search

Temporal with Amazon RDS

When deploying Temporal with Immuta 2024.3.x against an RDS (or Aurora) PostgreSQL database, the RDS CA bundle must be mounted into the Temporal server pod to establish TLS connectivity.

hashtag
Download and create the CA bundle secret

wget https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem
kubectl -n immuta create secret generic secret-with-certs --from-file=global-bundle.pem

hashtag
Helm values

Add the following to your Immuta Helm values:

temporal:
  enabled: true
  server:
    extraVolumes:
      - name: secret-with-certs
        secret:
          secretName: secret-with-certs
    extraVolumeMounts:
      - name: secret-with-certs
        mountPath: /certs/
    config:
      persistence:
        default:
          sql:
            database: temporal
            tls:
              enabled: true
              caFile: /certs/global-bundle.pem
        visibility:
          sql:
            database: temporal_visibility
            tls:
              enabled: true
              caFile: /certs/global-bundle.pem
circle-info

Temporal pods may show some initial failures and restarts during startup while waiting for database connectivity. This is expected behavior and the pods should stabilize within a few minutes.

Temporal pod status showing initial restarts before stabilizing
Temporal pods showing expected restart behavior during initial startup
PreviousPostgreSQLNextElasticsearch & Audit

Last updated