blob: d4ecd161565102e082751b394eb66f72421fa3a4 [file] [log] [blame]
log:
stdout: true
level: {{ default .Env.LOG_LEVEL "info" }}
persistence:
numHistoryShards: {{ default .Env.NUM_HISTORY_SHARDS "4" }}
defaultStore: default
{{- $es := default .Env.ENABLE_ES "false" | lower -}}
{{- if eq $es "true" }}
visibilityStore: es-visibility
{{- else }}
visibilityStore: visibility
{{- end }}
datastores:
{{- $db := default .Env.DB "postgres" | lower -}}
{{- $db := replace $db "postgresql" "postgres" 1 }}
default:
sql:
pluginName: "{{ $db }}"
databaseName: "{{ default .Env.DBNAME "temporal" }}"
connectAddr:
"{{ default .Env.POSTGRES_SEEDS "" }}:{{ default .Env.DB_PORT "5432" }}"
connectProtocol: "tcp"
user: "{{ default .Env.POSTGRES_USER "" }}"
password: "{{ default .Env.POSTGRES_PWD "" }}"
maxConns: {{ default .Env.SQL_MAX_CONNS "20" }}
maxIdleConns: {{ default .Env.SQL_MAX_IDLE_CONNS "20" }}
maxConnLifetime: {{ default .Env.SQL_MAX_CONN_TIME "1h" }}
tls:
enabled: {{ default .Env.SQL_TLS_ENABLED "false" }}
caFile: {{ default .Env.SQL_CA "" }}
certFile: {{ default .Env.SQL_CERT "" }}
keyFile: {{ default .Env.SQL_CERT_KEY "" }}
enableHostVerification: {{ default .Env.SQL_HOST_VERIFICATION "false" }}
serverName: {{ default .Env.SQL_HOST_NAME "" }}
visibility:
{{ $visibility_seeds_default := default .Env.POSTGRES_SEEDS "" }}
{{ $visibility_seeds := default .Env.VISIBILITY_POSTGRES_SEEDS $visibility_seeds_default }}
{{ $visibility_port_default := default .Env.DB_PORT "5432" }}
{{ $visibility_port := default .Env.VISIBILITY_DB_PORT $visibility_port_default }}
{{ $visibility_user_default := default .Env.POSTGRES_USER "" }}
{{ $visibility_user := default .Env.VISIBILITY_POSTGRES_USER $visibility_user_default }}
{{ $visibility_pwd_default := default .Env.POSTGRES_PWD "" }}
{{ $visibility_pwd := default .Env.VISIBILITY_POSTGRES_PWD $visibility_pwd_default }}
sql:
pluginName: "{{ $db }}"
databaseName: "{{ default .Env.VISIBILITY_DBNAME "temporal_visibility" }}"
connectAddr: "{{ $visibility_seeds }}:{{ $visibility_port }}"
connectProtocol: "tcp"
user: "{{ $visibility_user }}"
password: "{{ $visibility_pwd }}"
maxConns: {{ default .Env.SQL_VIS_MAX_CONNS "10" }}
maxIdleConns: {{ default .Env.SQL_VIS_MAX_IDLE_CONNS "10" }}
maxConnLifetime: {{ default .Env.SQL_VIS_MAX_CONN_TIME "1h" }}
tls:
enabled: {{ default .Env.SQL_TLS_ENABLED "false" }}
caFile: {{ default .Env.SQL_CA "" }}
certFile: {{ default .Env.SQL_CERT "" }}
keyFile: {{ default .Env.SQL_CERT_KEY "" }}
enableHostVerification: {{ default .Env.SQL_HOST_VERIFICATION "false" }}
serverName: {{ default .Env.SQL_HOST_NAME "" }}
{{- if eq $es "true" }}
es-visibility:
elasticsearch:
version: {{ default .Env.ES_VERSION "" }}
url:
scheme: {{ default .Env.ES_SCHEME "http" }}
host: "{{ default .Env.ES_SEEDS "" }}:{{ default .Env.ES_PORT "9200" }}"
username: "{{ default .Env.ES_USER "" }}"
password: "{{ default .Env.ES_PWD "" }}"
indices:
visibility: "{{ default .Env.ES_VIS_INDEX "temporal_visibility_v1_dev" }}"
{{- $es_sec_vis_index := default .Env.ES_SEC_VIS_INDEX "" -}}
{{- if ne $es_sec_vis_index "" }}
secondary_visibility: "{{ $es_sec_vis_index }}"
{{- end }}
{{- end }}
global:
membership:
maxJoinDuration: 30s
broadcastAddress: "{{ default .Env.TEMPORAL_BROADCAST_ADDRESS "" }}"
pprof:
port: {{ default .Env.PPROF_PORT "0" }}
tls:
refreshInterval: {{ default .Env.TEMPORAL_TLS_REFRESH_INTERVAL "0s" }}
expirationChecks:
warningWindow: {{ default .Env.TEMPORAL_TLS_EXPIRATION_CHECKS_WARNING_WINDOW "0s" }}
errorWindow: {{ default .Env.TEMPORAL_TLS_EXPIRATION_CHECKS_ERROR_WINDOW "0s" }}
checkInterval: {{ default .Env.TEMPORAL_TLS_EXPIRATION_CHECKS_CHECK_INTERVAL "0s" }}
internode:
