Skip to content

Latest commit

 

History

History
448 lines (323 loc) · 14.1 KB

README.adoc

File metadata and controls

448 lines (323 loc) · 14.1 KB

Camunda Cawemo HELM Charts

Goals

  • Simple and understandable HELM Cawemo example

  • Help understand common configuration and architectural concepts

  • Good documentation and example to assist in getting Cawemo running quickly in Kubernetes

  • NOT intended as a production ready configuration

What is configured in this chart

  • ✓ Cawemo

  • ✓ Cawemo EE Repo Pull

  • ✓ Cawemo License

  • ✓ Load Balancer with sticky sessions

  • ✓ Postgresql Database

How does it work

Important
The configs in this chart are preconfigured defaults and serve as a quick reference for understanding. You may need to change and adjust things to suit your use-case, infra, architecture, etc …​
  • The HELM chart is an install descriptor to install Cawemo on Kubernetes. HELM can do many things to help install and manage infra on Kubernetes.

  • The primary configuration point is the values.yaml. It should allow you to get a basic Cawemo configuration installed and running with little to no customizations.

  • You still need to know how to debug on Kubernetes. See the Kubernetes Docs for help.

  • While this chart defines how Cawemo is installed other components need to be installed in your Kubernetes cluster to make Cawemo work. See Setting up Infra to install the other components.

  • You can find more on HELM here Helm Quickstart

Cawemo Architecture

This section is intended to explain and provide insight into the the way Cawemo works and what it needs to operate

IAM Backend
  • User management via REST API

  • JAVA App

IAM Frontend
  • UI for Camunda Accounts

  • NodeJS App

IAM Router
  • NGINX reverse proxy

  • Delegates requests to IAM Frontend AND IAM Backend

SMTP Mail Server
  • Mail Server setup for testing is MailHog

  • It can be accessed at http://localhost:8025/

  • Use KubeCtL port forward to access SMTP

Cawemo WebSockets
  • PHP Application

  • Websocket Server

  • Pub/Sub Server

  • Accepts HTTP Published Messags from Cawemo REST API/Java Publisher

  • Accepts HTTP Subscriptions from Cawemo Webapp

Cawemo REST API
  • Java APP

  • Provides functionality via REST API

Cawemo WebApp
  • Reverse proxy for requests

  • NodeJs application

  • Cawemo UI

  • Calls Cawemo REST API via HTTP

Steps to run this HELM chart

STOP before you run it

Step 0. Install HELM and Kubernetes if not already installed

Step 1. Install Ingress Contorller to configure the loadbalaner ingress controller

Step 2. Configure PostgreSQL in the Kubernetes cluster

Step 6. Run Cawemo

Setup Infrastructure for Cawemo

Step 0: Install HELM and Kubernetes

  • You can find more on HELM here Helm Quickstart

  • Kubernetes Getting Started

  • Try Docker Desktop imo it’s the quickest way to get started with Kubernetes

  • Tested with HELM

    • version.BuildInfo{Version:"v3.5.3", GitCommit:"041ce5a2c17a58be0fcd5f5e16fb3e7e95fea622", GitTreeState:"dirty", GoVersion:"go1.16"}

  • Tested with Kubernetes

    • Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:59:11Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"darwin/amd64"}

    • Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}


Step 1: Install Ingress Controller with Sticky Sessions

Important
Kubernetes does not come with an implementation of a LoadBalancer or a Reverse Proxy for Ingress. The Ingerss resource allows you to configure a Controller for your needs. It’s important to understand what you need from an inrgess resource then you can choose the appropriate Controller to install. There are a variety of vendors.

Install the NGINX Ingress Controller

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml

Configure the Ingress resource for Nginx with sticky sessions

Update the values.yaml and configure the Ingress Resource to tell the LoadBalancer (the NGINX deployment that was installed above) to stick to one instance once the user is logged into the webapps.

Important
An ingress resource is defined for the IAM Router, Websockets Sever, and the Webapp. Please see the values.yaml to see the defaults for each service.

Defaults Below

  ingress:
    enabled: true
    annotations: {
        nginx.ingress.kubernetes.io/ingress.class: nginx,
        nginx.ingress.kubernetes.io/affinity: "cookie",
        nginx.ingress.kubernetes.io/affinity-mode: "persistent",
        nginx.ingress.kubernetes.io/session-cookie-expires: "172800",
        nginx.ingress.kubernetes.io/session-cookie-max-age: "172800",
      }
      # see more config options https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/
      # kubernetes.io/ingress.class: nginx
      # kubernetes.io/tls-acme: "true"
    hosts:
      - host: cawemo.127.0.0.1.nip.io
        paths: ["/"]
    tls: []
    #  - secretName: camunda-cawemo-tls
    #    hosts:
    #      - camunda-cawemo.local   - camunda-cawemo.local

Troubleshoot Kubernetes Resources

Troubleshoot Ingress, Pods and Services

  • Check the Service and Ingress endpoints

    • kubectl describe ingress cawemo-demo-camunda-cawemo

    • kubectl describe service cawemo-demo-camunda-cawemo

  • Check the pods

    • kubectl describe pods cawemo-demo-camunda-cawemo

  • Check that the Service Selectors get the pods

    • kubectl get pods --show-labels | egrep 'app.kubernetes.io/instance=cawemo-demo,app.kubernetes.io/name=camunda-cawemo'


Step 2: Configure Databases

Two databases will be configured for Cawemo and IAM Apps. It’s possible to only use one database.

