-
Simple and understandable HELM example
-
Help understand common configuration and architectural concepts
-
Good documentation and example to assist in getting running quickly in Kubernetes
-
NOT intended as a production ready configuration
Note
|
for example of installing on AWS EKS see Install Camunda Platform on EKS |
-
✓ Camunda BPM CE
-
✓ Camunda BPM EE
-
✓ Camunda License Install
-
✓ Internal Load Balancer Service (for clients like Optimize)
-
✓ External Ingress with sticky sessions
-
✓ Postgres Database
Important
|
The configs in this chart are preconfigured defaults and serve as a quick reference for understanding. You may need to change and adjust things to suit your use-case, infra, architecture, etc … |
-
The HELM chart is an install descriptor to install Canunda on Kubernetes. HELM can do many things to help install and manage infra on Kubernetes.
-
The primary configuration point is the values.yaml. It should allow you to get a basic Canunda configuration installed and running with little to no customizations.
-
You still need to know how to debug on Kubernetes. See the Kubernetes Docs for help.
-
While this chart defines how Canunda is installed other components need to be installed in your Kubernetes cluster to make Canunda work. See Setting up Infra to install the other components.
-
You can find more on HELM here Helm Quickstart
Note
|
These can be omitted if you run the basic HELM chart without the Postgres DB and only a single node in the cluster without a load balancer |
Step 0. Install HELM and Kubernetes if not already installed
Step 1. Install Ingress Contorller to configure the loadbalaner ingress controller
Step 2. Configure PostgreSQL in the Kubernetes cluster
Step 3. Configure Camunda
Step 4. Run Camunda
-
You can find more on HELM here Helm Quickstart
-
Try Docker Desktop imo it’s the quickest way to get started with Kubernetes
-
Tested with HELM
-
version.BuildInfo{Version:"v3.5.3", GitCommit:"041ce5a2c17a58be0fcd5f5e16fb3e7e95fea622", GitTreeState:"dirty", GoVersion:"go1.16"}
-
-
Tested with Kubernetes
-
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:59:11Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"darwin/amd64"}
-
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}
-
Important
|
Kuberneted does not come with an implementation of a LoadBalancer or a Reverse Proxy for Ingress. The Ingerss resource allows you to configure a Controller for your needs. It’s important to understand what you need from an inrgess resource then you can choose the appropriate Controller to install. There are a variety of vendors. |
Install the NGINX Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml
Update the values.yaml and configure the Ingress Resource to tell the LoadBalancer (the NGINX deployment that was installed above) to stick to one Camunda instance once the user is logged into the Camunda webapps.
Defaults Below
ingress:
enabled: true
annotations: {
nginx.ingress.kubernetes.io/ingress.class: nginx,
nginx.ingress.kubernetes.io/affinity: "cookie",
nginx.ingress.kubernetes.io/affinity-mode: "persistent",
nginx.ingress.kubernetes.io/session-cookie-expires: "172800",
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800",
}
# see more config options https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: camunda.127.0.0.1.nip.io
paths: ["/"]
tls: []
# - secretName: camunda-bpm-platform-tls
# hosts:
# - camunda-bpm-platform.local - camunda-bpm-platform.local
Update the values.yaml and increase the replica count so the load balancer will send requests to both nodes for a user that is not already logged in to Camunda webapps.
Defaults Below
general:
debug: true
replicaCount: 2
nameOverride: ""
fullnameOverride: ""
helm install workflow-database --set postgresqlPostgresPassword=workflow, postgresqlUsername=workflow,postgresqlPassword=workflow,postgresqlDatabase=workflow bitnami/postgresql
kubectl create secret generic \ workflow-database-credentials \ --from-literal=DB_USERNAME=workflow \ --from-literal=DB_PASSWORD=workflow
The credentialsSecertName:
allows us to use a secret resource for DB credentials.
The url:
uses the deployment name of the postgres resource. This is echoed in the notes after the install.
