feat: execution identity integration

[drodriguez-305]

Which problem does the PR fix?

Related to #2195

This is the first iteration of adding Execution identity component to the clusters.

What's in this PR?

see related issue

Checklist

Please make sure to follow our Contributing Guide.

Before opening the PR:

• In the repo's root dir, run make go.update-golden-only.
• There is no other open pull request for the same update/change.
• Tests for charts are added (if needed).
• In-repo documentation are updated (if needed).

After opening the PR:

• Did you sign our CLA (Contributor License Agreement)? It will show once you open the PR.
• Did all checks/tests pass in the PR?

[drodriguez-305]

@aabouzaid can you double check this please?

On the configmap, I wasn't sure about passing the member-id: identity I did find an example but that is referencing the metadata.name which would be incorrect in this case.

camunda-platform-helm/charts/camunda-platform-alpha/templates/zeebe-gateway/deployment.yaml

Lines 58 to 61 in cdea66b

	- name: ZEEBE_GATEWAY_CLUSTER_MEMBERID
	valueFrom:
	fieldRef:
	fieldPath: metadata.name

For Camunda database configuration I saw we had this already in a few other configmaps I just left out the opensearch portion as the ask was only for elasticsearch. Let me know I can add it if needed.

Also for the spring portion I just hard coded it as others have it set the same way.

[drodriguez-305]

Hey Team @megglos @Ben-Sheppard

Can you check to see if any other env vars are needed?

camunda-platform-helm/charts/camunda-platform-alpha/templates/execution-identity/deployment.yaml

Lines 51 to 62 in 0eec5d7

	env:
	- name: CAMUNDA_LICENSE_KEY
	valueFrom:
	secretKeyRef:
	name: {{ include "camundaPlatform.licenseSecretName" . }}
	key: {{ include "camundaPlatform.licenseSecretKey" . }}
	{{- if .Values.executionIdentity.env}}
	{{ .Values.executionIdentity.env | toYaml | nindent 12 }}
	{{- end }}
	{{- if .Values.executionIdentity.envFrom }}
	envFrom:
	{{- .Values.executionIdentity.envFrom | toYaml | nindent 12 }}

The ones requested in the main issue was added via configmap

https://github.com/camunda/camunda-platform-helm/blob/2195-enhancement-execution-identity-integration/charts/camunda-platform-alpha/templates/execution-identity/configmap.yaml

[Ben-Sheppard]

Hey @drodriguez-305 :).-

Looking at the configuration added it seems like thats enough, until the recent license changes I've only ran the app with the config we shared in the main issue so should be good! To answer the other questions:

I wasn't sure about passing the member-id: identity
My understanding here is that the application needs to tell Zeebe who it is thats connecting so here we opt for identity as its closest, I'm not sure if its handled in a different way but I also think that the controller repo may have more examples

For Camunda database configuration I saw we had this already in a few other configmaps I just left out the opensearch portion as the ask was only for elasticsearch. Let me know I can add it if needed.

Thats fine for now, we will want OpenSearch at some point but we can add it later

[megglos]

For Camunda database configuration I saw we had this already in a few other configmaps I just left out the opensearch portion as the ask was only for elasticsearch. Let me know I can add it if needed.

Thats fine for now, we will want OpenSearch at some point but we can add it later

Can you please create a follow-up for adding opensearch support @drodriguez-305 ?

[aabouzaid]

LGTM, thank you 👏