diff --git a/temporal/Pluralfile b/temporal/Pluralfile new file mode 100644 index 000000000..029a13948 --- /dev/null +++ b/temporal/Pluralfile @@ -0,0 +1,6 @@ +REPO temporal +ATTRIBUTES Plural repository.yaml + +TF terraform/* +HELM helm/* +RECIPE plural/recipes/* diff --git a/temporal/helm/temporal/.helmignore b/temporal/helm/temporal/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/temporal/helm/temporal/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/temporal/helm/temporal/Chart.lock b/temporal/helm/temporal/Chart.lock new file mode 100644 index 000000000..7ade8c0d0 --- /dev/null +++ b/temporal/helm/temporal/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: postgres + repository: https://pluralsh.github.io/module-library + version: 0.2.1 +- name: temporal + repository: https://pluralsh.github.io/plural-helm-charts + version: 0.27.2 +digest: sha256:24f3caa6c334437e3f5bda423a4d0057feddefec01eaea1f4cd412812893599f +generated: "2023-09-11T18:22:25.139019-04:00" diff --git a/temporal/helm/temporal/Chart.yaml b/temporal/helm/temporal/Chart.yaml new file mode 100644 index 000000000..7c03a92d6 --- /dev/null +++ b/temporal/helm/temporal/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: temporal +description: helm chart for temporal +type: application +version: 0.1.2 +appVersion: "1.21.5" +dependencies: +- name: postgres + version: 0.2.1 + repository: https://pluralsh.github.io/module-library +- name: temporal + version: 0.27.2 + repository: https://pluralsh.github.io/plural-helm-charts \ No newline at end of file diff --git a/temporal/helm/temporal/README.md b/temporal/helm/temporal/README.md new file mode 100644 index 000000000..5724cea4b --- /dev/null +++ b/temporal/helm/temporal/README.md @@ -0,0 +1 @@ +A helm chart for temporal \ No newline at end of file diff --git a/temporal/helm/temporal/charts/postgres-0.2.1.tgz b/temporal/helm/temporal/charts/postgres-0.2.1.tgz new file mode 100644 index 000000000..932a505e1 Binary files /dev/null and b/temporal/helm/temporal/charts/postgres-0.2.1.tgz differ diff --git a/temporal/helm/temporal/charts/temporal-0.27.2.tgz b/temporal/helm/temporal/charts/temporal-0.27.2.tgz new file mode 100644 index 000000000..2f1e85d3c Binary files /dev/null and b/temporal/helm/temporal/charts/temporal-0.27.2.tgz differ diff --git a/temporal/helm/temporal/deps.yaml b/temporal/helm/temporal/deps.yaml new file mode 100644 index 000000000..12cf0d10d --- /dev/null +++ b/temporal/helm/temporal/deps.yaml @@ -0,0 +1,34 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + application: true + description: Deploys temporal crafted for the target cloud +spec: + dependencies: + - type: helm + name: bootstrap + repo: bootstrap + version: '>= 0.5.1' + - type: helm + name: ingress-nginx + repo: ingress-nginx + version: ">= 0.1.2" + - type: helm + name: postgres + repo: postgres + version: ">= 0.1.6" + - type: terraform + name: aws + repo: temporal + version: '>= 0.1.0' + optional: true + - type: terraform + name: azure + repo: temporal + version: '>= 0.1.0' + optional: true + - type: terraform + name: gcp + repo: temporal + version: '>= 0.1.0' + optional: true \ No newline at end of file diff --git a/temporal/helm/temporal/templates/_helpers.tpl b/temporal/helm/temporal/templates/_helpers.tpl new file mode 100644 index 000000000..85994207a --- /dev/null +++ b/temporal/helm/temporal/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "temporal-plural.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "temporal-plural.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "temporal-plural.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "temporal-plural.labels" -}} +helm.sh/chart: {{ include "temporal-plural.chart" . }} +{{ include "temporal-plural.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "temporal-plural.selectorLabels" -}} +app.kubernetes.io/name: {{ include "temporal-plural.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "temporal-plural.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "temporal-plural.