Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@aabouzaid
aabouzaid committed Nov 12, 2024
1 parent 1eb6cd0 commit c158843
Show file tree
Hide file tree
Showing 12 changed files with 158 additions and 157 deletions.
33 changes: 17 additions & 16 deletions .github/workflows/test-version-alpha.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,25 +24,25 @@ permissions:
contents: read

jobs:
validation:
name: Validation - Camunda Alpha
uses: ./.github/workflows/chart-validate-template.yaml
with:
identifier: "${{ github.event.pull_request.number }}-vald-alpha"
camunda-helm-dir: "camunda-platform-alpha"
camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
# validation:
# name: Validation - Camunda Alpha
# uses: ./.github/workflows/chart-validate-template.yaml
# with:
# identifier: "${{ github.event.pull_request.number }}-vald-alpha"
# camunda-helm-dir: "camunda-platform-alpha"
# camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"

unit:
name: Unit Test - Camunda Alpha
uses: ./.github/workflows/test-unit-template.yml
with:
identifier: "${{ github.event.pull_request.number }}-unit-alpha"
camunda-helm-dir: "camunda-platform-alpha"
camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
# unit:
# name: Unit Test - Camunda Alpha
# uses: ./.github/workflows/test-unit-template.yml
# with:
# identifier: "${{ github.event.pull_request.number }}-unit-alpha"
# camunda-helm-dir: "camunda-platform-alpha"
# camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"

integration:
name: Integration Test - Camunda Alpha
needs: [validation, unit]
# needs: [validation, unit]
permissions:
contents: read
id-token: write
Expand All @@ -53,7 +53,8 @@ jobs:
identifier: "${{ github.event.pull_request.number }}-intg-alpha"
deployment-ttl: "${{ contains(github.event.pull_request.labels.*.name, 'test-persistent') && '1w' || '' }}"
platforms: "gke,rosa"
flows: "install,upgrade"
# flows: "install,upgrade"
flows: "install"
camunda-helm-repo: "oci://ghcr.io/camunda/helm/camunda-platform"
camunda-helm-dir: "camunda-platform-alpha"
camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
Expand Down
2 changes: 1 addition & 1 deletion charts/camunda-platform-alpha/templates/camunda/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@ Operate templates.
*/}}
{{ define "camundaPlatform.operateURL" }}
{{- if .Values.core.enabled -}}
{{- print "http://" -}}{{- include "core.fullname" . -}}:{{- .Values.core.service.port -}}
{{- print "http://" -}}{{- include "core.fullname" . -}}:{{- .Values.core.service.httpPort -}}
{{- .Values.core.contextPath -}}/operate
{{- end -}}
{{- end -}}
Expand Down
73 changes: 6 additions & 67 deletions charts/camunda-platform-alpha/templates/camunda/constraints.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,75 +207,14 @@ The following values inside your values.yaml need to be set but were not:
{{/*
TODO: Enable for 8.7 cycle.
Fail with a message if global.zeebePort is set since now it's used from Zeebe Gateway values:
"zeebeGateway.service.grpcPort".
Chart Version: 10.0.0
{{- if (.Values.global.zeebePort) }}
Fail with a message when old values syntax is used.
Chart Version: 12.0.0
{{- if (TBA) }}
{{- $errorMessage := printf "[camunda][error] %s %s"
"The global Zeebe Gateway port \"global.zeebePort\" is deprecated. Please remove it."
"It is now used directly via \"zeebeGateway.service.grpcPort\"."
"TBA"
"TBA"
-}}
{{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
{{- end }}
*/}}
{{/*
TODO: Enable for 8.7 cycle.
