Open mxk opened 2 weeks ago
Hi @mxk, I've encountered the same scenario and solved by enabling internal-fronted service and deploying own frontend with JWT auth enabled. with internal-fronted, internal temporal components do not need to generate/use JWT while the clients connecting to frontend do need to use JWT. We have own helm charts, although there is an open issue (https://github.com/temporalio/helm-charts/issues/560) to enable internal-frontend in temporal charts. Would that work for you?
I don't think that's related to disabling the default worker service, but I was able to work around the original issue by adding replicaCount: '0'
to the worker
config. Helm still creates a deployment for it, which is not ideal, but at least there are no running pods.
Is your feature request related to a problem? Please describe.
We are deploying a central Temporal server with JWT-based authorization. The chart is currently deploying a default worker service pod that has no way of generating or providing an API key to the server, so the pod is constantly failing with
Request unauthorized
error.Describe the solution you'd like
We would like to disable the default worker service so that only application-specific workers with proper authorization are registered with the server (similar to how we can disable the web UI with
web.enabled
value).