Added a new server.tls configuration in values to allow defining the full TLS configuration found here.
Why?
mTLS support is lacking completely in this chart and requires quiet a bit of changes to get working properly. I have this working locally, but there are a few pieces missing for the whole picture. I am trying to open incremental changes, so please let me know if this is an acceptable approach.
The web Deployment configuration will read the various TEMPORAL_TLS.. environment variables, which we are using to set the config for the UI
https://github.com/temporalio/helm-charts/pull/427 adds the ability to mount certificates to the web Deployment, which then coupled with web.additionalEnv as noted above, allows you to configure mTLS there.
Utilizing server.additionalVolumes and server.additionalVolumeMounts alongside this new server.config.tls option allows you to configure all the backend components with mTLS
Ideally, we would configure all the TLS settings with environment variables as to not need to update a configmap template in this repo when/if the server config changes. At least with these changes and the other linked PR + some documentation, folks can get mTLS working without having to fork this project.
Checklist
Closes
How was this tested:
We are using this in our forked internal copy of this chart.
Any docs updates needed?
We will likely want a doc on configuring mTLS via the chart. However there are many changes needed, so I would suggest saving that for another incremental PR.
What was changed
Added a new
server.tls
configuration invalues
to allow defining the full TLS configuration found here.Why?
mTLS support is lacking completely in this chart and requires quiet a bit of changes to get working properly. I have this working locally, but there are a few pieces missing for the whole picture. I am trying to open incremental changes, so please let me know if this is an acceptable approach.
web
Deployment configuration will read the variousTEMPORAL_TLS..
environment variables, which we are using to set the config for the UIweb
Deployment, which then coupled withweb.additionalEnv
as noted above, allows you to configure mTLS there.server.additionalVolumes
andserver.additionalVolumeMounts
alongside this newserver.config.tls
option allows you to configure all the backend components with mTLSIdeally, we would configure all the TLS settings with environment variables as to not need to update a configmap template in this repo when/if the
server
config changes. At least with these changes and the other linked PR + some documentation, folks can get mTLS working without having to fork this project.Checklist
Closes
How was this tested:
We are using this in our forked internal copy of this chart.
Any docs updates needed?
We will likely want a doc on configuring mTLS via the chart. However there are many changes needed, so I would suggest saving that for another incremental PR.