# This server section configures the TLS certificate that internal temporal
# cluster nodes (history, matching, and internal-frontend) present to other
# clients within the Temporal Cluster.
server:
requireClientAuth: {{ default .Env.TEMPORAL_TLS_REQUIRE_CLIENT_AUTH "false" }}
certFile: {{ default .Env.TEMPORAL_TLS_SERVER_CERT "" }}
keyFile: {{ default .Env.TEMPORAL_TLS_SERVER_KEY "" }}
{{- if .Env.TEMPORAL_TLS_SERVER_CA_CERT }}
clientCaFiles:
- {{ default .Env.TEMPORAL_TLS_SERVER_CA_CERT "" }}
{{- end }}
certData: {{ default .Env.TEMPORAL_TLS_SERVER_CERT_DATA "" }}
keyData: {{ default .Env.TEMPORAL_TLS_SERVER_KEY_DATA "" }}
{{- if .Env.TEMPORAL_TLS_SERVER_CA_CERT_DATA }}
clientCaData:
- {{ default .Env.TEMPORAL_TLS_SERVER_CA_CERT_DATA "" }}
{{- end }}
# This client section is used to configure the TLS clients within
# the Temporal Cluster that connect to an Internode (history, matching, or
# internal-frontend)
client:
serverName: {{ default .Env.TEMPORAL_TLS_INTERNODE_SERVER_NAME "" }}
disableHostVerification:
{{ default .Env.TEMPORAL_TLS_INTERNODE_DISABLE_HOST_VERIFICATION "false"}}
{{- if .Env.TEMPORAL_TLS_SERVER_CA_CERT }}
rootCaFiles:
- {{ default .Env.TEMPORAL_TLS_SERVER_CA_CERT "" }}
{{- end }}
{{- if .Env.TEMPORAL_TLS_SERVER_CA_CERT_DATA }}
rootCaData:
- {{ default .Env.TEMPORAL_TLS_SERVER_CA_CERT_DATA "" }}
{{- end }}
frontend:
# This server section configures the TLS certificate that the Frontend
# server presents to external clients.
server:
requireClientAuth: {{ default .Env.TEMPORAL_TLS_REQUIRE_CLIENT_AUTH "false" }}
certFile: {{ default .Env.TEMPORAL_TLS_FRONTEND_CERT "" }}
keyFile: {{ default .Env.TEMPORAL_TLS_FRONTEND_KEY "" }}
{{- if .Env.TEMPORAL_TLS_CLIENT1_CA_CERT }}
clientCaFiles:
- {{ default .Env.TEMPORAL_TLS_CLIENT1_CA_CERT "" }}
- {{ default .Env.TEMPORAL_TLS_CLIENT2_CA_CERT "" }}
{{- end }}
certData: {{ default .Env.TEMPORAL_TLS_FRONTEND_CERT_DATA "" }}
keyData: {{ default .Env.TEMPORAL_TLS_FRONTEND_KEY_DATA "" }}
{{- if .Env.TEMPORAL_TLS_CLIENT1_CA_CERT_DATA }}
clientCaData:
- {{ default .Env.TEMPORAL_TLS_CLIENT1_CA_CERT_DATA "" }}
- {{ default .Env.TEMPORAL_TLS_CLIENT2_CA_CERT_DATA "" }}
{{- end }}
# This client section is used to configure the TLS clients within
# the Temporal Cluster (specifically the Worker role) that connect to the Frontend
# service
client:
serverName: {{ default .Env.TEMPORAL_TLS_FRONTEND_SERVER_NAME "" }}
disableHostVerification:
{{ default .Env.TEMPORAL_TLS_FRONTEND_DISABLE_HOST_VERIFICATION "false"}}
{{- if .Env.TEMPORAL_TLS_SERVER_CA_CERT }}
rootCaFiles:
- {{ default .Env.TEMPORAL_TLS_SERVER_CA_CERT "" }}
{{- end }}
{{- if .Env.TEMPORAL_TLS_SERVER_CA_CERT_DATA }}
rootCaData:
- {{ default .Env.TEMPORAL_TLS_SERVER_CA_CERT_DATA "" }}
{{- end }}
{{- if .Env.STATSD_ENDPOINT }}
metrics:
statsd:
hostPort: {{ .Env.STATSD_ENDPOINT }}
prefix: "temporal"
{{- else if .Env.PROMETHEUS_ENDPOINT }}
metrics:
prometheus:
timerType: {{ default .Env.PROMETHEUS_TIMER_TYPE "histogram" }}
listenAddress: "{{ .Env.PROMETHEUS_ENDPOINT }}"
{{- end }}
authorization:
jwtKeyProvider:
