From 33bd68a4625675a63fed957d256eca2c7e0a4c44 Mon Sep 17 00:00:00 2001
From: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com>
Date: Sun, 20 Oct 2024 23:52:57 +0200
Subject: [PATCH] wip
Signed-off-by: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com>
---
.../generate-versions-matrix/action.yml | 45 ++
.../workflows/docker-compose-e2e-setup.yaml | 38 +-
... => docker-compose-test-e2e-template.yaml} | 13 +-
docker-compose/versions/camunda-8.6/README.md | 264 --------
docker-compose/versions/camunda-alpha/.env | 35 ++
.../.optimize/environment-config.yaml | 5 +
...er-config-authentication-mode-identity.env | 1 +
...luster-config-authentication-mode-none.env | 1 +
.../versions/camunda-alpha/README.md | 264 ++++++++
.../camunda-alpha/connector-secrets.txt | 2 +
.../camunda-alpha/docker-compose-core.yaml | 167 ++++++
.../camunda-alpha/docker-compose.yaml | 564 ++++++++++++++++++
12 files changed, 1119 insertions(+), 280 deletions(-)
create mode 100644 .github/actions/generate-versions-matrix/action.yml
rename .github/workflows/{docker-compose-template-e2e-setup.yaml => docker-compose-test-e2e-template.yaml} (91%)
create mode 100644 docker-compose/versions/camunda-alpha/.env
create mode 100644 docker-compose/versions/camunda-alpha/.optimize/environment-config.yaml
create mode 100644 docker-compose/versions/camunda-alpha/.web-modeler/cluster-config-authentication-mode-identity.env
create mode 100644 docker-compose/versions/camunda-alpha/.web-modeler/cluster-config-authentication-mode-none.env
create mode 100644 docker-compose/versions/camunda-alpha/README.md
create mode 100644 docker-compose/versions/camunda-alpha/connector-secrets.txt
create mode 100644 docker-compose/versions/camunda-alpha/docker-compose-core.yaml
create mode 100644 docker-compose/versions/camunda-alpha/docker-compose.yaml
diff --git a/.github/actions/generate-versions-matrix/action.yml b/.github/actions/generate-versions-matrix/action.yml
new file mode 100644
index 0000000..d962535
--- /dev/null
+++ b/.github/actions/generate-versions-matrix/action.yml
@@ -0,0 +1,45 @@
+name: Generate version matrix
+description: Find changed/unchanged versions and generate matrix for them to be used in GHA workflow matrix.
+
+inputs:
+ versions-path:
+ description: Versions path to match.
+ required: true
+
+outputs:
+ matrix-exclude:
+ description: JSON matrix of unchanged versions which will be used as and input for GHA workflow matrix exclude.
+ value: ${{ steps.get-versions.outputs.matrix }}
+
+runs:
+ using: composite
+ steps:
+ - name: Get changed dirs
+ id: changed-files
+ uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c # v45
+ with:
+ dir_names: "true"
+ - name: Generate matrix
+ shell: bash
+ id: get-versions
+ env:
+ ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
+ run: |
+ echo "Setting matrix based on changed files"
+ echo "Changed files:"
+ printf "%s\n" ${ALL_CHANGED_FILES}
+ touch matrix_versions.txt
+
+ ls -d ${{ inputs.versions-path }} | while read version_dir; do
+ if [[ $(echo ${ALL_CHANGED_FILES} | grep "${version_dir}") ]]; then
+ continue
+ else
+ camunda_version="$(echo ${version_dir} | rev | cut -d '-' -f 1 | rev)";
+ echo "Camunda version: ${camunda_version}"
+ echo "${camunda_version}" >> matrix_versions.txt;
+ fi
+ done
+ # NOTE: The keys "versions" and "camunda-version" are hard coded and should be used in the workflow matrix.
+ matrix-exclude="$(cat matrix_versions.txt |
+ jq -s -c -R 'split("\n") | .[:-1] | map({"versions": {"camunda-version": .}})')"
+ echo "matrix-exclude=${matrix-exclude}" | tee -a $GITHUB_OUTPUT
diff --git a/.github/workflows/docker-compose-e2e-setup.yaml b/.github/workflows/docker-compose-e2e-setup.yaml
index 7df63b7..9d9a826 100644
--- a/.github/workflows/docker-compose-e2e-setup.yaml
+++ b/.github/workflows/docker-compose-e2e-setup.yaml
@@ -1,4 +1,4 @@
-name: "Docker Compose | E2E Test - Setup"
+name: "Docker Compose | Test - E2E"
on:
push:
branches:
@@ -8,31 +8,45 @@ on:
- docker-compose/versions/**
jobs:
- test:
- name: ${{ matrix.name }}
+ init:
+ name: Generate version matrix
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+ - name: Generate versions
+ id: generate-versions-matrix
+ uses: ./.github/actions/generate-versions-matrix
+ with:
+ versions-path: "docker-compose/versions/*"
+ outputs:
+ matrix-exclude: ${{ steps.generate-versions-matrix.outputs.matrix-exclude }}
+
+ exec:
+ needs: [init]
+ name: ${{ matrix.versions.name }}
strategy:
fail-fast: false
matrix:
- include:
+ versions:
- name: Camunda 8.3 - Full
camunda-version: "8.3"
compose-args: "-f docker-compose.yaml -f docker-compose-web-modeler.yaml"
- e2e-test-enabled: true
- name: Camunda 8.4 - Full
camunda-version: "8.4"
compose-args: "-f docker-compose.yaml -f docker-compose-web-modeler.yaml"
- e2e-test-enabled: true
- name: Camunda 8.5 - Full
camunda-version: "8.5"
compose-args: "-f docker-compose.yaml -f docker-compose-web-modeler.yaml"
- e2e-test-enabled: true
- name: Camunda 8.6 - Full
camunda-version: "8.6"
compose-args: "--profile full"
- e2e-test-enabled: true
- uses: ./.github/workflows/docker-compose-template-e2e-setup.yaml
+ - name: Camunda Alpha - Full
+ camunda-version: "alpha"
+ compose-args: "--profile full"
+ exclude: ${{ fromJson(needs.init.outputs.matrix-exclude) }}
+ uses: ./.github/workflows/docker-compose-test-e2e-template.yaml
secrets: inherit
with:
- camunda-version: ${{ matrix.camunda-version }}
- compose-args: ${{ matrix.compose-args }}
- e2e-test-enabled: ${{ matrix.e2e-test-enabled }}
+ # changed-versions: ${{ needs.init.outputs.matrix }}
+ camunda-version: ${{ matrix.versions.camunda-version }}
+ compose-args: ${{ matrix.versions.compose-args }}
diff --git a/.github/workflows/docker-compose-template-e2e-setup.yaml b/.github/workflows/docker-compose-test-e2e-template.yaml
similarity index 91%
rename from .github/workflows/docker-compose-template-e2e-setup.yaml
rename to .github/workflows/docker-compose-test-e2e-template.yaml
index c820be5..8f63ae5 100644
--- a/.github/workflows/docker-compose-template-e2e-setup.yaml
+++ b/.github/workflows/docker-compose-test-e2e-template.yaml
@@ -1,8 +1,12 @@
-name: "Docker Compose | Template - E2E Test - Setup"
+name: "Docker Compose | Test - E2E - Template"
on:
workflow_call:
inputs:
+ # changed-versions:
+ # description: Items changed to avoid extra workflow run
+ # required: true
+ # type: string
camunda-version:
description: Camunda minor version in format x.y
required: true
@@ -13,8 +17,8 @@ on:
type: string
e2e-test-enabled:
description: Run Playwright tests
- required: true
type: boolean
+ default: true
e2e-test-directory:
description: Directory of the E2E files
required: false
@@ -29,8 +33,9 @@ env:
COMPOSE_WORKING_DIRECTORY: docker-compose/versions/camunda-${{ inputs.camunda-version }}
jobs:
- test:
- name: Test
+ run:
+ # if: contains(inputs.changed-versions, inputs.camunda-version)
+ name: Run
runs-on: ubuntu-latest
steps:
- name: disable and stop mono-xsp4.service
diff --git a/docker-compose/versions/camunda-8.6/README.md b/docker-compose/versions/camunda-8.6/README.md
index da0a2f0..e69de29 100644
--- a/docker-compose/versions/camunda-8.6/README.md
+++ b/docker-compose/versions/camunda-8.6/README.md
@@ -1,264 +0,0 @@
-# Camunda Platform 8
-
-This repository contains links to Camunda Platform 8 resources, the official release artifacts (binaries), and supporting config files for running Docker Compose as a local development option.
