diff --git a/charts/temporal/templates/_helpers.tpl b/charts/temporal/templates/_helpers.tpl index 41fe651c..7774cbc9 100644 --- a/charts/temporal/templates/_helpers.tpl +++ b/charts/temporal/templates/_helpers.tpl @@ -140,6 +140,7 @@ app.kubernetes.io/part-of: {{ $global.Chart.Name }} {{- $config := deepCopy . -}} {{- $defaultStore := $config.defaultStore -}} {{- $visibilityStore := $config.visibilityStore -}} +{{- $secondaryVisibilityStore := $config.secondaryVisibilityStore | default "" -}} {{- $patchedDatastores := dict -}} {{- range $name, $ds := $config.datastores -}} {{- $dsCopy := deepCopy $ds -}} @@ -151,6 +152,8 @@ app.kubernetes.io/part-of: {{ $global.Chart.Name }} {{- $_ := set $storeConfig "password" "__ENV_TEMPORAL_DEFAULT_STORE_PASSWORD__" -}} {{- else if eq $name $visibilityStore -}} {{- $_ := set $storeConfig "password" "__ENV_TEMPORAL_VISIBILITY_STORE_PASSWORD__" -}} + {{- else if eq $name $secondaryVisibilityStore -}} + {{- $_ := set $storeConfig "password" "__ENV_TEMPORAL_SECONDARY_VISIBILITY_STORE_PASSWORD__" -}} {{- else -}} {{- $_ := unset $storeConfig "password" -}} {{- end -}} @@ -168,6 +171,10 @@ app.kubernetes.io/part-of: {{ $global.Chart.Name }} {{- $stores := dict -}} {{- $_ := set $stores "default" (include "temporal.persistence.getStoreByType" (list $ "default") | fromYaml) -}} {{- $_ := set $stores "visibility" (include "temporal.persistence.getStoreByType" (list $ "visibility") | fromYaml) -}} +{{- $secondaryVisibility := include "temporal.persistence.getStoreByType" (list $ "secondaryVisibility") | fromYaml -}} +{{- if $secondaryVisibility -}} +{{- $_ := set $stores "secondaryVisibility" $secondaryVisibility -}} +{{- end -}} {{- $stores | toYaml -}} {{- end -}} @@ -214,7 +221,11 @@ app.kubernetes.io/part-of: {{ $global.Chart.Name }} {{- $root := index . 0 -}} {{- $type := index . 1 -}} {{- $storeName := get $root.Values.server.config.persistence (printf "%sStore" $type) -}} +{{- if $storeName -}} {{- include "temporal.persistence.getStore" (list $root $storeName) -}} +{{- else -}} +{{- dict | toYaml -}} +{{- end -}} {{- end -}} {{- define "temporal.persistence.schema" -}} diff --git a/charts/temporal/templates/server-deployment.yaml b/charts/temporal/templates/server-deployment.yaml index 7af5c076..30ab593e 100644 --- a/charts/temporal/templates/server-deployment.yaml +++ b/charts/temporal/templates/server-deployment.yaml @@ -1,6 +1,7 @@ {{- if $.Values.server.enabled }} {{- $defaultStore := include "temporal.persistence.getStoreByType" (list $ "default") | fromYaml -}} {{- $visibilityStore := include "temporal.persistence.getStoreByType" (list $ "visibility") | fromYaml -}} +{{- $secondaryVisibilityStore := include "temporal.persistence.getStoreByType" (list $ "secondaryVisibility") | fromYaml -}} {{- range $service := (list "frontend" "internal-frontend" "history" "matching" "worker") }} {{- $serviceValues := index $.Values.server $service }} {{- if or (not (hasKey $serviceValues "enabled")) $serviceValues.enabled }} @@ -66,6 +67,10 @@ spec: {{- include "temporal.password-env" (list $ $defaultStore) | nindent 14 }} - name: TEMPORAL_VISIBILITY_STORE_PASSWORD {{- include "temporal.password-env" (list $ $visibilityStore) | nindent 14 }} + {{- if $secondaryVisibilityStore }} + - name: TEMPORAL_SECONDARY_VISIBILITY_STORE_PASSWORD + {{- include "temporal.password-env" (list $ $secondaryVisibilityStore) | nindent 14 }} + {{- end }} {{- if (index $.Values.server "internal-frontend").enabled }} - name: USE_INTERNAL_FRONTEND value: "1" diff --git a/charts/temporal/tests/server_configmap_test.yaml b/charts/temporal/tests/server_configmap_test.yaml index 94aae1f3..40abb3b8 100644 --- a/charts/temporal/tests/server_configmap_test.yaml +++ b/charts/temporal/tests/server_configmap_test.yaml @@ -134,6 +134,62 @@ tests: - matchRegex: path: data['config_template.yaml'] pattern: 'password: \{\{ env "TEMPORAL_VISIBILITY_STORE_PASSWORD" \| quote \}\}' + - it: handles secondary visibility store for dual visibility + set: + server: + enabled: true + config: + persistence: + defaultStore: default + visibilityStore: visibility + secondaryVisibilityStore: secondary-visibility + numHistoryShards: 512 + datastores: + default: + sql: + pluginName: mysql8 + driverName: mysql8 + databaseName: temporal + connectAddr: "mysql.example.com:3306" + user: temporal_user + password: "secret" + visibility: + elasticsearch: + version: v8 + url: + scheme: https + host: "elasticsearch.example.com:9200" + username: elastic + password: "secret" + indices: + visibility: temporal_visibility_v1 + secondary-visibility: + elasticsearch: + version: v8 + url: + scheme: https + host: "elasticsearch.example.com:9200" + username: elastic + password: "secret2" + indices: + visibility: temporal_visibility_v1_secondary + template: templates/server-configmap.yaml + documentSelector: + path: metadata.name + value: RELEASE-NAME-temporal-config + asserts: + - matchRegex: + path: data['config_template.yaml'] + pattern: 'secondaryVisibilityStore: secondary-visibility' + - matchRegex: + path: data['config_template.yaml'] + pattern: 'secondary-visibility:' + - matchRegex: + path: data['config_template.yaml'] + pattern: 'password: \{\{ env "TEMPORAL_SECONDARY_VISIBILITY_STORE_PASSWORD" \| quote \}\}' + - matchRegex: + path: data['config_template.yaml'] + pattern: 'visibility: temporal_visibility_v1_secondary' - it: handles metrics config set: @@ -175,4 +231,4 @@ tests: pattern: "withoutUnitSuffix: false" - matchRegex: path: data['config_template.yaml'] - pattern: "prometheus:\\s+listenAddress: 0.0.0.0:9090" \ No newline at end of file + pattern: "prometheus:\\s+listenAddress: 0.0.0.0:9090" diff --git a/charts/temporal/tests/server_deployment_test.yaml b/charts/temporal/tests/server_deployment_test.yaml index 4ed9400f..0ccc4a8e 100644 --- a/charts/temporal/tests/server_deployment_test.yaml +++ b/charts/temporal/tests/server_deployment_test.yaml @@ -295,6 +295,7 @@ tests: - equal: path: spec.template.spec.containers[0].readinessProbe.tcpSocket.port value: rpc + - it: additional environment variables are set on all services template: templates/server-deployment.yaml documentSelector: @@ -315,6 +316,62 @@ tests: - equal: path: spec.template.spec.containers[0].envFrom[0].secretRef.name value: secret-env - - equal: + - equal: path: spec.template.spec.containers[0].envFrom[1].configMapRef.name value: configmap-env + + - it: injects secondary visibility store password env var when configured + template: templates/server-deployment.yaml + set: + server: + config: + persistence: + defaultStore: default + visibilityStore: visibility + secondaryVisibilityStore: secondary-visibility + datastores: + default: + sql: + password: "secret" + visibility: + elasticsearch: + password: "secret" + secondary-visibility: + elasticsearch: + password: "secret2" + documentSelector: + path: metadata.name + value: RELEASE-NAME-temporal-frontend + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: TEMPORAL_SECONDARY_VISIBILITY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-temporal-secondary-visibility-store + key: password + + - it: does not inject secondary visibility env var when not configured + template: templates/server-deployment.yaml + set: + server: + config: + persistence: + defaultStore: default + visibilityStore: visibility + datastores: + default: + sql: + password: "secret" + visibility: + elasticsearch: + password: "secret" + documentSelector: + path: metadata.name + value: RELEASE-NAME-temporal-frontend + asserts: + - notContains: + path: spec.template.spec.containers[0].env + content: + name: TEMPORAL_SECONDARY_VISIBILITY_STORE_PASSWORD