resources

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package resources contains builders for the Kubernetes objects the operator manages (Jobs, Deployments, Services, ConfigMaps, etc.).

Index

Constants

View Source 
const (
	// InternodeCertMountPath is where the internode cert is mounted in every pod.
	InternodeCertMountPath = "/etc/temporal/certs/internode"
	// FrontendCertMountPath is where the frontend cert is mounted in frontend pods.
	FrontendCertMountPath = "/etc/temporal/certs/frontend"
)

Certificate / secret naming.

View Source 
const (
	// ConfigFileName is the rendered server config file key/mount name.
	ConfigFileName = "config.yaml"
	// DynamicConfigFileName is the dynamic config file key/mount name.
	DynamicConfigFileName = "dynamic_config.yaml"
)
View Source 
const (
	LabelName      = "app.kubernetes.io/name"
	LabelInstance  = "app.kubernetes.io/instance"
	LabelComponent = "app.kubernetes.io/component"
	LabelManagedBy = "app.kubernetes.io/managed-by"
	LabelCluster   = "temporal.bmor10.com/cluster"
	LabelVersion   = "temporal.bmor10.com/version"

	// ConfigHashAnnotation stamps the rendered-config hash onto pods so config
	// changes trigger a rollout.
	ConfigHashAnnotation = "temporal.bmor10.com/config-hash"
	// CertHashAnnotation stamps the mTLS cert hash onto pods so certificate
	// rotation triggers a rollout.
	CertHashAnnotation = "temporal.bmor10.com/cert-hash"
)

Label keys shared across all managed resources.

View Source 
const (
	ServiceFrontend         = "frontend"
	ServiceInternalFrontend = "internal-frontend"
	ServiceHistory          = "history"
	ServiceMatching         = "matching"
	ServiceWorker           = "worker"
)

Service component names.

Variables

View Source 
var ServiceMonitorGVK = schema.GroupVersionKind{
	Group:   "monitoring.coreos.com",
	Version: "v1",
	Kind:    "ServiceMonitor",
}

ServiceMonitorGVK is the GroupVersionKind of the Prometheus Operator ServiceMonitor resource.

Functions

func BuildClientCertificate 

func BuildClientCertificate(clusterClient *temporalv1alpha1.TemporalClusterClient, cluster *temporalv1alpha1.TemporalCluster) *certmanagerv1.Certificate

BuildClientCertificate builds a cert-manager Certificate for a TemporalClusterClient, signed by the cluster's mTLS issuer. The resulting Secret carries tls.crt, tls.key, and ca.crt for an application worker.

func BuildConfigSecret 

func BuildConfigSecret(cluster *temporalv1alpha1.TemporalCluster, rendered string) *corev1.Secret

BuildConfigSecret builds the Secret containing the rendered server config.

func BuildDeployment 

func BuildDeployment(cluster *temporalv1alpha1.TemporalCluster, svc ServiceInfo, configHash, version string, mtls *MTLSMounts) *appsv1.Deployment

BuildDeployment builds the Deployment for a single Temporal service. The version overrides the server image tag (used for per-service rollout during upgrades); when empty the cluster's spec version is used.

func BuildDynamicConfigMap 

func BuildDynamicConfigMap(cluster *temporalv1alpha1.TemporalCluster, rendered string) *corev1.ConfigMap

BuildDynamicConfigMap builds the ConfigMap containing dynamic config. When the rendered content is empty, an empty document is written so the mount always exists.

func BuildFrontendCertificate 

func BuildFrontendCertificate(cluster *temporalv1alpha1.TemporalCluster) *certmanagerv1.Certificate

BuildFrontendCertificate builds the frontend server Certificate, covering the frontend client Service DNS plus any user-supplied DNS names.

func BuildFrontendService 

func BuildFrontendService(cluster *temporalv1alpha1.TemporalCluster, frontend ServiceInfo) *corev1.Service

BuildFrontendService builds the regular ClusterIP Service that clients use to reach the frontend gRPC (and HTTP) endpoints.

func BuildHeadlessService 

func BuildHeadlessService(cluster *temporalv1alpha1.TemporalCluster, svc ServiceInfo) *corev1.Service

BuildHeadlessService builds the headless Service used for Ringpop membership.

func BuildInternodeCertificate 

func BuildInternodeCertificate(cluster *temporalv1alpha1.TemporalCluster) *certmanagerv1.Certificate

BuildInternodeCertificate builds the shared internode mTLS Certificate covering every service's membership DNS names. It is used by all services for both server and client auth within the cluster.

func BuildPodDisruptionBudget 

func BuildPodDisruptionBudget(cluster *temporalv1alpha1.TemporalCluster, svc ServiceInfo) *policyv1.PodDisruptionBudget

BuildPodDisruptionBudget builds a PDB allowing at most one unavailable pod for the given service.

func BuildSchemaJob 

func BuildSchemaJob(p SchemaJobParams) *batchv1.Job

BuildSchemaJob builds a batch/v1 Job that runs temporal-sql-tool for the given store and action. The caller is responsible for setting the controller owner reference on the returned Job.

func BuildServiceMonitor 

func BuildServiceMonitor(cluster *temporalv1alpha1.TemporalCluster) *unstructured.Unstructured

BuildServiceMonitor builds a Prometheus Operator ServiceMonitor (as an unstructured object to avoid a hard dependency on the prometheus-operator API) that scrapes the metrics port of every Temporal service in the cluster.

func BuildUIClientCertificate 

func BuildUIClientCertificate(cluster *temporalv1alpha1.TemporalCluster) *certmanagerv1.Certificate

BuildUIClientCertificate builds the client Certificate the UI uses to connect to the frontend when mTLS is enabled.

func BuildUIDeployment 

func BuildUIDeployment(cluster *temporalv1alpha1.TemporalCluster) *appsv1.Deployment

BuildUIDeployment builds the temporal-ui Deployment.

func BuildUIIngress 

func BuildUIIngress(cluster *temporalv1alpha1.TemporalCluster) *networkingv1.Ingress

BuildUIIngress builds an Ingress for the UI when configured. It returns nil when ingress is not enabled.

func BuildUIService 

func BuildUIService(cluster *temporalv1alpha1.TemporalCluster) *corev1.Service

BuildUIService builds the ClusterIP Service for the UI.

func ClientSecretName 

func ClientSecretName(clusterClient *temporalv1alpha1.TemporalClusterClient) string

ClientSecretName returns the Secret name for a client's credentials.

func ConfigHash 

func ConfigHash(content string) string

ConfigHash returns a stable short hash of the rendered config content, used to trigger pod rollouts when the config changes.

func ConfigSecretName 

func ConfigSecretName(clusterName string) string

ConfigSecretName returns the name of the Secret holding the rendered server config. The config is stored in a Secret (not a ConfigMap) because it embeds datastore credentials.

func DeploymentName 

func DeploymentName(clusterName, component string) string

DeploymentName returns the Deployment name for a service.

func DynamicConfigMapName 

func DynamicConfigMapName(clusterName string) string

DynamicConfigMapName returns the name of the ConfigMap holding dynamic config.

func FrontendCertName 

func FrontendCertName(clusterName string) string

FrontendCertName returns the frontend server Certificate (and its secret) name.

func FrontendServiceName 

func FrontendServiceName(clusterName string) string

FrontendServiceName returns the name of the cluster's frontend client Service.

func HeadlessServiceName 

func HeadlessServiceName(clusterName, component string) string

HeadlessServiceName returns the name of a service's headless membership Service.

func InternodeCertName 

func InternodeCertName(clusterName string) string

InternodeCertName returns the internode Certificate (and its secret) name.

func PDBName 

func PDBName(clusterName, component string) string

PDBName returns the PodDisruptionBudget name for a service.

func SchemaJobName 

func SchemaJobName(clusterName string, store SchemaStore, action SchemaAction) string

SchemaJobName returns the deterministic name for a schema Job.

func SelectorLabels 

func SelectorLabels(cluster *temporalv1alpha1.TemporalCluster, component string) map[string]string

SelectorLabels returns the stable selector labels for a cluster component. These never include the version so that selectors remain stable across upgrades.

func ServiceMonitorName 

func ServiceMonitorName(clusterName string) string

ServiceMonitorName returns the cluster's ServiceMonitor name.

func StandardLabels 

func StandardLabels(cluster *temporalv1alpha1.TemporalCluster, component string) map[string]string

StandardLabels returns the full label set for a cluster component, including the managed-by and version labels.

func UIClientCertName 

func UIClientCertName(clusterName string) string

UIClientCertName returns the UI client Certificate/secret name.

func UIName 

func UIName(clusterName string) string

UIName returns the name of the UI Deployment/Service.

Types

type MTLSMounts 

type MTLSMounts struct {
	Enabled         bool
	InternodeSecret string
	FrontendSecret  string
	// CertHash, when set, is stamped on the pod template to trigger a rolling
	// restart on certificate rotation.
	CertHash string
}

MTLSMounts describes the cert secrets to mount when mTLS is enabled.

type SchemaAction 

type SchemaAction string

SchemaAction identifies the schema operation a Job performs. 

const (
	// ActionSetup creates the schema_version bookkeeping (setup-schema -v 0.0).
	ActionSetup SchemaAction = "setup"
	// ActionUpdate applies versioned migrations (update-schema -d <dir>).
	ActionUpdate SchemaAction = "update"
)

type SchemaJobParams 

type SchemaJobParams struct {
	// Cluster is the owning TemporalCluster.
	Cluster *temporalv1alpha1.TemporalCluster
	// SQLSpec is the resolved SQL datastore spec for the target store. Set for
	// SQL-backed stores.
	SQLSpec *temporalv1alpha1.SQLDatastoreSpec
	// CassandraSpec is the resolved Cassandra datastore spec. Set for
	// Cassandra-backed stores.
	CassandraSpec *temporalv1alpha1.CassandraDatastoreSpec
	// Store and Action select the operation.
	Store  SchemaStore
	Action SchemaAction
	// SchemaVersionDir is the on-image schema version directory, e.g. "v12".
	SchemaVersionDir string
}

SchemaJobParams describes a single schema Job to build.

type SchemaStore 

type SchemaStore string

SchemaStore identifies which logical store a schema Job targets. 

const (
	// StoreDefault is the default (history/execution) store.
	StoreDefault SchemaStore = "default"
	// StoreVisibility is the visibility store.
	StoreVisibility SchemaStore = "visibility"
)

type ServiceInfo 

type ServiceInfo struct {
	// Name is the component name (e.g. "frontend").
	Name string
	// Spec is the per-service configuration from the CR; may be nil.
	Spec *temporalv1alpha1.ServiceSpec
	// Ports holds the resolved ports for the service.
	Ports temporal.ServicePort
	// HasHTTP reports whether the service exposes an HTTP port.
	HasHTTP bool
}

ServiceInfo describes a single Temporal service to be deployed.

func EnabledServices 

func EnabledServices(cluster *temporalv1alpha1.TemporalCluster) []ServiceInfo

EnabledServices returns the services that should be deployed for a cluster, including internal-frontend only when enabled.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.