-
-:warning: **Docker Compose is only recommended for local development.** :warning:
-
-We recommend using [SaaS](https://camunda.com/get-started/) or [Helm/Kubernetes](https://docs.camunda.io/docs/self-managed/setup/overview/) for development.
-
-For more information, check Camunda 8 Self-Managed official [documentation](https://docs.camunda.io/docs/self-managed/about-self-managed/).
-
-For production setups we recommend using [Helm charts](https://docs.camunda.io/docs/self-managed/setup/install/) which can be found at [helm.camunda.io](https://helm.camunda.io/)
-
-## Links to additional Camunda Platform 8 repos and assets
-
-- [Documentation](https://docs.camunda.io)
-- [Camunda Platform SaaS](https://camunda.io)
-- [Getting Started Guide](https://github.com/camunda/camunda-platform-get-started)
-- [Releases](https://github.com/camunda/camunda-platform/releases)
-- [Helm Charts](https://helm.camunda.io/)
-- [Zeebe Workflow Engine](https://github.com/camunda/zeebe)
-- [Contact](https://docs.camunda.io/contact/)
-
-## Using docker compose
-
-> :information_source: The docker-compose file in this repository uses the latest [compose specification](https://docs.docker.com/compose/compose-file/), which was introduced with docker compose version 1.27.0+. Please make sure to use an up-to-date docker compose version.
-
-> :information_source: Docker 20.10.16+ is required.
-
-> :information_source: The Web Modeler service names have changed with `8.6.0-alpha2`. Run `docker compose stop modeler-webapp modeler-restapi modeler-websockets` when upgrading from a previous version to stop the old services.
-
-Be sure you are in the correct directory when running all the following commands. Use `cd docker-compose/camunda-8.6` to navigate to the correct directory.
-
-To spin up a complete Camunda Platform 8 Self-Managed environment locally the [docker-compose.yaml](docker-compose.yaml) file in this repository can be used.
-
-The full environment contains these components:
-- Zeebe
-- Operate
-- Tasklist
-- Connectors
-- Optimize
-- Identity
-- Elasticsearch
-- Keycloak
-- PostgreSQL
-- Web Modeler (Restapi, Webapp and Websockets)
-
-
-Clone this repo and issue the following command to start your environment:
-
-```
-docker compose --profile full up -d
-```
-
-Wait a few minutes for the environment to start up and settle down. Monitor the logs, especially the Keycloak container log, to ensure the components have started.
-
-Now you can navigate to the different web apps and log in with the user `demo` and password `demo`:
-- Operate: [http://localhost:8081](http://localhost:8081)
-- Tasklist: [http://localhost:8082](http://localhost:8082)
-- Optimize: [http://localhost:8083](http://localhost:8083)
-- Identity: [http://localhost:8084](http://localhost:8084)
-- Elasticsearch: [http://localhost:9200](http://localhost:9200)
-- Web Modeler: [http://localhost:8070](http://localhost:8070)
-
-Keycloak is used to manage users. Here you can log in with the user `admin` and password `admin`
-- Keycloak: [http://localhost:18080/auth/](http://localhost:18080/auth/)
-
-The workflow engine Zeebe is available using gRPC at `localhost:26500`.
-
-To tear down the whole environment run the following command:
-
-```
-docker compose --profile full down -v
-```
-
-Zeebe, Operate, Tasklist, Web Modeler along with Optimize require a separate network from Identity as you'll see in the docker-compose file. Web Modeler also requires another separate network.
-
-### Using the basic components
-
-If Optimize, Web Modeler, Identity, and Keycloak are not needed you can use the [docker-compose-core.yaml](docker-compose-core.yaml) instead which does not include these components:
-
-```
-docker compose -f docker-compose-core.yaml up -d
-```
-
-### Deploying BPMN diagrams
-
-In addition to the local environment setup with docker compose, use the [Camunda Desktop Modeler](#desktop-modeler) to locally model BPMN diagrams for execution and directly deploy them to your local environment.
-As an enterprise customer, you can [use Web Modeler](#web-modeler-self-managed).
-
-Feedback and updates are welcome!
-
-## Securing the Zeebe API
-
-By default, the Zeebe gRPC API is publicly accessible without requiring any client credentials for development purposes.
-
-You can however enable authentication of gRPC requests in Zeebe by setting the environment variable `ZEEBE_AUTHENTICATION_MODE` to `identity`, e.g. via running:
-```
-ZEEBE_AUTHENTICATION_MODE=identity docker compose --profile full up -d
-```
-or by modifying the default value in the [`.env`](.env) file.
-
-## Connectors
-
-Both docker-compose files contain our [out-of-the-box Connectors](https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/).
-
-Refer to the [Connector installation guide](https://docs.camunda.io/docs/self-managed/connectors-deployment/install-and-start/) for details on how to provide the related Connector templates for modeling.
-
-To inject secrets into the Connector runtime they can be added to the
-[`connector-secrets.txt`](connector-secrets.txt) file inside the repository in the format `NAME=VALUE`
-per line. The secrets will then be available in the Connector runtime with the
-format `secrets.NAME`.
-
-To add custom Connectors either create a new docker image bundling them as
-described [here](https://github.com/camunda/connectors-bundle/tree/main/runtime).
-
-Alternatively, you can mount new Connector JARs as volumes into the `/opt/app` folder by adding this to the docker-compose file. Keep in mind that the Connector JARs need to bring along all necessary dependencies inside the JAR.
-
-## Kibana
-
-A `kibana` profile is available in the provided docker compose files to support inspection and exploration of the Camunda Platform 8 data in Elasticsearch.
-It can be enabled by adding `--profile kibana` to your docker compose command.
-In addition to the other components, this profile spins up [Kibana](https://www.elastic.co/kibana/).
-Kibana can be used to explore the records exported by Zeebe into Elasticsearch, or to discover the data in Elasticsearch used by the other components (e.g. Operate).
-
-You can navigate to the Kibana web app and start exploring the data without login credentials:
-
-- Kibana: [http://localhost:5601](http://localhost:5601)
-
-> **Note**
-> You need to configure the index patterns in Kibana before you can explore the data.
-> - Go to `Management > Stack Management > Kibana > Index Patterns`.
-> - Create a new index pattern. For example, `zeebe-record-*` matches the exported records.
-> - If you don't see any indexes then make sure to export some data first (e.g. deploy a process). The indexes of the records are created when the first record of this type is exported.
-> - Go to `Analytics > Discover` and select the index pattern.
-
-## Desktop Modeler
-
-> :information_source: The Desktop Modeler is [open source, free to use](https://github.com/camunda/camunda-modeler).