Defaults Below
database:
# In case H2 database is used.
diskSize: 1G
# In case PostgreSQL or MySQL databases are used.
credentialsSecertName: "workflow-database-credentials"
driver: "org.postgresql.Driver"
url: "jdbc:postgresql://workflow-database-postgresql.default.svc.cluster.local:5432/workflow"
For more configuration options see https://github.com/camunda/docker-camunda-bpm-platform/blob/next/README.md
In this case the latest tomcat image is used.
Use the tag property to change the version.
See the Camunda Docker Tags if you need a different version of Camunda.
Run the Community Version
image:
repository: camunda/camunda-bpm-platform
tag: tomcat-latest
pullPolicy: IfNotPresent
pullSecrets: []
Run the Enterprise Version
image:
repository: registry.camunda.cloud/cambpm-ee/camunda-bpm-platform-ee
tag: latest
pullPolicy: IfNotPresent
pullSecrets:
- name: camunda-reg-cred
Note
|
If issues arise with pulling the image the workaround is to manually pull the image. Run the following commands |
docker login registry.camunda.cloud
docker pull registry.camunda.cloud/optimize-ee/optimize:latest
Configuring the pullSecrets
Tip
|
see Configuring pull secrets kubernetes doc and Managing Secrets for more info |
Install the secret and name it camunda-reg-cred
kubectl create secret docker-registry camunda-reg-cred --docker-server=registry.camunda.cloud --docker-username=<<user>> --docker-password=<<password>> --docker-email=<your-email>
Tip
|
You may need to deref special characters in your passwords i.e. --docker-password=mypassword\!isstrong |
Check your secret
kubectl get secret camunda-reg-cred --output=yaml kubectl get secret camunda-reg-cred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
Enable License Config
license:
enabled: true
Configure Enterprise License Put the license in the data-license.yaml
--------------- BEGIN CAMUNDA LICENSE KEY ---------------
--------------- END CAMUNDA LICENSE KEY ---------------
Build the process application by running mvn command in your process app directory
mvn clean package -DskipTests
copy the file location from the build
[INFO] Building war: /Users/paullungu/projects/camunda-poc-starter-parent/camunda-servlet-project/target/project.war
Create a configmap for the process application war
kubectl create configmap process-app-war --from-file /Users/paullungu/projects/camunda-poc-starter-parent/camunda-servlet-project/target/project.war
Use the name of the .war file here
processAppWar:
enabled: true
name: project.war
Runing the Chart the following command to install the chart and apply the configurations to the Kubernetes cluster
helm install workflow-demo ./charts/camunda-bpm-platform/
Change the Chart — When you make changes run the following command to apply the changes to the cluster
helm upgrade workflow-demo ./charts/camunda-bpm-platform/
Remove the Chart — To remove the installation
helm uninstall workflow-demo
-
✓ Configuration for EE License
-
✓ Configuration for Secrets Vault (HashiCorp, Spring Cloud Vault)
-
✓ Configure common Camunda configs (Hisotry Level, Engine)
-
✓ Configuration for Optimize
-
✓ Adding a Camunda process application
-
❏ Configuration for LDAP plugin
-
❏ Adding an Engine plugin
-
❏ Configuration for metrics
-
❏ with Prometheus
-
-
❏ Configuration for Custom Camunda Build
-
with Spring-Boot
-
-
❏ Configuration for Logging
-
❏ Configuration for Log Drain
-
-
❏ Configuration for CI/CD
-
❏ Configuration for ARGO
-
❏ Configuration for TERRAFORM
-
-
❏ Configurations for SSO
-
❏ with Keycloak
-
-
❏ Configuration for GRAPHQL
-
❏ Configuration for HAZELCAST
-
❏ Configuration for Tracing
-
❏ Configure auto-scaling
-
❏ Configure Cloud Deployments (GKE, AWS, Azure)