When deploying Camunda 8.6 on an EKS cluster with IRSA and enabling the WebModeler (which is disabled by default), certain configurations are required, such as a existingSecret for the database and an SMTP configuration (email + password).
This restriction applies not only to IRSA-enabled deployments but also to standard deployments without a database password or SMTP server configured.
Allowing these parameters to be optional would provide more flexibility in deployment.
database password should not be mandatory
email should not be mandatory
smtp password should not be mandatory
Actual behavior:
The WebModeler component fails to deploy unless a existingSecret is provided for the database password and an SMTP configuration is set, even if these settings aren't necessary for certain setups.
Expected behavior:
Deployment of WebModeler should succeed without requiring existingSecret for the database or SMTP configuration, making these parameters optional for deployments where they are not needed.
How to reproduce:
Deploy Camunda 8.6 on an EKS cluster with IRSA.
Enable the WebModeler by setting webModeler.enabled: true.
Attempt to deploy without specifying the database existingSecret or SMTP configuration.
Observe that the deployment fails due to missing required configurations.
Configuration:
webModeler:
enabled: true # by default, WebModeler is not enabled
serviceAccount:
name: webmodeler-sa
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::<account-id>:role/<role-name>
restapi:
externalDatabase:
url: jdbc:aws-wrapper:postgresql://<database-endpoint>:5432/<database-name>?wrapperPlugins=iam
user: <database-user>
existingSecret: <existing-secret-name> # this fake password reference is needed to let the chart deploy WebModeler
existingSecretPasswordKey: password
env:
- name: SPRING_DATASOURCE_DRIVER_CLASS_NAME
value: software.amazon.jdbc.Driver
mail:
existingSecret: <existing-secret-name> # reference to SMTP password
fromAddress: changeme@example.com # change this required value
Describe the issue:
When deploying Camunda 8.6 on an EKS cluster with IRSA and enabling the WebModeler (which is disabled by default), certain configurations are required, such as a
existingSecretfor the database and an SMTP configuration (email + password).This restriction applies not only to IRSA-enabled deployments but also to standard deployments without a database password or SMTP server configured.
Allowing these parameters to be optional would provide more flexibility in deployment.
Actual behavior:
The WebModeler component fails to deploy unless a
existingSecretis provided for the database password and an SMTP configuration is set, even if these settings aren't necessary for certain setups.Expected behavior:
Deployment of WebModeler should succeed without requiring
existingSecretfor the database or SMTP configuration, making these parameters optional for deployments where they are not needed.How to reproduce:
webModeler.enabled: true.existingSecretor SMTP configuration.Configuration:
Additional Context:
The requirement for a database
existingSecretis detailed in the Camunda Helm chart templates, as shown in https://github.com/camunda/camunda-platform-helm/blob/cdc6b70d78ad9d5e0a675467e7018c0de6a8e5a8/charts/camunda-platform-8.6/templates/web-modeler/deployment-restapi.yaml#L44.Logs:
Environment: