Skip to content

Commit

Permalink
feat: Begin Onboarding temporal (#842)
Browse files Browse the repository at this point in the history
* feat: Begin Onboarding temporal

A number of users have requested this and i believe this gives a decent starting point to test the packaging.

* use temporal chart in registry

* Fix temporal OIDC setup

* unprivatize, BETA release status

* add grpc ingress setup

* rm make target
  • Loading branch information
michaeljguarino authored Sep 14, 2023
1 parent 96d0d85 commit 1696106
Show file tree
Hide file tree
Showing 31 changed files with 570 additions and 0 deletions.
6 changes: 6 additions & 0 deletions temporal/Pluralfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
REPO temporal
ATTRIBUTES Plural repository.yaml

TF terraform/*
HELM helm/*
RECIPE plural/recipes/*
23 changes: 23 additions & 0 deletions temporal/helm/temporal/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
9 changes: 9 additions & 0 deletions temporal/helm/temporal/Chart.lock
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
dependencies:
- name: postgres
repository: https://pluralsh.github.io/module-library
version: 0.2.1
- name: temporal
repository: https://pluralsh.github.io/plural-helm-charts
version: 0.27.2
digest: sha256:24f3caa6c334437e3f5bda423a4d0057feddefec01eaea1f4cd412812893599f
generated: "2023-09-11T18:22:25.139019-04:00"
13 changes: 13 additions & 0 deletions temporal/helm/temporal/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: v2
name: temporal
description: helm chart for temporal
type: application
version: 0.1.2
appVersion: "1.21.5"
dependencies:
- name: postgres
version: 0.2.1
repository: https://pluralsh.github.io/module-library
- name: temporal
version: 0.27.2
repository: https://pluralsh.github.io/plural-helm-charts
1 change: 1 addition & 0 deletions temporal/helm/temporal/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
A helm chart for temporal
Binary file added temporal/helm/temporal/charts/postgres-0.2.1.tgz
Binary file not shown.
Binary file not shown.
34 changes: 34 additions & 0 deletions temporal/helm/temporal/deps.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
apiVersion: plural.sh/v1alpha1
kind: Dependencies
metadata:
application: true
description: Deploys temporal crafted for the target cloud
spec:
dependencies:
- type: helm
name: bootstrap
repo: bootstrap
version: '>= 0.5.1'
- type: helm
name: ingress-nginx
repo: ingress-nginx
version: ">= 0.1.2"
- type: helm
name: postgres
repo: postgres
version: ">= 0.1.6"
- type: terraform
name: aws
repo: temporal
version: '>= 0.1.0'
optional: true
- type: terraform
name: azure
repo: temporal
version: '>= 0.1.0'
optional: true
- type: terraform
name: gcp
repo: temporal
version: '>= 0.1.0'
optional: true
62 changes: 62 additions & 0 deletions temporal/helm/temporal/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "temporal-plural.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "temporal-plural.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "temporal-plural.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "temporal-plural.labels" -}}
helm.sh/chart: {{ include "temporal-plural.chart" . }}
{{ include "temporal-plural.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "temporal-plural.selectorLabels" -}}
app.kubernetes.io/name: {{ include "temporal-plural.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "temporal-plural.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "temporal-plural.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
27 changes: 27 additions & 0 deletions temporal/helm/temporal/templates/grpc-ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{{ if .Values.grpc.hostname }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
{{ toYaml .Values.grpc.annotations | nindent 4 }}
name: grpc-ingress
labels:
{{ include "temporal-plural.labels" . | nindent 4 }}
spec:
ingressClassName: {{ .Values.grpc.ingressClass }}
rules:
- host: {{ .Values.grpc.hostname }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ .Values.grpc.service }}
port:
name: {{ .Values.grpc.port }}
tls:
- secretName: temporal-grpc-tls
hosts:
- {{ .Values.grpc.hostname }}
{{ end }}
7 changes: 7 additions & 0 deletions temporal/helm/temporal/templates/oidc-secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: oidc-secret
stringData:
clientId: {{ .Values.oidc.clientId }}
clientSecret: {{ .Values.oidc.clientSecret }}
110 changes: 110 additions & 0 deletions temporal/helm/temporal/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
postgres:
team: plural
user: temporal
dbName: temporal
ownerChart: temporal
infix: '-postgres'

