diff --git a/charts/camunda-platform-alpha/README.md b/charts/camunda-platform-alpha/README.md index 6003228313..6dbe90a9d5 100644 --- a/charts/camunda-platform-alpha/README.md +++ b/charts/camunda-platform-alpha/README.md @@ -518,120 +518,111 @@ Please see the corresponding [release guide](../../docs/release.md) to find out ### Identity Parameters -| Name | Description | Value | -| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | -| `identity.enabled` | if true, the identity deployment and its related resources are deployed via a helm release | `true` | -| `identity.fullnameOverride` | can be used to override the full name of the Identity resources | `""` | -| `identity.nameOverride` | can be used to partly override the name of the Identity resources (names will still be prefixed with the release name) | `""` | -| `identity.firstUser` | configuration to configure properties of the first Identity user, which can be used to access all | | -| `identity.firstUser.enabled` | if true, Identity will seed the first user in Keycloak. | `true` | -| `identity.firstUser.username` | defines the username of the first user, needed to log in into the web applications | `demo` | -| `identity.firstUser.password` | defines the password of the first user, needed to log in into the web applications | `demo` | -| `identity.firstUser.email` | defines the email address of the first user; a valid email address is required to use WebModeler | `demo@example.org` | -| `identity.firstUser.firstName` | defines the first name of the first user; a name is required to use WebModeler | `Demo` | -| `identity.firstUser.lastName` | defines the last name of the first user; a name is required to use WebModeler | `User` | -| `identity.firstUser.existingSecret` | can be used to use an own existing secret for Identity first user. | `""` | -| `identity.firstUser.existingSecretKey` | defines the key within the existing secret object. | `identity-firstuser-password` | -| `identity.image` | configuration to configure the identity image specifics | | -| `identity.image.registry` | can be used to set container image registry. | `""` | -| `identity.image.repository` | defines which image repository to use | `camunda/identity` | -| `identity.image.tag` | can be set to overwrite the global tag, which should be used in that chart | `8.7.0-alpha1` | -| `identity.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | -| `identity.sidecars` | can be used to attach extra containers to the identity deployment | `[]` | -| `identity.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | -| `identity.fullURL` | can be used when Ingress is configured (for both multi and single domain setup). | `""` | -| `identity.contextPath` | can be used to make Identity web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain. | `""` | -| `identity.podAnnotations` | can be used to define extra Identity pod annotations | `{}` | -| `identity.podLabels` | can be used to define extra Identity pod labels | `{}` | -| `identity.logging` | configuration for the identity logging. This template will be directly included in the identity configuration YAML file | | -| `identity.logging.level.ROOT` | | `DEBUG` | -| `identity.logging.level.io.camunda.identity` | https://docs.camunda.io/docs/next/self-managed/identity/user-guide/configuration/configure-logging/#general-configuration-options | `DEBUG` | -| `identity.service` | configuration to configure the identity service. | | -| `identity.service.annotations` | can be used to define annotations, which will be applied to the identity service | `{}` | -| `identity.service.type` | defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | -| `identity.service.port` | defines the port of the service on which the identity application will be available | `80` | -| `identity.service.metricsPort` | defines the port of the service on which the identity metrics will be available | `82` | -| `identity.service.metricsName` | defines the name of the service on which the identity metrics will be available | `metrics` | -| `identity.podSecurityContext` | defines the security options the Identity pod should be run with | | -| `identity.podSecurityContext.runAsNonRoot` | | `true` | -| `identity.podSecurityContext.fsGroup` | | `1001` | -| `identity.podSecurityContext.seccompProfile` | | | -| `identity.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `identity.containerSecurityContext` | defines the security options the Identity container should be run with | | -| `identity.containerSecurityContext.allowPrivilegeEscalation` | | `false` | -| `identity.containerSecurityContext.privileged` | | `false` | -| `identity.containerSecurityContext.readOnlyRootFilesystem` | | `true` | -| `identity.containerSecurityContext.runAsNonRoot` | | `true` | -| `identity.containerSecurityContext.runAsUser` | | `1001` | -| `identity.containerSecurityContext.seccompProfile` | | | -| `identity.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `identity.startupProbe` | configuration | | -| `identity.startupProbe.enabled` | if true, the startup probe is enabled in app container | `false` | -| `identity.startupProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | -| `identity.startupProbe.probePath` | defines the startup probe route used on the app | `/actuator/health` | -| `identity.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated. | `30` | -| `identity.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `identity.startupProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | -| `identity.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | -| `identity.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `identity.readinessProbe` | configuration | | -| `identity.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `true` | -| `identity.readinessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | -| `identity.readinessProbe.probePath` | defines the readiness probe route used on the app | `/actuator/health` | -| `identity.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated. | `30` | -| `identity.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `identity.readinessProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | -| `identity.readinessProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | -| `identity.readinessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `identity.livenessProbe` | configuration | | -| `identity.livenessProbe.enabled` | if true, the liveness probe is enabled in app container | `false` | -| `identity.livenessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | -| `identity.livenessProbe.probePath` | defines the liveness probe route used on the app | `/actuator/health` | -| `identity.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `identity.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `identity.livenessProbe.successThreshold` | defines how often it needs to be true to be considered successful after having failed | `1` | -| `identity.livenessProbe.failureThreshold` | defines when the probe is considered as failed so the container will be restarted | `5` | -| `identity.livenessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `identity.metrics.prometheus` | Prometheus metrics endpoint | `/actuator/prometheus` | -| `identity.nodeSelector` | can be used to define on which nodes the Identity pods should run | `{}` | -| `identity.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | -| `identity.affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | `{}` | -| `identity.resources` | configuration to set request and limit configuration for the container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | -| `identity.resources.requests.memory` | | `400Mi` | -| `identity.resources.limits.cpu` | | `2000m` | -| `identity.resources.requests.cpu` | | `600m` | -| `identity.resources.limits.memory` | | `2Gi` | -| `identity.env` | can be used to set extra environment variables in each identity container. See the documentation https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ for more details. | `[]` | -| `identity.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | -| `identity.command` | can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | -| `identity.extraVolumes` | can be used to define extra volumes for the identity pods, useful for tls and self-signed certificates | `[]` | -| `identity.extraVolumeMounts` | can be used to mount extra volumes for the identity pods, useful for tls and self-signed certificates | `[]` | -| `identity.serviceAccount` | configuration for the service account where the identity pods are assigned to | | -| `identity.serviceAccount.enabled` | if true, enables the identity service account | `true` | -| `identity.serviceAccount.name` | can be used to set the name of the identity service account | `""` | -| `identity.serviceAccount.annotations` | can be used to set the annotations of the identity service account | `{}` | -| `identity.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `true` | -| `identity.ingress.enabled` | if true, an ingress resource is deployed with the identity deployment. Only useful if an ingress controller is available, like nginx. Warning, separated ingress is deprecated and will be removed in the next release, please use global.ingress instead. | `false` | -| `identity.ingress.className` | defines the class or configuration of ingress which should be used by the controller | `nginx` | -| `identity.ingress.annotations` | defines the ingress related annotations, consumed mostly by the ingress controller | `{}` | -| `identity.ingress.path` | defines the path which is associated with the service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `/` | -| `identity.ingress.pathType` | can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types | `Prefix` | -| `identity.ingress.host` | can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `""` | -| `identity.ingress.tls` | configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | | -| `identity.ingress.tls.enabled` | if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. | `false` | -| `identity.ingress.tls.secretName` | defines the secret name which contains the TLS private key and certificate | `camunda-platform-identity` | -| `identity.externalDatabase.enabled` | | `false` | -| `identity.externalDatabase.host` | Database host | `nil` | -| `identity.externalDatabase.port` | Database port number | `nil` | -| `identity.externalDatabase.username` | Non-root username | `nil` | -| `identity.externalDatabase.password` | Password for the non-root username | `nil` | -| `identity.externalDatabase.database` | The database name | `nil` | -| `identity.externalDatabase.existingSecret` | Name of an existing secret resource containing the database credentials | `nil` | -| `identity.externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the database credentials | `nil` | -| `identity.configuration` | if specified, contents will be used as the application.yaml | `""` | -| `identity.extraConfiguration` | if specified, contents will be used for any extra configuration files such as the log4j2.xml | `{}` | -| `identity.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | -| `identity.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | +| Name | Description | Value | +| ------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | +| `identity.enabled` | if true, the identity deployment and its related resources are deployed via a helm release | `true` | +| `identity.fullnameOverride` | can be used to override the full name of the Identity resources | `""` | +| `identity.nameOverride` | can be used to partly override the name of the Identity resources (names will still be prefixed with the release name) | `""` | +| `identity.firstUser` | configuration to configure properties of the first Identity user, which can be used to access all | | +| `identity.firstUser.enabled` | if true, Identity will seed the first user in Keycloak. | `true` | +| `identity.firstUser.username` | defines the username of the first user, needed to log in into the web applications | `demo` | +| `identity.firstUser.password` | defines the password of the first user, needed to log in into the web applications | `demo` | +| `identity.firstUser.email` | defines the email address of the first user; a valid email address is required to use WebModeler | `demo@example.org` | +| `identity.firstUser.firstName` | defines the first name of the first user; a name is required to use WebModeler | `Demo` | +| `identity.firstUser.lastName` | defines the last name of the first user; a name is required to use WebModeler | `User` | +| `identity.firstUser.existingSecret` | can be used to use an own existing secret for Identity first user. | `""` | +| `identity.firstUser.existingSecretKey` | defines the key within the existing secret object. | `identity-firstuser-password` | +| `identity.image` | configuration to configure the identity image specifics | | +| `identity.image.registry` | can be used to set container image registry. | `""` | +| `identity.image.repository` | defines which image repository to use | `camunda/identity` | +| `identity.image.tag` | can be set to overwrite the global tag, which should be used in that chart | `8.7.0-alpha1` | +| `identity.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | +| `identity.sidecars` | can be used to attach extra containers to the identity deployment | `[]` | +| `identity.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | +| `identity.fullURL` | can be used when Ingress is configured (for both multi and single domain setup). | `""` | +| `identity.contextPath` | can be used to make Identity web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain. | `""` | +| `identity.podAnnotations` | can be used to define extra Identity pod annotations | `{}` | +| `identity.podLabels` | can be used to define extra Identity pod labels | `{}` | +| `identity.logging` | configuration for the identity logging. This template will be directly included in the identity configuration YAML file | | +| `identity.logging.level.ROOT` | | `DEBUG` | +| `identity.logging.level.io.camunda.identity` | https://docs.camunda.io/docs/next/self-managed/identity/user-guide/configuration/configure-logging/#general-configuration-options | `DEBUG` | +| `identity.service` | configuration to configure the identity service. | | +| `identity.service.annotations` | can be used to define annotations, which will be applied to the identity service | `{}` | +| `identity.service.type` | defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | +| `identity.service.port` | defines the port of the service on which the identity application will be available | `80` | +| `identity.service.metricsPort` | defines the port of the service on which the identity metrics will be available | `82` | +| `identity.service.metricsName` | defines the name of the service on which the identity metrics will be available | `metrics` | +| `identity.podSecurityContext` | defines the security options the Identity pod should be run with | | +| `identity.podSecurityContext.runAsNonRoot` | | `true` | +| `identity.podSecurityContext.fsGroup` | | `1001` | +| `identity.podSecurityContext.seccompProfile` | | | +| `identity.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `identity.containerSecurityContext` | defines the security options the Identity container should be run with | | +| `identity.containerSecurityContext.allowPrivilegeEscalation` | | `false` | +| `identity.containerSecurityContext.privileged` | | `false` | +| `identity.containerSecurityContext.readOnlyRootFilesystem` | | `true` | +| `identity.containerSecurityContext.runAsNonRoot` | | `true` | +| `identity.containerSecurityContext.runAsUser` | | `1001` | +| `identity.containerSecurityContext.seccompProfile` | | | +| `identity.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `identity.startupProbe` | configuration | | +| `identity.startupProbe.enabled` | if true, the startup probe is enabled in app container | `false` | +| `identity.startupProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | +| `identity.startupProbe.probePath` | defines the startup probe route used on the app | `/actuator/health` | +| `identity.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated. | `30` | +| `identity.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `identity.startupProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | +| `identity.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | +| `identity.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `identity.readinessProbe` | configuration | | +| `identity.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `true` | +| `identity.readinessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | +| `identity.readinessProbe.probePath` | defines the readiness probe route used on the app | `/actuator/health` | +| `identity.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated. | `30` | +| `identity.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `identity.readinessProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | +| `identity.readinessProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | +| `identity.readinessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `identity.livenessProbe` | configuration | | +| `identity.livenessProbe.enabled` | if true, the liveness probe is enabled in app container | `false` | +| `identity.livenessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | +| `identity.livenessProbe.probePath` | defines the liveness probe route used on the app | `/actuator/health` | +| `identity.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `identity.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `identity.livenessProbe.successThreshold` | defines how often it needs to be true to be considered successful after having failed | `1` | +| `identity.livenessProbe.failureThreshold` | defines when the probe is considered as failed so the container will be restarted | `5` | +| `identity.livenessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `identity.metrics.prometheus` | Prometheus metrics endpoint | `/actuator/prometheus` | +| `identity.nodeSelector` | can be used to define on which nodes the Identity pods should run | `{}` | +| `identity.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | +| `identity.affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | `{}` | +| `identity.resources` | configuration to set request and limit configuration for the container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | +| `identity.resources.requests.memory` | | `400Mi` | +| `identity.resources.limits.cpu` | | `2000m` | +| `identity.resources.requests.cpu` | | `600m` | +| `identity.resources.limits.memory` | | `2Gi` | +| `identity.env` | can be used to set extra environment variables in each identity container. See the documentation https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ for more details. | `[]` | +| `identity.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | +| `identity.command` | can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | +| `identity.extraVolumes` | can be used to define extra volumes for the identity pods, useful for tls and self-signed certificates | `[]` | +| `identity.extraVolumeMounts` | can be used to mount extra volumes for the identity pods, useful for tls and self-signed certificates | `[]` | +| `identity.serviceAccount` | configuration for the service account where the identity pods are assigned to | | +| `identity.serviceAccount.enabled` | if true, enables the identity service account | `true` | +| `identity.serviceAccount.name` | can be used to set the name of the identity service account | `""` | +| `identity.serviceAccount.annotations` | can be used to set the annotations of the identity service account | `{}` | +| `identity.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `true` | +| `identity.externalDatabase.enabled` | | `false` | +| `identity.externalDatabase.host` | Database host | `nil` | +| `identity.externalDatabase.port` | Database port number | `nil` | +| `identity.externalDatabase.username` | Non-root username | `nil` | +| `identity.externalDatabase.password` | Password for the non-root username | `nil` | +| `identity.externalDatabase.database` | The database name | `nil` | +| `identity.externalDatabase.existingSecret` | Name of an existing secret resource containing the database credentials | `nil` | +| `identity.externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the database credentials | `nil` | +| `identity.configuration` | if specified, contents will be used as the application.yaml | `""` | +| `identity.extraConfiguration` | if specified, contents will be used for any extra configuration files such as the log4j2.xml | `{}` | +| `identity.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | +| `identity.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | ### Identity - PostgreSQL Parameters @@ -712,91 +703,83 @@ Please see the corresponding [release guide](../../docs/release.md) to find out ### Console Parameters -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `console` | configuration for the Console. | | -| `console.enabled` | if true, the Console deployment and its related resources are deployed via a helm release | `false` | -| `console.configuration` | Configuration passed directly to Console as YAML file. More details on [Console official documenations](https://docs.camunda.io/docs/self-managed/console-deployment/configuration/) | `""` | -| `console.image.registry` | can be used to set container image registry. | `""` | -| `console.image.repository` | defines which image repository to use | `camunda/console` | -| `console.image.tag` | can be used to set the Docker image tag for the Console image (overwrites global.image.tag) | `8.7.0-alpha1` | -| `console.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | -| `console.sidecars` | can be used to attach extra containers to the console deployment | `[]` | -| `console.replicas` | Number of Console replicas | `1` | -| `console.keycloak.realm` | Specifies the Keycloak realm used for authentication. | `camunda-platform` | -| `console.contextPath` | can be used to make Console web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain. | `""` | -| `console.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | -| `console.podAnnotations` | can be used to define extra Console pod annotations | `{}` | -| `console.podLabels` | can be used to define extra Console pod labels | `{}` | -| `console.logging` | configuration for the Console logging. This template will be directly included in the configuration YAML file | `{}` | -| `console.service.annotations` | can be used to define annotations, which will be applied to the Console service | `{}` | -| `console.service.type` | defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | -| `console.service.port` | defines the port number where the web application will be available | `80` | -| `console.service.serverName` | defines the port name where the web application will be available | `http` | -| `console.service.managementPort` | defines the management port used to access metrics and app status | `9100` | -| `console.resources.requests.memory` | | `1Gi` | -| `console.resources.limits.cpu` | | `2` | -| `console.resources.limits.memory` | | `2Gi` | -| `console.resources.requests.cpu` | | `1` | -| `console.env` | can be used to set extra environment variables in each app container | `[]` | -| `console.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | -| `console.command` | can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | -| `console.extraVolumes` | can be used to define extra volumes for the Console pods, useful for TLS and self-signed certificates | `[]` | -| `console.extraVolumeMounts` | can be used to mount extra volumes for the Console pods, useful for TLS and self-signed certificates | `[]` | -| `console.startupProbe.enabled` | if true, the startup probe is enabled in app container | `false` | -| `console.startupProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | -| `console.startupProbe.probePath` | defines the startup probe route used on the app | `/health/readiness` | -| `console.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `console.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `console.startupProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | -| `console.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | -| `console.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `console.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `true` | -| `console.readinessProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | -| `console.readinessProbe.probePath` | defines the readiness probe route used on the app | `/health/readiness` | -| `console.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `console.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `console.readinessProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | -| `console.readinessProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | -| `console.readinessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `console.livenessProbe.enabled` | if true, the liveness probe is enabled in app container | `false` | -| `console.livenessProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | -| `console.livenessProbe.probePath` | defines the liveness probe route used on the app | `/health/liveness` | -| `console.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `console.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `console.livenessProbe.successThreshold` | defines how often it needs to be true to be considered successful after having failed | `1` | -| `console.livenessProbe.failureThreshold` | defines when the probe is considered as failed so the container will be restarted | `5` | -| `console.livenessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `console.metrics.prometheus` | Prometheus metrics endpoint | `/prometheus` | -| `console.serviceAccount.enabled` | if true, enables the Console service account | `true` | -| `console.serviceAccount.name` | can be used to set the name of the Console service account | `""` | -| `console.serviceAccount.annotations` | can be used to set the annotations of the service account | `{}` | -| `console.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `false` | -| `console.ingress.enabled` | if true, an ingress resource is deployed with the Console deployment. Only useful if an ingress controller is available, like nginx. Warning, separated ingress is deprecated and will be removed in the next release, please use global.ingress instead. | `false` | -| `console.ingress.className` | defines the class or configuration of ingress which should be used by the controller | `nginx` | -| `console.ingress.annotations` | defines the ingress related annotations, consumed mostly by the ingress controller | `{}` | -| `console.ingress.path` | defines the path which is associated with the Console service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `/` | -| `console.ingress.pathType` | can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types | `Prefix` | -| `console.ingress.host` | can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `""` | -| `console.ingress.tls.enabled` | if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. | `false` | -| `console.ingress.tls.secretName` | defines the secret name which contains the TLS private key and certificate | `camunda-platform-console` | -| `console.podSecurityContext` | defines the security options the Console broker pod should be run with | | -| `console.podSecurityContext.runAsNonRoot` | run as non root | `true` | -| `console.podSecurityContext.fsGroup` | | `1001` | -| `console.podSecurityContext.seccompProfile` | | | -| `console.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `console.containerSecurityContext.allowPrivilegeEscalation` | | `false` | -| `console.containerSecurityContext.privileged` | | `false` | -| `console.containerSecurityContext.readOnlyRootFilesystem` | | `true` | -| `console.containerSecurityContext.runAsNonRoot` | | `true` | -| `console.containerSecurityContext.runAsUser` | | `1001` | -| `console.containerSecurityContext.seccompProfile` | | | -| `console.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `console.nodeSelector` | can be used to define on which nodes the Console pods should run | `{}` | -| `console.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | -| `console.affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | `{}` | -| `console.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | -| `console.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | +| Name | Description | Value | +| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| `console` | configuration for the Console. | | +| `console.enabled` | if true, the Console deployment and its related resources are deployed via a helm release | `false` | +| `console.configuration` | Configuration passed directly to Console as YAML file. More details on [Console official documenations](https://docs.camunda.io/docs/self-managed/console-deployment/configuration/) | `""` | +| `console.image.registry` | can be used to set container image registry. | `""` | +| `console.image.repository` | defines which image repository to use | `camunda/console` | +| `console.image.tag` | can be used to set the Docker image tag for the Console image (overwrites global.image.tag) | `8.7.0-alpha1` | +| `console.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | +| `console.sidecars` | can be used to attach extra containers to the console deployment | `[]` | +| `console.replicas` | Number of Console replicas | `1` | +| `console.keycloak.realm` | Specifies the Keycloak realm used for authentication. | `camunda-platform` | +| `console.contextPath` | can be used to make Console web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain. | `""` | +| `console.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | +| `console.podAnnotations` | can be used to define extra Console pod annotations | `{}` | +| `console.podLabels` | can be used to define extra Console pod labels | `{}` | +| `console.logging` | configuration for the Console logging. This template will be directly included in the configuration YAML file | `{}` | +| `console.service.annotations` | can be used to define annotations, which will be applied to the Console service | `{}` | +| `console.service.type` | defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | +| `console.service.port` | defines the port number where the web application will be available | `80` | +| `console.service.serverName` | defines the port name where the web application will be available | `http` | +| `console.service.managementPort` | defines the management port used to access metrics and app status | `9100` | +| `console.resources.requests.memory` | | `1Gi` | +| `console.resources.limits.cpu` | | `2` | +| `console.resources.limits.memory` | | `2Gi` | +| `console.resources.requests.cpu` | | `1` | +| `console.env` | can be used to set extra environment variables in each app container | `[]` | +| `console.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | +| `console.command` | can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | +| `console.extraVolumes` | can be used to define extra volumes for the Console pods, useful for TLS and self-signed certificates | `[]` | +| `console.extraVolumeMounts` | can be used to mount extra volumes for the Console pods, useful for TLS and self-signed certificates | `[]` | +| `console.startupProbe.enabled` | if true, the startup probe is enabled in app container | `false` | +| `console.startupProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | +| `console.startupProbe.probePath` | defines the startup probe route used on the app | `/health/readiness` | +| `console.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `console.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `console.startupProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | +| `console.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | +| `console.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `console.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `true` | +| `console.readinessProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | +| `console.readinessProbe.probePath` | defines the readiness probe route used on the app | `/health/readiness` | +| `console.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `console.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `console.readinessProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | +| `console.readinessProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | +| `console.readinessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `console.livenessProbe.enabled` | if true, the liveness probe is enabled in app container | `false` | +| `console.livenessProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | +| `console.livenessProbe.probePath` | defines the liveness probe route used on the app | `/health/liveness` | +| `console.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `console.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `console.livenessProbe.successThreshold` | defines how often it needs to be true to be considered successful after having failed | `1` | +| `console.livenessProbe.failureThreshold` | defines when the probe is considered as failed so the container will be restarted | `5` | +| `console.livenessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `console.metrics.prometheus` | Prometheus metrics endpoint | `/prometheus` | +| `console.serviceAccount.enabled` | if true, enables the Console service account | `true` | +| `console.serviceAccount.name` | can be used to set the name of the Console service account | `""` | +| `console.serviceAccount.annotations` | can be used to set the annotations of the service account | `{}` | +| `console.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `false` | +| `console.podSecurityContext` | defines the security options the Console broker pod should be run with | | +| `console.podSecurityContext.runAsNonRoot` | run as non root | `true` | +| `console.podSecurityContext.fsGroup` | | `1001` | +| `console.podSecurityContext.seccompProfile` | | | +| `console.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `console.containerSecurityContext.allowPrivilegeEscalation` | | `false` | +| `console.containerSecurityContext.privileged` | | `false` | +| `console.containerSecurityContext.readOnlyRootFilesystem` | | `true` | +| `console.containerSecurityContext.runAsNonRoot` | | `true` | +| `console.containerSecurityContext.runAsUser` | | `1001` | +| `console.containerSecurityContext.seccompProfile` | | | +| `console.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `console.nodeSelector` | can be used to define on which nodes the Console pods should run | `{}` | +| `console.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | +| `console.affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | `{}` | +| `console.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | +| `console.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | ### WebModeler Parameters @@ -983,92 +966,77 @@ Please see the corresponding [release guide](../../docs/release.md) to find out ### WebModeler - WebSockets Parameters -| Name | Description | Value | -| ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- | -| `webModeler.websockets` | configuration of the WebModeler websockets component | | -| `webModeler.websockets.image` | configuration of the websockets Docker image | | -| `webModeler.websockets.image.repository` | defines which image repository to use for the websockets Docker image | `camunda/web-modeler-websockets` | -| `webModeler.websockets.sidecars` | can be used to attach extra containers to the modeler websockets deployment | `[]` | -| `webModeler.websockets.