-
-[Download the Desktop Modeler](https://camunda.com/download/modeler/) and start modeling BPMN, DMN and Camunda Forms on your local machine.
-
-### Deploy or execute a process
-
-#### Without authentication
-Once you are ready to deploy or execute processes use these settings to deploy to the local Zeebe instance:
-* Authentication: `None`
-* URL: `http://localhost:26500`
-
-#### With Zeebe request authentication
-If you enabled [authentication for gRPC requests](#securing-the-zeebe-api) on Zeebe you need to provide client credentials when deploying and executing processes:
-* Authentication: `OAuth`
-* URL: `http://localhost:26500`
-* Client ID: `zeebe`
-* Client secret: `zecret`
-* OAuth URL: `http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token`
-* Audience: `zeebe-api`
-
-## Web Modeler
-
-> [!IMPORTANT]
-> Non-production installations of Web Modeler are restricted to five collaborators per project.
-> Refer to [the documentation](https://docs.camunda.io/docs/next/reference/licenses/) for more information.
-
-### Standalone setup
-
-Web Modeler can be run standalone with only Identity, Keycloak and Postgres as dependencies by using the Docker Compose `modeling` profile.
-
-Issue the following commands to only start Web Modeler and its dependencies:
-
-```
-docker compose --profile modeling up -d
-```
-
-To tear down the whole environment run the following command:
-
-```
-docker compose --profile modeling down -v
-```
-
-> [!WARNING]
-> This will also delete any data you created.
-
-Alternatively, if you want to keep the data, run:
-
-```
-docker compose --profile modeling down
-```
-
-### Login
-You can access Web Modeler and log in with the user `demo` and password `demo` at [http://localhost:8070](http://localhost:8070).
-
-### Deploy or execute a process
-
-The local Zeebe instance (that is started when using the Docker Compose [`full` profile](#start-full-profile)) is pre-configured in Web Modeler.
-
-Once you are ready to deploy or execute a process, you can just use this instance without having to enter the cluster endpoint manually.
-The correct authentication type is also preset based on the [`ZEEBE_AUTHENTICATION_MODE` environment variable](#securing-the-zeebe-api).
-
-#### Without authentication
-No additional input is required.
-
-#### With Zeebe request authentication
-If you enabled [authentication for gRPC requests](#securing-the-zeebe-api) on Zeebe, use the following client credentials when deploying and executing processes:
-* Client ID: `zeebe`
-* Client secret: `zecret`
-
-> [!NOTE]
-> The correct OAuth token URL and audience are preset internally.
-
-### Emails
-The setup includes [Mailpit](https://github.com/axllent/mailpit) as a test SMTP server. It captures all emails sent by Web Modeler, but does not forward them to the actual recipients.
-
-You can access emails in Mailpit's Web UI at [http://localhost:8075](http://localhost:8075).
-
-## Troubleshooting
-
-### Submitting Issues
-When submitting an issue on this repository, please make sure your issue is related to the docker compose deployment
-method of the Camunda Platform. All questions regarding to functionality of the web applications should be instead
-posted on the [Camunda Forum](https://forum.camunda.io/). This is the best way for users to query for existing answers
-that others have already encountered. We also have a category on that forum specifically for [Deployment Related Topics](https://forum.camunda.io/c/camunda-platform-8-topics/deploying-camunda-platform-8/33).
-
-### Running on arm64 based hardware
-When using arm64-based hardware like a M1 or M2 Mac the Keycloak container might not start because Bitnami only
-provides amd64-based images for versions < 22. You can build and tag an arm-based
-image locally using the following command. After building and tagging the image you can start the environment as
-described in [Using docker-compose](#using-docker-compose).
-
-```
-$ DOCKER_BUILDKIT=0 docker build -t bitnami/keycloak:19.0.3 "https://github.com/camunda/camunda-platform.git#8.2.15:.keycloak/"
-```
-
-## Resource based authorizations
-
-You can control access to specific processes and decision tables in Operate and Tasklist with [resource based authorization](https://docs.camunda.io/docs/self-managed/concepts/access-control/resource-authorizations/).
-
-This feature is disabled by default and can be enabled by setting
-`RESOURCE_AUTHORIZATIONS_ENABLED` to `true`, either via the [`.env`](.env) file or through the command line:
-
-```
-RESOURCE_AUTHORIZATIONS_ENABLED=true docker compose --profile full up -d
-```
-
-## Multi-Tenancy
-
-You can use [multi-tenancy](https://docs.camunda.io/docs/self-managed/concepts/multi-tenancy/) to achieve tenant-based isolation.
-
-This feature is disabled by default and can be enabled by setting
-`MULTI_TENANCY_ENABLED` to `true`, either via the [`.env`](.env) file or through the command line:
-
-```
-ZEEBE_AUTHENICATION_MODE=identity MULTI_TENANCY_ENABLED=true docker compose --profile full up -d
-```
-
-As seen above the feature also requires you to use `identity` as an authentication provider.
-
-Ensure you [setup tenants in identity](https://docs.camunda.io/docs/self-managed/identity/user-guide/tenants/managing-tenants/) after you started the platform.
-
-## Camunda Platform 7
-
-Looking for information on Camunda Platform 7? Check out the links below:
-
-- [Documentation](https://docs.camunda.org/)
-- [GitHub](https://github.com/camunda/camunda-bpm-platform)
diff --git a/docker-compose/versions/camunda-alpha/.env b/docker-compose/versions/camunda-alpha/.env
new file mode 100644
index 0000000..2f88b91
--- /dev/null
+++ b/docker-compose/versions/camunda-alpha/.env
@@ -0,0 +1,35 @@
+## Image versions ##
+# renovate: datasource=docker depName=camunda/connectors-bundle
+CAMUNDA_CONNECTORS_VERSION=8.6.2
+# renovate: datasource=docker depName=camunda/zeebe
+CAMUNDA_PLATFORM_VERSION=8.6.1
+# renovate: datasource=docker depName=camunda/optimize
+CAMUNDA_OPTIMIZE_VERSION=8.6.1
+# renovate: datasource=docker depName=camunda/web-modeler-restapi
+CAMUNDA_WEB_MODELER_VERSION=8.6.2
+# renovate: datasource=docker depName=elasticsearch
+ELASTIC_VERSION=8.15.3
+KEYCLOAK_SERVER_VERSION=24.0.5
+# renovate: datasource=docker depName=axllent/mailpit
+MAILPIT_VERSION=v1.20.7
+POSTGRES_VERSION=14.5-alpine
+HOST=localhost
+KEYCLOAK_HOST=localhost
+
+## Configuration ##
+# By default the zeebe api is public, when setting this to `identity` a valid zeebe client token is required
+ZEEBE_AUTHENTICATION_MODE=none
+ZEEBE_CLIENT_ID=zeebe
+ZEEBE_CLIENT_SECRET=zecret
+
+# Set to 'true' to enable resource based authorizations for users and groups
+# This can be used to limit access for users or groups to view/update specific
+# processes and decisions in Operate and Tasklist
+RESOURCE_AUTHORIZATIONS_ENABLED=false
+
+# Set to 'true' to enable multi-tenancy across all components
+# This requires use of identity for authentication
+#
+# ZEEBE_AUTHENTICATION_MODE=identity
+#
+MULTI_TENANCY_ENABLED=false
diff --git a/docker-compose/versions/camunda-alpha/.optimize/environment-config.yaml b/docker-compose/versions/camunda-alpha/.optimize/environment-config.yaml
new file mode 100644
index 0000000..de4cd58
--- /dev/null
+++ b/docker-compose/versions/camunda-alpha/.optimize/environment-config.yaml
@@ -0,0 +1,5 @@
+es:
+ settings:
+ index:
+ number_of_replicas: 0
+
diff --git a/docker-compose/versions/camunda-alpha/.web-modeler/cluster-config-authentication-mode-identity.env b/docker-compose/versions/camunda-alpha/.web-modeler/cluster-config-authentication-mode-identity.env
new file mode 100644
index 0000000..cc68bfa
--- /dev/null
+++ b/docker-compose/versions/camunda-alpha/.web-modeler/cluster-config-authentication-mode-identity.env
@@ -0,0 +1 @@
+CAMUNDA_MODELER_CLUSTERS_0_AUTHENTICATION: oauth
diff --git a/docker-compose/versions/camunda-alpha/.web-modeler/cluster-config-authentication-mode-none.env b/docker-compose/versions/camunda-alpha/.web-modeler/cluster-config-authentication-mode-none.env
new file mode 100644
index 0000000..d3607dd
--- /dev/null
+++ b/docker-compose/versions/camunda-alpha/.web-modeler/cluster-config-authentication-mode-none.env
@@ -0,0 +1 @@
+CAMUNDA_MODELER_CLUSTERS_0_AUTHENTICATION: none
diff --git a/docker-compose/versions/camunda-alpha/README.md b/docker-compose/versions/camunda-alpha/README.md
new file mode 100644
index 0000000..da0a2f0
--- /dev/null
+++ b/docker-compose/versions/camunda-alpha/README.md
@@ -0,0 +1,264 @@
+# Camunda Platform 8
+
+This repository contains links to Camunda Platform 8 resources, the official release artifacts (binaries), and supporting config files for running Docker Compose as a local development option.