Create Kubernetes Secret Resource for Postgresql
kubectl create secret generic \
    workflow-database-credentials \
    --from-literal=DB_USERNAME=workflow \
    --from-literal=DB_PASSWORD=workflow

Install IAM PostgreSQL Database in the cluster

helm install iam-database --set postgresqlPostgresPassword=workflow, postgresqlUsername=workflow,postgresqlPassword=workflow,postgresqlDatabase=workflow bitnami/postgresql

Install Cawemo PostgreSQL Database in the cluster

Important
The database must have a super user configured to install Cawemo. See the config options here
Note
the config below will install postgres with the postgres superuser and password of workflow.
Tip
if your database config is incorrect and you reinstall make sure to delete the PVC first. kubectl get pvc -l "app=postgresql"
Important
The database connection values are hardcoded into the cawemo-restapi-deployment.yaml
helm install cawemo-database --set postgresqlPostgresPassword=workflow,postgresqlDatabase=workflow bitnami/postgresql

Setup Cawemo

Step 4: Configure the version of Cawemo

In this case the latest image is used. But we could swap different images and versions.

See the Camunda Harbor Repo if you need a different version of Cawemo.

Pulling from the Enterprise Repo

Note
you will need your enterprise credentials and an enterprise license for Cawemo.

The version of Cawemo can be changed in this section of the values.yaml.

Important
several apps configured in the cluster for Cawemo. See the values.yaml for the configuration of all the apps.
image:
  repository: registry.camunda.cloud/cawemo-ee/<<cawemo-app>>
  tag: 1.7.1
  pullPolicy: IfNotPresent
  pullSecrets:
    - name: camunda-reg-cred

Note
If issues arise with pulling the image the workaround is to manually pull the image. Run the following commands
docker login registry.camunda.cloud
docker pull registry.camunda.cloud/cawemo-ee/cawemo:latest

Configuring the pullSecrets

Install the secret and name it camunda-reg-cred

kubectl create secret docker-registry camunda-reg-cred --docker-server=registry.camunda.cloud --docker-username=<<user>> --docker-password=<<password>> --docker-email=<your-email>
Tip
You may need to deref special characters in your passwords i.e. --docker-password=mypassword\!isstrong

Check your secret

kubectl get secret camunda-reg-cred --output=yaml

kubectl get secret camunda-reg-cred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode

Step 6: Configure the Cawemo License

Add your license to the data-license.yaml. This is a kubernetes Secret resource. It will be mounted by the volumes config onto the filesystem of the pod where Cawemo REST API app can read it.

Defaults Below

apiVersion: v1
kind: Secret
metadata:
  labels:
    {{- include "camunda-cawemo.labels" . | nindent 4 }}
  name: cawemo-license
stringData:
  CawemoLicense.txt:
    --------------- BEGIN CAMUNDA LICENSE KEY ---------------

    ---------------  END CAMUNDA LICENSE KEY  ---------------

The license Secret mounting definition in the deplyment.yaml This is informational. Nothing to do unless you want to change the mount location or type.

          volumeMounts:
          - mountPath: /config.key
            subPath: config.key
            name: cawemo-license

      volumes:
      - name: cawemo-license
        secret:
          secretName: cawemo-license

Troubleshoot volumes, configMaps and secrets

Check the secret exists

kubectl get secret cawemo-license -o yaml
kubectl get secret camunda-reg-cred --output=yaml

Check the secrets are created properly

kubectl get secret camunda-reg-cred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
kubectl get secret cawemo-license --output="jsonpath={.data.CawemoLicense\.txt}"

Look at the mounted license file use exec command into pod file system. You should see

cat config/CawemoLicense.txt

See Managing Secrets for more info.

Step 7: Run the Chart

Runing the Chart the following command to install the chart and apply the configurations to the Kubernetes cluster

helm install cawemo-demo ./charts/camunda-cawemo/

Change the Chart  — When you make changes run the following command to apply the changes to the cluster

helm upgrade cawemo-demo ./charts/camunda-cawemo/

Remove the Chart  — To remove the installation

helm uninstall cawemo-demo

Whats Next

  • ❏ Configure Cloud Deployments (GKE, AWS, Azure)

    • ❏ Configuration for TERRAFORM

  • ❏ Configure auto-scaling

  • ❏ Configure common Cawemo configs (Elastic, Engine)

  • ❏ Configuration for Secrets Vault (HashiCorp, Spring Cloud Vault)

  • ❏ Configuration for LDAP

  • ❏ Configuration for Logging

    • ❏ Configuration for Log Drain

  • ❏ Configurations for SSO

    • ❏ with Keycloak

Project state

This project is in alpha phase.