keySourceURIs:
{{- if .Env.TEMPORAL_JWT_KEY_SOURCE1 }}
- {{ default .Env.TEMPORAL_JWT_KEY_SOURCE1 "" }}
{{- end }}
{{- if .Env.TEMPORAL_JWT_KEY_SOURCE2 }}
- {{ default .Env.TEMPORAL_JWT_KEY_SOURCE2 "" }}
{{- end }}
refreshInterval: {{ default .Env.TEMPORAL_JWT_KEY_REFRESH "1m" }}
permissionsClaimName: {{ default .Env.TEMPORAL_JWT_PERMISSIONS_CLAIM "permissions" }}
authorizer: {{ default .Env.TEMPORAL_AUTH_AUTHORIZER "" }}
claimMapper: {{ default .Env.TEMPORAL_AUTH_CLAIM_MAPPER "" }}
{{- $temporalGrpcPort := default .Env.FRONTEND_GRPC_PORT "7233" }}
services:
frontend:
rpc:
grpcPort: {{ $temporalGrpcPort }}
membershipPort: {{ default .Env.FRONTEND_MEMBERSHIP_PORT "6933" }}
bindOnIP: {{ default .Env.BIND_ON_IP "127.0.0.1" }}
httpPort: {{ default .Env.FRONTEND_HTTP_PORT "7243" }}
{{- if .Env.USE_INTERNAL_FRONTEND }}
internal-frontend:
rpc:
grpcPort: {{ default .Env.INTERNAL_FRONTEND_GRPC_PORT "7236" }}
membershipPort: {{ default .Env.INTERNAL_FRONTEND_MEMBERSHIP_PORT "6936" }}
bindOnIP: {{ default .Env.BIND_ON_IP "127.0.0.1" }}
{{- end }}
matching:
rpc:
grpcPort: {{ default .Env.MATCHING_GRPC_PORT "7235" }}
membershipPort: {{ default .Env.MATCHING_MEMBERSHIP_PORT "6935" }}
bindOnIP: {{ default .Env.BIND_ON_IP "127.0.0.1" }}
history:
rpc:
grpcPort: {{ default .Env.HISTORY_GRPC_PORT "7234" }}
membershipPort: {{ default .Env.HISTORY_MEMBERSHIP_PORT "6934" }}
bindOnIP: {{ default .Env.BIND_ON_IP "127.0.0.1" }}
worker:
rpc:
grpcPort: {{ default .Env.WORKER_GRPC_PORT "7239" }}
membershipPort: {{ default .Env.WORKER_MEMBERSHIP_PORT "6939" }}
bindOnIP: {{ default .Env.BIND_ON_IP "127.0.0.1" }}
clusterMetadata:
enableGlobalNamespace: false
failoverVersionIncrement: 10
masterClusterName: "active"
currentClusterName: "active"
clusterInformation:
active:
enabled: true
initialFailoverVersion: 1
rpcName: "frontend"
rpcAddress: {{ (print "127.0.0.1:" $temporalGrpcPort) }}
dcRedirectionPolicy:
policy: "noop"
{{- if eq .Env.ENABLE_GCS_ARCHIVAL "true" }}
archival:
history:
state: "enabled"
enableRead: true
provider:
gstorage:
credentialsPath: "" # Google Defualt Auth
visibility:
state: "enabled"
enableRead: true
provider:
gstorage:
credentialsPath: "" # Google Defualt Auth
namespaceDefaults:
archival:
history:
state: "enabled"
URI: "gs://{{ default .Env.GCS_ARCHIVAL_ROOTPATH "temporal-archival"}}/default/history"
visibility:
state: "enabled"
URI: "gs://{{ default .Env.GCS_ARCHIVAL_ROOTPATH "temporal-archival"}}/default/visibility"
{{- end}}
{{- if or (.Env.USE_INTERNAL_FRONTEND) (and (not .Env.TEMPORAL_AUTH_AUTHORIZER) (not .Env.TEMPORAL_AUTH_CLAIM_MAPPER)) }}
{{/* publicClient is not needed with internal frontend, or if not using authorizer + claim mapper */}}
{{- else }}
{{ $publicIp := default .Env.BIND_ON_IP "127.0.0.1" -}}
{{- $defaultPublicHostPost := (print $publicIp ":" $temporalGrpcPort) -}}
publicClient:
hostPort: "{{ default .Env.PUBLIC_FRONTEND_ADDRESS $defaultPublicHostPost }}"
{{- end }}
dynamicConfigClient:
filepath: "{{ default .Env.DYNAMIC_CONFIG_FILE_PATH "/etc/temporal/config/dynamicconfig/docker.yaml" }}"
pollInterval: "60s"