wip

camunda · Nov 12, 2024 · 7e45a4e · 7e45a4e
1 parent 1eb6cd0
commit 7e45a4e
Show file tree

Hide file tree

Showing 13 changed files with 163 additions and 158 deletions.
diff --git a/.github/workflows/test-version-alpha.yaml b/.github/workflows/test-version-alpha.yaml
@@ -24,25 +24,25 @@ permissions:
   contents: read
 
 jobs:
-  validation:
-    name: Validation - Camunda Alpha
-    uses: ./.github/workflows/chart-validate-template.yaml
-    with:
-      identifier: "${{ github.event.pull_request.number }}-vald-alpha"
-      camunda-helm-dir: "camunda-platform-alpha"
-      camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
+  # validation:
+  #   name: Validation - Camunda Alpha
+  #   uses: ./.github/workflows/chart-validate-template.yaml
+  #   with:
+  #     identifier: "${{ github.event.pull_request.number }}-vald-alpha"
+  #     camunda-helm-dir: "camunda-platform-alpha"
+  #     camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
 
-  unit:
-    name: Unit Test - Camunda Alpha
-    uses: ./.github/workflows/test-unit-template.yml
-    with:
-      identifier: "${{ github.event.pull_request.number }}-unit-alpha"
-      camunda-helm-dir: "camunda-platform-alpha"
-      camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
+  # unit:
+  #   name: Unit Test - Camunda Alpha
+  #   uses: ./.github/workflows/test-unit-template.yml
+  #   with:
+  #     identifier: "${{ github.event.pull_request.number }}-unit-alpha"
+  #     camunda-helm-dir: "camunda-platform-alpha"
+  #     camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
 
   integration:
     name: Integration Test - Camunda Alpha
-    needs: [validation, unit]
+    # needs: [validation, unit]
     permissions:
       contents: read
       id-token: write
@@ -53,7 +53,8 @@ jobs:
       identifier: "${{ github.event.pull_request.number }}-intg-alpha"
       deployment-ttl: "${{ contains(github.event.pull_request.labels.*.name, 'test-persistent') && '1w' || '' }}"
       platforms: "gke,rosa"
-      flows: "install,upgrade"
+      # flows: "install,upgrade"
+      flows: "install"
       camunda-helm-repo: "oci://ghcr.io/camunda/helm/camunda-platform"
       camunda-helm-dir: "camunda-platform-alpha"
       camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"

diff --git a/charts/camunda-platform-alpha/Chart.yaml b/charts/camunda-platform-alpha/Chart.yaml
@@ -23,7 +23,7 @@ dependencies:
   - name: keycloak
     alias: identityKeycloak
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 22.2.6
+    version: 23.0.0
     condition: "identity.keycloak.enabled,identityKeycloak.enabled"
   - name: postgresql
     alias: identityPostgresql

diff --git a/charts/camunda-platform-alpha/templates/camunda/_helpers.tpl b/charts/camunda-platform-alpha/templates/camunda/_helpers.tpl
@@ -349,7 +349,7 @@ Operate templates.
 */}}
 {{ define "camundaPlatform.operateURL" }}
   {{- if .Values.core.enabled -}}
-    {{- print "http://" -}}{{- include "core.fullname" . -}}:{{- .Values.core.service.port -}}
+    {{- print "http://" -}}{{- include "core.fullname" . -}}:{{- .Values.core.service.httpPort -}}
     {{- .Values.core.contextPath -}}/operate
   {{- end -}}
 {{- end -}}

diff --git a/charts/camunda-platform-alpha/templates/camunda/constraints.tpl b/charts/camunda-platform-alpha/templates/camunda/constraints.tpl
@@ -207,75 +207,14 @@ The following values inside your values.yaml need to be set but were not:
 {{/*
 TODO: Enable for 8.7 cycle.
 
-Fail with a message if global.zeebePort is set since now it's used from Zeebe Gateway values:
-"zeebeGateway.service.grpcPort".
-Chart Version: 10.0.0
-{{- if (.Values.global.zeebePort) }}
+Fail with a message when old values syntax is used.
+Chart Version: 12.0.0
+
+{{- if (TBA) }}
   {{- $errorMessage := printf "[camunda][error] %s %s"
-      "The global Zeebe Gateway port \"global.zeebePort\" is deprecated. Please remove it."
-      "It is now used directly via \"zeebeGateway.service.grpcPort\"."
+      "TBA"
+      "TBA"
   -}}
   {{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
 {{- end }}
 */}}
-
-{{/*
-TODO: Enable for 8.7 cycle.
-
-********************************************************************************
-elasticsearch and opensearch constraints
-********************************************************************************
-*/}}
-
-{{/*
-ensuring external elasticsearch and external opensearch to be mutually exclusive
-{{- if and .Values.global.elasticsearch.enabled .Values.global.opensearch.enabled }}
-  {{- $errorMessage := "[camunda][error] global.elasticsearch.enabled and global.opensearch.enabled cannot both be true." -}}
-  {{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
-{{- end }}
-*/}}
-
-
-{{/*
-when external elasticsearch is enabled then global elasticsearch should be enabled
-{{- if and .Values.global.elasticsearch.external ( not .Values.global.elasticsearch.enabled ) }}
-  {{- $errorMessage := "[camunda][error] global.elasticsearch should be enabled with global.elasticsearch.external" -}}
-  {{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
-{{- end }}
-*/}}
-
-
-{{/*
-ensuring internal and external elasticsearch to be mutually exclusive
-{{- if and .Values.global.elasticsearch.external .Values.elasticsearch.enabled }}
-  {{- $errorMessage := "[camunda][error] global.elasticsearch.external and elasticsearch.enabled cannot both be true." -}}
-  {{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
-{{- end }}
-*/}}
-
-{{/*
-ensuring internal and external opensearch to be mutually exclusive
-{{- if and .Values.global.opensearch.enabled .Values.elasticsearch.enabled }}
-  {{- $errorMessage := "[camunda][error] global.opensearch.enabled and elasticsearch.enabled cannot both be true." -}}
-  {{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
-{{- end }}
-*/}}
-
-{{/*
-when global elasticsearch is enabled then either external elasticsearch should be enabled or internal elasticsearch should be enabled
-{{- if .Values.global.elasticsearch.enabled -}}
-  {{- if and (not .Values.global.elasticsearch.external) (not .Values.elasticsearch.enabled) -}}
-  {{- $errorMessage := "[camunda][error] global.elasticsearch.enabled is true, but neither global.elasticsearch.external.enabled nor elasticsearch.enabled is true" -}}
-  {{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
-  {{- end -}}
-{{- end -}}
-*/}}
-
-{{/*
-[elasticsearch] when existingSecret is provided for elasticsearch then password field should be empty
-{{- if and .Values.global.elasticsearch.auth.existingSecret .Values.global.elasticsearch.auth.password }}
-  {{- $errorMessage := "[camunda][error] global.elasticsearch.auth.existingSecret and global.elasticsearch.auth.password cannot both be set." -}}
-  {{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
-{{- end }}
-*/}}
-
diff --git a/charts/camunda-platform-alpha/templates/connectors/_helpers.tpl b/charts/camunda-platform-alpha/templates/connectors/_helpers.tpl
@@ -91,3 +91,11 @@ app.kubernetes.io/component: connectors
 {{- define "connectors.authClientSecretKey" -}}
     {{ .Values.global.identity.auth.connectors.existingSecretKey }}
 {{- end -}}
+
+{{- define "connectors.operateClientProfile" -}}
+    {{- if or (eq .Values.connectors.inbound.mode "credentials") (and .Values.global.identity.auth.enabled (eq .Values.connectors.inbound.mode "oauth") ) }}
+    oidc
+    {{- else }}
+    simple
+    {{- end }}
+{{- end -}}
diff --git a/charts/camunda-platform-alpha/templates/connectors/configmap.yaml b/charts/camunda-platform-alpha/templates/connectors/configmap.yaml
@@ -17,6 +17,9 @@ data:
       servlet:
         context-path: {{ .Values.connectors.contextPath | quote }}
     {{- end }}
+    operate:
+      client:
+        profile: {{ include "connectors.operateClientProfile" . | quote }}
     camunda:
       {{- if eq .Values.connectors.inbound.mode "disabled" }}
       connector:
@@ -38,6 +41,7 @@ data:
       identity:
         audience: {{ include "core.authAudience" . | quote }}
         client-id: {{ include "connectors.authClientId" . | quote }}
+        client-secret: ${VALUES_CAMUNDA_IDENTITY_CLIENT_SECRET}
       {{- end }}
       {{- end }}
 

diff --git a/charts/camunda-platform-alpha/templates/connectors/deployment.yaml b/charts/camunda-platform-alpha/templates/connectors/deployment.yaml
@@ -53,38 +53,24 @@ spec:
           {{- end }}
           {{- if .Values.global.identity.auth.enabled }}
             {{- if eq .Values.connectors.inbound.mode "oauth" }}
-            - name: CAMUNDA_IDENTITY_CLIENT_SECRET
-              {{- if and .Values.global.identity.auth.connectors.existingSecret (not (typeIs "string" .Values.global.identity.auth.connectors.existingSecret)) }}
+            - name: VALUES_CAMUNDA_CORE_CLIENT_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "common.secrets.name" (dict "existingSecret" .Values.global.identity.auth.connectors.existingSecret "context" $) }}
-                  key: {{ .Values.global.identity.auth.connectors.existingSecretKey }}
-              {{- else }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "camundaPlatform.identitySecretName" (dict "context" . "component" "connectors") }}
-                  key: {{ .Values.global.identity.auth.connectors.existingSecretKey }}
-              {{- end }}
+                  name: {{ include "connectors.authClientSecretName" . }}
+                  key: {{ include "connectors.authClientSecretKey" . }}
             {{- end }}
             - name: ZEEBE_CLIENT_ID
-              value: {{ tpl .Values.global.identity.auth.core.clientId $ | quote }}
+              value: {{ include "connectors.authClientId" . | quote }}
             - name: ZEEBE_CLIENT_SECRET
-              {{- if and .Values.global.identity.auth.core.existingSecret (not (typeIs "string" .Values.global.identity.auth.core.existingSecret)) }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "common.secrets.name" (dict "existingSecret" .Values.global.identity.auth.core.existingSecret "context" $) }}
-                  key: {{ .Values.global.identity.auth.core.existingSecretKey }}
-              {{- else }}
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "camundaPlatform.identitySecretName" (dict "context" . "component" "core") }}
-                  key: {{ .Values.global.identity.auth.core.existingSecretKey }}
-              {{- end }}
+                  name: {{ include "core.authClientSecretName" . }}
+                  key: {{ include "core.authClientSecretKey" . }}
             - name: ZEEBE_AUTHORIZATION_SERVER_URL
               value: {{ include "camundaPlatform.authIssuerBackendUrlTokenEndpoint" . | quote }}
             - name: ZEEBE_TOKEN_AUDIENCE
               value: {{ include "core.authAudience" . | quote }}
-            {{- if .Values.global.identity.auth.core.tokenScope }}
+            {{- if (include "core.authTokenScope" .) }}
             - name: ZEEBE_TOKEN_SCOPE
               value: {{ include "core.authTokenScope" . | quote }}
             {{- end }}