From 63ec09d0b9bd804e34d36503fe10f0a6e2319efc Mon Sep 17 00:00:00 2001 From: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com> Date: Tue, 31 Dec 2024 12:39:12 +0100 Subject: [PATCH] refactor: update docker-compose docs and structure (#15) also: - set up renovatebot for Docker Compose. - remove Docker Compose for unsupported Camunda versions (8.2). --- .../renovatebot/renovate-docker-compose.json5 | 86 +++++ .github/renovate.json5 | 25 ++ README.md | 33 +- docker-compose/README.md | 31 ++ docker-compose/versions/camunda-8.2/.env | 27 -- .../versions/camunda-8.2/.keycloak/Dockerfile | 62 --- .../.optimize/environment-config.yaml | 5 - .../camunda-8.2/connector-secrets.txt | 2 - .../connectors.self-signed-certificates.yaml | 9 - .../camunda-8.2/docker-compose-core.yaml | 164 -------- .../docker-compose-web-modeler.yaml | 144 ------- .../versions/camunda-8.2/docker-compose.yaml | 352 ------------------ docker-compose/versions/camunda-8.3/README.md | 5 + docker-compose/versions/camunda-8.4/README.md | 5 + docker-compose/versions/camunda-8.5/README.md | 5 + docker-compose/versions/camunda-8.6/README.md | 5 + .../versions/camunda-alpha/README.md | 265 +------------ 17 files changed, 195 insertions(+), 1030 deletions(-) create mode 100644 .github/config/renovatebot/renovate-docker-compose.json5 create mode 100644 .github/renovate.json5 create mode 100644 docker-compose/README.md delete mode 100644 docker-compose/versions/camunda-8.2/.env delete mode 100644 docker-compose/versions/camunda-8.2/.keycloak/Dockerfile delete mode 100644 docker-compose/versions/camunda-8.2/.optimize/environment-config.yaml delete mode 100644 docker-compose/versions/camunda-8.2/connector-secrets.txt delete mode 100644 docker-compose/versions/camunda-8.2/connectors.self-signed-certificates.yaml delete mode 100644 docker-compose/versions/camunda-8.2/docker-compose-core.yaml delete mode 100644 docker-compose/versions/camunda-8.2/docker-compose-web-modeler.yaml delete mode 100644 docker-compose/versions/camunda-8.2/docker-compose.yaml create mode 100644 docker-compose/versions/camunda-8.3/README.md create mode 100644 docker-compose/versions/camunda-8.4/README.md create mode 100644 docker-compose/versions/camunda-8.5/README.md diff --git a/.github/config/renovatebot/renovate-docker-compose.json5 b/.github/config/renovatebot/renovate-docker-compose.json5 new file mode 100644 index 0000000..80c977c --- /dev/null +++ b/.github/config/renovatebot/renovate-docker-compose.json5 @@ -0,0 +1,86 @@ +{ + description: "Keeps Docker Compose up to date", + packageRules: [ + // Disable Minor and Major updates by default. + { + enabled: false, + matchFileNames: ["docker-compose/versions/camunda-8*/**"], + matchUpdateTypes: ["minor", "major"], + }, + // Disable unsupported Camunda versions. + { + enabled: false, + matchFileNames: [ + "docker-compose/versions/camunda-8.0/**", + "docker-compose/versions/camunda-8.1/**", + "docker-compose/versions/camunda-8.2/**", + ], + }, + // + // Main groups. + // This section should be updated with the Camunda supported versions. + // Start of minor cycle chores. + { + groupName: "camunda-docker-compose-8.3", + addLabels: ["version/8.3", "deps/docker-compose"], + matchFileNames: ["docker-compose/versions/camunda-8.3/**"], + matchUpdateTypes: ["patch"], + }, + { + groupName: "camunda-docker-compose-8.4", + addLabels: ["version/8.4", "deps/docker-compose"], + matchFileNames: ["docker-compose/versions/camunda-8.4/**"], + matchUpdateTypes: ["patch"], + }, + { + groupName: "camunda-docker-compose-8.5", + addLabels: ["version/8.5", "deps/docker-compose"], + matchFileNames: ["docker-compose/versions/camunda-8.5/**"], + matchUpdateTypes: ["patch"], + }, + { + groupName: "camunda-docker-compose-8.6", + addLabels: ["version/8.6", "deps/docker-compose"], + matchFileNames: ["docker-compose/versions/camunda-8.6/**"], + matchUpdateTypes: ["patch"], + }, + { + groupName: "camunda-docker-compose-alpha", + addLabels: ["version/8.7", "deps/docker-compose"], + matchFileNames: ["docker-compose/versions/camunda-alpha/**"], + matchUpdateTypes: ["patch", "minor"], + }, + // End of minor cycle chores. + + // Disable auto-merge for alpha release candidates. + { + matchNewValue: "/.*alpha[0-9]*-rc[0-9]*/", + automerge: false, + }, + ], + + regexManagers: [ + { + // This is mainly used to update Web-Modeler image tag. + // section is copied from camunda/camunda-platform-helm + fileMatch: [".env"], + datasourceTemplate: "docker", + matchStrings: [ + "# renovate: datasource=docker depName=(?[^\\s]+?)(?: (lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[^\\s]+?))?(?: registryUrl=(?[^\\s]+?))?\\s*?(\\S+)=(?\\S+)", + ], + versioningTemplate: "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + }, + { + fileMatch: [ + ".env", + ".keycloak/Dockerfile" + ], + matchStrings: [ + "KEYCLOAK_SERVER_VERSION\\s*=\\s*(?\\S+)", + "KEYCLOAK_VERSION\\s*=\\s*(?\\S+)", + ], + depNameTemplate: "bitnami/keycloak", + datasourceTemplate: "docker", + }, + ], +} diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..90ef70b --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,25 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + extends: [ + "config:recommended", + ":automergeDisabled", + ":dependencyDashboard", + "github>camunda/camunda-self-managed//.github/config/renovatebot/renovate-docker-compose.json5" + ], + "dependencyDashboard": true, + "separateMinorPatch": true, + "labels": [ + "dependencies" + ], + "patch": { + "enabled": true + }, + "hostRules": [ + { + "hostType": "docker", + "matchHost": "https://registry.camunda.cloud", + "username": "{{ secrets.DISTRO_CAMUNDA_DOCKER_REGISTRY_USERNAME }}", + "password": "{{ secrets.DISTRO_CAMUNDA_DOCKER_REGISTRY_PASSWORD }}" + } + ] +} diff --git a/README.md b/README.md index e99cf9d..1144400 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,36 @@ -# Camunda 8 Self-Managed Distribution +# Camunda 8 Self-Managed + +> [!CAUTION] +> +> This GitHub repository is mainly for development, don't use it directly to deploy Camunda. End users should use the [official documentation](https://docs.camunda.io/docs/self-managed/about-self-managed/). A mono repo for Camunda 8 Self-Managed Distributions. -# Distributions +## Distributions -## Docker Compose +### Docker Compose For more details, check the directory of [Camunda Docker Compose](./docker-compose/). + +## Documentation + +- Official docs: [Camunda 8 Self-Managed](https://docs.camunda.io/docs/self-managed/about-self-managed/). + +## Issues + +If you find any problem with the Camunda 8 Self-Managed distributions, create a [new issue](https://github.com/camunda/camunda-self-managed/issues). + +## Contributing + +We value all feedback and contributions. To start contributing to this project, please: + +- **Don't create a PR without opening [an issue](https://github.com/camunda/camunda-self-managed/issues/new/choose) + and discussing it first.