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | -| `webModeler.websockets.publicHost` | can be used to define the host on which the WebSockets server can be reached from the WebModeler client in the browser. | `localhost` | -| `webModeler.websockets.publicPort` | can be used to define the port number on which the WebSockets server can be reached from the WebModeler client in the browser. | `8085` | -| `webModeler.websockets.podAnnotations` | can be used to define extra websockets pod annotations | `{}` | -| `webModeler.websockets.podLabels` | can be used to define extra websockets pod labels | `{}` | -| `webModeler.websockets.env` | can be used to set extra environment variables in each websockets container | `[]` | -| `webModeler.websockets.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | -| `webModeler.websockets.command` | can be used to override the default command provided by the container image, see https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | -| `webModeler.websockets.extraVolumes` | can be used to define extra volumes for the websockets pod; useful for logging to a file | `[]` | -| `webModeler.websockets.extraVolumeMounts` | can be used to mount extra volumes for the websockets pod; useful for logging to a file | `[]` | -| `webModeler.websockets.podSecurityContext` | can be used to define the security options the websockets pod should be run with | | -| `webModeler.websockets.podSecurityContext.runAsNonRoot` | | `true` | -| `webModeler.websockets.podSecurityContext.fsGroup` | | `1001` | -| `webModeler.websockets.podSecurityContext.seccompProfile` | | | -| `webModeler.websockets.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `webModeler.websockets.containerSecurityContext` | can be used to define the security options the websockets container should be run with | | -| `webModeler.websockets.containerSecurityContext.privileged` | | `false` | -| `webModeler.websockets.containerSecurityContext.readOnlyRootFilesystem` | | `true` | -| `webModeler.websockets.containerSecurityContext.allowPrivilegeEscalation` | | `false` | -| `webModeler.websockets.containerSecurityContext.runAsNonRoot` | | `true` | -| `webModeler.websockets.containerSecurityContext.runAsUser` | | `1001` | -| `webModeler.websockets.containerSecurityContext.seccompProfile` | | | -| `webModeler.websockets.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `webModeler.websockets.startupProbe` | configuration of the websockets startup probe | | -| `webModeler.websockets.startupProbe.enabled` | if true, the startup probe will be enabled for the websockets container | `false` | -| `webModeler.websockets.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated | `10` | -| `webModeler.websockets.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `webModeler.websockets.startupProbe.successThreshold` | defines how often the probe needs to succeed to be considered successful after having failed | `1` | -| `webModeler.websockets.startupProbe.failureThreshold` | defines when the probe is considered failed so the container will be restarted | `5` | -| `webModeler.websockets.startupProbe.timeoutSeconds` | defines the number of seconds after which the probe times out | `1` | -| `webModeler.websockets.readinessProbe` | configuration of the websockets readiness probe | | -| `webModeler.websockets.readinessProbe.enabled` | if true, the readiness probe will be enabled for the websockets container | `true` | -| `webModeler.websockets.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated | `10` | -| `webModeler.websockets.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `webModeler.websockets.readinessProbe.successThreshold` | defines how often the probe needs to succeed to be considered successful after having failed | `1` | -| `webModeler.websockets.readinessProbe.failureThreshold` | defines when the probe is considered failed so the Pod will be marked unready | `5` | -| `webModeler.websockets.readinessProbe.timeoutSeconds` | defines the number of seconds after which the probe times out | `1` | -| `webModeler.websockets.livenessProbe` | configuration of the websockets liveness probe | | -| `webModeler.websockets.livenessProbe.enabled` | if true, the liveness probe will be enabled for the websockets container | `false` | -| `webModeler.websockets.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated | `10` | -| `webModeler.websockets.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `webModeler.websockets.livenessProbe.successThreshold` | defines how often the probe needs to succeed to be considered successful after having failed | `1` | -| `webModeler.websockets.livenessProbe.failureThreshold` | defines when the probe is considered failed so the container will be restarted | `5` | -| `webModeler.websockets.livenessProbe.timeoutSeconds` | defines the number of seconds after which the probe times out | `1` | -| `webModeler.websockets.nodeSelector` | can be used to select the nodes the websockets pods should run on | `{}` | -| `webModeler.websockets.tolerations` | can be used to define pod tolerations, see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | -| `webModeler.websockets.affinity` | can be used to define pod affinity or anti-affinity, see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | `{}` | -| `webModeler.websockets.resources` | configuration of resource requests and limits for the container, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | -| `webModeler.websockets.resources.requests.cpu` | | `100m` | -| `webModeler.websockets.resources.requests.memory` | | `64Mi` | -| `webModeler.websockets.resources.limits.cpu` | | `200m` | -| `webModeler.websockets.resources.limits.memory` | | `128Mi` | -| `webModeler.websockets.service` | configuration of the WebModeler websockets service | | -| `webModeler.websockets.service.annotations` | can be used to define annotations which will be applied to the service | `{}` | -| `webModeler.websockets.service.type` | defines the type of the service, see https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | -| `webModeler.websockets.service.port` | defines the port of the service | `80` | -| `webModeler.websockets.configuration` | if specified, contents will be used as the application.yaml | `""` | -| `webModeler.websockets.extraConfiguration` | if specified, contents will be used for any extra configuration files such as log4j2.xml | `{}` | -| `webModeler.websockets.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | -| `webModeler.websockets.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | -| `webModeler.serviceAccount` | configuration for the service account the WebModeler pods are assigned to | | -| `webModeler.serviceAccount.enabled` | if true, enables the WebModeler service account | `true` | -| `webModeler.serviceAccount.name` | can be used to set the name of the WebModeler service account | `""` | -| `webModeler.serviceAccount.annotations` | can be used to set the annotations of the WebModeler service account | `{}` | -| `webModeler.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `false` | -| `webModeler.ingress.enabled` | if true, an Ingress resource will be deployed with the WebModeler deployment. Only useful if an Ingress controller like NGINX is available. Warning, separated ingress is deprecated and will be removed in the next release, please use global.ingress instead. | `false` | -| `webModeler.ingress.className` | defines the class or configuration of ingress which should be used by the controller | `nginx` | -| `webModeler.ingress.annotations` | defines the ingress related annotations, consumed mostly by the ingress controller | `{}` | -| `webModeler.ingress.webapp` | configuration of the webapp ingress | | -| `webModeler.ingress.webapp.host` | defines the host of the ingress rule, see https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules; this is the host name on which the WebModeler web application will be available | `""` | -| `webModeler.ingress.webapp.pathType` | can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types | `Prefix` | -| `webModeler.ingress.webapp.tls` | configuration for TLS on the ingress resource, see https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | | -| `webModeler.ingress.webapp.tls.enabled` | if true, TLS will be configured on the ingress resource | `false` | -| `webModeler.ingress.webapp.tls.secretName` | defines the secret name which contains the TLS private key and certificate | `camunda-platform-webmodeler-webapp` | -| `webModeler.ingress.websockets` | configuration of the websockets ingress | | -| `webModeler.ingress.websockets.host` | defines the host of the ingress rule, see https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules; this is the host name the WebModeler client in the browser will use to connect to the WebSockets server | `""` | -| `webModeler.ingress.websockets.pathType` | can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types | `Prefix` | -| `webModeler.ingress.websockets.tls` | configuration for TLS on the ingress resource, see https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | | -| `webModeler.ingress.websockets.tls.enabled` | if true, TLS will be configured on the ingress resource | `false` | -| `webModeler.ingress.websockets.tls.secretName` | defines the secret name which contains the TLS private key and certificate | `camunda-platform-webmodeler-websockets` | +| Name | Description | Value | +| ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | +| `webModeler.websockets` | configuration of the WebModeler websockets component | | +| `webModeler.websockets.image` | configuration of the websockets Docker image | | +| `webModeler.websockets.image.repository` | defines which image repository to use for the websockets Docker image | `camunda/web-modeler-websockets` | +| `webModeler.websockets.sidecars` | can be used to attach extra containers to the modeler websockets deployment | `[]` | +| `webModeler.websockets.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | +| `webModeler.websockets.publicHost` | can be used to define the host on which the WebSockets server can be reached from the WebModeler client in the browser. | `localhost` | +| `webModeler.websockets.publicPort` | can be used to define the port number on which the WebSockets server can be reached from the WebModeler client in the browser. | `8085` | +| `webModeler.websockets.podAnnotations` | can be used to define extra websockets pod annotations | `{}` | +| `webModeler.websockets.podLabels` | can be used to define extra websockets pod labels | `{}` | +| `webModeler.websockets.env` | can be used to set extra environment variables in each websockets container | `[]` | +| `webModeler.websockets.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | +| `webModeler.websockets.command` | can be used to override the default command provided by the container image, see https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | +| `webModeler.websockets.extraVolumes` | can be used to define extra volumes for the websockets pod; useful for logging to a file | `[]` | +| `webModeler.websockets.extraVolumeMounts` | can be used to mount extra volumes for the websockets pod; useful for logging to a file | `[]` | +| `webModeler.websockets.podSecurityContext` | can be used to define the security options the websockets pod should be run with | | +| `webModeler.websockets.podSecurityContext.runAsNonRoot` | | `true` | +| `webModeler.websockets.podSecurityContext.fsGroup` | | `1001` | +| `webModeler.websockets.podSecurityContext.seccompProfile` | | | +| `webModeler.websockets.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `webModeler.websockets.containerSecurityContext` | can be used to define the security options the websockets container should be run with | | +| `webModeler.websockets.containerSecurityContext.privileged` | | `false` | +| `webModeler.websockets.containerSecurityContext.readOnlyRootFilesystem` | | `true` | +| `webModeler.websockets.containerSecurityContext.allowPrivilegeEscalation` | | `false` | +| `webModeler.websockets.containerSecurityContext.runAsNonRoot` | | `true` | +| `webModeler.websockets.containerSecurityContext.runAsUser` | | `1001` | +| `webModeler.websockets.containerSecurityContext.seccompProfile` | | | +| `webModeler.websockets.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `webModeler.websockets.startupProbe` | configuration of the websockets startup probe | | +| `webModeler.websockets.startupProbe.enabled` | if true, the startup probe will be enabled for the websockets container | `false` | +| `webModeler.websockets.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated | `10` | +| `webModeler.websockets.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `webModeler.websockets.startupProbe.successThreshold` | defines how often the probe needs to succeed to be considered successful after having failed | `1` | +| `webModeler.websockets.startupProbe.failureThreshold` | defines when the probe is considered failed so the container will be restarted | `5` | +| `webModeler.websockets.startupProbe.timeoutSeconds` | defines the number of seconds after which the probe times out | `1` | +| `webModeler.websockets.readinessProbe` | configuration of the websockets readiness probe | | +| `webModeler.websockets.readinessProbe.enabled` | if true, the readiness probe will be enabled for the websockets container | `true` | +| `webModeler.websockets.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated | `10` | +| `webModeler.websockets.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `webModeler.websockets.readinessProbe.successThreshold` | defines how often the probe needs to succeed to be considered successful after having failed | `1` | +| `webModeler.websockets.readinessProbe.failureThreshold` | defines when the probe is considered failed so the Pod will be marked unready | `5` | +| `webModeler.websockets.readinessProbe.timeoutSeconds` | defines the number of seconds after which the probe times out | `1` | +| `webModeler.websockets.livenessProbe` | configuration of the websockets liveness probe | | +| `webModeler.websockets.livenessProbe.enabled` | if true, the liveness probe will be enabled for the websockets container | `false` | +| `webModeler.websockets.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated | `10` | +| `webModeler.websockets.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `webModeler.websockets.livenessProbe.successThreshold` | defines how often the probe needs to succeed to be considered successful after having failed | `1` | +| `webModeler.websockets.livenessProbe.failureThreshold` | defines when the probe is considered failed so the container will be restarted | `5` | +| `webModeler.websockets.livenessProbe.timeoutSeconds` | defines the number of seconds after which the probe times out | `1` | +| `webModeler.websockets.nodeSelector` | can be used to select the nodes the websockets pods should run on | `{}` | +| `webModeler.websockets.tolerations` | can be used to define pod tolerations, see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | +| `webModeler.websockets.affinity` | can be used to define pod affinity or anti-affinity, see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | `{}` | +| `webModeler.websockets.resources` | configuration of resource requests and limits for the container, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | +| `webModeler.websockets.resources.requests.cpu` | | `100m` | +| `webModeler.websockets.resources.requests.memory` | | `64Mi` | +| `webModeler.websockets.resources.limits.cpu` | | `200m` | +| `webModeler.websockets.resources.limits.memory` | | `128Mi` | +| `webModeler.websockets.service` | configuration of the WebModeler websockets service | | +| `webModeler.websockets.service.annotations` | can be used to define annotations which will be applied to the service | `{}` | +| `webModeler.websockets.service.type` | defines the type of the service, see https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | +| `webModeler.websockets.service.port` | defines the port of the service | `80` | +| `webModeler.websockets.configuration` | if specified, contents will be used as the application.yaml | `""` | +| `webModeler.websockets.extraConfiguration` | if specified, contents will be used for any extra configuration files such as log4j2.xml | `{}` | +| `webModeler.websockets.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | +| `webModeler.websockets.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | +| `webModeler.serviceAccount` | configuration for the service account the WebModeler pods are assigned to | | +| `webModeler.serviceAccount.enabled` | if true, enables the WebModeler service account | `true` | +| `webModeler.serviceAccount.name` | can be used to set the name of the WebModeler service account | `""` | +| `webModeler.serviceAccount.annotations` | can be used to set the annotations of the WebModeler service account | `{}` | +| `webModeler.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `false` | ### WebModeler - PostgreSQL Parameters @@ -1102,106 +1070,97 @@ Please see the corresponding [release guide](../../docs/release.md) to find out ### Connectors Parameters -| Name | Description | Value | -| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------- | -| `connectors` | configuration for the Connectors. | | -| `connectors.enabled` | if true, the Connectors deployment and its related resources are deployed via a helm release | `true` | -| `connectors.inbound` | Switch for inbound mode (e.g., for webhook or polling) | | -| `connectors.inbound.mode` | acceptable values: disabled, credentials, or oauth | `oauth` | -| `connectors.inbound.auth` | configuration of the credentials authentication. | | -| `connectors.inbound.auth.existingSecret` | can be used to configure Secret name that contains password (if inbound mode is credentials) | `""` | -| `connectors.inbound.auth.existingSecretKey` | defines the key within the existing secret object. | `connectors-secret` | -| `connectors.image` | configuration to configure the Connectors image specifics | | -| `connectors.image.registry` | can be used to set container image registry. | `""` | -| `connectors.image.repository` | defines which image repository to use | `camunda/connectors-bundle` | -| `connectors.image.tag` | can be set to overwrite the global tag, which should be used in that chart | `8.7.0-alpha1` | -| `connectors.