# Temporal Helm values for chart 0.55.x. # Postgres credentials (password) are injected at runtime via extraEnv from the # "temporal-db-creds" Secret managed by ExternalSecret (temporal/externalsecret-db-creds.yaml). # DO NOT hardcode passwords here. Set TEMPORAL_DB_PASSWORD in Infisical first. postgresql: enabled: false cassandra: enabled: false schema: createDatabase: enabled: true setup: enabled: true update: enabled: true server: replicaCount: 1 # Inject DB password from the ExternalSecret-managed Secret extraEnv: - name: TEMPORAL_DB_PASSWORD valueFrom: secretKeyRef: name: temporal-db-creds key: password config: persistence: defaultStore: default visibilityStore: default numHistoryShards: 4 datastores: default: sql: plugin: postgres12 databaseName: temporal connectAddr: agentic-os-pg-rw.platform-data.svc.cluster.local:5432 connectProtocol: tcp user: agentic_os # Reference the injected env var; Temporal server reads TEMPORAL_DB_PASSWORD # via its own env interpolation when password is left empty here. password: "${TEMPORAL_DB_PASSWORD}" maxConns: 20 maxIdleConns: 20 maxConnLifetime: "1h" tls: enabled: false visibility: sql: plugin: postgres12 databaseName: temporal_visibility connectAddr: agentic-os-pg-rw.platform-data.svc.cluster.local:5432 connectProtocol: tcp user: agentic_os password: "${TEMPORAL_DB_PASSWORD}" maxConns: 20 maxIdleConns: 20 maxConnLifetime: "1h" tls: enabled: false metrics: enabled: true # Prometheus scrape annotations added to temporal pods serviceMonitor: enabled: true namespace: observability elasticsearch: enabled: false prometheus: enabled: false grafana: enabled: false