helm-charts/charts/temporal/ci/certificates.yaml at 2e088768618b0e1f73f576c85325f24d592af46a · temporalio/helm-charts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
server:
  additionalVolumeMounts:
    - name: tls-certs
      mountPath: /etc/tls
    - name: temporal-tls-certs
      mountPath: /etc/temporal/tls
  additionalVolumes:
    - name: tls-certs
      secret:
        secretName: tls-certs
    - name: temporal-tls-certs
      secret:
        secretName: temporal-tls-certs
  config:
    tls:
      internode:
        server:
          certFile: "/etc/temporal/tls/tls.crt"
          keyFile: "/etc/temporal/tls/tls.key"
          requireClientAuth: true
          clientCaFiles:
            - "/etc/temporal/tls/ca.crt"
        client:
          serverName: ""
          rootCaFiles:
            - "/etc/temporal/tls/ca.crt"
      frontend:
        server:
          certFile: "/etc/temporal/tls/tls.crt"
          keyFile: "/etc/temporal/tls/tls.key"
          requireClientAuth: false
        client:
          serverName: ""
          rootCaFiles:
            - "/etc/temporal/tls/ca.crt"
web:
  additionalVolumeMounts:
    - name: tls-certs
      mountPath: /etc/tls
    - name: temporal-tls-certs
      mountPath: /etc/temporal/tls
  additionalVolumes:
    - name: tls-certs
      secret:
        secretName: tls-certs
    - name: temporal-tls-certs
      secret:
        secretName: temporal-tls-certs
  additionalEnv:
    - name: TEMPORAL_TLS_SERVER_NAME
      value: ""
    - name: TEMPORAL_TLS_CA
      value: /etc/temporal/tls/ca.crt
    - name: TEMPORAL_TLS_CERT
      value: /etc/temporal/tls/tls.crt
    - name: TEMPORAL_TLS_KEY
      value: /etc/temporal/tls/tls.key
frontend:
  service:
    enabled: true
  ingress:
    enabled: true
    className: ""
    hosts:
      - ""
additionalSecrets:
  - name: tls-certs
    value:
      tls.crt: |
        -----BEGIN CERTIFICATE-----
        -----END CERTIFICATE-----
      tls.key: |
        -----BEGIN EC PRIVATE KEY-----
        -----END EC PRIVATE KEY-----
certificates:
  enabled: false
  issuer:
    name: temporal-issuer
    secretName: tls-certs
  certificate:
    name: temporal-cert
    isCA: false
    secret:
      name: temporal-tls-certs
    privateKey:
      algorithm: RSA
      size: 2048
      rotationPolicy: Always
    annotations:
      argocd.argoproj.io/hook: PreSync