** + +## License + +Camunda 8 Self-Managed Distributions are licensed under the open-source Apache License 2.0. +Please see [LICENSE](LICENSE) for details. + +For Camunda 8 components, please visit the +[licensing information page](https://docs.camunda.io/docs/reference/licenses). diff --git a/docker-compose/README.md b/docker-compose/README.md new file mode 100644 index 0000000..d9200c9 --- /dev/null +++ b/docker-compose/README.md @@ -0,0 +1,31 @@ +# Camunda 8 Self-Managed - Docker Compose + +A Docker Compose configuration to run Camunda Platform (e.g., Zeebe, Operate, Tasklist, Optimize, Identity, and Connectors Bundle). + +> [!CAUTION] +> +> Docker Compose is only recommended for local development. +> For production setups we recommend using [Camunda 8 SaaS](https://camunda.com/platform/), or [Camunda 8 Helm charts](https://docs.camunda.io/docs/self-managed/setup/install/). + +## Supported Versions + +Released Camunda versions: + +- [Camunda 8.3](./versions/camunda-8.3) +- [Camunda 8.4](./versions/camunda-8.4) +- [Camunda 8.5](./versions/camunda-8.5) +- [Camunda 8.6](./versions/camunda-8.6) + +## Next Version + +Unreleased Camunda version: + +- [Camunda Alpha](./versions/camunda-alpha) + +## Continuous Integration + +The basic functionality of Docker Compose is continually tested using GitHub Actions and Playwright. + +## Continuous Delivery + +TBA. diff --git a/docker-compose/versions/camunda-8.2/.env b/docker-compose/versions/camunda-8.2/.env deleted file mode 100644 index 9264b4e..0000000 --- a/docker-compose/versions/camunda-8.2/.env +++ /dev/null @@ -1,27 +0,0 @@ -## Image versions ## -# renovate: datasource=docker depName=camunda/connectors-bundle -CAMUNDA_CONNECTORS_VERSION=0.23.2 -# renovate: datasource=docker depName=camunda/optimize -CAMUNDA_OPTIMIZE_VERSION=3.10.14 -CAMUNDA_PLATFORM_VERSION=8.2.31 - -# renovate: datasource=docker depName=camunda/operate -CAMUNDA_OPERATE_VERSION=8.2.31 - -# renovate: datasource=docker depName=camunda/web-modeler lookupName=registry.camunda.cloud/web-modeler-ee/modeler-restapi -CAMUNDA_WEB_MODELER_VERSION=8.2.20 -ELASTIC_VERSION=7.17.9 -KEYCLOAK_SERVER_VERSION=19.0.3 -MAILPIT_VERSION=v1.5.4 -POSTGRES_VERSION=14.5-alpine - -## Configuration ## -# By default the zeebe api is public, when setting this to `identity` a valid zeebe client token is required -ZEEBE_AUTHENTICATION_MODE=none -ZEEBE_CLIENT_ID=zeebe -ZEEBE_CLIENT_SECRET=zecret - -# Set to 'true' to enable resource based authorizations for users and groups -# This can be used to limit access for users or groups to view/update specific -# processes and decisions in Operate and Tasklist -RESOURCE_AUTHORIZATIONS_ENABLED=false diff --git a/docker-compose/versions/camunda-8.2/.keycloak/Dockerfile b/docker-compose/versions/camunda-8.2/.keycloak/Dockerfile deleted file mode 100644 index 33ea394..0000000 --- a/docker-compose/versions/camunda-8.2/.keycloak/Dockerfile +++ /dev/null @@ -1,62 +0,0 @@ -# This Dockerfile will build an arm64 Keycloak image that can be used in the same way -# as the docker images provided by bitnami/keycloak -ARG KEYCLOAK_VERSION=19.0.3 - -# Inspired by https://github.com/keycloak/keycloak/blob/main/quarkus/container/Dockerfile -# and https://github.com/bitnami/containers/blob/main/bitnami/keycloak/19/debian-11/Dockerfile -FROM registry.access.redhat.com/ubi8-minimal AS build - -ARG KEYCLOAK_VERSION -ARG KEYCLOAK_DIST=https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz - -RUN microdnf install -y tar gzip - -ADD $KEYCLOAK_DIST /tmp/keycloak/ - -# The next step makes it uniform for local development and upstream built. -# If it is a local tar archive then it is unpacked, if from remote is just downloaded. -RUN (cd /tmp/keycloak && \ - tar -xvf /tmp/keycloak/keycloak-*.tar.gz && \ - rm /tmp/keycloak/keycloak-*.tar.gz) || true - -RUN mv /tmp/keycloak/keycloak-* /opt/keycloak && mkdir -p /opt/keycloak/data - -RUN chmod -R g+rwX /opt/keycloak - -FROM docker.io/bitnami/keycloak:${KEYCLOAK_VERSION} as bitnami-env - -FROM registry.access.redhat.com/ubi8-minimal -ARG KEYCLOAK_VERSION -ENV LANG en_US.UTF-8 - -COPY --from=build --chown=1000:0 /opt/keycloak /opt/keycloak -COPY --from=bitnami-env --chown=1000:0 /opt/bitnami/scripts /opt/bitnami/scripts -RUN ln -s /opt/keycloak /opt/bitnami/keycloak - -# prevent JAVA_HOME from being changed -RUN sed -i 's/export JAVA_HOME=\"\/opt\/bitnami\/java\"//' /opt/bitnami/scripts/keycloak-env.sh - -RUN microdnf update -y && \ - microdnf install -y --nodocs java-11-openjdk-headless glibc-langpack-en hostname tar gzip tzdata-java-2023c && microdnf clean all && rm -rf /var/cache/yum/* && \ - echo "keycloak:x:0:root" >> /etc/group && \ - echo "keycloak:x:1000:0:keycloak user:/opt/keycloak:/sbin/nologin" >> /etc/passwd - -# Install wait-for-port which is required by bitnami scripts -# ref: https://github.com/bitnami/containers/blob/main/bitnami/keycloak/19/debian-11/Dockerfile#L25 -RUN \ - curl -SsLf "https://github.com/bitnami/wait-for-port/releases/download/v1.0.5/wait-for-port-linux-arm64.tar.gz" -O && \ - tar -zxf "wait-for-port-linux-arm64.tar.gz" && \ - rm -rf "wait-for-port-linux-arm64.tar.gz" && \ - mv ./wait-for-port-linux-arm64 /usr/bin/wait-for-port - -ENV APP_VERSION="$KEYCLOAK_VERSION" \ - BITNAMI_APP_NAME="keycloak" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/keycloak/bin:$PATH" - -USER 1000 - -EXPOSE 8080 -EXPOSE 8443 - -ENTRYPOINT [ "/opt/bitnami/scripts/keycloak/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/keycloak/run.sh" ] diff --git a/docker-compose/versions/camunda-8.2/.optimize/environment-config.yaml b/docker-compose/versions/camunda-8.2/.optimize/environment-config.yaml deleted file mode 100644 index de4cd58..0000000 --- a/docker-compose/versions/camunda-8.2/.optimize/environment-config.yaml +++ /dev/null @@ -1,5 +0,0 @@ -es: - settings: - index: - number_of_replicas: 0 - diff --git a/docker-compose/versions/camunda-8.2/connector-secrets.txt b/docker-compose/versions/camunda-8.2/connector-secrets.txt deleted file mode 100644 index 5b761a3..0000000 --- a/docker-compose/versions/camunda-8.2/connector-secrets.txt +++ /dev/null @@ -1,2 +0,0 @@ -# add secrets per line in the format NAME=VALUE -# WARNING: ensure not to commit changes to this file diff --git a/docker-compose/versions/camunda-8.2/connectors.self-signed-certificates.yaml b/docker-compose/versions/camunda-8.2/connectors.self-signed-certificates.yaml deleted file mode 100644 index debbebe..0000000 --- a/docker-compose/versions/camunda-8.2/connectors.self-signed-certificates.yaml +++ /dev/null @@ -1,9 +0,0 @@ -services: - connectors: - environment: - - JAVAX_NET_SSL_TRUSTSTORE=/opt/security/truststore/ - - JAVAX_NET_SSL_TRUSTSTOREPASSWORD=password - #- JAVA_OPTS=-Djavax.net.debug=all # Uncomment this line to fine tune additional JVM options - #- DEBUG_JVM_PRINT_JAVA_OPTS=1 # Uncomment this line to debug print $JAVA_OPTS - volumes: - - /path/to/your/folder/with/trust/store:/opt/security/truststore \ No newline at end of file diff --git a/docker-compose/versions/camunda-8.2/docker-compose-core.yaml b/docker-compose/versions/camunda-8.2/docker-compose-core.yaml deleted file mode 100644 index 12ea1f5..0000000 --- a/docker-compose/versions/camunda-8.2/docker-compose-core.