[Bug] frontend GRPC readinessProbe cannot support TLS

[hobti01]

What are you really trying to do?

Enable TLS on the temporal-frontend service.

Describe the bug

After configuring certificates for the frontend service, the GRPC readinessProbe fails because grpc probes do not yet support TLS.

server:
  frontend:
    readinessProbe:
      grpc:
        port: 7233
        service: temporal.api.workflowservice.v1.WorkflowService

Changing to a readinessProbe using tcpSocket works fine, but the existing grpc section cannot be removed and deployment fails if trying to override with

server:
  frontend:
    readinessProbe:
      tcpSocket:
        port: rpc

Suggestion is either to specify the readinessProbe only as a comment/recommendation, or alternatively checking for TLS configuration of the frontend service in the templating and switching the probe accordingly.

Minimal Reproduction

Deploy with TLS configured for frontend service, observe frontend service does not become ready and other services are in crashloop since no frontend Pods are ready for the service.

Environment/Versions

• OS and processor: [e.g. M1 Mac, x86 Windows, Linux] N/A
• Temporal Version: Helm Chart 1.1.1
• Are you using Docker or Kubernetes or building Temporal from source? Kubernetes

Additional context

Also tried setting grpc to null but this reportedly only works with some Helm versions when the temporal chart is a subchart.

server:
  frontend:
    readinessProbe:
      grpc: null
      tcpSocket:
        port: rpc

Thanks very much for providing this Helm Chart, your work is appreciated!

[taraspos]

The same happens to internal-frontend if internode-tls is enabled.