********************************************************************************
elasticsearch and opensearch constraints
********************************************************************************
*/}}
{{/*
ensuring external elasticsearch and external opensearch to be mutually exclusive
{{- if and .Values.global.elasticsearch.enabled .Values.global.opensearch.enabled }}
{{- $errorMessage := "[camunda][error] global.elasticsearch.enabled and global.opensearch.enabled cannot both be true." -}}
{{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
{{- end }}
*/}}
{{/*
when external elasticsearch is enabled then global elasticsearch should be enabled
{{- if and .Values.global.elasticsearch.external ( not .Values.global.elasticsearch.enabled ) }}
{{- $errorMessage := "[camunda][error] global.elasticsearch should be enabled with global.elasticsearch.external" -}}
{{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
{{- end }}
*/}}
{{/*
ensuring internal and external elasticsearch to be mutually exclusive
{{- if and .Values.global.elasticsearch.external .Values.elasticsearch.enabled }}
{{- $errorMessage := "[camunda][error] global.elasticsearch.external and elasticsearch.enabled cannot both be true." -}}
{{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
{{- end }}
*/}}
{{/*
ensuring internal and external opensearch to be mutually exclusive
{{- if and .Values.global.opensearch.enabled .Values.elasticsearch.enabled }}
{{- $errorMessage := "[camunda][error] global.opensearch.enabled and elasticsearch.enabled cannot both be true." -}}
{{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
{{- end }}
*/}}
{{/*
when global elasticsearch is enabled then either external elasticsearch should be enabled or internal elasticsearch should be enabled
{{- if .Values.global.elasticsearch.enabled -}}
{{- if and (not .Values.global.elasticsearch.external) (not .Values.elasticsearch.enabled) -}}
{{- $errorMessage := "[camunda][error] global.elasticsearch.enabled is true, but neither global.elasticsearch.external.enabled nor elasticsearch.enabled is true" -}}
{{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
{{- end -}}
{{- end -}}
*/}}
{{/*
[elasticsearch] when existingSecret is provided for elasticsearch then password field should be empty
{{- if and .Values.global.elasticsearch.auth.existingSecret .Values.global.elasticsearch.auth.password }}
{{- $errorMessage := "[camunda][error] global.elasticsearch.auth.existingSecret and global.elasticsearch.auth.password cannot both be set." -}}
{{ printf "\n%s" $errorMessage | trimSuffix "\n"| fail }}
{{- end }}
*/}}
8 changes: 8 additions & 0 deletions charts/camunda-platform-alpha/templates/connectors/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,3 +91,11 @@ app.kubernetes.io/component: connectors
{{- define "connectors.authClientSecretKey" -}}
{{ .Values.global.identity.auth.connectors.existingSecretKey }}
{{- end -}}
{{- define "connectors.operateClientProfile" -}}
{{- if or (eq .Values.connectors.inbound.mode "credentials") (and .Values.global.identity.auth.enabled (eq .Values.connectors.inbound.mode "oauth") ) }}
oidc
{{- else }}
simple
{{- end }}
{{- end -}}
4 changes: 4 additions & 0 deletions charts/camunda-platform-alpha/templates/connectors/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ data:
servlet:
context-path: {{ .Values.connectors.contextPath | quote }}
{{- end }}
operate:
client:
profile: {{ include "connectors.operateClientProfile" . | quote }}
camunda:
{{- if eq .Values.connectors.inbound.mode "disabled" }}
connector:
Expand All @@ -38,6 +41,7 @@ data:
identity:
audience: {{ include "core.authAudience" . | quote }}
client-id: {{ include "connectors.authClientId" . | quote }}
client-secret: ${VALUES_CAMUNDA_IDENTITY_CLIENT_SECRET}
{{- end }}
{{- end }}
Expand Down
28 changes: 7 additions & 21 deletions charts/camunda-platform-alpha/templates/connectors/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,38 +53,24 @@ spec:
