How to config temporal S3 authentication in temporal helm chart?

jalal_zivari · February 12, 2023, 10:27am

I installed temporal using helm chart from below link:

helm command was:

#helmstage upgrade --install -f values/values.archival.s3.yaml -f values/values.mysql.yaml temporal-test . -n test

everything was ok and service deployed successfully.

then i updated values/values.archival.s3.yaml as below:

server:
  archival:
    history:
      state: "enabled"
      enableRead: true
      provider:
        s3store:
          region: "default"
          endpoint: "http://ceph-infra-s3:8080"
          s3ForcePathStyle: true
    visibility:
      state: "enabled"
      enableRead: true
      provider:
        s3store:
          region: "default"
          endpoint: "http://ceph-infra-s3:8080"
          s3ForcePathStyle: true

  namespaceDefaults:
    archival:
      history:
        state: "enabled"
        URI: "s3://temporal-development"
      visibility:
        state: "enabled"
        URI: "s3://temporal-development"

but i don’t now how and where can i config s3 authentication accesskey and secretkey.

should i create a secret? if yes where can i use the created secret ?

tihomir · February 13, 2023, 3:20pm

Hi, authentication is not exposed via config directly and you’d have to set it up via AWS apis (env var option is probably the easiest), see here. Also this older forum post might help.

jalal_zivari · February 14, 2023, 7:34am

Thank you for your reply.
Where should I set these environments?
Should I set them in Kubernetes pods, for example?

tihomir · February 14, 2023, 5:11pm

Should I set them in Kubernetes pods

That should work (via env/envFrom fields in your pod config). Let us know if you run into issues with that.

jalal_zivari · February 20, 2023, 7:11am

I set it but it didn’t work
I got this error when I tried to create a new namespace
#tctl --namespace default namespace register --retention 30

Error: Register namespace operation failed.
Error Details: rpc error: code = Unknown desc = NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors

tihomir · February 20, 2023, 3:17pm

I’m not sure, did you try using the shared credentials file options? This seems not Temporal issue but maybe something with aws go sdk, see for example here.

Topic		Replies	Views
Provide s3 credential to archival with helm Server Deployment	4	513	April 6, 2023
Issue with Archival with AWS S3 provider Community Support helm , s3 , archival	6	321	November 7, 2024
Archival to s3 in helm charts Community Support helm , s3 , archival	8	1959	June 10, 2022
Temporal web-ui not using configmap in K8s Server Deployment web-ui , kubernetes	1	632	February 17, 2023
Unable to get a working custom temporal server Community Support java-sdk , mysql , configuration	8	3347	October 30, 2023

How to config temporal S3 authentication in temporal helm chart?

Related Topics