-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add optimize to helm charts #287
Conversation
Add a new sub-chart for Optimize. Copied resources from tasklist and operate and adjusted to our needs.
Define in camunda-platform values.yaml the default values for Optimize sub-chart.
Add condition for sub-chart such that it is disabled if identity integration is disabled, since optimize has a dependency on identity.
Previous name (zeebe) was misleading
value: {{ .Values.global.identity.auth.publicIssuerUrl | quote }} | ||
- name: CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL | ||
value: "http://{{ include "common.names.dependency.fullname" (dict "chartName" "keycloak" "chartValues" . "context" $) | trunc 20 | trimSuffix "-" }}:80/auth/realms/camunda-platform" | ||
- name: CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@RomanJRW it seems that Optimize only supports CLIENTID
the other tools, like tasklist and operate use (or support) CLIENT_ID
Is this expected? I stumbled over it, because it didn't worked without the right settings here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the heads up. Once JIRA wakes up, I'll create a ticket for us to change this in future 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
- 🤡 Kind of weird that we can't use a single
.helmignore
for all the charts together 🤷♂️ - At this point, I feel like the secret helpers might be, uh, abstracted? Is that even possible without making it too confusing (I mean, this is templated YAML, so it's already confusing 😄)
- ❓ I couldn't find where we specify the number of Zeebe partitions in the Optimize deployment - isn't that required? 🤔
The main blocker is that some golden file tests (for deployment for example) are pointing to the Operate chart, so the optimize deployment is not tested 😄
Co-authored-by: Nicolas Pepin-Perreault <43373+npepinpe@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you'll need to regenerate the golden files, but after that, no blockers from side 👍
Thanks for your quick review @npepinpe Regarding your comments:
Yeah I can check this.
Yeah agree but tbh I don't want to rewrite the logic of bitnami, it is in general quite cool to use their helpers here. I could try, if I find the time, to add some abstractions around it.
As I wrote above this needs to be fixed with #286 and related discussion here https://camunda.slack.com/archives/C02UT3T8DQR/p1650536952860079 Please put your comments or opinions here if you have any :) |
This test is tested in the global-deployment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking mostly at config this seems fine. Some minor comments and one probable missing config for the logout, but otherwise can't see any issue 👍
charts/camunda-platform/charts/optimize/templates/tests/test-connection.yaml
Outdated
Show resolved
Hide resolved
charts/camunda-platform/charts/optimize/templates/tests/test-connection.yaml
Outdated
Show resolved
Hide resolved
value: {{ .Values.global.identity.auth.publicIssuerUrl | quote }} | ||
- name: CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL | ||
value: "http://{{ include "common.names.dependency.fullname" (dict "chartName" "keycloak" "chartValues" . "context" $) | trunc 20 | trimSuffix "-" }}:80/auth/realms/camunda-platform" | ||
- name: CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the heads up. Once JIRA wakes up, I'll create a ticket for us to change this in future 👍
Co-authored-by: Josh Windels <joshuawindels@gmail.com>
Logout is done by identity.
This PR contains:
Manual testing:
After installing we see:
Doing the necessary port-forwards we can login
Next Steps:
Reviewers:
I know it looks like an big PR, but most of the lines are due to tests and golden files, which you can skip. :)
@oleschoenburg @npepinpe whoever has more time please have a look at the PR
@RomanJRW could you please check the configuration to whether this makes sense in your opinion?
related to #126