Architecture #
The operator follows the standard controller-runtime model: each custom resource has a reconciler that drives observed state toward desired state.
Custom resources #
| Kind | Short | Purpose |
|---|---|---|
TemporalCluster | tc | A complete Temporal server deployment. |
TemporalNamespace | tns | A namespace within a managed cluster. |
TemporalSearchAttribute | tsa | A custom search attribute registration. |
TemporalClusterClient | tcc | Generated mTLS client credentials. |
TemporalCluster reconciliation #
The TemporalCluster reconciler runs a sequence of sub-reconcilers:
- Persistence — probes the datastore(s) and runs schema setup/migration
via
temporal-sql-tool/temporal-cassandra-toolJobs (SQL, Cassandra) or inline index-template application (Elasticsearch). SetsPersistenceReachableandSchemaReady. - mTLS — issues internode and frontend cert-manager
Certificates and setsMTLSReady. - Upgrade — when
spec.versiondiffers from the running version, runs an ordered, per-service rolling upgrade state machine (status.upgrade). - Services — renders the server config (stored in a Secret, since it embeds
credentials) and server-side-applies the Deployments, headless Services, a
frontend Service, and PodDisruptionBudgets. Sets
Available. - UI / Monitoring — optionally deploys temporal-ui and a
ServiceMonitor.
Ready is the rollup of PersistenceReachable && SchemaReady && Available
(and MTLSReady when mTLS is enabled). status.phase reports
Pending → ProvisioningSchema → DeployingServices → Ready (or Upgrading).
Version matrix #
Supported Temporal versions and their schema/UI requirements live in
internal/temporal/versions_gen.go, generated from hack/version-matrix.yaml.