How to config temporal S3 authentication in temporal helm chart?

Community Support
1

I installed temporal using helm chart from below link:

helm command was:

#helmstage upgrade --install -f values/values.archival.s3.yaml -f values/values.mysql.yaml temporal-test . -n test

everything was ok and service deployed successfully.

then i updated values/values.archival.s3.yaml as below:

server:
  archival:
    history:
      state: "enabled"
      enableRead: true
      provider:
        s3store:
          region: "default"
          endpoint: "http://ceph-infra-s3:8080"
          s3ForcePathStyle: true
    visibility:
      state: "enabled"
      enableRead: true
      provider:
        s3store:
          region: "default"
          endpoint: "http://ceph-infra-s3:8080"
          s3ForcePathStyle: true

  namespaceDefaults:
    archival:
      history:
        state: "enabled"
        URI: "s3://temporal-development"
      visibility:
        state: "enabled"
        URI: "s3://temporal-development"

but i don’t now how and where can i config s3 authentication accesskey and secretkey.

should i create a secret? if yes where can i use the created secret ?

3

Hi, authentication is not exposed via config directly and you’d have to set it up via AWS apis (env var option is probably the easiest), see here. Also this older forum post might help.

5

Thank you for your reply.
Where should I set these environments?
Should I set them in Kubernetes pods, for example?

6

Should I set them in Kubernetes pods

That should work (via env/envFrom fields in your pod config). Let us know if you run into issues with that.

7

I set it but it didn’t work
I got this error when I tried to create a new namespace
#tctl --namespace default namespace register --retention 30

Error: Register namespace operation failed.
Error Details: rpc error: code = Unknown desc = NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors

8

I’m not sure, did you try using the shared credentials file options? This seems not Temporal issue but maybe something with aws go sdk, see for example here.