Temporal Server
- Commercial Systems
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 23 | 08 Mar 2024 | |
| latest/edge | 42 | 14 Nov 2024 |
juju deploy temporal-k8s
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
Security
Temporalio provides an array of features that enable an operator to secure their deployment. This guide describes the implementation of security features such as client-side encryption, authentication and authorization.
Ingress TLS
Charmed Temporal can terminate the Transport Layer Security (TLS) at the ingress by leveraging the Nginx Ingress Integrator Charm as outlined in this page of the tutorial.
Authentication
Charmed Temporal supports Google IAM-based authentication through the web UI and through the temporal-lib-py and temporal-lib-go client libraries. More details can be found in the Authentication page.
Authorization
Charmed Temporal supports authorization using Google IAM and OpenFGA. Through a set of juju actions exposed by the charmed operator, the necessary authorization rules can be created in OpenFGA. More details can be found in the Authorization page.
Client-side Encryption
Through the use of the temporal-lib-py and temporal-lib-go client libraries, users of Charmed Temporal are able to encrypt their workflow inputs and outputs, ensuring that any sensitive information remains obfuscated both in transit and at rest. It is worth noting that when encrypting workflow payloads, the same key must also be set on the Charmed Temporal Worker application using the encryption_key configuration option.