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | -| `connectors.sidecars` | can be used to attach extra containers to the connectors deployment | `[]` | -| `connectors.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | -| `connectors.replicas` | number of Connectors replicas | `1` | -| `connectors.contextPath` | can be used to make Connectors web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain. | `""` | -| `connectors.podAnnotations` | can be used to define extra Connectors pod annotations | `{}` | -| `connectors.podLabels` | can be used to define extra Connectors pod labels | `{}` | -| `connectors.logging` | configuration for the Connectors logging. This template will be directly included in the connector configuration YAML file | | -| `connectors.logging.level.io.camunda.connector` | | `ERROR` | -| `connectors.service` | configuration to configure the Connectors service. | | -| `connectors.service.annotations` | can be used to define annotations, which will be applied to the Connectors service | `{}` | -| `connectors.service.type` | defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | -| `connectors.service.serverPort` | defines the port number where the Connector web application will be available | `8080` | -| `connectors.service.serverName` | defines the port name where the Connector web application will be available | `http` | -| `connectors.resources` | configuration to set request and limit configuration for the container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | -| `connectors.resources.requests.cpu` | | `1` | -| `connectors.resources.requests.memory` | | `1Gi` | -| `connectors.resources.limits.cpu` | | `2` | -| `connectors.resources.limits.memory` | | `2Gi` | -| `connectors.env` | can be used to set extra environment variables in each Connector container | `[]` | -| `connectors.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | -| `connectors.command` | can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | -| `connectors.extraVolumes` | can be used to define extra volumes for the Connectors pods, useful for TLS and self-signed certificates | `[]` | -| `connectors.extraVolumeMounts` | can be used to mount extra volumes for the Connectors pods, useful for TLS and self-signed certificates | `[]` | -| `connectors.startupProbe` | configuration | | -| `connectors.startupProbe.enabled` | if true, the startup probe is enabled in app container | `false` | -| `connectors.startupProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | -| `connectors.startupProbe.probePath` | defines the startup probe route used on the app | `/actuator/health/readiness` | -| `connectors.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `connectors.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `connectors.startupProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | -| `connectors.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | -| `connectors.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `connectors.readinessProbe` | configuration | | -| `connectors.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `false` | -| `connectors.readinessProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | -| `connectors.readinessProbe.probePath` | defines the readiness probe route used on the app | `/actuator/health/readiness` | -| `connectors.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated. | `30` | -| `connectors.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `connectors.readinessProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | -| `connectors.readinessProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | -| `connectors.readinessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `connectors.livenessProbe` | configuration | | -| `connectors.livenessProbe.enabled` | if true, the liveness probe is enabled in app container | `false` | -| `connectors.livenessProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | -| `connectors.livenessProbe.probePath` | defines the liveness probe route used on the app | `/actuator/health/liveness` | -| `connectors.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `connectors.livenessProbe.initialDelaySeconds` | the probe is initiated. | `30` | -| `connectors.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `connectors.livenessProbe.successThreshold` | defines how often it needs to be true to be considered successful after having failed | `1` | -| `connectors.livenessProbe.failureThreshold` | defines when the probe is considered as failed so the container will be restarted | `5` | -| `connectors.livenessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `connectors.metrics.prometheus` | Prometheus metrics endpoint | `/actuator/prometheus` | -| `connectors.serviceAccount` | configuration for the service account where the Connectors pods are assigned to | | -| `connectors.serviceAccount.enabled` | if true, enables the Connectors service account | `true` | -| `connectors.serviceAccount.name` | can be used to set the name of the Connectors service account | `""` | -| `connectors.serviceAccount.annotations` | can be used to set the annotations of the service account | `{}` | -| `connectors.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `false` | -| `connectors.ingress.enabled` | if true, an ingress resource is deployed with the Connectors deployment. Only useful if an ingress controller is available, like nginx. Warning, separated ingress is deprecated and will be removed in the next release, please use global.ingress instead. | `false` | -| `connectors.ingress.className` | defines the class or configuration of ingress which should be used by the controller | `nginx` | -| `connectors.ingress.annotations` | defines the ingress related annotations, consumed mostly by the ingress controller | `{}` | -| `connectors.ingress.path` | defines the path which is associated with the Connectors service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `/` | -| `connectors.ingress.pathType` | can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types | `Prefix` | -| `connectors.ingress.host` | can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `""` | -| `connectors.ingress.tls` | configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | | -| `connectors.ingress.tls.enabled` | if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. | `false` | -| `connectors.ingress.tls.secretName` | defines the secret name which contains the TLS private key and certificate | `camunda-platform-connectors` | -| `connectors.podSecurityContext` | defines the security options the Connectors pod should be run with | | -| `connectors.podSecurityContext.runAsNonRoot` | run as non root | `true` | -| `connectors.podSecurityContext.fsGroup` | | `1001` | -| `connectors.podSecurityContext.seccompProfile` | | | -| `connectors.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `connectors.containerSecurityContext` | defines the security options the Connectors container should be run with | | -| `connectors.containerSecurityContext.privileged` | | `false` | -| `connectors.containerSecurityContext.readOnlyRootFilesystem` | | `true` | -| `connectors.containerSecurityContext.allowPrivilegeEscalation` | | `false` | -| `connectors.containerSecurityContext.runAsNonRoot` | | `true` | -| `connectors.containerSecurityContext.runAsUser` | | `1001` | -| `connectors.containerSecurityContext.seccompProfile` | | | -| `connectors.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `connectors.nodeSelector` | can be used to define on which nodes the Connectors pods should run | `{}` | -| `connectors.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | -| `connectors.affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | `{}` | -| `connectors.configuration` | if specified, contents will be used as the application.yaml | `""` | -| `connectors.extraConfiguration` | if specified, contents will be used for any extra configuration files such as the log4j2.xml | `{}` | -| `connectors.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | -| `connectors.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | +| Name | Description | Value | +| -------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | +| `connectors` | configuration for the Connectors. | | +| `connectors.enabled` | if true, the Connectors deployment and its related resources are deployed via a helm release | `true` | +| `connectors.inbound` | Switch for inbound mode (e.g., for webhook or polling) | | +| `connectors.inbound.mode` | acceptable values: disabled, credentials, or oauth | `oauth` | +| `connectors.inbound.auth` | configuration of the credentials authentication. | | +| `connectors.inbound.auth.existingSecret` | can be used to configure Secret name that contains password (if inbound mode is credentials) | `""` | +| `connectors.inbound.auth.existingSecretKey` | defines the key within the existing secret object. | `connectors-secret` | +| `connectors.image` | configuration to configure the Connectors image specifics | | +| `connectors.image.registry` | can be used to set container image registry. | `""` | +| `connectors.image.repository` | defines which image repository to use | `camunda/connectors-bundle` | +| `connectors.image.tag` | can be set to overwrite the global tag, which should be used in that chart | `8.7.0-alpha1` | +| `connectors.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | +| `connectors.sidecars` | can be used to attach extra containers to the connectors deployment | `[]` | +| `connectors.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | +| `connectors.replicas` | number of Connectors replicas | `1` | +| `connectors.contextPath` | can be used to make Connectors web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain. | `""` | +| `connectors.podAnnotations` | can be used to define extra Connectors pod annotations | `{}` | +| `connectors.podLabels` | can be used to define extra Connectors pod labels | `{}` | +| `connectors.logging` | configuration for the Connectors logging. This template will be directly included in the connector configuration YAML file | | +| `connectors.logging.level.io.camunda.connector` | | `ERROR` | +| `connectors.service` | configuration to configure the Connectors service. | | +| `connectors.service.annotations` | can be used to define annotations, which will be applied to the Connectors service | `{}` | +| `connectors.service.type` | defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | +| `connectors.service.serverPort` | defines the port number where the Connector web application will be available | `8080` | +| `connectors.service.serverName` | defines the port name where the Connector web application will be available | `http` | +| `connectors.resources` | configuration to set request and limit configuration for the container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | +| `connectors.resources.requests.cpu` | | `1` | +| `connectors.resources.requests.memory` | | `1Gi` | +| `connectors.resources.limits.cpu` | | `2` | +| `connectors.resources.limits.memory` | | `2Gi` | +| `connectors.env` | can be used to set extra environment variables in each Connector container | `[]` | +| `connectors.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | +| `connectors.command` | can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | +| `connectors.extraVolumes` | can be used to define extra volumes for the Connectors pods, useful for TLS and self-signed certificates | `[]` | +| `connectors.extraVolumeMounts` | can be used to mount extra volumes for the Connectors pods, useful for TLS and self-signed certificates | `[]` | +| `connectors.startupProbe` | configuration | | +| `connectors.startupProbe.enabled` | if true, the startup probe is enabled in app container | `false` | +| `connectors.startupProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | +| `connectors.startupProbe.probePath` | defines the startup probe route used on the app | `/actuator/health/readiness` | +| `connectors.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `connectors.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `connectors.startupProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | +| `connectors.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | +| `connectors.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `connectors.readinessProbe` | configuration | | +| `connectors.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `false` | +| `connectors.readinessProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | +| `connectors.readinessProbe.probePath` | defines the readiness probe route used on the app | `/actuator/health/readiness` | +| `connectors.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated. | `30` | +| `connectors.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `connectors.readinessProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | +| `connectors.readinessProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | +| `connectors.readinessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `connectors.livenessProbe` | configuration | | +| `connectors.livenessProbe.enabled` | if true, the liveness probe is enabled in app container | `false` | +| `connectors.livenessProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | +| `connectors.livenessProbe.probePath` | defines the liveness probe route used on the app | `/actuator/health/liveness` | +| `connectors.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `connectors.livenessProbe.initialDelaySeconds` | the probe is initiated. | `30` | +| `connectors.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `connectors.livenessProbe.successThreshold` | defines how often it needs to be true to be considered successful after having failed | `1` | +| `connectors.livenessProbe.failureThreshold` | defines when the probe is considered as failed so the container will be restarted | `5` | +| `connectors.livenessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `connectors.metrics.prometheus` | Prometheus metrics endpoint | `/actuator/prometheus` | +| `connectors.serviceAccount` | configuration for the service account where the Connectors pods are assigned to | | +| `connectors.serviceAccount.enabled` | if true, enables the Connectors service account | `true` | +| `connectors.serviceAccount.name` | can be used to set the name of the Connectors service account | `""` | +| `connectors.serviceAccount.annotations` | can be used to set the annotations of the service account | `{}` | +| `connectors.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `false` | +| `connectors.podSecurityContext` | defines the security options the Connectors pod should be run with | | +| `connectors.podSecurityContext.runAsNonRoot` | run as non root | `true` | +| `connectors.podSecurityContext.fsGroup` | | `1001` | +| `connectors.podSecurityContext.seccompProfile` | | | +| `connectors.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `connectors.containerSecurityContext` | defines the security options the Connectors container should be run with | | +| `connectors.containerSecurityContext.privileged` | | `false` | +| `connectors.containerSecurityContext.readOnlyRootFilesystem` | | `true` | +| `connectors.containerSecurityContext.allowPrivilegeEscalation` | | `false` | +| `connectors.containerSecurityContext.runAsNonRoot` | | `true` | +| `connectors.containerSecurityContext.runAsUser` | | `1001` | +| `connectors.containerSecurityContext.seccompProfile` | | | +| `connectors.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `connectors.nodeSelector` | can be used to define on which nodes the Connectors pods should run | `{}` | +| `connectors.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | +| `connectors.affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | `{}` | +| `connectors.configuration` | if specified, contents will be used as the application.yaml | `""` | +| `connectors.extraConfiguration` | if specified, contents will be used for any extra configuration files such as the log4j2.xml | `{}` | +| `connectors.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | +| `connectors.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | ### Orchestration Core Parameters @@ -1344,110 +1303,101 @@ Please see the corresponding [release guide](../../docs/release.md) to find out ### Optimize Parameters -| Name | Description | Value | -| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | -| `optimize.enabled` | if true, the Optimize deployment and its related resources are deployed via a helm release | `true` | -| `optimize.image` | configuration to configure the Optimize image specifics | | -| `optimize.image.registry` | can be used to set container image registry | `""` | -| `optimize.image.repository` | defines which image repository to use | `camunda/optimize` | -| `optimize.image.tag` | can be set to overwrite the global tag, which should be used in that chart | `8.7.0-alpha1` | -| `optimize.