+
+:warning: **Docker Compose is only recommended for local development.** :warning:
+
+We recommend using [SaaS](https://camunda.com/get-started/) or [Helm/Kubernetes](https://docs.camunda.io/docs/self-managed/setup/overview/) for development.
+
+For more information, check Camunda 8 Self-Managed official [documentation](https://docs.camunda.io/docs/self-managed/about-self-managed/).
+
+For production setups we recommend using [Helm charts](https://docs.camunda.io/docs/self-managed/setup/install/) which can be found at [helm.camunda.io](https://helm.camunda.io/)
+
+## Links to additional Camunda Platform 8 repos and assets
+
+- [Documentation](https://docs.camunda.io)
+- [Camunda Platform SaaS](https://camunda.io)
+- [Getting Started Guide](https://github.com/camunda/camunda-platform-get-started)
+- [Releases](https://github.com/camunda/camunda-platform/releases)
+- [Helm Charts](https://helm.camunda.io/)
+- [Zeebe Workflow Engine](https://github.com/camunda/zeebe)
+- [Contact](https://docs.camunda.io/contact/)
+
+## Using docker compose
+
+> :information_source: The docker-compose file in this repository uses the latest [compose specification](https://docs.docker.com/compose/compose-file/), which was introduced with docker compose version 1.27.0+. Please make sure to use an up-to-date docker compose version.
+
+> :information_source: Docker 20.10.16+ is required.
+
+> :information_source: The Web Modeler service names have changed with `8.6.0-alpha2`. Run `docker compose stop modeler-webapp modeler-restapi modeler-websockets` when upgrading from a previous version to stop the old services.
+
+Be sure you are in the correct directory when running all the following commands. Use `cd docker-compose/camunda-8.6` to navigate to the correct directory.
+
+To spin up a complete Camunda Platform 8 Self-Managed environment locally the [docker-compose.yaml](docker-compose.yaml) file in this repository can be used.
+
+The full environment contains these components:
+- Zeebe
+- Operate
+- Tasklist
+- Connectors
+- Optimize
+- Identity
+- Elasticsearch
+- Keycloak
+- PostgreSQL
+- Web Modeler (Restapi, Webapp and Websockets)
+
+
+Clone this repo and issue the following command to start your environment:
+
+```
+docker compose --profile full up -d
+```
+
+Wait a few minutes for the environment to start up and settle down. Monitor the logs, especially the Keycloak container log, to ensure the components have started.
+
+Now you can navigate to the different web apps and log in with the user `demo` and password `demo`:
+- Operate: [http://localhost:8081](http://localhost:8081)
+- Tasklist: [http://localhost:8082](http://localhost:8082)
+- Optimize: [http://localhost:8083](http://localhost:8083)
+- Identity: [http://localhost:8084](http://localhost:8084)
+- Elasticsearch: [http://localhost:9200](http://localhost:9200)
+- Web Modeler: [http://localhost:8070](http://localhost:8070)
+
+Keycloak is used to manage users. Here you can log in with the user `admin` and password `admin`
+- Keycloak: [http://localhost:18080/auth/](http://localhost:18080/auth/)
+
+The workflow engine Zeebe is available using gRPC at `localhost:26500`.
+
+To tear down the whole environment run the following command:
+
+```
+docker compose --profile full down -v
+```
+
+Zeebe, Operate, Tasklist, Web Modeler along with Optimize require a separate network from Identity as you'll see in the docker-compose file. Web Modeler also requires another separate network.
+
+### Using the basic components
+
+If Optimize, Web Modeler, Identity, and Keycloak are not needed you can use the [docker-compose-core.yaml](docker-compose-core.yaml) instead which does not include these components:
+
+```
+docker compose -f docker-compose-core.yaml up -d
+```
+
+### Deploying BPMN diagrams
+
+In addition to the local environment setup with docker compose, use the [Camunda Desktop Modeler](#desktop-modeler) to locally model BPMN diagrams for execution and directly deploy them to your local environment.
+As an enterprise customer, you can [use Web Modeler](#web-modeler-self-managed).
+
+Feedback and updates are welcome!
+
+## Securing the Zeebe API
+
+By default, the Zeebe gRPC API is publicly accessible without requiring any client credentials for development purposes.
+
+You can however enable authentication of gRPC requests in Zeebe by setting the environment variable `ZEEBE_AUTHENTICATION_MODE` to `identity`, e.g. via running:
+```
+ZEEBE_AUTHENTICATION_MODE=identity docker compose --profile full up -d
+```
+or by modifying the default value in the [`.env`](.env) file.
+
+## Connectors
+
+Both docker-compose files contain our [out-of-the-box Connectors](https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/).
+
+Refer to the [Connector installation guide](https://docs.camunda.io/docs/self-managed/connectors-deployment/install-and-start/) for details on how to provide the related Connector templates for modeling.
+
+To inject secrets into the Connector runtime they can be added to the
+[`connector-secrets.txt`](connector-secrets.txt) file inside the repository in the format `NAME=VALUE`
+per line. The secrets will then be available in the Connector runtime with the
+format `secrets.NAME`.
+
+To add custom Connectors either create a new docker image bundling them as
+described [here](https://github.com/camunda/connectors-bundle/tree/main/runtime).
+
+Alternatively, you can mount new Connector JARs as volumes into the `/opt/app` folder by adding this to the docker-compose file. Keep in mind that the Connector JARs need to bring along all necessary dependencies inside the JAR.
+
+## Kibana
+
+A `kibana` profile is available in the provided docker compose files to support inspection and exploration of the Camunda Platform 8 data in Elasticsearch.
+It can be enabled by adding `--profile kibana` to your docker compose command.
+In addition to the other components, this profile spins up [Kibana](https://www.elastic.co/kibana/).
+Kibana can be used to explore the records exported by Zeebe into Elasticsearch, or to discover the data in Elasticsearch used by the other components (e.g. Operate).