oidc:
clientId: bogus
clientSecret: bogus

grpc:
hostname: ~
ingressClass: internal-nginx
service: temporal-frontend
port: grpc-rpc
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod

temporal:
web:
config:
auth:
enabled: true
providers:
- label: Login With Plural # for internal use; in future may expose as button text
type: oidc
issuerUrl: ~
clientId: ~
clientSecret: ~
callbackUrl: ~
scopes:
- openid
- profile
- email

ingress:
enabled: false
className: nginx
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
server:
config:
persistence:
default:
driver: "sql"

sql:
driver: "postgres"
host: plural-postgres-temporal
port: 5432
database: temporal
user: temporal
existingSecret: temporal.plural-postgres-temporal.credentials.postgresql.acid.zalan.do
maxConns: 20
maxConnLifetime: "1h"
tls:
enabled: true
enableHostVerification: false

visibility:
driver: "sql"

sql:
driver: "postgres"
host: plural-postgres-temporal
port: 5432
database: temporal
user: temporal
existingSecret: temporal.plural-postgres-temporal.credentials.postgresql.acid.zalan.do
maxConns: 20
maxConnLifetime: "1h"
tls:
enabled: true
enableHostVerification: false

cassandra:
enabled: false

mysql:
enabled: false

postgresql:
enabled: true

prometheus:
enabled: false

grafana:
enabled: false

elasticsearch:
enabled: false

schema:
extraEnv:
- name: SQL_TLS_DISABLE_HOST_VERIFICATION
value: 'true'
- name: SQL_TLS_ENABLED
value: 'true'
- name: SQL_TLS
value: 'true'
setup:
enabled: true
update:
enabled: true
52 changes: 52 additions & 0 deletions temporal/helm/temporal/values.yaml.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
global:
application:
links:
- description: temporal web ui
url: {{ .Values.hostname }}
{{ if .Values.grpcHostname }}
- description: grpc endpoint
url: {{ .Values.grpcHostname }}
{{ end }}

{{ if .Values.grpcHostname }}
grpc:
hostname: {{ .Values.grpcHostname }}
{{ end }}

{{ if .OIDC }}
oidc:
clientSecret: {{ .OIDC.ClientSecret }}
clientId: {{ .OIDC.ClientId }}
temporal:
web:
additionalEnv:
- name: TEMPORAL_AUTH_ENABLED
value: 'true'
- name: TEMPORAL_AUTH_LABEL
value: "login with Plural"
- name: TEMPORAL_AUTH_PROVIDER_URL
value: {{ .OIDC.Configuration.Issuer }}
- name: TEMPORAL_AUTH_CALLBACK_URL
value: https://{{ .Values.hostname }}/auth/sso/callback
- name: TEMPORAL_AUTH_SCOPES
value: openid
- name: TEMPORAL_AUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oidc-secret
key: clientSecret
- name: TEMPORAL_AUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: oidc-secret
key: clientId
ingress:
enabled: true
hosts:
- {{ .Values.hostname }}
tls:
- secretName: temporal-tls
hosts:
- {{ .Values.hostname }}
{{ end }}

Binary file added temporal/plural/icons/temporal.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions temporal/plural/notes.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Use `plural watch temporal` to track the status of your application
29 changes: 29 additions & 0 deletions temporal/plural/recipes/temporal-aws.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: temporal-aws
description: Installs temporal on an aws eks cluster
provider: AWS
primary: true
oidcSettings:
uriFormat: https://{domain}/auth/sso/callback
authMethod: POST
domainKey: hostname
dependencies:
- repo: bootstrap
name: aws-k8s
- repo: ingress-nginx
name: ingress-nginx-aws
- repo: postgres
name: aws-postgres
sections:
- name: temporal
configuration:
- name: hostname
documentation: the fqdn for the temporal admin console
type: DOMAIN
- name: grpcHostname
documentation: fqdn for temporals grpc service (this will be used for temporal clients)
type: DOMAIN
items:
- type: TERRAFORM
name: aws
- type: HELM
name: temporal
Loading

0 comments on commit 1696106

Please sign in to comment.