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | -| `optimize.migration` | configuration for Optimize migration | | -| `optimize.migration.enabled` | if true, run Optimize migration script as an init container | `true` | -| `optimize.migration.env` | can be used to set environment variables for Optimize migration init container | `[]` | -| `optimize.migration.resources` | configuration to set request and limit configuration for the migration container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | -| `optimize.migration.resources.requests.cpu` | | `600m` | -| `optimize.migration.resources.requests.memory` | | `1Gi` | -| `optimize.migration.resources.limits.cpu` | | `2000m` | -| `optimize.migration.resources.limits.memory` | | `2Gi` | -| `optimize.sidecars` | can be used to attach extra containers to the optimize deployment | `[]` | -| `optimize.contextPath` | can be used to make Optimize web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain. | `""` | -| `optimize.configMap` | configuration which will be applied to the mounted config map. | | -| `optimize.configMap.defaultMode` | can be used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. | `754` | -| `optimize.podAnnotations` | can be used to define extra Optimize pod annotations | `{}` | -| `optimize.podLabels` | can be used to define extra Optimize pod labels | `{}` | -| `optimize.logLevel` | configuration for the optimize runtime environment. https://docs.camunda.io/optimize/next/self-managed/optimize-deployment/configuration/logging/ | `info` | -| `optimize.upgradeLogLevel` | sets the logging level for the Optimize update log. https://docs.camunda.io/optimize/next/self-managed/optimize-deployment/configuration/logging/ | `info` | -| `optimize.esLogLevel` | sets the logging level for Elasticsearch. https://docs.camunda.io/optimize/next/self-managed/optimize-deployment/configuration/logging/ | `warn` | -| `optimize.partitionCount` | defines how many Zeebe partitions are set up in the cluster and which should be imported by Optimize | `3` | -| `optimize.env` | can be used to set extra environment variables in each Optimize container | `[]` | -| `optimize.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | -| `optimize.command` | can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | -| `optimize.extraVolumes` | can be used to define extra volumes for the Optimize pods, useful for tls and self-signed certificates | `[]` | -| `optimize.extraVolumeMounts` | can be used to mount extra volumes for the Optimize pods, useful for tls and self-signed certificates | `[]` | -| `optimize.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | -| `optimize.serviceAccount` | configuration for the service account where the Optimize pods are assigned to | | -| `optimize.serviceAccount.enabled` | if true, enables the Optimize service account | `true` | -| `optimize.serviceAccount.name` | can be used to set the name of the Optimize service account | `""` | -| `optimize.serviceAccount.annotations` | can be used to set the annotations of the Optimize service account | `{}` | -| `optimize.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `false` | -| `optimize.service` | configuration to configure the Optimize service. | | -| `optimize.service.annotations` | can be used to define annotations, which will be applied to the Optimize service | `{}` | -| `optimize.service.type` | defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | -| `optimize.service.port` | defines the port of the service, where the Optimize web application will be available | `80` | -| `optimize.service.managementPort` | defines the port where actuator will be available. Also required to reach backup API | `8092` | -| `optimize.podSecurityContext` | defines the security options the Optimize pod should be run with | | -| `optimize.podSecurityContext.runAsNonRoot` | | `true` | -| `optimize.podSecurityContext.fsGroup` | | `1001` | -| `optimize.podSecurityContext.seccompProfile` | | | -| `optimize.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `optimize.containerSecurityContext` | defines the security options the Optimize container should be run with | | -| `optimize.containerSecurityContext.allowPrivilegeEscalation` | | `false` | -| `optimize.containerSecurityContext.privileged` | | `false` | -| `optimize.containerSecurityContext.readOnlyRootFilesystem` | | `true` | -| `optimize.containerSecurityContext.runAsNonRoot` | | `true` | -| `optimize.containerSecurityContext.runAsUser` | | `1001` | -| `optimize.containerSecurityContext.seccompProfile` | | | -| `optimize.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `optimize.startupProbe` | configuration | | -| `optimize.startupProbe.enabled` | if true, the startup probe is enabled in app container | `false` | -| `optimize.startupProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | -| `optimize.startupProbe.probePath` | defines the startup probe route used on the app | `/api/readyz` | -| `optimize.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `optimize.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `optimize.startupProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | -| `optimize.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | -| `optimize.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `optimize.readinessProbe` | configuration | | -| `optimize.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `true` | -| `optimize.readinessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | -| `optimize.readinessProbe.probePath` | defines the readiness probe route used on the app | `/api/readyz` | -| `optimize.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `optimize.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `optimize.readinessProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | -| `optimize.readinessProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | -| `optimize.readinessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `optimize.livenessProbe` | configuration | | -| `optimize.livenessProbe.enabled` | if true, the liveness probe is enabled in app container | `false` | -| `optimize.livenessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | -| `optimize.livenessProbe.probePath` | defines the liveness probe route used on the app | `/api/readyz` | -| `optimize.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `optimize.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `optimize.livenessProbe.successThreshold` | defines how often it needs to be true to be considered successful after having failed | `1` | -| `optimize.livenessProbe.failureThreshold` | defines when the probe is considered as failed so the container will be restarted | `5` | -| `optimize.livenessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `optimize.metrics.prometheus` | Prometheus metrics endpoint | `/actuator/prometheus` | -| `optimize.nodeSelector` | can be used to define on which nodes the Optimize pods should run | `{}` | -| `optimize.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | -| `optimize.affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | `{}` | -| `optimize.resources` | configuration to set request and limit configuration for the container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | -| `optimize.resources.requests.cpu` | | `600m` | -| `optimize.resources.requests.memory` | | `1Gi` | -| `optimize.resources.limits.cpu` | | `2000m` | -| `optimize.resources.limits.memory` | | `2Gi` | -| `optimize.ingress.enabled` | if true, an ingress resource is deployed with the Optimize deployment. Only useful if an ingress controller is available, like nginx. Warning, separated ingress is deprecated and will be removed in the next release, please use global.ingress instead. | `false` | -| `optimize.ingress.className` | defines the class or configuration of ingress which should be used by the controller | `nginx` | -| `optimize.ingress.annotations` | defines the ingress related annotations, consumed mostly by the ingress controller | `{}` | -| `optimize.ingress.path` | defines the path which is associated with the operate service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `/` | -| `optimize.ingress.pathType` | can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types | `Prefix` | -| `optimize.ingress.host` | can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `""` | -| `optimize.ingress.tls` | configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | | -| `optimize.ingress.tls.enabled` | if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. | `false` | -| `optimize.ingress.tls.secretName` | defines the secret name which contains the TLS private key and certificate | `camunda-platform-optimize` | -| `optimize.configuration` | if specified, contents will be used as the environment-config.yaml | `""` | -| `optimize.extraConfiguration` | if specified, contents will be used for any extra configuration files such as environment-logback.xml | `{}` | -| `optimize.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | -| `optimize.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | +| Name | Description | Value | +| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `optimize.enabled` | if true, the Optimize deployment and its related resources are deployed via a helm release | `true` | +| `optimize.image` | configuration to configure the Optimize image specifics | | +| `optimize.image.registry` | can be used to set container image registry | `""` | +| `optimize.image.repository` | defines which image repository to use | `camunda/optimize` | +| `optimize.image.tag` | can be set to overwrite the global tag, which should be used in that chart | `8.7.0-alpha1` | +| `optimize.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | +| `optimize.migration` | configuration for Optimize migration | | +| `optimize.migration.enabled` | if true, run Optimize migration script as an init container | `true` | +| `optimize.migration.env` | can be used to set environment variables for Optimize migration init container | `[]` | +| `optimize.migration.resources` | configuration to set request and limit configuration for the migration container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | +| `optimize.migration.resources.requests.cpu` | | `600m` | +| `optimize.migration.resources.requests.memory` | | `1Gi` | +| `optimize.migration.resources.limits.cpu` | | `2000m` | +| `optimize.migration.resources.limits.memory` | | `2Gi` | +| `optimize.sidecars` | can be used to attach extra containers to the optimize deployment | `[]` | +| `optimize.contextPath` | can be used to make Optimize web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain. | `""` | +| `optimize.configMap` | configuration which will be applied to the mounted config map. | | +| `optimize.configMap.defaultMode` | can be used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. | `754` | +| `optimize.podAnnotations` | can be used to define extra Optimize pod annotations | `{}` | +| `optimize.podLabels` | can be used to define extra Optimize pod labels | `{}` | +| `optimize.logLevel` | configuration for the optimize runtime environment. https://docs.camunda.io/optimize/next/self-managed/optimize-deployment/configuration/logging/ | `info` | +| `optimize.upgradeLogLevel` | sets the logging level for the Optimize update log. https://docs.camunda.io/optimize/next/self-managed/optimize-deployment/configuration/logging/ | `info` | +| `optimize.esLogLevel` | sets the logging level for Elasticsearch. https://docs.camunda.io/optimize/next/self-managed/optimize-deployment/configuration/logging/ | `warn` | +| `optimize.partitionCount` | defines how many Zeebe partitions are set up in the cluster and which should be imported by Optimize | `3` | +| `optimize.env` | can be used to set extra environment variables in each Optimize container | `[]` | +| `optimize.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | +| `optimize.command` | can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | +| `optimize.extraVolumes` | can be used to define extra volumes for the Optimize pods, useful for tls and self-signed certificates | `[]` | +| `optimize.extraVolumeMounts` | can be used to mount extra volumes for the Optimize pods, useful for tls and self-signed certificates | `[]` | +| `optimize.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | +| `optimize.serviceAccount` | configuration for the service account where the Optimize pods are assigned to | | +| `optimize.serviceAccount.enabled` | if true, enables the Optimize service account | `true` | +| `optimize.serviceAccount.name` | can be used to set the name of the Optimize service account | `""` | +| `optimize.serviceAccount.annotations` | can be used to set the annotations of the Optimize service account | `{}` | +| `optimize.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `false` | +| `optimize.service` | configuration to configure the Optimize service. | | +| `optimize.service.annotations` | can be used to define annotations, which will be applied to the Optimize service | `{}` | +| `optimize.service.type` | defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | +| `optimize.service.port` | defines the port of the service, where the Optimize web application will be available | `80` | +| `optimize.service.managementPort` | defines the port where actuator will be available. Also required to reach backup API | `8092` | +| `optimize.podSecurityContext` | defines the security options the Optimize pod should be run with | | +| `optimize.podSecurityContext.runAsNonRoot` | | `true` | +| `optimize.podSecurityContext.fsGroup` | | `1001` | +| `optimize.podSecurityContext.seccompProfile` | | | +| `optimize.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `optimize.containerSecurityContext` | defines the security options the Optimize container should be run with | | +| `optimize.containerSecurityContext.allowPrivilegeEscalation` | | `false` | +| `optimize.containerSecurityContext.privileged` | | `false` | +| `optimize.containerSecurityContext.readOnlyRootFilesystem` | | `true` | +| `optimize.containerSecurityContext.runAsNonRoot` | | `true` | +| `optimize.containerSecurityContext.runAsUser` | | `1001` | +| `optimize.containerSecurityContext.seccompProfile` | | | +| `optimize.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `optimize.startupProbe` | configuration | | +| `optimize.startupProbe.enabled` | if true, the startup probe is enabled in app container | `false` | +| `optimize.startupProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | +| `optimize.startupProbe.probePath` | defines the startup probe route used on the app | `/api/readyz` | +| `optimize.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `optimize.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `optimize.startupProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | +| `optimize.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | +| `optimize.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `optimize.readinessProbe` | configuration | | +| `optimize.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `true` | +| `optimize.readinessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | +| `optimize.readinessProbe.probePath` | defines the readiness probe route used on the app | `/api/readyz` | +| `optimize.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `optimize.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `optimize.readinessProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | +| `optimize.readinessProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | +| `optimize.readinessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `optimize.livenessProbe` | configuration | | +| `optimize.livenessProbe.enabled` | if true, the liveness probe is enabled in app container | `false` | +| `optimize.livenessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | +| `optimize.livenessProbe.probePath` | defines the liveness probe route used on the app | `/api/readyz` | +| `optimize.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `optimize.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `optimize.livenessProbe.successThreshold` | defines how often it needs to be true to be considered successful after having failed | `1` | +| `optimize.livenessProbe.failureThreshold` | defines when the probe is considered as failed so the container will be restarted | `5` | +| `optimize.livenessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `optimize.metrics.prometheus` | Prometheus metrics endpoint | `/actuator/prometheus` | +| `optimize.nodeSelector` | can be used to define on which nodes the Optimize pods should run | `{}` | +| `optimize.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | +| `optimize.affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | `{}` | +| `optimize.resources` | configuration to set request and limit configuration for the container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | +| `optimize.resources.requests.cpu` | | `600m` | +| `optimize.resources.requests.memory` | | `1Gi` | +| `optimize.resources.limits.cpu` | | `2000m` | +| `optimize.resources.limits.memory` | | `2Gi` | +| `optimize.configuration` | if specified, contents will be used as the environment-config.yaml | `""` | +| `optimize.extraConfiguration` | if specified, contents will be used for any extra configuration files such as environment-logback.xml | `{}` | +| `optimize.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | +| `optimize.