helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard

Published 20 hours ago verified publisher icon temporalio

[Feature Request] Installing Temporal in Kubernetes with TLS certs in existing secret/configmap.

Open bwgit824 opened this issue 11 months ago • 1 comments

Hello.

I'm installing Temporal in Kubernetes via the helm chart (https://github.com/temporalio/helm-charts/tree/master) and I want to set up TLS. I see the TLS settings here https://github.com/temporalio/helm-charts/blob/master/charts/temporal/values.yaml (server.config.tls). I generate certificates as in this https://github.com/temporalio/samples-server/tree/main/tls/tls-simple example. But I don't understand how to take them from the existing kubernetes secret/configmap. There are additionalVolumes и additionalVolumeMounts in the same values.yaml, but I do not know the correct syntax to add to the installation command. The current .gitlab-ci.yml command is like this:

script: - git clone https://github.com/temporalio/helm-charts - cd helm-charts/charts/temporal - helm dependencies update - > helm upgrade --install -f values/values.postgresql.yaml $RELEASENAME --namespace=$NS --create-namespace --set server.replicaCount=2 --set prometheus.enabled=false --set grafana.enabled=false --set elasticsearch.enabled=false --set server.config.persistence.default.sql.user=USER --set server.config.persistence.default.sql.existingSecret=FIRSTSECRET --set server.config.persistence.default.sql.host=HOST --set server.config.persistence.default.sql.port=PORT --set server.config.persistence.default.sql.database=FIRSTDATABASE --set server.config.persistence.visibility.sql.user=USER --set server.config.persistence.visibility.sql.existingSecret=SECONDSECRET --set server.config.persistence.visibility.sql.host=HOST --set server.config.persistence.visibility.sql.port=PORT --set server.config.persistence.visibility.sql.database=SECONDDATABASE --set web.image.tag=2.24.0 --set server.config.tls.frontend.server.certFile=/certs/server.crt --set server.config.tls.frontend.server.keyFile=/certs/server.key --set server.config.tls.frontend.server.requireClientAuth=true --set server.config.tls.frontend.server.clientCaFiles=/certs/ca.crt --set server.config.tls.frontend.client.serverName=SERVERNAME . --timeout 900s

How can I add an existing secret/configmap here and attach it to a Temporal?

Thanks.

bwgit824 avatar Mar 07 '24 03:03 bwgit824