgres-auth
|
|
maxConns: 20
|
|
maxIdleConns: 20
|
|
maxConnLifetime: "1h"
|
|
|
|
{{- if .Env.MONITORING_ENABLED }}
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
additionalLabels:
|
|
release: kube-prometheus-stack
|
|
{{- end }}
|
|
|
|
frontend:
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: false
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
|
|
history:
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: false
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
|
|
matching:
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: false
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
|
|
worker:
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: false
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
|
|
admintools:
|
|
enabled: true
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: false
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
limits:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
|
|
web:
|
|
enabled: true
|
|
replicaCount: 1
|
|
service:
|
|
type: ClusterIP
|
|
port: 8080
|
|
ingress:
|
|
enabled: true
|
|
className: traefik
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
hosts:
|
|
- {{ .Env.TEMPORAL_HOST }}
|
|
tls:
|
|
- secretName: temporal-web-tls
|
|
hosts:
|
|
- {{ .Env.TEMPORAL_HOST }}
|
|
additionalEnv:
|
|
- name: TEMPORAL_AUTH_ENABLED
|
|
value: "true"
|
|
- name: TEMPORAL_AUTH_PROVIDER_URL
|
|
value: "https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}"
|
|
- name: TEMPORAL_AUTH_SCOPES
|
|
value: "openid,profile,email"
|
|
- name: TEMPORAL_AUTH_CALLBACK_URL
|
|
value: "https://{{ .Env.TEMPORAL_HOST }}/auth/sso/callback"
|
|
additionalEnvSecretName: temporal-web-auth
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
limits:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
|
|
cassandra:
|
|
enabled: false
|
|
|
|
mysql:
|
|
enabled: false
|
|
|
|
postgresql:
|
|
enabled: false
|
|
|
|
elasticsearch:
|
|
enabled: false
|
|
|
|
prometheus:
|
|
enabled: false
|
|
|
|
grafana:
|
|
enabled: false
|
|
|
|
schema:
|
|
createDatabase:
|
|
enabled: false
|
|
setup:
|
|
enabled: true
|
|
backoffLimit: 100
|
|
update:
|
|
enabled: true
|
|
backoffLimit: 100
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: false
|