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | ### Elasticsearch Parameters diff --git a/charts/camunda-platform-alpha/templates/NOTES.txt b/charts/camunda-platform-alpha/templates/NOTES.txt index a862bfc061..46e5bc142c 100644 --- a/charts/camunda-platform-alpha/templates/NOTES.txt +++ b/charts/camunda-platform-alpha/templates/NOTES.txt @@ -77,7 +77,6 @@ Now you can connect your workers and clients to `localhost:26500` As part of the Helm charts, an ingress definition can be deployed, but you require to have an Ingress Controller for that Ingress to be Exposed. -In order to deploy the ingress manifest, set `.ingress.enabled` to `true`. Example: `operate.ingress.enabled=true` If you don't have an ingress controller you can use `kubectl port-forward` to access the deployed web application from outside the cluster: @@ -111,7 +110,7 @@ as well, otherwise, a login will not be possible. Make sure you use `18080` as a {{- end }} {{- end }} -Now you can point your browser to one of the service's login pages. Example: http://localhost:8081 for Operate. +Now you can point your browser to one of the service's login pages. {{ if .Values.identity.firstUser.enabled }} {{- if .Values.identity.firstUser.existingSecret }} Default user: "{{ .Values.identity.firstUser.username }}", and for password, run: @@ -145,12 +144,12 @@ Default user and password: "{{ .Values.identity.firstUser.username -}}/{{ .Value {{- end }} {{- if .Values.core.ingress.grpc.enabled }} -- Zeebe Gateway gRPC: {{ include "camundaPlatform.zeebeGatewayGRPCExternalURL" . }} +- Camunda gRPC API: {{ include "camundaPlatform.zeebeGatewayGRPCExternalURL" . }} {{- end }} {{- if .Values.core.ingress.http.enabled }} {{ $proto := ternary "https" "http" .Values.core.ingress.http.tls.enabled -}} -- Zeebe Gateway REST: {{ $proto }}://{{ tpl .Values.core.ingress.http.host $ }} +- Camunda REST API: {{ $proto }}://{{ tpl .Values.core.ingress.http.host $ }} {{- end }} {{ if .Values.global.createReleaseInfo -}} diff --git a/charts/camunda-platform-alpha/templates/camunda/_helpers.tpl b/charts/camunda-platform-alpha/templates/camunda/_helpers.tpl index 2229c3ce64..4ed6796a62 100644 --- a/charts/camunda-platform-alpha/templates/camunda/_helpers.tpl +++ b/charts/camunda-platform-alpha/templates/camunda/_helpers.tpl @@ -362,10 +362,7 @@ Usage: {{ include "camundaPlatform.getExternalURL" (dict "component" "operate" " */}} {{- define "camundaPlatform.getExternalURL" -}} {{- if (index .context.Values .component "enabled") -}} - {{- if (index .context.Values .component "ingress" "enabled") }} - {{- $proto := ternary "https" "http" (index .context.Values .component "ingress" "tls" "enabled") -}} - {{- printf "%s://%s" $proto (index .context.Values .component "ingress" "host") -}} - {{- else if $.context.Values.global.ingress.enabled -}} + {{- if $.context.Values.global.ingress.enabled -}} {{ $proto := ternary "https" "http" .context.Values.global.ingress.tls.enabled -}} {{- printf "%s://%s%s" $proto .context.Values.global.ingress.host (index .context.Values .component "contextPath") -}} {{- else -}} @@ -455,11 +452,7 @@ Web Modeler templates. {{- define "camundaPlatform.getExternalURLModeler" -}} {{- if .context.Values.webModeler.enabled -}} - {{- $ingress := .context.Values.webModeler.ingress }} - {{- if index $ingress "enabled" }} - {{- $proto := ternary "https" "http" (index $ingress .component "tls" "enabled") -}} - {{- printf "%s://%s" $proto (index $ingress .component "host") -}} - {{- else if $.context.Values.global.ingress.enabled -}} + {{- if $.context.Values.global.ingress.enabled -}} {{ $proto := ternary "https" "http" .context.Values.global.ingress.tls.enabled -}} {{- if eq .component "websockets" }} {{- printf "%s://%s%s" $proto .context.Values.global.ingress.host (include "webModeler.websocketContextPath" .context) -}} diff --git a/charts/camunda-platform-alpha/templates/camunda/ingress-http.yaml b/charts/camunda-platform-alpha/templates/camunda/ingress-http.yaml index 6ff64eb552..6fe8c9ea96 100644 --- a/charts/camunda-platform-alpha/templates/camunda/ingress-http.yaml +++ b/charts/camunda-platform-alpha/templates/camunda/ingress-http.yaml @@ -26,7 +26,7 @@ spec: port: number: {{ .Values.console.service.port }} path: {{ .Values.console.contextPath }} - pathType: {{ .Values.console.ingress.pathType | default .Values.global.ingress.pathType }} + pathType: {{ .Values.global.ingress.pathType }} {{- end }} {{- if .Values.identity.enabled }} {{- if or .Values.identityKeycloak.enabled .Values.global.identity.keycloak.internal }} @@ -39,14 +39,14 @@ spec: pathType: {{ .Values.identityKeycloak.ingress.pathType | default .Values.global.ingress.pathType }} {{- end }} {{- /* Disable Identiy endpoint if a seperated Ingress is used because it overlaps with Keycloak endpoints */ -}} - {{- if and .Values.identity.contextPath (not .Values.identity.ingress.enabled) }} + {{- if .Values.identity.contextPath }} - backend: service: name: {{ template "identity.fullname" . }} port: number: {{ .Values.identity.service.port }} path: {{ .Values.identity.contextPath }} - pathType: {{ .Values.identity.ingress.pathType | default .Values.global.ingress.pathType }} + pathType: {{ .Values.global.ingress.pathType }} {{- end }} {{- end }} {{- if and .Values.webModeler.enabled .Values.webModeler.contextPath }} @@ -56,14 +56,14 @@ spec: port: number: {{ .Values.webModeler.webapp.service.port }} path: {{ .Values.webModeler.contextPath }} - pathType: {{ .Values.webModeler.ingress.webapp.pathType | default .Values.global.ingress.pathType }} + pathType: {{ .Values.global.ingress.pathType }} - backend: service: name: {{ template "webModeler.websockets.fullname" . }} port: number: {{ .Values.webModeler.websockets.service.port }} path: {{ template "webModeler.websocketContextPath" . }} - pathType: {{ .Values.webModeler.ingress.websockets.pathType | default .Values.global.ingress.pathType }} + pathType: {{ .Values.global.ingress.pathType }} {{- end }} {{- /* Orchestration Group */ -}} {{- if and .Values.core.enabled .Values.core.contextPath }} @@ -74,7 +74,7 @@ spec: port: number: {{ .Values.core.service.httpPort }} path: {{ .Values.core.contextPath }} - pathType: {{ .Values.core.ingress.http.pathType | default .Values.global.ingress.pathType }} + pathType: {{ .Values.global.ingress.pathType }} # Core - Optimize. - backend: service: @@ -82,7 +82,7 @@ spec: port: number: {{ .Values.optimize.service.port }} path: {{ .Values.optimize.contextPath }} - pathType: {{ .Values.optimize.ingress.pathType | default .Values.global.ingress.pathType }} + pathType: {{ .Values.global.ingress.pathType }} {{- end }} {{- if and .Values.connectors.enabled .Values.connectors.contextPath }} # Connectors. @@ -92,7 +92,7 @@ spec: port: number: {{ .Values.connectors.service.serverPort }} path: {{ .Values.connectors.contextPath }} - pathType: {{ .Values.connectors.ingress.pathType | default .Values.global.ingress.pathType }} + pathType: {{ .Values.global.ingress.pathType }} {{- end }} {{- if .Values.global.ingress.tls.enabled }} tls: diff --git a/charts/camunda-platform-alpha/templates/connectors/ingress.yaml b/charts/camunda-platform-alpha/templates/connectors/ingress.yaml deleted file mode 100644 index 5e50fdec4d..0000000000 --- a/charts/camunda-platform-alpha/templates/connectors/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.connectors.enabled -}} -{{- if .Values.connectors.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "connectors.fullname" . }} - labels: - {{- include "connectors.labels" . | nindent 4 }} -{{- with .Values.connectors.ingress.annotations }} - annotations: - {{- tpl (toYaml .) $ | nindent 4 }} -{{- end }} -spec: - ingressClassName: {{ .Values.connectors.ingress.className }} - rules: - {{- if .Values.connectors.ingress.host }} - - host: {{ .Values.connectors.ingress.host }} - http: - {{- else }} - - http: - {{- end }} - paths: - - path: {{ .Values.connectors.ingress.path }} - pathType: {{ .Values.connectors.ingress.pathType }} - backend: - service: - name: {{ include "connectors.fullname" . }} - port: - number: 8080 - {{- if .Values.connectors.ingress.tls.enabled }} - tls: - - hosts: - - {{ .Values.connectors.ingress.host }} - {{- if .Values.connectors.ingress.tls.secretName }} - secretName: {{ .Values.connectors.ingress.tls.secretName }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/camunda-platform-alpha/templates/console/ingress.yaml b/charts/camunda-platform-alpha/templates/console/ingress.yaml deleted file mode 100644 index 319d6f8721..0000000000 --- a/charts/camunda-platform-alpha/templates/console/ingress.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if and .Values.console.enabled .Values.console.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "console.fullname" . }} - labels: - {{- include "console.labels" . | nindent 4 }} -{{- with .Values.console.ingress.annotations }} - annotations: - {{- tpl (toYaml .) $ | nindent 4 }} -{{- end }} -spec: - ingressClassName: {{ .Values.console.ingress.className }} - rules: - {{- if .Values.console.ingress.host }} - - host: {{ .Values.console.ingress.host }} - http: - {{- else }} - - http: - {{- end }} - paths: - - path: {{ .Values.console.ingress.path }} - pathType: {{ .Values.console.ingress.pathType }} - backend: - service: - name: {{ include "console.fullname" . }} - port: - number: 80 - {{- if .Values.console.ingress.tls.enabled }} - tls: - - hosts: - - {{ .Values.console.ingress.host }} - {{- if .Values.console.ingress.tls.secretName }} - secretName: {{ .Values.console.ingress.tls.secretName }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/camunda-platform-alpha/templates/identity/_helpers.tpl b/charts/camunda-platform-alpha/templates/identity/_helpers.tpl index feba6eb5d7..5f78fb2abc 100644 --- a/charts/camunda-platform-alpha/templates/identity/_helpers.tpl +++ b/charts/camunda-platform-alpha/templates/identity/_helpers.tpl @@ -32,10 +32,6 @@ Create a default fully qualified app name. {{- $host := .Values.global.ingress.host -}} {{- $path := .Values.identity.contextPath | default "" -}} {{- printf "%s://%s%s" $proto $host $path -}} - {{- else if .Values.identity.ingress.enabled -}} - {{- $proto := ternary "https" "http" .Values.identity.ingress.tls.enabled -}} - {{- $host := .Values.identity.ingress.host -}} - {{- printf "%s://%s" $proto $host -}} {{- else -}} {{- "http://localhost:8080" -}} {{- end -}} diff --git a/charts/camunda-platform-alpha/templates/identity/ingress.yaml b/charts/camunda-platform-alpha/templates/identity/ingress.yaml deleted file mode 100644 index 07b8f983f7..0000000000 --- a/charts/camunda-platform-alpha/templates/identity/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.identity.enabled -}} -{{- if .Values.identity.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "identity.fullname" . }} - labels: - {{- include "identity.labels" . | nindent 4 }} -{{- with .Values.identity.ingress.annotations }} - annotations: - {{- tpl (toYaml .) $ | nindent 4 }} -{{- end }} -spec: - ingressClassName: {{ .Values.identity.ingress.className }} - rules: - {{- if .Values.identity.ingress.host }} - - host: {{ .Values.identity.ingress.host }} - http: - {{- else }} - - http: - {{- end }} - paths: - - path: {{ .Values.identity.ingress.path }} - pathType: {{ .Values.identity.ingress.pathType }} - backend: - service: - name: {{ include "identity.fullname" . }} - port: - number: 80 - {{- if .Values.identity.ingress.tls.enabled }} - tls: - - hosts: - - {{ .Values.identity.ingress.host }} - {{- if .Values.identity.ingress.tls.secretName }} - secretName: {{ .Values.identity.ingress.tls.secretName }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/camunda-platform-alpha/templates/optimize/ingress.yaml b/charts/camunda-platform-alpha/templates/optimize/ingress.yaml deleted file mode 100644 index c3028a56bc..0000000000 --- a/charts/camunda-platform-alpha/templates/optimize/ingress.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if and .Values.optimize.enabled .Values.optimize.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "optimize.fullname" . }} - labels: - {{- include "optimize.labels" . | nindent 4 }} - {{- with .Values.optimize.ingress.annotations }} - annotations: - {{- tpl (toYaml .) $ | nindent 4 }} - {{- end }} -spec: - ingressClassName: {{ .Values.optimize.ingress.className }} - rules: - {{- if .Values.optimize.ingress.host }} - - host: {{ .Values.optimize.ingress.host }} - http: - {{- else }} - - http: - {{- end }} - paths: - - path: {{ .Values.optimize.ingress.path }} - pathType: {{ .Values.optimize.ingress.pathType }} - backend: - service: - name: {{ include "optimize.fullname" . }} - port: - number: 80 - {{- if .Values.optimize.ingress.tls.enabled }} - tls: - - hosts: - - {{ .Values.optimize.ingress.host }} - {{- if .Values.optimize.ingress.tls.secretName }} - secretName: {{ .Values.optimize.ingress.tls.secretName }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/camunda-platform-alpha/templates/web-modeler/_helpers.tpl b/charts/camunda-platform-alpha/templates/web-modeler/_helpers.tpl index 9901e14bed..c48dc9c22c 100644 --- a/charts/camunda-platform-alpha/templates/web-modeler/_helpers.tpl +++ b/charts/camunda-platform-alpha/templates/web-modeler/_helpers.tpl @@ -305,8 +305,6 @@ Define match labels for Web Modeler websockets to be used in matchLabels selecto {{- define "webModeler.publicWebsocketHost" -}} {{- if and .Values.global.ingress.enabled .Values.webModeler.contextPath }} {{- .Values.global.ingress.host }} - {{- else }} - {{- .Values.webModeler.ingress.enabled | ternary .Values.webModeler.ingress.websockets.host .Values.webModeler.websockets.publicHost }} {{- end }} {{- end -}} @@ -317,11 +315,7 @@ Define match labels for Web Modeler websockets to be used in matchLabels selecto {{- if and .Values.global.ingress.enabled .Values.webModeler.contextPath }} {{- .Values.global.ingress.tls.enabled | ternary "443" "80" }} {{- else }} - {{- if .Values.webModeler.ingress.enabled }} - {{- .Values.webModeler.ingress.websockets.tls.enabled | ternary "443" "80" }} - {{- else }} - {{- .Values.webModeler.websockets.publicPort }} - {{- end }} + {{- .Values.webModeler.websockets.publicPort }} {{- end }} {{- end -}} @@ -331,8 +325,6 @@ Define match labels for Web Modeler websockets to be used in matchLabels selecto {{- define "webModeler.websocketTlsEnabled" -}} {{- if and .Values.global.ingress.enabled .Values.webModeler.contextPath }} {{- .Values.global.ingress.tls.enabled }} - {{- else }} - {{- and .Values.webModeler.ingress.enabled .Values.webModeler.ingress.websockets.tls.enabled }} {{- end }} {{- end -}} diff --git a/charts/camunda-platform-alpha/templates/web-modeler/ingress.yaml b/charts/camunda-platform-alpha/templates/web-modeler/ingress.yaml deleted file mode 100644 index f6bed0541e..0000000000 --- a/charts/camunda-platform-alpha/templates/web-modeler/ingress.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if and .Values.webModeler.enabled .Values.webModeler.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "webModeler.fullname" . }} - labels: {{- include "webModeler.labels" . | nindent 4 }} -{{- with .Values.webModeler.ingress.annotations }} - annotations: - {{- tpl (toYaml .) $ | nindent 4 }} -{{- end }} -spec: - ingressClassName: {{ .Values.webModeler.ingress.className }} - rules: - - host: {{ .Values.webModeler.ingress.webapp.host }} - http: - paths: - - path: / - pathType: {{ .Values.webModeler.ingress.webapp.pathType }} - backend: - service: - name: {{ include "webModeler.webapp.fullname" . }} - port: - number: {{ .Values.webModeler.webapp.service.port }} - - host: {{ .Values.webModeler.ingress.websockets.host }} - http: - paths: - - path: / - pathType: {{ .Values.webModeler.ingress.websockets.pathType }} - backend: - service: - name: {{ include "webModeler.websockets.fullname" . }} - port: - number: {{ .Values.webModeler.websockets.service.port }} - {{- if or .Values.webModeler.ingress.webapp.tls.enabled .Values.webModeler.ingress.websockets.tls.enabled }} - tls: - {{- if .Values.webModeler.ingress.webapp.tls.enabled }} - - hosts: - - {{ .Values.webModeler.ingress.webapp.host }} - {{- if .Values.webModeler.ingress.webapp.tls.secretName }} - secretName: {{ .Values.webModeler.ingress.webapp.tls.secretName }} - {{- end }} - {{- end }} - {{- if .Values.webModeler.ingress.websockets.tls.enabled }} - - hosts: - - {{ .Values.webModeler.ingress.websockets.host }} - {{- if .Values.webModeler.ingress.websockets.tls.secretName }} - secretName: {{ .Values.webModeler.ingress.websockets.tls.secretName }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/camunda-platform-alpha/test/unit/connectors/golden/ingress-all-enabled.golden.yaml b/charts/camunda-platform-alpha/test/unit/connectors/golden/ingress-all-enabled.golden.yaml deleted file mode 100644 index 89453e8b21..0000000000 --- a/charts/camunda-platform-alpha/test/unit/connectors/golden/ingress-all-enabled.golden.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Source: camunda-platform/templates/connectors/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camunda-platform-test-connectors - labels: - app: camunda-platform - app.kubernetes.io/name: camunda-platform - app.kubernetes.io/instance: camunda-platform-test - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: camunda-platform - app.kubernetes.io/component: connectors - app.kubernetes.io/version: "8.7.0-alpha1" - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/ssl-redirect: "false" -spec: - ingressClassName: nginx - rules: - - host: local - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-connectors - port: - number: 8080 - tls: - - hosts: - - local - secretName: my-secret \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/connectors/golden/ingress.golden.yaml b/charts/camunda-platform-alpha/test/unit/connectors/golden/ingress.golden.yaml deleted file mode 100644 index 7a4936a487..0000000000 --- a/charts/camunda-platform-alpha/test/unit/connectors/golden/ingress.golden.