Update TEMPORAL_ injected env vars to match those expected by SDKs

This change updates the environment variables injected by the worker controller
to match the standard names expected by Temporal SDKs:

- TEMPORAL_HOST_PORT → TEMPORAL_ADDRESS
- TEMPORAL_TLS_KEY_PATH → TEMPORAL_TLS_CLIENT_KEY_PATH
- TEMPORAL_TLS_CERT_PATH → TEMPORAL_TLS_CLIENT_CERT_PATH
- Added TEMPORAL_TLS=true when mTLS is enabled

Also updates all tests, documentation, and demo code to use the new
environment variable names.

Fixes #128

Author: jlegrone

README.md

@@ -51,7 +51,7 @@ significant references to Kubernetes Deployment resource, within this repository
 In order to be compatible with this controller, workers need to be configured using these standard environment
 variables:
 
-- `TEMPORAL_HOST_PORT`: The host and port of the Temporal server, e.g. `default.foo.tmprl.cloud:7233`
+- `TEMPORAL_ADDRESS`: The host and port of the Temporal server, e.g. `default.foo.tmprl.cloud:7233`
 - `TEMPORAL_NAMESPACE`: The Temporal namespace to connect to, e.g. `default`
 - `TEMPORAL_DEPLOYMENT_NAME`: The name of the worker deployment. This must be unique to the worker deployment and should not
   change between versions.

internal/demo/util/env.go

@@ -10,11 +10,11 @@ import (
 )
 
 var (
-	temporalHostPort  = mustGetEnv("TEMPORAL_HOST_PORT")
+	temporalHostPort  = mustGetEnv("TEMPORAL_ADDRESS")
 	temporalNamespace = mustGetEnv("TEMPORAL_NAMESPACE")
 	temporalTaskQueue = mustGetEnv("TEMPORAL_TASK_QUEUE")
-	tlsKeyFilePath    = mustGetEnv("TEMPORAL_TLS_KEY_PATH")
-	tlsCertFilePath   = mustGetEnv("TEMPORAL_TLS_CERT_PATH")
+	tlsKeyFilePath    = mustGetEnv("TEMPORAL_TLS_CLIENT_KEY_PATH")
+	tlsCertFilePath   = mustGetEnv("TEMPORAL_TLS_CLIENT_CERT_PATH")
 )
 
 func mustGetEnv(key string) string {

internal/k8s/deployments.go

@@ -200,7 +200,7 @@ func NewDeploymentWithOwnerRef(
 	for i, container := range podSpec.Containers {
 		container.Env = append(container.Env,
 			corev1.EnvVar{
-				Name:  "TEMPORAL_HOST_PORT",
+				Name:  "TEMPORAL_ADDRESS",
 				Value: connection.HostPort,
 			},
 			corev1.EnvVar{
@@ -224,11 +224,15 @@ func NewDeploymentWithOwnerRef(
 		for i, container := range podSpec.Containers {
 			container.Env = append(container.Env,
 				corev1.EnvVar{
-					Name:  "TEMPORAL_TLS_KEY_PATH",
+					Name:  "TEMPORAL_TLS",
+					Value: "true",
+				},
+				corev1.EnvVar{
+					Name:  "TEMPORAL_TLS_CLIENT_KEY_PATH",
 					Value: "/etc/temporal/tls/tls.key",
 				},
 				corev1.EnvVar{
-					Name:  "TEMPORAL_TLS_CERT_PATH",
+					Name:  "TEMPORAL_TLS_CLIENT_CERT_PATH",
 					Value: "/etc/temporal/tls/tls.crt",
 				},
 			)

