search

temporalio / helm-charts

Temporal Helm charts
MIT License
315 stars 344 forks source link

[Bug] Setting up helm chart with external MySQL throws error on secretName #570

Open esn89 opened 1 month ago

esn89 commented 1 month ago

What are you really trying to do?

Trying to run temporal with MySQL hosted as CloudSQL instance on GCP, with Cloud Proxy Sidecar

Describe the bug

Deploying it via ArgoCD like so:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "4"
  name: 'temporal-{{ .Values.project }}-{{ .Values.clusterName }}'
  namespace: argocd
spec:
  destination:
    namespace: temporal
    server: {{ .Values.clusterAddress }}
  project: sre-management
  source:
    repoURL: https://temporalio.github.io/helm-charts
    targetRevision: 0.46.0
    chart: temporal
    helm:
      parameters:
      - name: serviceAccount.name
        value: temporal-sa
      - name: server.sidecarContainers.name
        value: cloud-sql-proxy
      - name: server.sidecarContainers.image
        value: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.13.0
      - name: 'server.sidecarContainers.command[0]'
        value: '--auto-iam-authn'
      - name: 'server.sidecarContainers.command[1]'
        value: '--private-ip'
      - name: 'server.sidecarContainers.command[2]'
        value: 'my-gcp-project:us-central1:temporal-mysql'
      - name: server.sidecarContainers.securityContext.runAsNonRoot
        value: 'true'
      - name: mysql.enabled
        value: 'false'
      - name: cassandra.enabled
        value: 'false'
      - name: grafana.enabled
        value: 'false'
      - name: prometheus.enabled
        value: 'false'
      - name: elasticsearch.enabled
        value: 'false'
      - name: server.config.persistence.default.driver
        name: 'mysql'
      - name: server.config.persistence.default.sql.driver
        value: 'mysql'
      - name: server.config.persistence.default.sql.host
        value: '127.0.0.1'
      - name: server.config.persistence.default.sql.port
        value: '3306'
      - name: server.config.persistence.default.sql.database
        value: 'temporal'
      - name: server.config.persistence.default.sql.user
        value: 'temporal-sa'
      - name: server.config.persistence.default.sql.secretName
        value: 'tttsa'
      - name: server.config.persistence.visibility.driver
        value: 'mysql'
      - name: server.config.persistence.visibility.sql.driver
        value: 'mysql'
      - name: server.config.persistence.visibility.sql.host
        value: '127.0.0.1'
      - name: server.config.persistence.visibility.sql.port
        value: '3306'
      - name: server.config.persistence.visibility.sql.database
        value: 'temporal_visibility'
      - name: server.config.persistence.visibility.sql.user
        value: 'temporal-sa'
      - name: server.config.persistence.visibility.sql.secretName
        value: 'asdasdf'
  syncPolicy:
    syncOptions:
      - CreateNamespace=true

I don't expect have to pass in the "password", nor an "existingSecret" because this is the password-less way to authenticate (workload identity https://github.com/temporalio/helm-charts/pull/498) to CloudSQL. I know that it is supported because I saw the code here:

https://github.com/temporalio/helm-charts/blob/main/charts/temporal/values/values.cloudsqlproxy.yaml

On top of that since I am not deploying a cluster-version of MySQL, I didn't pass in secretName. However, in my code above, I passed in something just as a placeholder to see if the error would go away.

Because of all this, I am getting an error of:

Error: template: temporal/templates/server-secret.yaml:10:53: executing "temporal/templates/server-secret.yaml" at <include "temporal.persistence.secretName" (list $ $store)>: error calling include: template: temporal/templates/_helpers.tpl:367:4: executing "temporal.persistence.secretName" at <include (printf "temporal.persistence.%s.secretName" (include "temporal.persistence.driver" (list $global $store))) (list $global $store)>: error calling include: template: no template "temporal.persistence.mysql.secretName" associated with template "gotpl" Use --debug flag to render out invalid YAML

nor a "secretName" (

Minimal Reproduction

Environment/Versions

GKE Cluster version 1.29

Using this chart: https://artifacthub.io/packages/helm/temporalio/temporal

Additional context

heytrav commented 6 days ago

I'm also encountering this while attempting to run parallel to mysql in a local cluster.

heytrav commented 6 days ago

I'm also encountering this while attempting to run parallel to mysql in a local cluster.

Actually I notice from one of the examples that they use driver: sql for the mysql installation. I also used driver: mysql initially (because that's what it looks like you should do) and got the same error message.

Switching to driver: sql it installed cleanly (although I also did have placeholders in for secretName.