-
Simple and understandable HELM Cawemo example
-
Help understand common configuration and architectural concepts
-
Good documentation and example to assist in getting Cawemo running quickly in Kubernetes
-
NOT intended as a production ready configuration
-
✓ Cawemo
-
✓ Cawemo EE Repo Pull
-
✓ Cawemo License
-
✓ Load Balancer with sticky sessions
-
✓ Postgresql Database
|
Important
|
The configs in this chart are preconfigured defaults and serve as a quick reference for understanding. You may need to change and adjust things to suit your use-case, infra, architecture, etc … |
-
The HELM chart is an install descriptor to install Cawemo on Kubernetes. HELM can do many things to help install and manage infra on Kubernetes.
-
The primary configuration point is the values.yaml. It should allow you to get a basic Cawemo configuration installed and running with little to no customizations.
-
You still need to know how to debug on Kubernetes. See the Kubernetes Docs for help.
-
While this chart defines how Cawemo is installed other components need to be installed in your Kubernetes cluster to make Cawemo work. See Setting up Infra to install the other components.
-
You can find more on HELM here Helm Quickstart
This section is intended to explain and provide insight into the the way Cawemo works and what it needs to operate
-
Mail Server setup for testing is MailHog
-
It can be accessed at http://localhost:8025/
-
Use KubeCtL port forward to access SMTP
-
PHP Application
-
Websocket Server
-
Pub/Sub Server
-
Accepts HTTP Published Messags from Cawemo REST API/Java Publisher
-
Accepts HTTP Subscriptions from Cawemo Webapp
Step 0. Install HELM and Kubernetes if not already installed
Step 1. Install Ingress Contorller to configure the loadbalaner ingress controller
Step 2. Configure PostgreSQL in the Kubernetes cluster
Step 3. Configure Cawemo Version
Step 4. Configure Cawemo Connections
Step 5. Install Cawemo License
Step 6. Run Cawemo
-
You can find more on HELM here Helm Quickstart
-
Try Docker Desktop imo it’s the quickest way to get started with Kubernetes
-
Tested with HELM
-
version.BuildInfo{Version:"v3.5.3", GitCommit:"041ce5a2c17a58be0fcd5f5e16fb3e7e95fea622", GitTreeState:"dirty", GoVersion:"go1.16"}
-
-
Tested with Kubernetes
-
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:59:11Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"darwin/amd64"} -
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}
-
|
Important
|
Kubernetes does not come with an implementation of a LoadBalancer or a Reverse Proxy for Ingress. The Ingerss resource allows you to configure a Controller for your needs. It’s important to understand what you need from an inrgess resource then you can choose the appropriate Controller to install. There are a variety of vendors. |
Install the NGINX Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml
Update the values.yaml and configure the Ingress Resource to tell the LoadBalancer (the NGINX deployment that was installed above) to stick to one instance once the user is logged into the webapps.
|
Important
|
An ingress resource is defined for the IAM Router, Websockets Sever, and the Webapp. Please see the values.yaml to see the defaults for each service. |
Defaults Below
ingress:
enabled: true
annotations: {
nginx.ingress.kubernetes.io/ingress.class: nginx,
nginx.ingress.kubernetes.io/affinity: "cookie",
nginx.ingress.kubernetes.io/affinity-mode: "persistent",
nginx.ingress.kubernetes.io/session-cookie-expires: "172800",
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800",
}
# see more config options https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: cawemo.127.0.0.1.nip.io
paths: ["/"]
tls: []
# - secretName: camunda-cawemo-tls
# hosts:
# - camunda-cawemo.local - camunda-cawemo.localTroubleshoot Ingress, Pods and Services
-
Check the Service and Ingress endpoints
-
kubectl describe ingress cawemo-demo-camunda-cawemo -
kubectl describe service cawemo-demo-camunda-cawemo
-
-
Check the pods
-
kubectl describe pods cawemo-demo-camunda-cawemo
-
-
Check that the Service Selectors get the pods
-
kubectl get pods --show-labels | egrep 'app.kubernetes.io/instance=cawemo-demo,app.kubernetes.io/name=camunda-cawemo'
-
Two databases will be configured for Cawemo and IAM Apps. It’s possible to only use one database.