+
+You can navigate to the Kibana web app and start exploring the data without login credentials:
+
+- Kibana: [http://localhost:5601](http://localhost:5601)
+
+> **Note**
+> You need to configure the index patterns in Kibana before you can explore the data.
+> - Go to `Management > Stack Management > Kibana > Index Patterns`.
+> - Create a new index pattern. For example, `zeebe-record-*` matches the exported records.
+> - If you don't see any indexes then make sure to export some data first (e.g. deploy a process). The indexes of the records are created when the first record of this type is exported.
+> - Go to `Analytics > Discover` and select the index pattern.
+
+## Desktop Modeler
+
+> :information_source: The Desktop Modeler is [open source, free to use](https://github.com/camunda/camunda-modeler).
+
+[Download the Desktop Modeler](https://camunda.com/download/modeler/) and start modeling BPMN, DMN and Camunda Forms on your local machine.
+
+### Deploy or execute a process
+
+#### Without authentication
+Once you are ready to deploy or execute processes use these settings to deploy to the local Zeebe instance:
+* Authentication: `None`
+* URL: `http://localhost:26500`
+
+#### With Zeebe request authentication
+If you enabled [authentication for gRPC requests](#securing-the-zeebe-api) on Zeebe you need to provide client credentials when deploying and executing processes:
+* Authentication: `OAuth`
+* URL: `http://localhost:26500`
+* Client ID: `zeebe`
+* Client secret: `zecret`
+* OAuth URL: `http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token`
+* Audience: `zeebe-api`
+
+## Web Modeler
+
+> [!IMPORTANT]
+> Non-production installations of Web Modeler are restricted to five collaborators per project.
+> Refer to [the documentation](https://docs.camunda.io/docs/next/reference/licenses/) for more information.
+
+### Standalone setup
+
+Web Modeler can be run standalone with only Identity, Keycloak and Postgres as dependencies by using the Docker Compose `modeling` profile.
+
+Issue the following commands to only start Web Modeler and its dependencies:
+
+```
+docker compose --profile modeling up -d
+```
+
+To tear down the whole environment run the following command:
+
+```
+docker compose --profile modeling down -v
+```
+
+> [!WARNING]
+> This will also delete any data you created.
+
+Alternatively, if you want to keep the data, run:
+
+```
+docker compose --profile modeling down
+```
+
+### Login
+You can access Web Modeler and log in with the user `demo` and password `demo` at [http://localhost:8070](http://localhost:8070).
+
+### Deploy or execute a process
+
+The local Zeebe instance (that is started when using the Docker Compose [`full` profile](#start-full-profile)) is pre-configured in Web Modeler.
+
+Once you are ready to deploy or execute a process, you can just use this instance without having to enter the cluster endpoint manually.
+The correct authentication type is also preset based on the [`ZEEBE_AUTHENTICATION_MODE` environment variable](#securing-the-zeebe-api).
+
+#### Without authentication
+No additional input is required.
+
+#### With Zeebe request authentication
+If you enabled [authentication for gRPC requests](#securing-the-zeebe-api) on Zeebe, use the following client credentials when deploying and executing processes:
+* Client ID: `zeebe`
+* Client secret: `zecret`
+
+> [!NOTE]
+> The correct OAuth token URL and audience are preset internally.
+
+### Emails
+The setup includes [Mailpit](https://github.com/axllent/mailpit) as a test SMTP server. It captures all emails sent by Web Modeler, but does not forward them to the actual recipients.
+
+You can access emails in Mailpit's Web UI at [http://localhost:8075](http://localhost:8075).
+
+## Troubleshooting
+
+### Submitting Issues
+When submitting an issue on this repository, please make sure your issue is related to the docker compose deployment
+method of the Camunda Platform. All questions regarding to functionality of the web applications should be instead
+posted on the [Camunda Forum](https://forum.camunda.io/). This is the best way for users to query for existing answers
+that others have already encountered. We also have a category on that forum specifically for [Deployment Related Topics](https://forum.camunda.io/c/camunda-platform-8-topics/deploying-camunda-platform-8/33).
+
+### Running on arm64 based hardware
+When using arm64-based hardware like a M1 or M2 Mac the Keycloak container might not start because Bitnami only
+provides amd64-based images for versions < 22. You can build and tag an arm-based
+image locally using the following command. After building and tagging the image you can start the environment as
+described in [Using docker-compose](#using-docker-compose).
+
+```
+$ DOCKER_BUILDKIT=0 docker build -t bitnami/keycloak:19.0.3 "https://github.com/camunda/camunda-platform.git#8.2.15:.keycloak/"
+```
+
+## Resource based authorizations
+
+You can control access to specific processes and decision tables in Operate and Tasklist with [resource based authorization](https://docs.camunda.io/docs/self-managed/concepts/access-control/resource-authorizations/).
+
+This feature is disabled by default and can be enabled by setting
+`RESOURCE_AUTHORIZATIONS_ENABLED` to `true`, either via the [`.env`](.env) file or through the command line:
+
+```
+RESOURCE_AUTHORIZATIONS_ENABLED=true docker compose --profile full up -d
+```
+
+## Multi-Tenancy
+
+You can use [multi-tenancy](https://docs.camunda.io/docs/self-managed/concepts/multi-tenancy/) to achieve tenant-based isolation.
+
+This feature is disabled by default and can be enabled by setting
+`MULTI_TENANCY_ENABLED` to `true`, either via the [`.env`](.env) file or through the command line:
+
+```
+ZEEBE_AUTHENICATION_MODE=identity MULTI_TENANCY_ENABLED=true docker compose --profile full up -d
+```
+
+As seen above the feature also requires you to use `identity` as an authentication provider.
+
+Ensure you [setup tenants in identity](https://docs.camunda.io/docs/self-managed/identity/user-guide/tenants/managing-tenants/) after you started the platform.
+
+## Camunda Platform 7
+
+Looking for information on Camunda Platform 7? Check out the links below:
+
+- [Documentation](https://docs.camunda.org/)
+- [GitHub](https://github.com/camunda/camunda-bpm-platform)
diff --git a/docker-compose/versions/camunda-alpha/connector-secrets.txt b/docker-compose/versions/camunda-alpha/connector-secrets.txt
new file mode 100644
index 0000000..5b761a3
--- /dev/null
+++ b/docker-compose/versions/camunda-alpha/connector-secrets.txt
@@ -0,0 +1,2 @@
+# add secrets per line in the format NAME=VALUE
+# WARNING: ensure not to commit changes to this file
diff --git a/docker-compose/versions/camunda-alpha/docker-compose-core.yaml b/docker-compose/versions/camunda-alpha/docker-compose-core.yaml
new file mode 100644
index 0000000..e53ee5a
--- /dev/null
+++ b/docker-compose/versions/camunda-alpha/docker-compose-core.yaml
@@ -0,0 +1,167 @@
+# While the Docker images themselves are supported for production usage,
+# this docker-compose.yaml is designed to be used by developers to run
+# an environment locally. It is not designed to be used in production.
+# We recommend to use Kubernetes in production with our Helm Charts:
+# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/
+# For local development, we recommend using KIND instead of `docker-compose`:
+# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/
+
+# This is a lightweight configuration with Zeebe, Operate, Tasklist, and Elasticsearch
+# See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak.
