Added a new server.tls configuration in values to allow defining the full TLS configuration found here.
Why?
mTLS support is lacking completely in this chart and requires quiet a bit of changes to get working properly. I have this working locally, but there are a few pieces missing for the whole picture. I am trying to open incremental changes, so please let me know if this is an acceptable approach.
The web Deployment configuration will read the various TEMPORAL_TLS.. environment variables, which we are using to set the config for the UI
https://github.com/temporalio/helm-charts/pull/427 adds the ability to mount certificates to the web Deployment, which then coupled with web.additionalEnv as noted above, allows you to configure mTLS there.
Utilizing server.additionalVolumes and server.additionalVolumeMounts alongside this new server.config.tls option allows you to configure all the backend components with mTLS
Ideally, we would configure all the TLS settings with environment variables as to not need to update a configmap template in this repo when/if the server config changes. At least with these changes and the other linked PR + some documentation, folks can get mTLS working without having to fork this project.
Checklist
Closes
How was this tested:
We are using this in our forked internal copy of this chart.
Any docs updates needed?
We will likely want a doc on configuring mTLS via the chart. However there are many changes needed, so I would suggest saving that for another incremental PR.
What was changed
Added a new
server.tlsconfiguration invaluesto allow defining the full TLS configuration found here.Why?
mTLS support is lacking completely in this chart and requires quiet a bit of changes to get working properly. I have this working locally, but there are a few pieces missing for the whole picture. I am trying to open incremental changes, so please let me know if this is an acceptable approach.
webDeployment configuration will read the variousTEMPORAL_TLS..environment variables, which we are using to set the config for the UIwebDeployment, which then coupled withweb.additionalEnvas noted above, allows you to configure mTLS there.server.additionalVolumesandserver.additionalVolumeMountsalongside this newserver.config.tlsoption allows you to configure all the backend components with mTLSIdeally, we would configure all the TLS settings with environment variables as to not need to update a configmap template in this repo when/if the
serverconfig changes. At least with these changes and the other linked PR + some documentation, folks can get mTLS working without having to fork this project.Checklist
Closes
How was this tested:
We are using this in our forked internal copy of this chart.
Any docs updates needed?
We will likely want a doc on configuring mTLS via the chart. However there are many changes needed, so I would suggest saving that for another incremental PR.