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Source: camunda-platform/templates/connectors/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camunda-platform-test-connectors - labels: - app: camunda-platform - app.kubernetes.io/name: camunda-platform - app.kubernetes.io/instance: camunda-platform-test - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: camunda-platform - app.kubernetes.io/component: connectors - app.kubernetes.io/version: "8.7.0-alpha1" - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/ssl-redirect: "false" -spec: - ingressClassName: nginx - rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-connectors - port: - number: 8080 \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/connectors/goldenfiles_test.go b/charts/camunda-platform-alpha/test/unit/connectors/goldenfiles_test.go index 8945ef37b4..af362fbe0f 100644 --- a/charts/camunda-platform-alpha/test/unit/connectors/goldenfiles_test.go +++ b/charts/camunda-platform-alpha/test/unit/connectors/goldenfiles_test.go @@ -31,7 +31,7 @@ func TestGoldenDefaultsTemplate(t *testing.T) { chartPath, err := filepath.Abs("../../../") require.NoError(t, err) // FIXME/TODO: the "inbound-secret" generates a random secret every time thus failing to pass on golden - templateNames := []string{"service", "serviceaccount", "deployment", "ingress"} + templateNames := []string{"service", "serviceaccount", "deployment"} for _, name := range templateNames { suite.Run(t, &utils.TemplateGoldenTest{ @@ -42,7 +42,6 @@ func TestGoldenDefaultsTemplate(t *testing.T) { Templates: []string{"templates/connectors/" + name + ".yaml"}, SetValues: map[string]string{ "connectors.enabled": "true", - "connectors.ingress.enabled": "true", "connectors.serviceAccount.enabled": "true", }, IgnoredLines: []string{ diff --git a/charts/camunda-platform-alpha/test/unit/connectors/ingress_test.go b/charts/camunda-platform-alpha/test/unit/connectors/ingress_test.go deleted file mode 100644 index 7c196f5616..0000000000 --- a/charts/camunda-platform-alpha/test/unit/connectors/ingress_test.go +++ /dev/null @@ -1,64 +0,0 @@ -// Copyright 2022 Camunda Services GmbH -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package connectors - -import ( - "camunda-platform/test/unit/utils" - "path/filepath" - "strings" - "testing" - - "github.com/gruntwork-io/terratest/modules/random" - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/suite" -) - -func TestGoldenIngressDefaultTemplate(t *testing.T) { - t.Parallel() - - chartPath, err := filepath.Abs("../../../") - require.NoError(t, err) - - suite.Run(t, &utils.TemplateGoldenTest{ - ChartPath: chartPath, - Release: "camunda-platform-test", - Namespace: "camunda-platform-" + strings.ToLower(random.UniqueId()), - GoldenFileName: "ingress", - Templates: []string{"templates/connectors/ingress.yaml"}, - SetValues: map[string]string{"connectors.enabled": "true", "connectors.ingress.enabled": "true"}, - }) -} - -func TestGoldenIngressAllEnabledTemplate(t *testing.T) { - t.Parallel() - - chartPath, err := filepath.Abs("../../../") - require.NoError(t, err) - - suite.Run(t, &utils.TemplateGoldenTest{ - ChartPath: chartPath, - Release: "camunda-platform-test", - Namespace: "camunda-platform-" + strings.ToLower(random.UniqueId()), - GoldenFileName: "ingress-all-enabled", - Templates: []string{"templates/connectors/ingress.yaml"}, - SetValues: map[string]string{ - "connectors.enabled": "true", - "connectors.ingress.enabled": "true", - "connectors.ingress.host": "local", - "connectors.ingress.tls.enabled": "true", - "connectors.ingress.tls.secretName": "my-secret", - }, - }) -} diff --git a/charts/camunda-platform-alpha/test/unit/console/golden/ingress-all-enabled.golden.yaml b/charts/camunda-platform-alpha/test/unit/console/golden/ingress-all-enabled.golden.yaml deleted file mode 100644 index 07bdf4d6fb..0000000000 --- a/charts/camunda-platform-alpha/test/unit/console/golden/ingress-all-enabled.golden.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Source: camunda-platform/templates/console/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camunda-platform-test-console - labels: - app: camunda-platform - app.kubernetes.io/name: camunda-platform - app.kubernetes.io/instance: camunda-platform-test - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: camunda-platform - app.kubernetes.io/component: console - app.kubernetes.io/version: "8.7.0-alpha1" - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/ssl-redirect: "false" -spec: - ingressClassName: nginx - rules: - - host: local - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-console - port: - number: 80 - tls: - - hosts: - - local - secretName: my-secret \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/console/golden/ingress.golden.yaml b/charts/camunda-platform-alpha/test/unit/console/golden/ingress.golden.yaml deleted file mode 100644 index d6e00a17ce..0000000000 --- a/charts/camunda-platform-alpha/test/unit/console/golden/ingress.golden.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Source: camunda-platform/templates/console/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camunda-platform-test-console - labels: - app: camunda-platform - app.kubernetes.io/name: camunda-platform - app.kubernetes.io/instance: camunda-platform-test - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: camunda-platform - app.kubernetes.io/component: console - app.kubernetes.io/version: "8.7.0-alpha1" - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/ssl-redirect: "false" -spec: - ingressClassName: nginx - rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-console - port: - number: 80 \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/console/ingress_test.go b/charts/camunda-platform-alpha/test/unit/console/ingress_test.go deleted file mode 100644 index eae997e27b..0000000000 --- a/charts/camunda-platform-alpha/test/unit/console/ingress_test.go +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright 2022 Camunda Services GmbH -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package console - -import ( - "camunda-platform/test/unit/utils" - "path/filepath" - "strings" - "testing" - - "github.com/gruntwork-io/terratest/modules/random" - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/suite" -) - -func TestGoldenIngressDefaultTemplate(t *testing.T) { - t.Parallel() - - chartPath, err := filepath.Abs("../../../") - require.NoError(t, err) - - suite.Run(t, &utils.TemplateGoldenTest{ - ChartPath: chartPath, - Release: "camunda-platform-test", - Namespace: "camunda-platform-" + strings.ToLower(random.UniqueId()), - GoldenFileName: "ingress", - Templates: []string{"templates/console/ingress.yaml"}, - SetValues: map[string]string{ - "console.enabled": "true", - "console.ingress.enabled": "true", - }, - }) -} - -func TestGoldenIngressAllEnabledTemplate(t *testing.T) { - t.Parallel() - - chartPath, err := filepath.Abs("../../../") - require.NoError(t, err) - - suite.Run(t, &utils.TemplateGoldenTest{ - ChartPath: chartPath, - Release: "camunda-platform-test", - Namespace: "camunda-platform-" + strings.ToLower(random.UniqueId()), - GoldenFileName: "ingress-all-enabled", - Templates: []string{"templates/console/ingress.yaml"}, - SetValues: map[string]string{ - "console.enabled": "true", - "console.ingress.enabled": "true", - "console.ingress.host": "local", - "console.ingress.tls.enabled": "true", - "console.ingress.tls.secretName": "my-secret", - }, - }) -} diff --git a/charts/camunda-platform-alpha/test/unit/identity/golden/ingress-all-enabled.golden.yaml b/charts/camunda-platform-alpha/test/unit/identity/golden/ingress-all-enabled.golden.yaml deleted file mode 100644 index 3ac4f39d81..0000000000 --- a/charts/camunda-platform-alpha/test/unit/identity/golden/ingress-all-enabled.golden.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Source: camunda-platform/templates/identity/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camunda-platform-test-identity - labels: - app: camunda-platform - app.kubernetes.io/name: camunda-platform - app.kubernetes.io/instance: camunda-platform-test - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: camunda-platform - app.kubernetes.io/component: identity - app.kubernetes.io/version: "8.7.0-alpha1" - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/ssl-redirect: "false" -spec: - ingressClassName: nginx - rules: - - host: local - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-identity - port: - number: 80 - tls: - - hosts: - - local - secretName: my-secret \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/identity/golden/ingress.golden.yaml b/charts/camunda-platform-alpha/test/unit/identity/golden/ingress.golden.yaml deleted file mode 100644 index 067c6f283c..0000000000 --- a/charts/camunda-platform-alpha/test/unit/identity/golden/ingress.golden.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Source: camunda-platform/templates/identity/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camunda-platform-test-identity - labels: - app: camunda-platform - app.kubernetes.io/name: camunda-platform - app.kubernetes.io/instance: camunda-platform-test - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: camunda-platform - app.kubernetes.io/component: identity - app.kubernetes.io/version: "8.7.0-alpha1" - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/ssl-redirect: "false" -spec: - ingressClassName: nginx - rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-identity - port: - number: 80 \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/identity/ingress_test.go b/charts/camunda-platform-alpha/test/unit/identity/ingress_test.go deleted file mode 100644 index 5c036d69f6..0000000000 --- a/charts/camunda-platform-alpha/test/unit/identity/ingress_test.go +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2022 Camunda Services GmbH -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package identity - -import ( - "camunda-platform/test/unit/utils" - "path/filepath" - "strings" - "testing" - - "github.com/gruntwork-io/terratest/modules/random" - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/suite" -) - -func TestGoldenIngressDefaultTemplate(t *testing.T) { - t.Parallel() - - chartPath, err := filepath.Abs("../../../") - require.NoError(t, err) - - suite.Run(t, &utils.TemplateGoldenTest{ - ChartPath: chartPath, - Release: "camunda-platform-test", - Namespace: "camunda-platform-" + strings.ToLower(random.UniqueId()), - GoldenFileName: "ingress", - Templates: []string{"templates/identity/ingress.yaml"}, - SetValues: map[string]string{"identity.ingress.enabled": "true"}, - }) -} - -func TestGoldenIngressAllEnabledTemplate(t *testing.T) { - t.Parallel() - - chartPath, err := filepath.Abs("../../../") - require.NoError(t, err) - - suite.Run(t, &utils.TemplateGoldenTest{ - ChartPath: chartPath, - Release: "camunda-platform-test", - Namespace: "camunda-platform-" + strings.ToLower(random.UniqueId()), - GoldenFileName: "ingress-all-enabled", - Templates: []string{"templates/identity/ingress.yaml"}, - SetValues: map[string]string{ - "identity.ingress.enabled": "true", - "identity.ingress.host": "local", - "identity.ingress.tls.enabled": "true", - "identity.ingress.tls.secretName": "my-secret", - }, - }) -} diff --git a/charts/camunda-platform-alpha/test/unit/optimize/golden/ingress-all-enabled.golden.yaml b/charts/camunda-platform-alpha/test/unit/optimize/golden/ingress-all-enabled.golden.yaml deleted file mode 100644 index bf6ffddf9d..0000000000 --- a/charts/camunda-platform-alpha/test/unit/optimize/golden/ingress-all-enabled.golden.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Source: camunda-platform/templates/optimize/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camunda-platform-test-optimize - labels: - app: camunda-platform - app.kubernetes.io/name: camunda-platform - app.kubernetes.io/instance: camunda-platform-test - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: camunda-platform - app.kubernetes.io/component: optimize - app.kubernetes.io/version: "8.7.0-alpha1" - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/ssl-redirect: "false" -spec: - ingressClassName: nginx - rules: - - host: local - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-optimize - port: - number: 80 - tls: - - hosts: - - local - secretName: my-secret \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/optimize/golden/ingress.golden.yaml b/charts/camunda-platform-alpha/test/unit/optimize/golden/ingress.golden.yaml deleted file mode 100644 index 16c6c4904b..0000000000 --- a/charts/camunda-platform-alpha/test/unit/optimize/golden/ingress.golden.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Source: camunda-platform/templates/optimize/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camunda-platform-test-optimize - labels: - app: camunda-platform - app.kubernetes.io/name: camunda-platform - app.kubernetes.io/instance: camunda-platform-test - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: camunda-platform - app.kubernetes.io/component: optimize - app.kubernetes.io/version: "8.7.0-alpha1" - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/ssl-redirect: "false" -spec: - ingressClassName: nginx - rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-optimize - port: - number: 80 \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/optimize/ingress_test.go b/charts/camunda-platform-alpha/test/unit/optimize/ingress_test.go deleted file mode 100644 index 9a1cfb03c7..0000000000 --- a/charts/camunda-platform-alpha/test/unit/optimize/ingress_test.go +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2022 Camunda Services GmbH -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package optimize - -import ( - "camunda-platform/test/unit/utils" - "path/filepath" - "strings" - "testing" - - "github.com/gruntwork-io/terratest/modules/random" - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/suite" -) - -func TestGoldenIngressDefaultTemplate(t *testing.T) { - t.Parallel() - - chartPath, err := filepath.Abs("../../../") - require.NoError(t, err) - - suite.Run(t, &utils.TemplateGoldenTest{ - ChartPath: chartPath, - Release: "camunda-platform-test", - Namespace: "camunda-platform-" + strings.ToLower(random.UniqueId()), - GoldenFileName: "ingress", - Templates: []string{"templates/optimize/ingress.yaml"}, - SetValues: map[string]string{"optimize.ingress.enabled": "true"}, - }) -} - -func TestGoldenIngressAllEnabledTemplate(t *testing.T) { - t.Parallel() - - chartPath, err := filepath.Abs("../../../") - require.NoError(t, err) - - suite.Run(t, &utils.TemplateGoldenTest{ - ChartPath: chartPath, - Release: "camunda-platform-test", - Namespace: "camunda-platform-" + strings.ToLower(random.UniqueId()), - GoldenFileName: "ingress-all-enabled", - Templates: []string{"templates/optimize/ingress.yaml"}, - SetValues: map[string]string{ - "optimize.ingress.enabled": "true", - "optimize.ingress.host": "local", - "optimize.ingress.tls.enabled": "true", - "optimize.ingress.tls.secretName": "my-secret", - }, - }) -} diff --git a/charts/camunda-platform-alpha/test/unit/web-modeler/configmap_webapp_test.go b/charts/camunda-platform-alpha/test/unit/web-modeler/configmap_webapp_test.go index 47c52032fb..bf2abd91a3 100644 --- a/charts/camunda-platform-alpha/test/unit/web-modeler/configmap_webapp_test.go +++ b/charts/camunda-platform-alpha/test/unit/web-modeler/configmap_webapp_test.go @@ -1,6 +1,10 @@ package web_modeler import ( + "path/filepath" + "strings" + "testing" + "github.com/BurntSushi/toml" "github.com/gruntwork-io/terratest/modules/helm" "github.com/gruntwork-io/terratest/modules/k8s" @@ -8,9 +12,6 @@ import ( "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" corev1 "k8s.io/api/core/v1" - "path/filepath" - "strings" - "testing" ) type configmapWebAppTemplateTest struct { @@ -89,7 +90,6 @@ func (s *configmapWebAppTemplateTest) TestContainerShouldSetCorrectClientPusherC SetValues: map[string]string{ "webModeler.enabled": "true", "webModeler.restapi.mail.fromAddress": "example@example.com", - "webModeler.ingress.enabled": "false", "webModeler.contextPath": "/modeler", "global.ingress.enabled": "true", "global.ingress.host": "c8.example.com", @@ -121,7 +121,6 @@ func (s *configmapWebAppTemplateTest) TestContainerShouldSetCorrectClientPusherC SetValues: map[string]string{ "webModeler.enabled": "true", "webModeler.restapi.mail.fromAddress": "example@example.com", - "webModeler.ingress.enabled": "false", "webModeler.contextPath": "/modeler", "global.ingress.enabled": "true", "global.ingress.host": "c8.example.com", @@ -147,64 +146,7 @@ func (s *configmapWebAppTemplateTest) TestContainerShouldSetCorrectClientPusherC s.Require().Equal("/modeler-ws", configmapApplication.Client.Pusher.Path) s.Require().Equal("true", configmapApplication.Client.Pusher.ForceTLS) } -func (s *configmapWebAppTemplateTest) TestContainerShouldSetCorrectClientPusherConfigurationWithIngressTlsEnabled() { - // given - options := &helm.Options{ - SetValues: map[string]string{ - "webModeler.enabled": "true", - "webModeler.restapi.mail.fromAddress": "example@example.com", - "webModeler.ingress.enabled": "true", - "webModeler.ingress.websockets.host": "modeler-ws.example.com", - "webModeler.ingress.websockets.tls.enabled": "true", - }, - KubectlOptions: k8s.NewKubectlOptions("", "", s.namespace), - } - - // when - output := helm.RenderTemplate(s.T(), options, s.chartPath, s.release, s.templates) - var configmap corev1.ConfigMap - var configmapApplication WebModelerWebAppTOML - helm.UnmarshalK8SYaml(s.T(), output, &configmap) - - err := toml.Unmarshal([]byte(configmap.Data["application.toml"]), &configmapApplication) - if err != nil { - s.Fail("Failed to unmarshal yaml. error=", err) - } - - // then - s.Require().Equal("modeler-ws.example.com", configmapApplication.Client.Pusher.Host) - s.Require().Equal("443", configmapApplication.Client.Pusher.Port) - s.Require().Equal("true", configmapApplication.Client.Pusher.ForceTLS) -} -func (s *configmapWebAppTemplateTest) TestContainerShouldSetCorrectClientPusherConfigurationWithIngressTlsDisabled() { - // given - options := &helm.Options{ - SetValues: map[string]string{ - "webModeler.enabled": "true", - "webModeler.restapi.mail.fromAddress": "example@example.com", - "webModeler.ingress.enabled": "true", - "webModeler.ingress.websockets.host": "modeler-ws.example.com", - "webModeler.ingress.websockets.tls.enabled": "false", - }, - KubectlOptions: k8s.NewKubectlOptions("", "", s.namespace), - } - // when - output := helm.RenderTemplate(s.T(), options, s.chartPath, s.release, s.templates) - var configmap corev1.ConfigMap - var configmapApplication WebModelerWebAppTOML - helm.UnmarshalK8SYaml(s.T(), output, &configmap) - - err := toml.Unmarshal([]byte(configmap.Data["application.toml"]), &configmapApplication) - if err != nil { - s.Fail("Failed to unmarshal yaml. error=", err) - } - - // then - s.Require().Equal("modeler-ws.example.com", configmapApplication.Client.Pusher.Host) - s.Require().Equal("80", configmapApplication.Client.Pusher.Port) - s.Require().Equal("false", configmapApplication.Client.Pusher.ForceTLS) -} func (s *configmapWebAppTemplateTest) TestContainerShouldSetCorrectIdentityServiceUrlWithFullnameOverride() { // given options := &helm.Options{ diff --git a/charts/camunda-platform-alpha/test/unit/web-modeler/deployment_websockets_test.go b/charts/camunda-platform-alpha/test/unit/web-modeler/deployment_websockets_test.go index 2882433b21..bee6e10311 100644 --- a/charts/camunda-platform-alpha/test/unit/web-modeler/deployment_websockets_test.go +++ b/charts/camunda-platform-alpha/test/unit/web-modeler/deployment_websockets_test.go @@ -57,7 +57,6 @@ func (s *websocketsDeploymentTemplateTest) TestContainerSetPusherAppPathIfGlobal SetValues: map[string]string{ "webModeler.enabled": "true", "webModeler.restapi.mail.fromAddress": "example@example.com", - "webModeler.ingress.enabled": "false", "webModeler.contextPath": "/modeler", "global.ingress.enabled": "true", "global.ingress.host": "c8.example.com", diff --git a/charts/camunda-platform-alpha/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml b/charts/camunda-platform-alpha/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml deleted file mode 100644 index bed073c8ab..0000000000 --- a/charts/camunda-platform-alpha/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Source: camunda-platform/templates/web-modeler/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camunda-platform-test-web-modeler - labels: - app: camunda-platform - app.kubernetes.io/name: web-modeler - app.kubernetes.io/instance: camunda-platform-test - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: camunda-platform - app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.7.0-alpha1" - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/ssl-redirect: "false" -spec: - ingressClassName: nginx - rules: - - host: modeler.example.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-web-modeler-webapp - port: - number: 80 - - host: modeler-ws.example.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-web-modeler-websockets - port: - number: 80 - tls: - - hosts: - - modeler.example.com - secretName: webapp-tls-secret - - hosts: - - modeler-ws.example.com - secretName: websockets-tls-secret \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/web-modeler/golden/ingress.golden.yaml b/charts/camunda-platform-alpha/test/unit/web-modeler/golden/ingress.golden.yaml deleted file mode 100644 index 4c4a529486..0000000000 --- a/charts/camunda-platform-alpha/test/unit/web-modeler/golden/ingress.golden.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Source: camunda-platform/templates/web-modeler/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camunda-platform-test-web-modeler - labels: - app: camunda-platform - app.kubernetes.io/name: web-modeler - app.kubernetes.io/instance: camunda-platform-test - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: camunda-platform - app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.7.0-alpha1" - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/ssl-redirect: "false" -spec: - ingressClassName: nginx - rules: - - host: modeler.example.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-web-modeler-webapp - port: - number: 80 - - host: modeler-ws.example.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: camunda-platform-test-web-modeler-websockets - port: - number: 80 \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/web-modeler/ingress_test.go b/charts/camunda-platform-alpha/test/unit/web-modeler/ingress_test.go deleted file mode 100644 index 961710ee81..0000000000 --- a/charts/camunda-platform-alpha/test/unit/web-modeler/ingress_test.go +++ /dev/null @@ -1,74 +0,0 @@ -// Copyright 2022 Camunda Services GmbH -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package web_modeler - -import ( - "camunda-platform/test/unit/utils" - "path/filepath" - "strings" - "testing" - - "github.com/gruntwork-io/terratest/modules/random" - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/suite" -) - -func TestGoldenIngressDefaultTemplate(t *testing.T) { - t.Parallel() - - chartPath, err := filepath.Abs("../../../") - require.NoError(t, err) - - suite.Run(t, &utils.TemplateGoldenTest{ - ChartPath: chartPath, - Release: "camunda-platform-test", - Namespace: "camunda-platform-" + strings.ToLower(random.UniqueId()), - GoldenFileName: "ingress", - Templates: []string{"templates/web-modeler/ingress.yaml"}, - SetValues: map[string]string{ - "webModeler.enabled": "true", - "webModeler.restapi.mail.fromAddress": "example@example.com", - "webModeler.ingress.enabled": "true", - "webModeler.ingress.webapp.host": "modeler.example.com", - "webModeler.ingress.websockets.host": "modeler-ws.example.com", - }, - }) -} - -func TestGoldenIngressAllEnabledTemplate(t *testing.T) { - t.Parallel() - - chartPath, err := filepath.Abs("../../../") - require.NoError(t, err) - - suite.Run(t, &utils.TemplateGoldenTest{ - ChartPath: chartPath, - Release: "camunda-platform-test", - Namespace: "camunda-platform-" + strings.ToLower(random.UniqueId()), - GoldenFileName: "ingress-all-enabled", - Templates: []string{"templates/web-modeler/ingress.yaml"}, - SetValues: map[string]string{ - "webModeler.enabled": "true", - "webModeler.restapi.mail.fromAddress": "example@example.com", - "webModeler.ingress.enabled": "true", - "webModeler.ingress.webapp.host": "modeler.example.com", - "webModeler.ingress.websockets.host": "modeler-ws.example.com", - "webModeler.ingress.webapp.tls.enabled": "true", - "webModeler.ingress.webapp.tls.secretName": "webapp-tls-secret", - "webModeler.ingress.websockets.tls.enabled": "true", - "webModeler.ingress.websockets.tls.secretName": "websockets-tls-secret", - }, - }) -} diff --git a/charts/camunda-platform-alpha/values.yaml b/charts/camunda-platform-alpha/values.yaml index d3367402df..aae9d2e773 100644 --- a/charts/camunda-platform-alpha/values.yaml +++ b/charts/camunda-platform-alpha/values.yaml @@ -613,34 +613,6 @@ identity: ## @param identity.serviceAccount.automountServiceAccountToken can be used to control whether the service account token should be automatically mounted automountServiceAccountToken: true - ingress: - ## @param identity.ingress.enabled if true, an ingress resource is deployed with the identity deployment. Only useful if an ingress controller is available, like nginx. Warning, separated ingress is deprecated and will be removed in the next release, please use global.ingress instead. - enabled: false - ## @param identity.ingress.className defines the class or configuration of ingress which should be used by the controller - className: nginx - ## @param identity.ingress.annotations [object] defines the ingress related annotations, consumed mostly by the ingress controller - ## @skip identity.ingress.annotations.ingress.kubernetes.io/rewrite-target - ## @skip identity.ingress.annotations.nginx.ingress.kubernetes.io/ssl-redirect - ## @skip identity.ingress.annotations.nginx.ingress.kubernetes.io/proxy-buffer-size - annotations: - ingress.kubernetes.io/rewrite-target: '/' - nginx.ingress.kubernetes.io/ssl-redirect: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '128k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - ## @param identity.ingress.path defines the path which is associated with the service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - path: / - ## @param identity.ingress.pathType can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types - pathType: Prefix - ## @param identity.ingress.host can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - # If not specified the rules applies to all inbound http traffic, if specified the rule applies to that host. - host: "" - ## @extra identity.ingress.tls configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - tls: - ## @param identity.ingress.tls.enabled if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. - enabled: false - ## @param identity.ingress.tls.secretName defines the secret name which contains the TLS private key and certificate - secretName: camunda-platform-identity - ## External PostgreSQL configuration ## All of these values are only used when postgresql.enabled is set to false ## @param identity.externalDatabase.enabled @@ -1070,34 +1042,6 @@ console: ## @param console.serviceAccount.automountServiceAccountToken can be used to control whether the service account token should be automatically mounted automountServiceAccountToken: false - ingress: - ## @param console.ingress.enabled if true, an ingress resource is deployed with the Console deployment. Only useful if an ingress controller is available, like nginx. Warning, separated ingress is deprecated and will be removed in the next release, please use global.ingress instead. - enabled: false - ## @param console.ingress.className defines the class or configuration of ingress which should be used by the controller - className: nginx - ## @param console.ingress.annotations [object] defines the ingress related annotations, consumed mostly by the ingress controller - ## @skip console.ingress.annotations.ingress.kubernetes.io/rewrite-target - ## @skip console.ingress.annotations.nginx.ingress.kubernetes.io/ssl-redirect - ## @skip console.ingress.annotations.nginx.ingress.kubernetes.io/proxy-buffer-size - annotations: - ingress.kubernetes.io/rewrite-target: '/' - nginx.ingress.kubernetes.io/ssl-redirect: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '128k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - ## @param console.ingress.path defines the path which is associated with the Console service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - path: / - ## @param console.ingress.pathType can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types - pathType: Prefix - ## @param console.ingress.host can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - # If not specified the rules applies to all http traffic, if specified the rule applies to that host. - host: "" - ## console.ingress.tls configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - tls: - ## @param console.ingress.tls.enabled if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. - enabled: false - ## @param console.ingress.tls.secretName defines the secret name which contains the TLS private key and certificate - secretName: camunda-platform-console - ## @extra console.podSecurityContext defines the security options the Console broker pod should be run with podSecurityContext: ## @param console.podSecurityContext.runAsNonRoot run as non root @@ -1715,47 +1659,6 @@ webModeler: ## @param webModeler.serviceAccount.automountServiceAccountToken can be used to control whether the service account token should be automatically mounted automountServiceAccountToken: false - ingress: - ## @param webModeler.ingress.enabled if true, an Ingress resource will be deployed with the WebModeler deployment. Only useful if an Ingress controller like NGINX is available. Warning, separated ingress is deprecated and will be removed in the next release, please use global.ingress instead. - enabled: false - ## @param webModeler.ingress.className defines the class or configuration of ingress which should be used by the controller - className: nginx - ## @param webModeler.ingress.annotations [object] defines the ingress related annotations, consumed mostly by the ingress controller - ## @skip webModeler.ingress.annotations.ingress.kubernetes.io/rewrite-target - ## @skip webModeler.ingress.annotations.nginx.ingress.kubernetes.io/ssl-redirect - ## @skip webModeler.ingress.annotations.nginx.ingress.kubernetes.io/proxy-buffer-size - annotations: - ingress.kubernetes.io/rewrite-target: '/' - nginx.ingress.kubernetes.io/ssl-redirect: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '128k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - ## @extra webModeler.ingress.webapp configuration of the webapp ingress - webapp: - ## @param webModeler.ingress.webapp.host defines the host of the ingress rule, see https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules; this is the host name on which the WebModeler web application will be available - # Note: The value must be different from ingress.websockets.host - host: "" - ## @param webModeler.ingress.webapp.pathType can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types - pathType: Prefix - ## @extra webModeler.ingress.webapp.tls configuration for TLS on the ingress resource, see https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - tls: - ## @param webModeler.ingress.webapp.tls.enabled if true, TLS will be configured on the ingress resource - enabled: false - ## @param webModeler.ingress.webapp.tls.secretName defines the secret name which contains the TLS private key and certificate - secretName: camunda-platform-webmodeler-webapp - ## @extra webModeler.ingress.websockets configuration of the websockets ingress - websockets: - ## @param webModeler.ingress.websockets.host defines the host of the ingress rule, see https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules; this is the host name the WebModeler client in the browser will use to connect to the WebSockets server - # Note: The value must be different from ingress.webapp.host - host: "" - ## @param webModeler.ingress.websockets.pathType can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types - pathType: Prefix - ## @extra webModeler.ingress.websockets.tls configuration for TLS on the ingress resource, see https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - tls: - ## @param webModeler.ingress.websockets.tls.enabled if true, TLS will be configured on the ingress resource - enabled: false - ## @param webModeler.ingress.websockets.tls.secretName defines the secret name which contains the TLS private key and certificate - secretName: camunda-platform-webmodeler-websockets - # WebModeler. ##### #### #### ##### #### ##### ###### #### #### # # # # # # # # # # # # # # # # @@ -2021,34 +1924,6 @@ connectors: ## @param connectors.serviceAccount.automountServiceAccountToken can be used to control whether the service account token should be automatically mounted automountServiceAccountToken: false - ingress: - ## @param connectors.ingress.enabled if true, an ingress resource is deployed with the Connectors deployment. Only useful if an ingress controller is available, like nginx. Warning, separated ingress is deprecated and will be removed in the next release, please use global.ingress instead. - enabled: false - ## @param connectors.ingress.className defines the class or configuration of ingress which should be used by the controller - className: nginx - ## @param connectors.ingress.annotations [object] defines the ingress related annotations, consumed mostly by the ingress controller - ## @skip connectors.ingress.annotations.ingress.kubernetes.io/rewrite-target - ## @skip connectors.ingress.annotations.nginx.ingress.kubernetes.io/ssl-redirect - ## @skip connectors.ingress.annotations.nginx.ingress.kubernetes.io/proxy-buffer-size - annotations: - ingress.kubernetes.io/rewrite-target: '/' - nginx.ingress.kubernetes.io/ssl-redirect: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '128k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - ## @param connectors.ingress.path defines the path which is associated with the Connectors service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - path: / - ## @param connectors.ingress.pathType can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types - pathType: Prefix - ## @param connectors.ingress.host can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - # If not specified the rules applies to all inbound http traffic, if specified the rule applies to that host. - host: "" - ## @extra connectors.ingress.tls configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - tls: - ## @param connectors.ingress.tls.enabled if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. - enabled: false - ## @param connectors.ingress.tls.secretName defines the secret name which contains the TLS private key and certificate - secretName: camunda-platform-connectors - ## @extra connectors.podSecurityContext defines the security options the Connectors pod should be run with podSecurityContext: ## @param connectors.podSecurityContext.runAsNonRoot run as non root @@ -2680,34 +2555,6 @@ optimize: cpu: 2000m memory: 2Gi - ingress: - ## @param optimize.ingress.enabled if true, an ingress resource is deployed with the Optimize deployment. Only useful if an ingress controller is available, like nginx. Warning, separated ingress is deprecated and will be removed in the next release, please use global.ingress instead. - enabled: false - ## @param optimize.ingress.className defines the class or configuration of ingress which should be used by the controller - className: nginx - ## @param optimize.ingress.annotations [object] defines the ingress related annotations, consumed mostly by the ingress controller - ## @skip optimize.ingress.annotations.ingress.kubernetes.io/rewrite-target - ## @skip optimize.ingress.annotations.nginx.ingress.kubernetes.io/ssl-redirect - ## @skip optimize.ingress.annotations.nginx.ingress.kubernetes.io/proxy-buffer-size - annotations: - ingress.kubernetes.io/rewrite-target: '/' - nginx.ingress.kubernetes.io/ssl-redirect: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '128k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - ## @param optimize.ingress.path defines the path which is associated with the operate service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - path: / - ## @param optimize.ingress.pathType can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types - pathType: Prefix - ## @param optimize.ingress.host can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - # If not specified the rules applies to all inbound http traffic, if specified the rule applies to that host. - host: "" - ## @extra optimize.ingress.tls configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - tls: - ## @param optimize.ingress.tls.enabled if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. - enabled: false - ## @param optimize.ingress.tls.secretName defines the secret name which contains the TLS private key and certificate - secretName: camunda-platform-optimize - ## @param optimize.configuration if specified, contents will be used as the environment-config.yaml configuration: "" ## @param optimize.extraConfiguration if specified, contents will be used for any extra configuration files such as environment-logback.xml