+
+services:
+
+ zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe
+ image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION}
+ container_name: zeebe
+ ports:
+ - "26500:26500"
+ - "9600:9600"
+ - "8088:8080"
+ environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/
+ - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter
+ - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200
+ # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259
+ - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1
+ # allow running with low disk space
+ - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998
+ - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999
+ - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m"
+ restart: unless-stopped
+ healthcheck:
+ test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ]
+ interval: 30s
+ timeout: 5s
+ retries: 5
+ start_period: 30s
+ volumes:
+ - zeebe:/usr/local/zeebe/data
+ networks:
+ - camunda-platform
+ depends_on:
+ - elasticsearch
+
+ operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate
+ image: camunda/operate:${CAMUNDA_PLATFORM_VERSION}
+ container_name: operate
+ ports:
+ - "8081:8080"
+ environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/
+ - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500
+ - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200
+ - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
+ - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false
+ - management.endpoints.web.exposure.include=health
+ - management.endpoint.health.probes.enabled=true
+ healthcheck:
+ test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:9600/actuator/health/readiness'" ]
+ interval: 30s
+ timeout: 1s
+ retries: 5
+ start_period: 30s
+ networks:
+ - camunda-platform
+ depends_on:
+ - zeebe
+ - elasticsearch
+
+ tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist
+ image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION}
+ container_name: tasklist
+ ports:
+ - "8082:8080"
+ environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/
+ - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500
+ - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080
+ - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200
+ - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
+ - CAMUNDA_TASKLIST_CSRFPREVENTIONENABLED=false
+ - management.endpoints.web.exposure.include=health
+ - management.endpoint.health.probes.enabled=true
+ healthcheck:
+ test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:9600/actuator/health/readiness'" ]
+ interval: 30s
+ timeout: 1s
+ retries: 5
+ start_period: 30s
+ networks:
+ - camunda-platform
+ depends_on:
+ - zeebe
+ - elasticsearch
+
+ connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/
+ image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION}
+ container_name: connectors
+ ports:
+ - "8085:8080"
+ environment:
+ - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500
+ - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true
+ - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080
+ - CAMUNDA_OPERATE_CLIENT_USERNAME=demo
+ - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo
+ - management.endpoints.web.exposure.include=health
+ - management.endpoint.health.probes.enabled=true
+ healthcheck:
+ test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ]
+ interval: 30s
+ timeout: 1s
+ retries: 5
+ start_period: 30s
+ env_file: connector-secrets.txt
+ networks:
+ - camunda-platform
+ depends_on:
+ - zeebe
+ - operate
+
+ elasticsearch: # https://hub.docker.com/_/elasticsearch
+ image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
+ container_name: elasticsearch
+ ports:
+ - "9200:9200"
+ - "9300:9300"
+ environment:
+ - bootstrap.memory_lock=true
+ - discovery.type=single-node
+ - xpack.security.enabled=false
+ # allow running with low disk space
+ - cluster.routing.allocation.disk.threshold_enabled=false
+ - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+ ulimits:
+ memlock:
+ soft: -1
+ hard: -1
+ restart: unless-stopped
+ healthcheck:
+ test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ]
+ interval: 30s
+ timeout: 5s
+ retries: 3
+ volumes:
+ - elastic:/usr/share/elasticsearch/data
+ networks:
+ - camunda-platform
+
+ kibana:
+ image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION}
+ container_name: kibana
+ ports:
+ - 5601:5601
+ volumes:
+ - kibana:/usr/share/kibana/data
+ networks:
+ - camunda-platform
+ depends_on:
+ - elasticsearch
+ profiles:
+ - kibana
+
+volumes:
+ zeebe:
+ elastic:
+ kibana:
+
+networks:
+ camunda-platform:
diff --git a/docker-compose/versions/camunda-alpha/docker-compose.yaml b/docker-compose/versions/camunda-alpha/docker-compose.yaml
new file mode 100644
index 0000000..7bfe203
--- /dev/null
+++ b/docker-compose/versions/camunda-alpha/docker-compose.yaml
@@ -0,0 +1,564 @@
+# While the Docker images themselves are supported for production usage,
+# this docker-compose.yaml is designed to be used by developers to run
+# an environment locally. It is not designed to be used in production.
+# We recommend to use Kubernetes in production with our Helm Charts:
+# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/
+# For local development, we recommend using KIND instead of `docker-compose`:
+# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/
+
+# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, Elasticsearch and Web Modeler.
+# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak.
+
+services:
+
+ zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe
+ profiles:
+ - full
+ image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION}
+ container_name: zeebe
+ ports:
+ - "26500:26500"
+ - "9600:9600"
+ - "8088:8080"
+ environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/
+ - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE}
+ - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:18080/auth/realms/camunda-platform
+ - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api
+ - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084
+ - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED}
+ - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter
+ - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200
+ # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259
+ - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1
+ # allow running with low disk space
+ - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998
+ - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999
+ - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m"
+ restart: always
+ healthcheck:
+ test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ]
+ interval: 30s
+ timeout: 5s
+ retries: 5
+ start_period: 30s
+ volumes:
+ - zeebe:/usr/local/zeebe/data
+ networks:
+ - camunda-platform
+ depends_on:
+ - elasticsearch
+ - identity
+
+ operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate
+ profiles:
+ - full
+ image: camunda/operate:${CAMUNDA_PLATFORM_VERSION}
+ container_name: operate
+ ports:
+ - "8081:8080"
+ environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/
+ - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500
+ - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID}
+ - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET}
+ - ZEEBE_TOKEN_AUDIENCE=zeebe-api
+ - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token
+ - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200
+ - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
+ # For more information regarding configuration with Identity see:
+ # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity
+ - SPRING_PROFILES_ACTIVE=identity-auth
+ - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084
+ - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+ - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform
+ - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate
+ - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
+ - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api
+ - CAMUNDA_OPERATE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED}
+ - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:18080/auth/realms/camunda-platform
+ - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/certs
+ - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED}
+ - management.endpoints.web.exposure.include=health
+ - management.endpoint.health.probes.enabled=true
+ - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache
+ healthcheck:
+ test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:9600/actuator/health/readiness'" ]
+ interval: 30s
+ timeout: 1s
+ retries: 5
+ start_period: 30s
+ volumes:
+ - operate_tmp:/tmp
+ networks:
+ - camunda-platform
+ depends_on:
+ - zeebe
+ - identity
+ - elasticsearch
+
+ tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist
+ profiles:
+ - full
+ image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION}
+ container_name: tasklist
+ ports:
+ - "8082:8080"
+ environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/
+ - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500
+ - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080
+ - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID}
+ - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET}
+ - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache
+ - ZEEBE_TOKEN_AUDIENCE=zeebe-api
+ - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token
+ - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200
+ - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
+ # For more information regarding configuration with Identity see:
+ # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity
+ - SPRING_PROFILES_ACTIVE=identity-auth
+ - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084
+ - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+ - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform
+ - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist
+ - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
+ - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api
+ - CAMUNDA_TASKLIST_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED}
+ - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:18080/auth/realms/camunda-platform
+ - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/certs
+ - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED}
+ - management.endpoints.web.exposure.include=health
+ - management.endpoint.health.probes.enabled=true
+ healthcheck:
+ test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:9600/actuator/health/readiness'" ]
+ interval: 30s
+ timeout: 1s
+ retries: 5
+ start_period: 30s
+ volumes:
+ - tasklist_tmp:/tmp
+ networks:
+ - camunda-platform
+ depends_on:
+ zeebe:
+ condition: service_started
+ elasticsearch:
+ condition: service_healthy
+ identity:
+ condition: service_healthy
+
+ connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/
+ profiles:
+ - full
+ image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION}
+ container_name: connectors
+ ports:
+ - "8085:8080"
+ environment:
+ - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500
+ - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true
+ - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID}
+ - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET}
+ - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache
+ - ZEEBE_TOKEN_AUDIENCE=zeebe-api
+ - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token
+ - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080
+ - CAMUNDA_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+ - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform
+ - CAMUNDA_IDENTITY_CLIENT_ID=connectors
+ - CAMUNDA_IDENTITY_CLIENT_SECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
+ - CAMUNDA_IDENTITY_TYPE=KEYCLOAK
+ - CAMUNDA_IDENTITY_AUDIENCE=operate-api
+ - management.endpoints.web.exposure.include=health
+ - management.endpoint.health.probes.enabled=true
+ env_file: connector-secrets.txt
+ healthcheck:
+ test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ]
+ interval: 30s
+ timeout: 1s
+ retries: 5
+ start_period: 30s
+ networks:
+ - camunda-platform
+ depends_on:
+ - zeebe
+ - operate
+ - identity
+
+ optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize
+ profiles:
+ - full
+ image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION}
+ container_name: optimize
+ ports:
+ - "8083:8090"
+ environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables
+ - OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch
+ - OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200
+ - SPRING_PROFILES_ACTIVE=ccsm
+ - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true
+ - CAMUNDA_OPTIMIZE_ENTERPRISE=false
+ - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+ - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform
+ - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize
+ - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
+ - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api
+ - CAMUNDA_OPTIMIZE_IDENTITY_BASE_URL=http://identity:8084
+ - CAMUNDA_OPTIMIZE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED}
+ - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false
+ - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true
+ - management.endpoints.web.exposure.include=health
+ - management.endpoint.health.probes.enabled=true
+ healthcheck:
+ test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ]
+ interval: 30s
+ timeout: 1s
+ retries: 5
+ start_period: 30s
+ volumes:
+ - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml"
+ restart: on-failure
+ networks:
+ - camunda-platform
+ depends_on:
+ - identity
+ - elasticsearch
+
+ identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity
+ profiles:
+ - full
+ - modeling
+ container_name: identity
+ image: camunda/identity:${CAMUNDA_PLATFORM_VERSION}
+ ports:
+ - "8084:8084"
+ environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/
+ SERVER_PORT: 8084
+ IDENTITY_RETRY_DELAY_SECONDS: 30
+ IDENTITY_URL: http://${HOST}:8084
+ KEYCLOAK_URL: http://keycloak:18080/auth
+ IDENTITY_AUTH_PROVIDER_ISSUER_URL: http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+ IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:18080/auth/realms/camunda-platform
+ IDENTITY_DATABASE_HOST: postgres
+ IDENTITY_DATABASE_PORT: 5432
+ IDENTITY_DATABASE_NAME: bitnami_keycloak
+ IDENTITY_DATABASE_USERNAME: bn_keycloak
+ IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5"
+ KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
+ KEYCLOAK_INIT_OPERATE_ROOT_URL: http://${HOST}:8081
+ KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
+ KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://${HOST}:8082
+ KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
+ KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://${HOST}:8083
+ KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://${HOST}:8070
+ KEYCLOAK_INIT_CONNECTORS_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
+ KEYCLOAK_INIT_CONNECTORS_ROOT_URL: http://${HOST}:8085
+ KEYCLOAK_INIT_ZEEBE_NAME: zeebe
+ KEYCLOAK_USERS_0_USERNAME: "demo"
+ KEYCLOAK_USERS_0_PASSWORD: "demo"
+ KEYCLOAK_USERS_0_FIRST_NAME: "demo"
+ KEYCLOAK_USERS_0_EMAIL: "demo@acme.com"
+ KEYCLOAK_USERS_0_ROLES_0: "Identity"
+ KEYCLOAK_USERS_0_ROLES_1: "Optimize"
+ KEYCLOAK_USERS_0_ROLES_2: "Operate"
+ KEYCLOAK_USERS_0_ROLES_3: "Tasklist"
+ KEYCLOAK_USERS_0_ROLES_4: "Web Modeler"
+ KEYCLOAK_USERS_0_ROLES_5: "Web Modeler Admin"
+ KEYCLOAK_CLIENTS_0_NAME: zeebe
+ KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID}
+ KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET}
+ KEYCLOAK_CLIENTS_0_TYPE: M2M
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:*
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_1_RESOURCE_SERVER_ID: operate-api
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_1_DEFINITION: write:*
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_2_RESOURCE_SERVER_ID: tasklist-api
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_2_DEFINITION: write:*
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_3_RESOURCE_SERVER_ID: optimize-api
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_3_DEFINITION: write:*
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_4_RESOURCE_SERVER_ID: tasklist-api
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_4_DEFINITION: read:*
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_5_RESOURCE_SERVER_ID: operate-api