{{- end }}
{{- if .Values.global.identity.auth.enabled }}
{{- if eq .Values.connectors.inbound.mode "oauth" }}
- name: CAMUNDA_IDENTITY_CLIENT_SECRET
{{- if and .Values.global.identity.auth.connectors.existingSecret (not (typeIs "string" .Values.global.identity.auth.connectors.existingSecret)) }}
- name: VALUES_CAMUNDA_CORE_CLIENT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.global.identity.auth.connectors.existingSecret "context" $) }}
key: {{ .Values.global.identity.auth.connectors.existingSecretKey }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ include "camundaPlatform.identitySecretName" (dict "context" . "component" "connectors") }}
key: {{ .Values.global.identity.auth.connectors.existingSecretKey }}
{{- end }}
name: {{ include "connectors.authClientSecretName" . }}
key: {{ include "connectors.authClientSecretKey" . }}
{{- end }}
- name: ZEEBE_CLIENT_ID
value: {{ tpl .Values.global.identity.auth.core.clientId $ | quote }}
value: {{ include "connectors.authClientId" . | quote }}
- name: ZEEBE_CLIENT_SECRET
{{- if and .Values.global.identity.auth.core.existingSecret (not (typeIs "string" .Values.global.identity.auth.core.existingSecret)) }}
valueFrom:
secretKeyRef:
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.global.identity.auth.core.existingSecret "context" $) }}
key: {{ .Values.global.identity.auth.core.existingSecretKey }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ include "camundaPlatform.identitySecretName" (dict "context" . "component" "core") }}
key: {{ .Values.global.identity.auth.core.existingSecretKey }}
{{- end }}
name: {{ include "core.authClientSecretName" . }}
key: {{ include "core.authClientSecretKey" . }}
- name: ZEEBE_AUTHORIZATION_SERVER_URL
value: {{ include "camundaPlatform.authIssuerBackendUrlTokenEndpoint" . | quote }}
- name: ZEEBE_TOKEN_AUDIENCE
value: {{ include "core.authAudience" . | quote }}
{{- if .Values.global.identity.auth.core.tokenScope }}
{{- if (include "core.authTokenScope" .) }}
- name: ZEEBE_TOKEN_SCOPE
value: {{ include "core.authTokenScope" . | quote }}
{{- end }}
Expand Down
118 changes: 105 additions & 13 deletions charts/camunda-platform-alpha/templates/core/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ metadata:
{{- include "core.labels" . | nindent 4 }}
apiVersion: v1
data:
startup.sh: |
# The Node ID depends on the Pod name so it cannot be templated in the StatefulSet level.
export ZEEBE_BROKER_CLUSTER_NODEID="${ZEEBE_BROKER_CLUSTER_NODEID:-$[${K8S_NAME##*-} * 1 + 0]}"
echo "export ZEEBE_BROKER_CLUSTER_NODEID=${ZEEBE_BROKER_CLUSTER_NODEID}" >> ~/.bashrc
exec /usr/local/camunda/bin/camunda
{{- if .Values.core.configuration }}
application.yaml: |
{{ .Values.core.configuration | indent 4 | trim }}
Expand All @@ -14,13 +21,9 @@ data:
{{- if .Values.global.identity.auth.enabled }}
spring:
profiles:
active: identity, operate, tasklist, broker, auth-oidc
active: "identity,operate,tasklist,broker,auth-oidc"
security:
oauth2:
# resourceserver:
# jwt:
# issuer-uri: {{ include "camundaPlatform.authIssuerBackendUrl" . | quote }}
# jwk-set-uri: {{ include "camundaPlatform.authIssuerBackendUrlCertsEndpoint" . | quote }}
client:
provider:
oidcclient:
Expand All @@ -30,9 +33,10 @@ data:
client-id: {{ include "core.authClientId" . | quote }}
client-secret: ${VALUES_CAMUNDA_CORE_CLIENT_SECRET:}
authorization-grant-type: authorization_code
redirect-uri: http://localhost:8080/login/oauth2/code/oidcclient2
redirect-uri: http://{{ include "core.fullname" . }}:8080/login/oauth2/code/core
provider: oidcclient
scope: openid,profile
scope: openid,{{ include "core.authClientId" . }}
{{- else }}
spring:
profiles:
Expand All @@ -48,43 +52,131 @@ data:
server:
address: 0.0.0.0
port: {{ .Values.core.service.restPort }}
port: {{ .Values.core.service.restPort }}
{{- if .Values.core.contextPath }}
servlet:
context-path: {{ .Values.core.contextPath | quote }}
{{- end }}
zeebe:
