Closed
Conversation
…ned Deployments
Introduces a new `TemporalWorkerOwnedResource` (TWOR) CRD that lets users attach
arbitrary namespaced Kubernetes resources (HPA, PDB, WPA, custom CRDs, etc.) to
each per-Build-ID versioned Deployment managed by a TemporalWorkerDeployment.
Key design points:
- One copy of the attached resource is created per active Build ID, owned by the
corresponding versioned Deployment — Kubernetes GC deletes it automatically when
the Deployment is removed, requiring no explicit cleanup logic.
- Resources are applied via Server-Side Apply (create-or-update), so the controller
is idempotent and co-exists safely with other field managers (e.g. the HPA controller).
- Two-layer auto-population for well-known fields:
Layer 1: `scaleTargetRef: null` and `matchLabels: null` in spec.object are
auto-injected with the versioned Deployment's identity and selector labels.
Layer 2: Go template expressions (`{{ .DeploymentName }}`, `{{ .BuildID }}`,
`{{ .Namespace }}`) are rendered in all string values before apply.
- Generated resource names use a hash-suffix scheme (`{prefix}-{8-char-hash}`) to
guarantee uniqueness per (twdName, tworName, buildID) triple even when the prefix
is truncated; the buildID is always represented in the hash regardless of name length.
- `ComputeSelectorLabels` is now the single source of truth for selector labels used
both in Deployment creation and in owned-resource matchLabels injection.
- Partial-failure isolation: all owned resources are attempted on each reconcile even
if some fail; errors are collected and surfaced together.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Extract getOwnedResourceApplies into planner package so it can be tested without a live API client - Add OwnedResourceApply type and OwnedResourceApplies slice to Plan - Thread twors []TemporalWorkerOwnedResource through GeneratePlan - Add TestGetOwnedResourceApplies (8 cases: nil/empty inputs, N×M cartesian, nil Raw skipped, invalid template skipped) - Add TestGetOwnedResourceApplies_ApplyContents (field manager, kind, owner reference, deterministic name) - Add TestGetOwnedResourceApplies_FieldManagerDistinctPerTWOR - Add two TWOR cases to TestGeneratePlan for end-to-end count check - Add helpers: createTestTWOR, createDeploymentWithUID, createTestTWORWithInvalidTemplate Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Both the controller plan field and the planner Plan field now share the same name, making the copy-assignment self-documenting: plan.ApplyOwnedResources = planResult.ApplyOwnedResources Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Users don't need to template the k8s namespace (they already know it
when creating their TWOR in that namespace). The Temporal namespace is
more useful since it configures where the worker connects to.
- TemplateData.Namespace → TemplateData.TemporalNamespace
- RenderOwnedResource gains a temporalNamespace string parameter
- getOwnedResourceApplies threads the value from
spec.WorkerOptions.TemporalNamespace down to RenderOwnedResource
- Update all tests: {{ .Namespace }} → {{ .TemporalNamespace }}
- GoTemplateRendering test now uses distinct k8s ns ("k8s-production")
and Temporal ns ("temporal-production") to make the difference clear
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
TemporalWorkerOwnedResource(TWOR) CRD that attaches arbitrary namespaced Kubernetes resources (HPA, PDB, WPA, custom CRDs, etc.) to each per-Build-ID versioned Deployment managed by aTemporalWorkerDeploymentTwo-layer auto-population for well-known fields:
scaleTargetRef: nullandmatchLabels: nullinspec.objectare auto-injected with the versioned Deployment's identity and selector labels{{ .DeploymentName }},{{ .BuildID }},{{ .Namespace }}) are rendered in all string values before SSA applyNaming: Generated resource names use a hash-suffix scheme (
{prefix}-{8-char-hash}) to guarantee uniqueness per(twdName, tworName, buildID)triple even when the human-readable prefix is truncated. The buildID is always uniquely represented in the hash regardless of input lengths.Single source of truth:
ComputeSelectorLabelsis now used both in Deployment creation and in owned-resourcematchLabelsinjection, eliminating any risk of label drift.Test plan
RenderOwnedResourcelifecycle (metadata, owner ref, label propagation)go build ./...go test ./...🤖 Generated with Claude Code