+ KEYCLOAK_CLIENTS_0_PERMISSIONS_5_DEFINITION: read:*
+ MULTITENANCY_ENABLED: ${MULTI_TENANCY_ENABLED}
+ RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED}
+ healthcheck:
+ test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ]
+ interval: 5s
+ timeout: 15s
+ retries: 30
+ start_period: 60s
+ restart: on-failure
+ volumes:
+ - keycloak-theme:/app/keycloak-theme
+ networks:
+ - camunda-platform
+ - identity-network
+ depends_on:
+ keycloak:
+ condition: service_healthy
+
+ postgres: # https://hub.docker.com/_/postgres
+ profiles:
+ - full
+ - modeling
+ container_name: postgres
+ image: postgres:${POSTGRES_VERSION}
+ environment:
+ POSTGRES_DB: bitnami_keycloak
+ POSTGRES_USER: bn_keycloak
+ POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5"
+ restart: on-failure
+ healthcheck:
+ test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ]
+ interval: 10s
+ timeout: 5s
+ retries: 5
+ volumes:
+ - postgres:/var/lib/postgresql/data
+ networks:
+ - identity-network
+
+ keycloak: # https://hub.docker.com/r/bitnami/keycloak
+ profiles:
+ - full
+ - modeling
+ container_name: keycloak
+ image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION}
+ volumes:
+ - keycloak-theme:/opt/bitnami/keycloak/themes/identity
+ ports:
+ - "18080:18080"
+ environment:
+ KEYCLOAK_HTTP_PORT: 18080
+ KEYCLOAK_HTTP_RELATIVE_PATH: /auth
+ KEYCLOAK_DATABASE_HOST: postgres
+ KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5"
+ KEYCLOAK_ADMIN_USER: admin
+ KEYCLOAK_ADMIN_PASSWORD: admin
+ restart: on-failure
+ healthcheck:
+ test: ["CMD", "curl", "-f", "http://localhost:18080/auth"]
+ interval: 30s
+ timeout: 15s
+ retries: 5
+ start_period: 30s
+ networks:
+ - camunda-platform
+ - identity-network
+ depends_on:
+ - postgres
+
+ elasticsearch: # https://hub.docker.com/_/elasticsearch
+ profiles:
+ - full
+ image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
+ container_name: elasticsearch
+ ports:
+ - "9200:9200"
+ - "9300:9300"
+ environment:
+ - bootstrap.memory_lock=true
+ - discovery.type=single-node
+ - xpack.security.enabled=false
+ # allow running with low disk space
+ - cluster.routing.allocation.disk.threshold_enabled=false
+ - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+ ulimits:
+ memlock:
+ soft: -1
+ hard: -1
+ restart: always
+ healthcheck:
+ test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ]
+ interval: 30s
+ timeout: 5s
+ retries: 3
+ volumes:
+ - elastic:/usr/share/elasticsearch/data
+ networks:
+ - camunda-platform
+
+ web-modeler-db:
+ profiles:
+ - full
+ - modeling
+ container_name: web-modeler-db
+ image: postgres:${POSTGRES_VERSION}
+ healthcheck:
+ test: pg_isready -d web-modeler-db -U web-modeler-db-user
+ interval: 5s
+ timeout: 15s
+ retries: 30
+ environment:
+ POSTGRES_DB: web-modeler-db
+ POSTGRES_USER: web-modeler-db-user
+ POSTGRES_PASSWORD: web-modeler-db-password
+ networks:
+ - web-modeler
+ volumes:
+ - postgres-web:/var/lib/postgresql/data
+
+ mailpit:
+ # If you want to use your own SMTP server, you can remove this container
+ # and configure RESTAPI_MAIL_HOST, RESTAPI_MAIL_PORT, REST_API_MAIL_USER,
+ # REST_API_MAIL_PASSWORD and RESTAPI_MAIL_ENABLE_TLS in web-modeler-restapi
+ profiles:
+ - full
+ - modeling
+ container_name: mailpit
+ image: axllent/mailpit:${MAILPIT_VERSION}
+ ports:
+ - "1025:1025"
+ - "8075:8025"
+ healthcheck:
+ test: /usr/bin/nc -v localhost 1025
+ interval: 30s
+ networks:
+ - web-modeler
+
+ web-modeler-restapi:
+ profiles:
+ - full
+ - modeling
+ container_name: web-modeler-restapi
+ image: camunda/web-modeler-restapi:${CAMUNDA_WEB_MODELER_VERSION}
+ command: /bin/sh -c "java $JAVA_OPTIONS org.springframework.boot.loader.JarLauncher"
+ depends_on:
+ web-modeler-db:
+ condition: service_healthy
+ mailpit:
+ condition: service_started
+ identity:
+ condition: service_healthy
+ healthcheck:
+ test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8091/health/readiness" ]
+ interval: 5s
+ timeout: 15s
+ retries: 30
+ environment:
+ JAVA_OPTIONS: -Xmx128m
+ LOGGING_LEVEL_IO_CAMUNDA_MODELER: DEBUG
+ CAMUNDA_IDENTITY_BASEURL: http://identity:8084/
+ SPRING_DATASOURCE_URL: jdbc:postgresql://web-modeler-db:5432/web-modeler-db
+ SPRING_DATASOURCE_USERNAME: web-modeler-db-user
+ SPRING_DATASOURCE_PASSWORD: web-modeler-db-password
+ SPRING_PROFILES_INCLUDE: default-logging
+ RESTAPI_PUSHER_HOST: web-modeler-websockets
+ RESTAPI_PUSHER_PORT: "8060"
+ RESTAPI_PUSHER_APP_ID: web-modeler-app
+ RESTAPI_PUSHER_KEY: web-modeler-app-key
+ RESTAPI_PUSHER_SECRET: web-modeler-app-secret
+ RESTAPI_OAUTH2_TOKEN_ISSUER: http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+ RESTAPI_OAUTH2_TOKEN_ISSUER_BACKEND_URL: http://keycloak:18080/auth/realms/camunda-platform
+ RESTAPI_SERVER_URL: http://localhost:8070
+ RESTAPI_MAIL_HOST: mailpit
+ RESTAPI_MAIL_PORT: 1025
+ RESTAPI_MAIL_ENABLE_TLS: "false"
+ RESTAPI_MAIL_FROM_ADDRESS: "noreply@example.com"
+ CAMUNDA_MODELER_CLUSTERS_0_NAME: "Local Zeebe instance"
+ CAMUNDA_MODELER_CLUSTERS_0_VERSION: ${CAMUNDA_PLATFORM_VERSION}
+ CAMUNDA_MODELER_CLUSTERS_0_URL_ZEEBE_GRPC: http://zeebe:26500
+ CAMUNDA_MODELER_CLUSTERS_0_URL_ZEEBE_REST: http://zeebe:8080
+ CAMUNDA_MODELER_CLUSTERS_0_URL_OPERATE: http://operate:8080
+ CAMUNDA_MODELER_CLUSTERS_0_URL_TASKLIST: http://tasklist:8080
+ CAMUNDA_MODELER_CLUSTERS_0_OAUTH_URL: http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token
+ # extra cluster configuration depending on the authentication mode
+ env_file: ./.web-modeler/cluster-config-authentication-mode-${ZEEBE_AUTHENTICATION_MODE}.env
+ networks:
+ - web-modeler
+ - camunda-platform
+
+ web-modeler-webapp:
+ profiles:
+ - full
+ - modeling
+ container_name: web-modeler-webapp
+ image: camunda/web-modeler-webapp:${CAMUNDA_WEB_MODELER_VERSION}
+ ports:
+ - "8070:8070"
+ depends_on:
+ web-modeler-restapi:
+ condition: service_healthy
+ healthcheck:
+ test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8071/health/readiness" ]
+ interval: 5s
+ timeout: 15s
+ retries: 30
+ environment:
+ RESTAPI_HOST: web-modeler-restapi
+ SERVER_HOST: web-modeler-webapp
+ SERVER_HTTPS_ONLY: "false"
+ SERVER_URL: http://localhost:8070
+ PUSHER_APP_ID: web-modeler-app
+ PUSHER_KEY: web-modeler-app-key
+ PUSHER_SECRET: web-modeler-app-secret
+ PUSHER_HOST: web-modeler-websockets
+ PUSHER_PORT: "8060"
+ CLIENT_PUSHER_HOST: localhost
+ CLIENT_PUSHER_PORT: "8060"
+ CLIENT_PUSHER_FORCE_TLS: "false"
+ CLIENT_PUSHER_KEY: web-modeler-app-key
+ OAUTH2_CLIENT_ID: web-modeler
+ OAUTH2_JWKS_URL: http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/certs
+ OAUTH2_TOKEN_AUDIENCE: web-modeler-api
+ OAUTH2_TOKEN_ISSUER: http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+ IDENTITY_BASE_URL: http://identity:8084/
+ PLAY_ENABLED: "true"
+ networks:
+ - web-modeler
+ - camunda-platform
+
+ web-modeler-websockets:
+ profiles:
+ - full
+ - modeling
+ container_name: web-modeler-websockets
+ image: camunda/web-modeler-websockets:${CAMUNDA_WEB_MODELER_VERSION}
+ ports:
+ - "8060:8060"
+ healthcheck:
+ test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8060/up" ]
+ interval: 5s
+ timeout: 15s
+ retries: 30
+ environment:
+ APP_NAME: "Web Modeler Self-Managed WebSockets"
+ APP_DEBUG: "true"
+ PUSHER_APP_ID: web-modeler-app
+ PUSHER_APP_KEY: web-modeler-app-key
+ PUSHER_APP_SECRET: web-modeler-app-secret
+ networks:
+ - web-modeler
+
+ kibana:
+ image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION}
+ container_name: kibana
+ ports:
+ - 5601:5601
+ volumes:
+ - kibana:/usr/share/kibana/data
+ networks:
+ - camunda-platform
+ depends_on:
+ - elasticsearch
+ profiles:
+ - kibana
+
+volumes:
+ zeebe:
+ elastic:
+ postgres:
+ keycloak-theme:
+ kibana:
+ operate_tmp:
+ tasklist_tmp:
+ postgres-web:
+
+networks:
+ # Note there are three bridge networks: One for Camunda Platform, one for Identity and one for Web Modeler.
+ # Identity and Keycloak are part of the first two as they need to be accessible by platform components.
+ # Web Modeler has its own network because it consists of three components that communicate with each other.
+ # It is also part of the canunda-platform network to communicate with the platform components like Zeebe to run
+ # processes or Identity to log in.
+ camunda-platform:
+ identity-network:
+ web-modeler: