Skip to content

Latest commit

 

History

History
350 lines (269 loc) · 11.7 KB

README.adoc

File metadata and controls

350 lines (269 loc) · 11.7 KB

Camunda HELM Charts

Goals

  • Simple and understandable HELM example

  • Help understand common configuration and architectural concepts

  • Good documentation and example to assist in getting running quickly in Kubernetes

  • NOT intended as a production ready configuration

Note
for example of installing on AWS EKS see Install Camunda Platform on EKS

What is configured in this chart

  • ✓ Camunda BPM CE

  • ✓ Camunda BPM EE

  • ✓ Camunda License Install

  • ✓ Internal Load Balancer Service (for clients like Optimize)

  • ✓ External Ingress with sticky sessions

  • ✓ Postgres Database

How does it work

Important
The configs in this chart are preconfigured defaults and serve as a quick reference for understanding. You may need to change and adjust things to suit your use-case, infra, architecture, etc …​
  • The HELM chart is an install descriptor to install Canunda on Kubernetes. HELM can do many things to help install and manage infra on Kubernetes.

  • The primary configuration point is the values.yaml. It should allow you to get a basic Canunda configuration installed and running with little to no customizations.

  • You still need to know how to debug on Kubernetes. See the Kubernetes Docs for help.

  • While this chart defines how Canunda is installed other components need to be installed in your Kubernetes cluster to make Canunda work. See Setting up Infra to install the other components.

  • You can find more on HELM here Helm Quickstart

Steps to run this HELM chart

Before you run

Note
These can be omitted if you run the basic HELM chart without the Postgres DB and only a single node in the cluster without a load balancer

Step 0. Install HELM and Kubernetes if not already installed

Step 1. Install Ingress Contorller to configure the loadbalaner ingress controller

Step 2. Configure PostgreSQL in the Kubernetes cluster

Step 4. Run Camunda

Setup Infra and Architecture for Camunda

Step 0: Install HELM and Kubernetes

  • You can find more on HELM here Helm Quickstart

  • Kubernetes Getting Started

  • Try Docker Desktop imo it’s the quickest way to get started with Kubernetes

  • Tested with HELM

    • version.BuildInfo{Version:"v3.5.3", GitCommit:"041ce5a2c17a58be0fcd5f5e16fb3e7e95fea622", GitTreeState:"dirty", GoVersion:"go1.16"}

  • Tested with Kubernetes

    • Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:59:11Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"darwin/amd64"}

    • Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}


Step 1: Configure Load Balancer with Sticky Sessions

Install Ingress Controller

Important
Kuberneted does not come with an implementation of a LoadBalancer or a Reverse Proxy for Ingress. The Ingerss resource allows you to configure a Controller for your needs. It’s important to understand what you need from an inrgess resource then you can choose the appropriate Controller to install. There are a variety of vendors.

Install the NGINX Ingress Controller

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml

Configure the Ingress Resource for nginx with sticky sessions

Update the values.yaml and configure the Ingress Resource to tell the LoadBalancer (the NGINX deployment that was installed above) to stick to one Camunda instance once the user is logged into the Camunda webapps.

Defaults Below

  ingress:
    enabled: true
    annotations: {
        nginx.ingress.kubernetes.io/ingress.class: nginx,
        nginx.ingress.kubernetes.io/affinity: "cookie",
        nginx.ingress.kubernetes.io/affinity-mode: "persistent",
        nginx.ingress.kubernetes.io/session-cookie-expires: "172800",
        nginx.ingress.kubernetes.io/session-cookie-max-age: "172800",
      }
      # see more config options https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/
      # kubernetes.io/ingress.class: nginx
      # kubernetes.io/tls-acme: "true"
    hosts:
      - host: camunda.127.0.0.1.nip.io
        paths: ["/"]
    tls: []
    #  - secretName: camunda-bpm-platform-tls
    #    hosts:
    #      - camunda-bpm-platform.local   - camunda-bpm-platform.local

Increase the replica count of Camunda Nodes

Update the values.yaml and increase the replica count so the load balancer will send requests to both nodes for a user that is not already logged in to Camunda webapps.

Defaults Below

general:
  debug: true
  replicaCount: 2
  nameOverride: ""
  fullnameOverride: ""

Step 2: Configure an External Database

Install PostgreSQL Database in the cluster

helm install workflow-database --set postgresqlPostgresPassword=workflow, postgresqlUsername=workflow,postgresqlPassword=workflow,postgresqlDatabase=workflow bitnami/postgresql

Create Kubernetes Secret Resource for Postgresql
kubectl create secret generic \
    workflow-database-credentials \
    --from-literal=DB_USERNAME=workflow \
    --from-literal=DB_PASSWORD=workflow

Update the values.yaml with database configuration

The credentialsSecertName: allows us to use a secret resource for DB credentials.

The url: uses the deployment name of the postgres resource. This is echoed in the notes after the install.

Defaults Below

database:
  # In case H2 database is used.
  diskSize: 1G
  # In case PostgreSQL or MySQL databases are used.
  credentialsSecertName: "workflow-database-credentials"
  driver: "org.postgresql.Driver"
  url: "jdbc:postgresql://workflow-database-postgresql.default.svc.cluster.local:5432/workflow"

Step 3: Configure Camunda

Configure the version of Camunda

In this case the latest tomcat image is used.

Use the tag property to change the version.

See the Camunda Docker Tags if you need a different version of Camunda.

Run the Community Version

image:
  repository: camunda/camunda-bpm-platform
  tag: tomcat-latest
  pullPolicy: IfNotPresent
  pullSecrets: []

Run the Enterprise Version

image:
  repository: registry.camunda.cloud/cambpm-ee/camunda-bpm-platform-ee
  tag: latest
  pullPolicy: IfNotPresent
  pullSecrets:
  - name: camunda-reg-cred

Note
If issues arise with pulling the image the workaround is to manually pull the image. Run the following commands
docker login registry.camunda.cloud
docker pull registry.camunda.cloud/optimize-ee/optimize:latest

Configuring the pullSecrets

Install the secret and name it camunda-reg-cred

kubectl create secret docker-registry camunda-reg-cred --docker-server=registry.camunda.cloud --docker-username=<<user>> --docker-password=<<password>> --docker-email=<your-email>
Tip
You may need to deref special characters in your passwords i.e. --docker-password=mypassword\!isstrong

Check your secret

kubectl get secret camunda-reg-cred --output=yaml

kubectl get secret camunda-reg-cred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode

Enable License Config

license:
  enabled: true

Configure Enterprise License Put the license in the data-license.yaml

    --------------- BEGIN CAMUNDA LICENSE KEY ---------------
    --------------- END CAMUNDA LICENSE KEY ---------------

Step 3-A Install a Process Application

Build the process application by running mvn command in your process app directory

mvn clean package -DskipTests

copy the file location from the build

[INFO] Building war: /Users/paullungu/projects/camunda-poc-starter-parent/camunda-servlet-project/target/project.war

Create a configmap for the process application war

kubectl create configmap process-app-war --from-file /Users/paullungu/projects/camunda-poc-starter-parent/camunda-servlet-project/target/project.war

Use the name of the .war file here

processAppWar:
  enabled: true
  name: project.war

Step 4: Run the Chart

Runing the Chart the following command to install the chart and apply the configurations to the Kubernetes cluster

helm install workflow-demo ./charts/camunda-bpm-platform/

Change the Chart  — When you make changes run the following command to apply the changes to the cluster

helm upgrade workflow-demo ./charts/camunda-bpm-platform/

Remove the Chart  — To remove the installation

helm uninstall workflow-demo

Whats Next

  • ✓ Configuration for EE License

  • ✓ Configuration for Secrets Vault (HashiCorp, Spring Cloud Vault)

  • ✓ Configure common Camunda configs (Hisotry Level, Engine)

  • ✓ Configuration for Optimize

  • ✓ Adding a Camunda process application

  • ❏ Configuration for LDAP plugin

  • ❏ Adding an Engine plugin

  • ❏ Configuration for metrics

    • ❏ with Prometheus

  • ❏ Configuration for Custom Camunda Build

    • with Spring-Boot

  • ❏ Configuration for Logging

    • ❏ Configuration for Log Drain

  • ❏ Configuration for CI/CD

    • ❏ Configuration for ARGO

    • ❏ Configuration for TERRAFORM

  • ❏ Configurations for SSO

    • ❏ with Keycloak

  • ❏ Configuration for GRAPHQL

  • ❏ Configuration for HAZELCAST

  • ❏ Configuration for Tracing

  • ❏ Configure auto-scaling

  • ❏ Configure Cloud Deployments (GKE, AWS, Azure)

Project state

Note
This project is in alpha phase.