host: 0.0.0.0
log:
level: {{ .Values.core.logLevel | quote }}
broker:
# zeebe.broker.experimental
experimental:
engine:
authorization:
enableAuthorization: true
# zeebe.broker.gateway
gateway:
enable: true
network:
host: 0.0.0.0
port: {{ .Values.core.service.grpcPort }}
{{- if .Values.global.identity.auth.enabled }}
security:
authentication:
mode: identity
{{- end }}
{{- if .Values.global.multitenancy.enabled }}
multitenancy:
enabled: true
{{- end }}
# zeebe.broker.network
network:
{{- if gt (int .Values.global.multiregion.regions) 1 }}
advertisedHost: "${K8S_NAME}.${K8S_SERVICE_NAME}.${K8S_NAMESPACE}.svc"
{{- else }}
advertisedHost: "${K8S_NAME}.${K8S_SERVICE_NAME}"
{{- end }}
host: 0.0.0.0
commandApi:
port: {{ .Values.core.service.commandPort }}
internalApi:
port: {{ .Values.core.service.internalPort }}
# zeebe.broker.cluster
cluster:
initialContactPoints:
{{- range (untilStep 0 (int .Values.core.clusterSize) 1) }}
- ${K8S_SERVICE_NAME}-{{ . }}.${K8S_SERVICE_NAME}:{{$.Values.core.service.internalPort}}
{{- end }}
clusterSize: {{ .Values.core.clusterSize | quote }}
replicationFactor: {{ .Values.core.replicationFactor | quote }}
partitionsCount: {{ .Values.core.partitionCount | quote }}
clusterName: {{ tpl .Values.global.zeebeClusterName . }}
# zeebe.broker.data
data:
snapshotPeriod: 5m
freeSpace:
processing: 2GB
replication: 3GB
# zeebe.broker.threads
threads:
cpuThreadCount: {{ .Values.core.cpuThreadCount | quote }}
ioThreadCount: {{ .Values.core.ioThreadCount | quote }}
# zeebe.broker.exporters
exporters:
{{- if and (not .Values.global.elasticsearch.disableExporter) .Values.global.elasticsearch.enabled }}
elasticsearch:
className: "io.camunda.zeebe.exporter.ElasticsearchExporter"
args:
{{- if .Values.global.elasticsearch.external }}
authentication:
username: {{ .Values.global.elasticsearch.auth.username | quote }}
{{- end }}
url: {{ include "camundaPlatform.elasticsearchURL" . | quote }}
index:
prefix: {{ .Values.global.elasticsearch.prefix | quote }}
{{- if .Values.core.retention.enabled }}
retention:
enabled: true
minimumAge: {{ .Values.core.retention.minimumAge | quote }}
policyName: {{ .Values.core.retention.policyName | quote }}
{{- end }}
{{- else if .Values.global.opensearch.enabled }}
opensearch:
className: "io.camunda.zeebe.exporter.opensearch.OpensearchExporter"
args:
url: {{ include "camundaPlatform.opensearchURL" . | quote }}
{{- if .Values.global.opensearch.auth.username }}
authentication:
username: {{ .Values.global.opensearch.auth.username | quote }}
{{- end }}
{{- if .Values.global.opensearch.aws.enabled }}
aws:
enabled: true
{{- end}}
{{- if .Values.core.retention.enabled }}
retention:
enabled: true
minimumAge: {{ .Values.core.retention.minimumAge | quote }}
policyName: {{ .Values.core.retention.policyName | quote }}
{{- end }}
{{- end }}
{{- if or .Values.global.elasticsearch.enabled .Values.global.opensearch.enabled }}
CamundaExporter:
className: "io.camunda.exporter.CamundaExporter"
args:
connect:
type: {{ if .Values.global.elasticsearch.enabled }}elasticsearch{{ else }}opensearch{{ end }}
url: {{ if .Values.global.elasticsearch.enabled }}{{ include "camundaPlatform.elasticsearchURL" . | quote }}{{ else }}{{ include "camundaPlatform.opensearchURL" . | quote }}{{- end }}
{{- if or .Values.global.elasticsearch.auth.username .Values.global.opensearch.auth.username }}
username: {{ if .Values.global.elasticsearch.auth.username }}{{ .Values.global.elasticsearch.auth.username | quote }}{{ else }}{{ .Values.global.opensearch.auth.username | quote }}{{- end }}
{{- end }}
{{- if .Values.core.retention.enabled }}
retention:
enabled: true
minimumAge: {{ .Values.core.retention.minimumAge | quote }}
policyName: {{ .Values.core.retention.policyName | quote }}
{{- end }}
createSchema: true
{{- else -}}
{{ " {}" }}
{{- end }}
camunda:
{{- if .Values.global.identity.auth.enabled }}
Expand Down
Loading

0 comments on commit c158843

Please sign in to comment.