internal/k8s/deployments_test.go

@@ -557,3 +557,99 @@ func TestComputeConnectionSpecHash(t *testing.T) {
 		assert.NotEmpty(t, hash1, "Hash should still be generated even with empty mTLS secret")
 	})
 }
+
+func TestNewDeploymentWithOwnerRef_EnvironmentVariables(t *testing.T) {
+	tests := map[string]struct {
+		connection        temporaliov1alpha1.TemporalConnectionSpec
+		expectedEnvVars   map[string]string
+		unexpectedEnvVars []string
+	}{
+		"without mTLS": {
+			connection: temporaliov1alpha1.TemporalConnectionSpec{
+				HostPort: "localhost:7233",
+			},
+			expectedEnvVars: map[string]string{
+				"TEMPORAL_ADDRESS":         "localhost:7233",
+				"TEMPORAL_NAMESPACE":       "test-namespace",
+				"TEMPORAL_DEPLOYMENT_NAME": "test-deployment",
+				"WORKER_BUILD_ID":          "test-build-id",
+			},
+			unexpectedEnvVars: []string{"TEMPORAL_TLS", "TEMPORAL_TLS_CLIENT_KEY_PATH", "TEMPORAL_TLS_CLIENT_CERT_PATH"},
+		},
+		"with mTLS": {
+			connection: temporaliov1alpha1.TemporalConnectionSpec{
+				HostPort:        "mtls.localhost:7233",
+				MutualTLSSecret: "my-tls-secret",
+			},
+			expectedEnvVars: map[string]string{
+				"TEMPORAL_ADDRESS":              "mtls.localhost:7233",
+				"TEMPORAL_NAMESPACE":            "test-namespace",
+				"TEMPORAL_DEPLOYMENT_NAME":      "test-deployment",
+				"WORKER_BUILD_ID":               "test-build-id",
+				"TEMPORAL_TLS":                  "true",
+				"TEMPORAL_TLS_CLIENT_KEY_PATH":  "/etc/temporal/tls/tls.key",
+				"TEMPORAL_TLS_CLIENT_CERT_PATH": "/etc/temporal/tls/tls.crt",
+			},
+			unexpectedEnvVars: []string{},
+		},
+	}
+
+	for name, tt := range tests {
+		t.Run(name, func(t *testing.T) {
+			spec := &temporaliov1alpha1.TemporalWorkerDeploymentSpec{
+				Template: corev1.PodTemplateSpec{
+					Spec: corev1.PodSpec{
+						Containers: []corev1.Container{
+							{
+								Name:  "worker",
+								Image: "temporal/worker:latest",
+							},
+						},
+					},
+				},
+				WorkerOptions: temporaliov1alpha1.WorkerOptions{
+					TemporalNamespace: "test-namespace",
+				},
+			}
+
+			deployment := k8s.NewDeploymentWithOwnerRef(
+				&metav1.TypeMeta{},
+				&metav1.ObjectMeta{Name: "test", Namespace: "default"},
+				spec,
+				"test-deployment",
+				"test-build-id",
+				tt.connection,
+			)
+
+			// Verify expected environment variables are present
+			container := deployment.Spec.Template.Spec.Containers[0]
+			envMap := make(map[string]string)
+			for _, env := range container.Env {
+				envMap[env.Name] = env.Value
+			}
+
+			for expectedKey, expectedValue := range tt.expectedEnvVars {
+				actualValue, exists := envMap[expectedKey]
+				assert.True(t, exists, "Environment variable %s should be present", expectedKey)
+				assert.Equal(t, expectedValue, actualValue, "Environment variable %s should have correct value", expectedKey)
+			}
+
+			// Verify unexpected environment variables are not present
+			for _, unexpectedKey := range tt.unexpectedEnvVars {
+				_, exists := envMap[unexpectedKey]
+				assert.False(t, exists, "Environment variable %s should not be present", unexpectedKey)
+			}
+
+			// For mTLS case, verify volume mounts and volumes are configured
+			if tt.connection.MutualTLSSecret != "" {
+				assert.Len(t, container.VolumeMounts, 1)
+				assert.Equal(t, "temporal-tls", container.VolumeMounts[0].Name)
+				assert.Equal(t, "/etc/temporal/tls", container.VolumeMounts[0].MountPath)
+
+				assert.Len(t, deployment.Spec.Template.Spec.Volumes, 1)
+				assert.Equal(t, "temporal-tls", deployment.Spec.Template.Spec.Volumes[0].Name)
+				assert.Equal(t, tt.connection.MutualTLSSecret, deployment.Spec.Template.Spec.Volumes[0].VolumeSource.Secret.SecretName)
+			}
+		})
+	}
+}

internal/planner/planner.go

@@ -133,7 +133,7 @@ func updateDeploymentWithConnection(deployment *appsv1.Deployment, connection te
 	// Update any environment variables that reference the connection
 	for i, container := range deployment.Spec.Template.Spec.Containers {
 		for j, env := range container.Env {
-			if env.Name == "TEMPORAL_HOST_PORT" {
+			if env.Name == "TEMPORAL_ADDRESS" {
 				deployment.Spec.Template.Spec.Containers[i].Env[j].Value = connection.HostPort
 			}
 		}

internal/planner/planner_test.go

@@ -2015,14 +2015,14 @@ func TestCheckAndUpdateDeploymentConnectionSpec(t *testing.T) {
 			found := false
 			for _, container := range result.Spec.Template.Spec.Containers {
 				for _, env := range container.Env {
-					if env.Name == "TEMPORAL_HOST_PORT" {
-						assert.Equal(t, tt.expectHostPortEnv, env.Value, "TEMPORAL_HOST_PORT should be updated")
+					if env.Name == "TEMPORAL_ADDRESS" {
+						assert.Equal(t, tt.expectHostPortEnv, env.Value, "TEMPORAL_ADDRESS should be updated")
 						found = true
 						break
 					}
 				}
 			}
-			assert.True(t, found, "Should find TEMPORAL_HOST_PORT environment variable")
+			assert.True(t, found, "Should find TEMPORAL_ADDRESS environment variable")
 		})
 	}
 }

internal/testhelpers/workers.go

@@ -41,7 +41,7 @@ func newVersionedWorker(ctx context.Context, podTemplateSpec corev1.PodTemplateS
 	if err != nil {
 		return nil, nil, err
 	}
-	temporalHostPort, err := getEnv(podTemplateSpec, "TEMPORAL_HOST_PORT")
+	temporalHostPort, err := getEnv(podTemplateSpec, "TEMPORAL_ADDRESS")
 	if err != nil {
 		return nil, nil, err
 	}