search

camunda / camunda-platform-helm

Camunda Platform 8 Self-Managed Helm charts
https://docs.camunda.io/docs/self-managed/overview/
Apache License 2.0
71 stars 129 forks source link

[ENHANCEMENT] Execution Identity integration #2195

Closed megglos closed 1 week ago

megglos commented 1 month ago

Describe the use case:

This feature request is about integrating the execution layer identity into a SM cluster. Execution Identity is a new component that is part of the mono-repo https://github.com/camunda/camunda and will be the component to manager uses/authorizations within a cluster going forward and replace the current present identity component.

For more context, also see https://docs.google.com/presentation/d/1VcdJGDqX4Jcjt7w2gf7KvEyLUueHojmg4wxfcZPJoDI/edit#slide=id.g21c05d33edd_0_0

relates to https://github.com/camunda/product-hub/issues/2222

Describe the enhancement/feature:

### Iteration 1 - Execution Identity Integration (8.6 Alpha5)
- [x] Add an execution identity component to the cluster - without removing the existing identity - by default it should be disabled
- [x] The execution identity can be accesses through a service
- [x] An ingress can be configured to access the execution identity service
### Iteration 2 - Webapp Exporter @megglos link relevant issue this depends on
- [ ] zeebe: Enable the WebApp Exporter (to be released still)
### Iteration 3- Migration App - TBD by @Ben-Sheppard

Desired outcome and acceptance tests:

Additional information: image: camunda/camunda:SNAPSHOT

Required config for the identity deployment: configmap:

spring:
  profiles:
    active: identity,auth-basic
camunda:
  database:
    type: elasticsearch
    clusterName: elasticsearch
    url: http://elasticsearch:9200
zeebe:
  gateway:
    cluster:
      initial-contact-points: zeebe:26502
      member-id:identity

or alternatively the equivalent env vars:

SPRING_PROFILES_ACTIVE=identity,auth-basic
CAMUNDA_DATABASE_TYPE=elasticsearch
CAMUNDA_DATABASE_clusterName=elasticsearch
CAMUNDA_DATABASE_URL=http://elasticsearch:9200
ZEEBE_GATEWAY_CLUSTER_INITIALCONTACTPOINTS: zeebe:26502
ZEEBE_GATEWAY_CLUSTER_MEMBERID: identity
megglos commented 1 month ago

@aabouzaid can you check whether this is enough to get started with a first iteration to allow the deployment of identity in a cluster? (excluding the zeebe statefulset task) What is a reasonable timeline for completing iteration 1, so we could deploy identity in a cluster?

aabouzaid commented 1 month ago

@megglos, we will start working on phase 1 in the Alpha 5 cycle, so we will work on it directly after the Alpha 4 release.

drodriguez-305 commented 2 weeks ago

Hey Team,

The helm chart work has been completed. There is still an issue with the component @Ben-Sheppard will be double-checking when he is back. Let me know if it is ok to merge the related helm work.

drodriguez-305 commented 2 weeks ago

yesterday we confirmed execution-identity is working and in the ready state with @Ben-Sheppard.

drodriguez-305 commented 1 week ago

created the iteration 2 issue as we completed the first iteration.

https://github.com/camunda/camunda-platform-helm/issues/2294