[Feature Request] Allow disabling default worker service

[mxk]

Is your feature request related to a problem? Please describe.

We are deploying a central Temporal server with JWT-based authorization. The chart is currently deploying a default worker service pod that has no way of generating or providing an API key to the server, so the pod is constantly failing with Request unauthorized error.

Describe the solution you'd like

We would like to disable the default worker service so that only application-specific workers with proper authorization are registered with the server (similar to how we can disable the web UI with web.enabled value).

[adamko147]

Hi @mxk, I've encountered the same scenario and solved by enabling internal-fronted service and deploying own frontend with JWT auth enabled. with internal-fronted, internal temporal components do not need to generate/use JWT while the clients connecting to frontend do need to use JWT. We have own helm charts, although there is an open issue (https://github.com/temporalio/helm-charts/issues/560) to enable internal-frontend in temporal charts. Would that work for you?

[mxk]

I don't think that's related to disabling the default worker service, but I was able to work around the original issue by adding replicaCount: '0' to the worker config. Helm still creates a deployment for it, which is not ideal, but at least there are no running pods.