kubectl create secret generic \
workflow-database-credentials \
--from-literal=DB_USERNAME=workflow \
--from-literal=DB_PASSWORD=workflow
helm install iam-database --set postgresqlPostgresPassword=workflow, postgresqlUsername=workflow,postgresqlPassword=workflow,postgresqlDatabase=workflow bitnami/postgresql
|
Important
|
The database must have a super user configured to install Cawemo. See the config options here |
|
Note
|
the config below will install postgres with the postgres superuser and password of workflow.
|
|
Tip
|
if your database config is incorrect and you reinstall make sure to delete the PVC first. kubectl get pvc -l "app=postgresql"
|
|
Important
|
The database connection values are hardcoded into the cawemo-restapi-deployment.yaml |
helm install cawemo-database --set postgresqlPostgresPassword=workflow,postgresqlDatabase=workflow bitnami/postgresql
|
Important
|
Get an enterprise trial to try Cawemo |
In this case the latest image is used. But we could swap different images and versions.
See the Camunda Harbor Repo if you need a different version of Cawemo.
Pulling from the Enterprise Repo
|
Note
|
you will need your enterprise credentials and an enterprise license for Cawemo. |
The version of Cawemo can be changed in this section of the values.yaml.
|
Important
|
several apps configured in the cluster for Cawemo. See the values.yaml for the configuration of all the apps. |
image:
repository: registry.camunda.cloud/cawemo-ee/<<cawemo-app>>
tag: 1.7.1
pullPolicy: IfNotPresent
pullSecrets:
- name: camunda-reg-cred|
Note
|
If issues arise with pulling the image the workaround is to manually pull the image. Run the following commands |
docker login registry.camunda.cloud
docker pull registry.camunda.cloud/cawemo-ee/cawemo:latest
Configuring the pullSecrets
|
Tip
|
see Configuring pull secrets kubernetes doc and Managing Secrets for more info |
Install the secret and name it camunda-reg-cred
kubectl create secret docker-registry camunda-reg-cred --docker-server=registry.camunda.cloud --docker-username=<<user>> --docker-password=<<password>> --docker-email=<your-email>
|
Tip
|
You may need to deref special characters in your passwords i.e. --docker-password=mypassword\!isstrong |
Check your secret
kubectl get secret camunda-reg-cred --output=yaml
kubectl get secret camunda-reg-cred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
|
Important
|
Get an enterprise trial to try Cawemo |
Add your license to the data-license.yaml. This is a kubernetes Secret resource. It will be mounted by the volumes config onto the filesystem of the pod where Cawemo REST API app can read it.
Defaults Below
apiVersion: v1
kind: Secret
metadata:
labels:
{{- include "camunda-cawemo.labels" . | nindent 4 }}
name: cawemo-license
stringData:
CawemoLicense.txt:
--------------- BEGIN CAMUNDA LICENSE KEY ---------------
--------------- END CAMUNDA LICENSE KEY ---------------The license Secret mounting definition in the deplyment.yaml This is informational. Nothing to do unless you want to change the mount location or type.
volumeMounts:
- mountPath: /config.key
subPath: config.key
name: cawemo-license
volumes:
- name: cawemo-license
secret:
secretName: cawemo-licenseCheck the secret exists
kubectl get secret cawemo-license -o yaml
kubectl get secret camunda-reg-cred --output=yaml
Check the secrets are created properly
kubectl get secret camunda-reg-cred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
kubectl get secret cawemo-license --output="jsonpath={.data.CawemoLicense\.txt}"
Look at the mounted license file use exec command into pod file system. You should see
cat config/CawemoLicense.txt
See Managing Secrets for more info.
|
Tip
|
For more configuration options see https://github.com/camunda/docker-camunda-cawemo/blob/next/README.md |
Runing the Chart the following command to install the chart and apply the configurations to the Kubernetes cluster
helm install cawemo-demo ./charts/camunda-cawemo/
Change the Chart — When you make changes run the following command to apply the changes to the cluster
helm upgrade cawemo-demo ./charts/camunda-cawemo/
Remove the Chart — To remove the installation
helm uninstall cawemo-demo
-
❏ Configure Cloud Deployments (GKE, AWS, Azure)
-
❏ Configuration for TERRAFORM
-
-
❏ Configure auto-scaling
-
❏ Configure common Cawemo configs (Elastic, Engine)
-
❏ Configuration for Secrets Vault (HashiCorp, Spring Cloud Vault)
-
❏ Configuration for LDAP
-
❏ Configuration for Logging
-
❏ Configuration for Log Drain
-
-
❏ Configurations for SSO
-
❏ with Keycloak
-