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/temporal/helm/temporal/templates/grpc-ingress.yaml b/temporal/helm/temporal/templates/grpc-ingress.yaml new file mode 100644 index 000000000..68d09de39 --- /dev/null +++ b/temporal/helm/temporal/templates/grpc-ingress.yaml @@ -0,0 +1,27 @@ +{{ if .Values.grpc.hostname }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + {{ toYaml .Values.grpc.annotations | nindent 4 }} + name: grpc-ingress + labels: + {{ include "temporal-plural.labels" . | nindent 4 }} +spec: + ingressClassName: {{ .Values.grpc.ingressClass }} + rules: + - host: {{ .Values.grpc.hostname }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Values.grpc.service }} + port: + name: {{ .Values.grpc.port }} + tls: + - secretName: temporal-grpc-tls + hosts: + - {{ .Values.grpc.hostname }} +{{ end }} \ No newline at end of file diff --git a/temporal/helm/temporal/templates/oidc-secret.yaml b/temporal/helm/temporal/templates/oidc-secret.yaml new file mode 100644 index 000000000..51fb67f79 --- /dev/null +++ b/temporal/helm/temporal/templates/oidc-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: oidc-secret +stringData: + clientId: {{ .Values.oidc.clientId }} + clientSecret: {{ .Values.oidc.clientSecret }} \ No newline at end of file diff --git a/temporal/helm/temporal/values.yaml b/temporal/helm/temporal/values.yaml new file mode 100644 index 000000000..35890737d --- /dev/null +++ b/temporal/helm/temporal/values.yaml @@ -0,0 +1,110 @@ +postgres: + team: plural + user: temporal + dbName: temporal + ownerChart: temporal + infix: '-postgres' + +oidc: + clientId: bogus + clientSecret: bogus + +grpc: + hostname: ~ + ingressClass: internal-nginx + service: temporal-frontend + port: grpc-rpc + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "GRPC" + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: letsencrypt-prod + +temporal: + web: + config: + auth: + enabled: true + providers: + - label: Login With Plural # for internal use; in future may expose as button text + type: oidc + issuerUrl: ~ + clientId: ~ + clientSecret: ~ + callbackUrl: ~ + scopes: + - openid + - profile + - email + + ingress: + enabled: false + className: nginx + annotations: + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: letsencrypt-prod + server: + config: + persistence: + default: + driver: "sql" + + sql: + driver: "postgres" + host: plural-postgres-temporal + port: 5432 + database: temporal + user: temporal + existingSecret: temporal.plural-postgres-temporal.credentials.postgresql.acid.zalan.do + maxConns: 20 + maxConnLifetime: "1h" + tls: + enabled: true + enableHostVerification: false + + visibility: + driver: "sql" + + sql: + driver: "postgres" + host: plural-postgres-temporal + port: 5432 + database: temporal + user: temporal + existingSecret: temporal.plural-postgres-temporal.credentials.postgresql.acid.zalan.do + maxConns: 20 + maxConnLifetime: "1h" + tls: + enabled: true + enableHostVerification: false + + cassandra: + enabled: false + + mysql: + enabled: false + + postgresql: + enabled: true + + prometheus: + enabled: false + + grafana: + enabled: false + + elasticsearch: + enabled: false + + schema: + extraEnv: + - name: SQL_TLS_DISABLE_HOST_VERIFICATION + value: 'true' + - name: SQL_TLS_ENABLED + value: 'true' + - name: SQL_TLS + value: 'true' + setup: + enabled: true + update: + enabled: true diff --git a/temporal/helm/temporal/values.yaml.tpl b/temporal/helm/temporal/values.yaml.tpl new file mode 100644 index 000000000..696fc30f1 --- /dev/null +++ b/temporal/helm/temporal/values.yaml.tpl @@ -0,0 +1,52 @@ +global: + application: + links: + - description: temporal web ui + url: {{ .Values.hostname }} + {{ if .Values.grpcHostname }} + - description: grpc endpoint + url: {{ .Values.grpcHostname }} + {{ end }} + +{{ if .Values.grpcHostname }} +grpc: + hostname: {{ .Values.grpcHostname }} +{{ end }} + +{{ if .OIDC }} +oidc: + clientSecret: {{ .OIDC.ClientSecret }} + clientId: {{ .OIDC.ClientId }} +temporal: + web: + additionalEnv: + - name: TEMPORAL_AUTH_ENABLED + value: 'true' + - name: TEMPORAL_AUTH_LABEL + value: "login with Plural" + - name: TEMPORAL_AUTH_PROVIDER_URL + value: {{ .OIDC.Configuration.Issuer }} + - name: TEMPORAL_AUTH_CALLBACK_URL + value: https://{{ .Values.hostname }}/auth/sso/callback + - name: TEMPORAL_AUTH_SCOPES + value: openid + - name: TEMPORAL_AUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: oidc-secret + key: clientSecret + - name: TEMPORAL_AUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: oidc-secret + key: clientId + ingress: + enabled: true + hosts: + - {{ .Values.hostname }} + tls: + - secretName: temporal-tls + hosts: + - {{ .Values.hostname }} +{{ end }} + \ No newline at end of file diff --git a/temporal/plural/icons/temporal.png b/temporal/plural/icons/temporal.png new file mode 100644 index 000000000..0c7fbaf42 Binary files /dev/null and b/temporal/plural/icons/temporal.png differ diff --git a/temporal/plural/notes.tpl b/temporal/plural/notes.tpl new file mode 100644 index 000000000..d6f5d25b0 --- /dev/null +++ b/temporal/plural/notes.tpl @@ -0,0 +1 @@ +Use `plural watch temporal` to track the status of your application \ No newline at end of file diff --git a/temporal/plural/recipes/temporal-aws.yaml b/temporal/plural/recipes/temporal-aws.yaml new file mode 100644 index 000000000..6463923bd --- /dev/null +++ b/temporal/plural/recipes/temporal-aws.yaml @@ -0,0 +1,29 @@ +name: temporal-aws +description: Installs temporal on an aws eks cluster +provider: AWS +primary: true +oidcSettings: + uriFormat: https://{domain}/auth/sso/callback + authMethod: POST + domainKey: hostname +dependencies: +- repo: bootstrap + name: aws-k8s +- repo: ingress-nginx + name: ingress-nginx-aws +- repo: postgres + name: aws-postgres +sections: +- name: temporal + configuration: + - name: hostname + documentation: the fqdn for the temporal admin console + type: DOMAIN + - name: grpcHostname + documentation: fqdn for temporals grpc service (this will be used for temporal clients) + type: DOMAIN + items: + - type: TERRAFORM + name: aws + - type: HELM + name: temporal diff --git a/temporal/plural/recipes/temporal-azure.yaml b/temporal/plural/recipes/temporal-azure.yaml new file mode 100644 index 000000000..9105ab91f --- /dev/null +++ b/temporal/plural/recipes/temporal-azure.yaml @@ -0,0 +1,29 @@ +name: temporal-azure +description: Installs temporal on an aws eks cluster +provider: AZURE +primary: true +oidcSettings: + uriFormat: https://{domain}/auth/sso/callback + authMethod: POST + domainKey: hostname +dependencies: +- repo: bootstrap + name: azure-k8s +- repo: ingress-nginx + name: ingress-nginx-azure +- repo: postgres + name: azure-postgres +sections: +- name: temporal + configuration: + - name: hostname + documentation: the fqdn for the temporal admin console + type: DOMAIN + - name: grpcHostname + documentation: fqdn for temporals grpc service (this will be used for temporal clients) + type: DOMAIN + items: + - type: TERRAFORM + name: azure + - type: HELM + name: temporal diff --git a/temporal/plural/recipes/temporal-gcp.yaml b/temporal/plural/recipes/temporal-gcp.yaml new file mode 100644 index 000000000..98b7f8f7d --- /dev/null +++ b/temporal/plural/recipes/temporal-gcp.yaml @@ -0,0 +1,29 @@ +name: temporal-gcp +description: Installs temporal on an aws eks cluster +provider: GCP +primary: true +oidcSettings: + uriFormat: https://{domain}/auth/sso/callback + authMethod: POST + domainKey: hostname +dependencies: +- repo: bootstrap + name: gcp-k8s +- repo: ingress-nginx + name: ingress-nginx-gcp +- repo: postgres + name: gcp-postgres +sections: +- name: temporal + configuration: + - name: hostname + documentation: the fqdn for the temporal admin console + type: DOMAIN + - name: grpcHostname + documentation: fqdn for temporals grpc service (this will be used for temporal clients) + type: DOMAIN + items: + - type: TERRAFORM + name: gcp + - type: HELM + name: temporal diff --git a/temporal/repository.yaml b/temporal/repository.yaml new file mode 100644 index 000000000..c4adc63d7 --- /dev/null +++ b/temporal/repository.yaml @@ -0,0 +1,11 @@ +name: temporal +description: temporal deployed on plural +category: MESSAGING +releaseStatus: BETA +private: false +icon: plural/icons/temporal.png +notes: plural/notes.tpl +gitUrl: https://github.com/temporalio/temporal +oauthSettings: + uriFormat: https://{domain}/auth/sso/callback + authMethod: POST diff --git a/temporal/terraform/aws/deps.yaml b/temporal/terraform/aws/deps.yaml new file mode 100644 index 000000000..ad6dc76ce --- /dev/null +++ b/temporal/terraform/aws/deps.yaml @@ -0,0 +1,13 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + description: temporal aws setup + version: 0.1.0 +spec: + dependencies: + - name: aws-bootstrap + repo: bootstrap + type: terraform + version: '>= 0.1.1' + providers: + - aws \ No newline at end of file diff --git a/temporal/terraform/aws/main.tf b/temporal/terraform/aws/main.tf new file mode 100644 index 000000000..f08415387 --- /dev/null +++ b/temporal/terraform/aws/main.tf @@ -0,0 +1,32 @@ +resource "kubernetes_namespace" "temporal" { + metadata { + name = var.namespace + labels = { + "app.kubernetes.io/managed-by" = "plural" + "app.plural.sh/name" = "temporal" + + "platform.plural.sh/sync-target" = "pg" + + } + } +} + + +data "aws_iam_role" "postgres" { + name = "${var.cluster_name}-postgres" +} + +resource "kubernetes_service_account" "postgres" { + metadata { + name = "postgres-pod" + namespace = var.namespace + + annotations = { + "eks.amazonaws.com/role-arn" = data.aws_iam_role.postgres.arn + } + } + + depends_on = [ + kubernetes_namespace.temporal + ] +} diff --git a/temporal/terraform/aws/terraform.tfvars b/temporal/terraform/aws/terraform.tfvars new file mode 100644 index 000000000..961103ecf --- /dev/null +++ b/temporal/terraform/aws/terraform.tfvars @@ -0,0 +1,2 @@ +namespace = {{ .Namespace | quote }} +cluster_name = {{ .Cluster | quote }} \ No newline at end of file diff --git a/temporal/terraform/aws/variables.tf b/temporal/terraform/aws/variables.tf new file mode 100644 index 000000000..778e59687 --- /dev/null +++ b/temporal/terraform/aws/variables.tf @@ -0,0 +1,8 @@ +variable "namespace" { + type = string + default = "temporal" +} + +variable "cluster_name" { + type = string +} diff --git a/temporal/terraform/azure/deps.yaml b/temporal/terraform/azure/deps.yaml new file mode 100644 index 000000000..5e563642b --- /dev/null +++ b/temporal/terraform/azure/deps.yaml @@ -0,0 +1,13 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + description: temporal azure setup + version: 0.1.0 +spec: + dependencies: + - name: azure-bootstrap + repo: bootstrap + type: terraform + version: '>= 0.1.1' + providers: + - azure \ No newline at end of file diff --git a/temporal/terraform/azure/main.tf b/temporal/terraform/azure/main.tf new file mode 100644 index 000000000..813c88946 --- /dev/null +++ b/temporal/terraform/azure/main.tf @@ -0,0 +1,13 @@ +resource "kubernetes_namespace" "temporal" { + metadata { + name = var.namespace + labels = { + "app.kubernetes.io/managed-by" = "plural" + "app.plural.sh/name" = "temporal" + + "platform.plural.sh/sync-target" = "pg" + + } + } +} + diff --git a/temporal/terraform/azure/terraform.tfvars b/temporal/terraform/azure/terraform.tfvars new file mode 100644 index 000000000..961103ecf --- /dev/null +++ b/temporal/terraform/azure/terraform.tfvars @@ -0,0 +1,2 @@ +namespace = {{ .Namespace | quote }} +cluster_name = {{ .Cluster | quote }} \ No newline at end of file diff --git a/temporal/terraform/azure/variables.tf b/temporal/terraform/azure/variables.tf new file mode 100644 index 000000000..778e59687 --- /dev/null +++ b/temporal/terraform/azure/variables.tf @@ -0,0 +1,8 @@ +variable "namespace" { + type = string + default = "temporal" +} + +variable "cluster_name" { + type = string +} diff --git a/temporal/terraform/gcp/deps.yaml b/temporal/terraform/gcp/deps.yaml new file mode 100644 index 000000000..25ddde8cb --- /dev/null +++ b/temporal/terraform/gcp/deps.yaml @@ -0,0 +1,13 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + description: temporal gcp setup + version: 0.1.0 +spec: + dependencies: + - name: gcp-bootstrap + repo: bootstrap + type: terraform + version: '>= 0.1.1' + providers: + - gcp \ No newline at end of file diff --git a/temporal/terraform/gcp/main.tf b/temporal/terraform/gcp/main.tf new file mode 100644 index 000000000..813c88946 --- /dev/null +++ b/temporal/terraform/gcp/main.tf @@ -0,0 +1,13 @@ +resource "kubernetes_namespace" "temporal" { + metadata { + name = var.namespace + labels = { + "app.kubernetes.io/managed-by" = "plural" + "app.plural.sh/name" = "temporal" + + "platform.plural.sh/sync-target" = "pg" + + } + } +} + diff --git a/temporal/terraform/gcp/terraform.tfvars b/temporal/terraform/gcp/terraform.tfvars new file mode 100644 index 000000000..961103ecf --- /dev/null +++ b/temporal/terraform/gcp/terraform.tfvars @@ -0,0 +1,2 @@ +namespace = {{ .Namespace | quote }} +cluster_name = {{ .Cluster | quote }} \ No newline at end of file diff --git a/temporal/terraform/gcp/variables.tf b/temporal/terraform/gcp/variables.tf new file mode 100644 index 000000000..778e59687 --- /dev/null +++ b/temporal/terraform/gcp/variables.tf @@ -0,0 +1,8 @@ +variable "namespace" { + type = string + default = "temporal" +} + +variable "cluster_name" { + type = string +}