#Issues installing self-hosted AppSmith-EE using Helm/Kubernetes

We are trying to install a self-hosted instance of AppSmith Enterprise Edition on our AWS EKS cluster using the helm chart v3.6.3 (which uses the "appsmith/appsmith-ee:latest" container image) and the app appears to crash before even reaching the initial first user sign up screen.

The interesting difference with our setup is that we would like to host our AppSmith with managed infrastructure; AWS RDS for Postgres, AWS Elasticache for Redis, and AWS DocumentDB for MongoDB, instead of through the built-in dependency charts.

Digging through the logs, I suspect that there is an issue with the "temporal" service. It doesn't seem to start up properly and starts churning out errors like the following:

temporal stdout | {"level":"error","ts":"2025-07-22T20:06:58.961Z","msg":"Unable to call matching.PollWorkflowTaskQueue.","service":"frontend","wf-task-queue-name":"appsmith-0:62d438b1-9557-4d
aa-83bb-2b59dc09281c","timeout":"1m9.984765798s","error":"Not enough hosts to serve the request","logging-call-at":"workflow_handler.go:918","stacktrace":"go.temporal.io/server/common/log.(*za
pLogger).Error..."}

A copy of our helm chart values:

redis:
  enabled: false
mongodb:
  enabled: false
postgresql:
  enabled: false
customCAcert:
  "global-bundle.pem": "***" # used for documentdb tls connection reasons
applicationConfig:
  APPSMITH_DB_URL: "mongodb://user:pass@mongodb_host:27017/appsmith?ssl=true&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false&tlsCAFile=/appsmith-stacks/ca-certs/global-bundle.pem.crt"
  APPSMITH_REDIS_URL: "redis://appsmith-redis.****.0001.usw2.cache.amazonaws.com:6379"
  APPSMITH_KEYCLOAK_DB_DRIVER: "postgresql"
  APPSMITH_KEYCLOAK_DB_USERNAME: "databaseuser"
  APPSMITH_KEYCLOAK_DB_PASSWORD: "******"
  APPSMITH_KEYCLOAK_DB_URL: "postgresql://user:pass@postgres_host/appsmith?sslmode=require"

  SQL_TLS_ENABLED                   = true
  SQL_TLS_DISABLE_HOST_VERIFICATION = true
  SQL_TLS                           = true

I found this AppSmith doc page that suggests that setting the SQL_TLS_* environment variables would help resolve any Temporal/RDS issues but it didn't seem to help with anything.

If setting the SQL_TLS_* environment variables did not resolve the issue, it might be worth revisiting the configuration to ensure that all necessary parameters are correctly set. Here are a few additional steps you can consider:

1. Double-Check Environment Variables: Ensure that all SQL_TLS_* environment variables are correctly set in your configuration. This includes SQL_TLS_ENABLED, SQL_TLS_DISABLE_HOST_VERIFICATION, and SQL_TLS.

2. TLS Configuration: Verify that the TLS certificates and keys are correctly configured and accessible by the application. Ensure that the paths to the certificates are correct and that the application has the necessary permissions to read them.

3. Database Connectivity: Test the connectivity to your RDS instance separately to ensure that it is accessible and that the credentials are correct. You can use a database client to connect to the RDS instance using the same connection string and credentials.

4. Temporal Service Logs: Continue to monitor the Temporal service logs for any specific error messages related to TLS or database connectivity. These logs might provide more detailed information on what is going wrong.

5. Consult Documentation: Revisit the Appsmith documentation and any related Temporal service documentation to ensure that all necessary configurations are in place.

If the issue persists, it might be beneficial to reach out to Appsmith support for further assistance, as they can provide more targeted help based on your specific setup and configuration.

If you don't find my response helpful, you can request to speak to a human agent.

1. Double-Check Environment Variables
   Here is what our appsmith config map looks like:

% k get cm -n appsmith appsmith -oyaml
apiVersion: v1
data:
  APPSMITH_DB_URL: mongodb://***
  APPSMITH_DISABLE_IFRAME_WIDGET_SANDBOX: "false"
  APPSMITH_KEYCLOAK_DB_DRIVER: postgresql
  APPSMITH_KEYCLOAK_DB_PASSWORD: ***
  APPSMITH_KEYCLOAK_DB_URL: postgresql://***
  APPSMITH_KEYCLOAK_DB_USERNAME: ***
  APPSMITH_REDIS_URL: redis://***
  SQL_TLS: "true"
  SQL_TLS_DISABLE_HOST_VERIFICATION: "true"
  SQL_TLS_ENABLED: "true"
kind: ConfigMap

Your ConfigMap seems to have the necessary environment variables set for TLS configuration. Here are a few things you might want to verify:

1. Correctness of Values: Ensure that the values for APPSMITH_DB_URL, APPSMITH_KEYCLOAK_DB_URL, and APPSMITH_REDIS_URL are correct and that they match the actual endpoints and credentials of your AWS services.

2. TLS Configuration: Since you have SQL_TLS, SQL_TLS_DISABLE_HOST_VERIFICATION, and SQL_TLS_ENABLED set to "true", make sure that your RDS instance is configured to accept TLS connections. Also, verify that the certificates used for TLS are correctly set up and accessible.

3. Network and Security: Double-check the network configuration, including VPC, subnets, and security groups, to ensure that your EKS cluster can communicate with the RDS, Redis, and MongoDB instances.

4. Logs for Errors: Continue to monitor the logs for any specific error messages related to TLS or database connectivity. These logs might provide more detailed information on what is going wrong.

5. Temporal Service Configuration: Ensure that the Temporal service is correctly configured to use these environment variables. There might be additional configuration required specific to Temporal.

If everything seems correct and the issue persists, it might be beneficial to reach out to Appsmith support for further assistance, as they can provide more targeted help based on your specific setup and configuration.

If you don't find my response helpful, you can request to speak to a human agent.

How can I make sure that the temporal service is correctly configured?

To ensure that the Temporal service is correctly configured, you can follow these steps:

1. Configuration Files: Check the configuration files for the Temporal service to ensure that they are set up to connect to your external services (RDS, Redis, MongoDB). This includes verifying the connection strings, credentials, and any other necessary parameters.

2. Environment Variables: Ensure that all required environment variables for Temporal are set correctly. This includes any variables related to database connections, TLS settings, and service endpoints.

3. Service Logs: Review the logs for the Temporal service to identify any specific error messages or warnings that might indicate configuration issues. Look for messages related to connectivity, authentication, or TLS.

4. Network Configuration: Verify that the Temporal service can communicate with your external services. This includes checking VPC, subnet, and security group settings to ensure that the necessary ports are open and accessible.

5. Documentation: Refer to the Temporal service documentation for any specific configuration requirements or best practices. This can provide guidance on how to properly set up and configure the service in your environment.

6. Testing Connectivity: Test the connectivity from the Temporal service to your external services using tools like curl or telnet to ensure that the service can reach the endpoints.

If you continue to experience issues, consider reaching out to Appsmith support or the Temporal community for more specific guidance based on your setup.

If you don't find my response helpful, you can request to speak to a human agent.

Hi @fluid sundial!

We only support MongoDB as backend database because DocumentDB has certain limitations and is missing some advanced functionalities. Please use MongoDB via Atlas or self-host the MongoDB database.

We also recommend to use a fixed tag for the Appsmith version i.e v1.81, specially for k8s deployments as using latest can produce some version mismatch issues.

I like to learn more about how to configure the Temporal service but you are giving me the same information. Please connect me with a human agent.

MongoDB doesn't seem to be issue for me. I did encounter something about change streams earlier but was able to get DocumentDB properly configured for that

It's great to hear that you've managed to configure DocumentDB for change streams successfully. If MongoDB isn't the issue, it might be helpful to focus on the Temporal service and its interaction with other components like Redis and PostgreSQL.

If you need further assistance or specific guidance on configuring the Temporal service, please let me know, and I can try to provide more detailed information or connect you with a human agent for more personalized support.

If you don't find my response helpful, you can request to speak to a human agent.

Is there more documentation available on how to configure temporal?

I get the following error from temporal:

Not enough hosts to serve the request

Also:
Unable to call matching.PollActivityTaskQueue.

The error "Not enough hosts to serve the request" and "Unable to call matching.PollActivityTaskQueue" in Temporal typically indicate issues with the Temporal service's ability to connect to its backend services or insufficient resources allocated to the Temporal cluster.

Here are some steps you can take to address these issues:

1. Check Temporal Configuration: Ensure that the Temporal service is correctly configured to connect to your backend services. This includes verifying the connection strings, credentials, and any other necessary parameters.

2. Resource Allocation: Verify that your Temporal cluster has sufficient resources (CPU, memory) allocated. Insufficient resources can lead to these types of errors.

3. Network Configuration: Ensure that the Temporal service can communicate with its backend services. This includes checking VPC, subnet, and security group settings to ensure that the necessary ports are open and accessible.

4. Service Logs: Review the logs for the Temporal service to identify any specific error messages or warnings that might indicate configuration issues.

5. Temporal Documentation: Refer to the Temporal service documentation for any specific configuration requirements or best practices. This can provide guidance on how to properly set up and configure the service in your environment.

If these steps do not resolve the issue, it might be beneficial to reach out to Appsmith support or the Temporal community for more specific guidance based on your setup.

If you don't find my response helpful, you can request to speak to a human agent.

Can you get me a human agent?

Hi @fluid sundial, which are your RDS specs? We recommend using the following:

• Instance type: db.t4g.small
• Storage type: gp3
• Initial storage: 20 GB
• Enable storage autoscaling: Yes (Allow up to 100 GB)

Here are my RDS specs. Note that we use Aurora so some of these specs are managed slightly differently.

• Instance Type: db.r5.large
• Storage type: provisioned
• Initial storage + autoscaling: managed by Aurora

Please send us the server logs by following the steps from this guide on how to get the logs.

Hi, my team has decided to just go with the infrastructure installed through the helm chart.

Also as a note, it looks like some of the AppSmith logs are leaking database credentials in them. The nuisance of scrubbing the logs just to have one debugging back and forth was part of this decision.