This repository provides Terraform modules for deploying a self-hosted TemporalIO cluster on Kubernetes with PostgreSQL as the database backend. It includes automated deployment through Terraform and Helm charts, with a complete CI/CD pipeline for releases.
TemporalIO is a distributed orchestration engine for executing workflows as code. This infrastructure setup deploys:
- TemporalIO Server: Core Temporal services (frontend, history, matching, worker)
- PostgreSQL Database: Primary data store for Temporal workflows and visibility data
- Kubernetes Resources: Namespaces, services, deployments, and persistent storage
- Automated Namespace Setup: Initial Temporal namespace registration
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Temporal UI │ │ Temporal Client │ │ Worker Apps │
│ │ │ │ │ │
└─────────┬───────┘ └─────────┬────────┘ └─────────┬───────┘
│ │ │
└──────────────────────┼───────────────────────┘
│
┌────────────────────────────────┼──────────────────────────────────┐
│ Kubernetes Cluster │
│ │
│ ┌─────────────────┐ ┌───────────────────────────────────────┐ │
│ │ Temporal Helm │ │ PostgreSQL Database │ │
│ │ Chart │ │ (temporal + visibility databases) │ │
│ │ │ │ │ │
│ │ • Frontend │ │ • Deployment (PostgreSQL 16) │ │
│ │ • History │ │ • Service (ClusterIP) │ │
│ │ • Matching │ │ • Persistent Volume Claim │ │
│ │ • Worker │ │ • Secrets & ConfigMaps │ │
│ └─────────────────┘ └───────────────────────────────────────┘ │
└───────────────────────────────────────────────────────────────────┘
- Kubernetes Cluster (v1.20+)
- Terraform (v1.0+)
- Helm (v3.0+)
- kubectl configured with cluster access
- Storage Class named
standard(or configure via variables)
-
Clone the repository:
git clone <repository-url> cd self-managed-temporalio
-
Initialize Terraform:
cd infrastructure terraform init -
Plan and deploy:
terraform plan terraform apply
-
Verify deployment:
kubectl get pods -n temporal kubectl get services -n temporal
| Variable | Default | Description |
|---|---|---|
namespace |
temporal |
Kubernetes namespace for Temporal |
temporal_chart_version |
1.0.0-rc.1 |
Helm chart version for Temporal |
temporal_db_name |
temporal |
Main database name |
temporal_visibility_db_name |
visibility |
Visibility database name |
temporal_db_user |
temporal |
Database username |
temporal_db_password |
temporal1234 |
Database password |
storage_class_name |
standard |
Kubernetes storage class |
Create a terraform.tfvars file or use environment variables:
# terraform.tfvars
namespace = "temporal-prod"
temporal_db_password = "your-secure-password"
storage_class_name = "fast-ssd"- PostgreSQL 16 deployment with health checks
- Persistent Storage via PVC
- Database Initialization with setup scripts
- Kubernetes Secrets for credentials
- Service for cluster access
- Kubernetes Namespace creation
- Helm Release for Temporal chart
- Values Template generation with dynamic database configuration
- Namespace Registration job for initial Temporal setup
- Automated Releases on tag push
- Package Creation with Terraform modules
- GitHub Releases with compiled assets
Once deployed, you can access Temporal through:
-
Web UI: Port-forward the frontend service
kubectl port-forward -n temporal svc/temporal-frontend 7233:7233
Then access
http://localhost:7233 -
tctl CLI: Use the admin-tools container
kubectl exec -n temporal -it deployment/temporal-frontend -- tctl --namespace default
The deployment creates two PostgreSQL databases:
temporal: Stores workflow execution data, history, and statevisibility: Stores visibility data for querying and monitoring
- Update
temporal_chart_versioninvariables.tf - Run
terraform apply - Monitor the upgrade progress
Implement regular backups of the PostgreSQL PVC using your preferred backup solution.
The configuration supports horizontal scaling of Temporal components. Adjust replica counts in the Helm values as needed.
- Database passwords are stored as Kubernetes secrets
- Default credentials are provided for development - change for production
- Network policies should be implemented for production environments
- Consider using external managed databases for production workloads
-
Database Connection Errors
- Check PostgreSQL pod logs:
kubectl logs -n temporal -l app=temporal-db-deployment - Verify secrets are correctly created
- Check PostgreSQL pod logs:
-
Temporal Namespace Registration
- Check namespace setup job:
kubectl describe job -n temporal temporal-namespace-setup - Verify frontend service is accessible
- Check namespace setup job:
-
Persistent Volume Issues
- Check PVC status:
kubectl get pvc -n temporal - Verify storage class availability
- Check PVC status:
- Make changes to Terraform files
- Run
terraform validateandterraform plan - Test in a development environment
- Create a new tag:
git tag v1.0.0 && git push origin v1.0.0 - GitHub Actions will automatically create a release with packaged assets
- Fork the repository
- Create a feature branch
- Make changes and test thoroughly
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
For issues related to:
- TemporalIO: Visit Temporal.io documentation
- This Infrastructure: Open a GitHub issue in this repository