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# While the Docker images themselves are supported for production usage, -# this docker-compose.yaml is designed to be used by developers to run -# an environment locally. It is not designed to be used in production. -# We recommend to use Kubernetes in production with our Helm Charts: -# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ -# For local development, we recommend using KIND instead of `docker-compose`: -# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ - -# This is a lightweight configuration with Zeebe, Operate, Tasklist, and Elasticsearch -# See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak. - -services: - - zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe - image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} - container_name: zeebe - ports: - - "26500:26500" - - "9600:9600" - environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 - # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 - # allow running with low disk space - - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 - - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 - - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" - restart: always - volumes: - - zeebe:/usr/local/zeebe/data - healthcheck: - test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] - interval: 30s - timeout: 5s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - elasticsearch - - operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate - image: camunda/operate:${CAMUNDA_OPERATE_VERSION} - container_name: operate - ports: - - "8081:8080" - environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ - - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 - - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - elasticsearch - - tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist - image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} - container_name: tasklist - ports: - - "8082:8080" - environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ - - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 - - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - elasticsearch - - connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ - image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} - container_name: connectors - ports: - - "8085:8080" - environment: - - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 - - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true - - OPERATE_CLIENT_ENABLED=true - - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 - - CAMUNDA_OPERATE_CLIENT_USERNAME=demo - - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - env_file: connector-secrets.txt - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - operate - - elasticsearch: # https://hub.docker.com/_/elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} - container_name: elasticsearch - ports: - - "9200:9200" - - "9300:9300" - environment: - - bootstrap.memory_lock=true - - discovery.type=single-node - - xpack.security.enabled=false - # allow running with low disk space - - cluster.routing.allocation.disk.threshold_enabled=false - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - ulimits: - memlock: - soft: -1 - hard: -1 - restart: always - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] - interval: 30s - timeout: 5s - retries: 3 - volumes: - - elastic:/usr/share/elasticsearch/data - networks: - - camunda-platform - - kibana: - image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} - container_name: kibana - ports: - - 5601:5601 - volumes: - - kibana:/usr/share/kibana/data - networks: - - camunda-platform - depends_on: - - elasticsearch - profiles: - - kibana - -volumes: - zeebe: - elastic: - kibana: - -networks: - camunda-platform: diff --git a/docker-compose/versions/camunda-8.2/docker-compose-web-modeler.yaml b/docker-compose/versions/camunda-8.2/docker-compose-web-modeler.yaml deleted file mode 100644 index 05e47d1..0000000 --- a/docker-compose/versions/camunda-8.2/docker-compose-web-modeler.yaml +++ /dev/null @@ -1,144 +0,0 @@ -# Docker Compose file for Web Modeler Self-Managed. This file is not intended to be used stand-alone. -# Use it in combination with docker-compose.yaml: -# -# docker-compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml up -d -# -# Note: this file is using Mailpit to simulate a mail server - -version: "2.4" - -services: - - modeler-db: - container_name: modeler-db - image: postgres:${POSTGRES_VERSION} - healthcheck: - test: pg_isready -d modeler-db -U modeler-db-user - interval: 5s - timeout: 15s - retries: 30 - environment: - POSTGRES_DB: modeler-db - POSTGRES_USER: modeler-db-user - POSTGRES_PASSWORD: modeler-db-password - networks: - - modeler - - modeler-websockets: - container_name: modeler-websockets - image: registry.camunda.cloud/web-modeler-ee/modeler-websockets:${CAMUNDA_WEB_MODELER_VERSION} - ports: - - "8060:8060" - healthcheck: - test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8060/up" ] - interval: 5s - timeout: 15s - retries: 30 - environment: - APP_NAME: "Web Modeler Self-Managed WebSockets" - APP_DEBUG: "true" - PUSHER_APP_ID: modeler-app - PUSHER_APP_KEY: modeler-app-key - PUSHER_APP_SECRET: modeler-app-secret - networks: - - modeler - - mailpit: - # If you want to use your own SMTP server, you can remove this container - # and configure RESTAPI_MAIL_HOST, RESTAPI_MAIL_PORT, REST_API_MAIL_USER, - # REST_API_MAIL_PASSWORD and RESTAPI_MAIL_ENABLE_TLS in modeler-restapi - container_name: mailpit - image: axllent/mailpit:${MAILPIT_VERSION} - ports: - - "1025:1025" - - "8075:8025" - healthcheck: - test: /usr/bin/nc -v localhost 1025 - interval: 30s - networks: - - modeler - - # Modeler containers - modeler-restapi: - container_name: modeler-restapi - image: registry.camunda.cloud/web-modeler-ee/modeler-restapi:${CAMUNDA_WEB_MODELER_VERSION} - command: /bin/sh -c "java $JAVA_OPTIONS org.springframework.boot.loader.JarLauncher" - depends_on: - modeler-db: - condition: service_healthy - mailpit: - condition: service_started - identity: - condition: service_healthy - healthcheck: - test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8091/health/readiness" ] - interval: 5s - timeout: 15s - retries: 30 - environment: - JAVA_OPTIONS: -Xmx128m - LOGGING_LEVEL_IO_CAMUNDA_MODELER: DEBUG - SPRING_PROFILES_INCLUDE: default-logging - RESTAPI_PUSHER_HOST: modeler-websockets - RESTAPI_PUSHER_PORT: "8060" - RESTAPI_PUSHER_APP_ID: modeler-app - RESTAPI_PUSHER_KEY: modeler-app-key - RESTAPI_PUSHER_SECRET: modeler-app-secret - RESTAPI_OAUTH2_TOKEN_ISSUER: http://localhost:18080/auth/realms/camunda-platform - RESTAPI_OAUTH2_TOKEN_ISSUER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform - RESTAPI_IDENTITY_BASE_URL: http://identity:8084/ - RESTAPI_SERVER_URL: http://localhost:8070 - RESTAPI_DB_HOST: modeler-db - RESTAPI_DB_NAME: modeler-db - RESTAPI_DB_PORT: 5432 - RESTAPI_DB_USER: modeler-db-user - RESTAPI_DB_PASSWORD: modeler-db-password - RESTAPI_MAIL_HOST: mailpit - RESTAPI_MAIL_PORT: 1025 - RESTAPI_MAIL_ENABLE_TLS: "false" - RESTAPI_MAIL_FROM_ADDRESS: "noreply@example.com" - networks: - - modeler - - camunda-platform - - modeler-webapp: - container_name: modeler-webapp - image: registry.camunda.cloud/web-modeler-ee/modeler-webapp:${CAMUNDA_WEB_MODELER_VERSION} - ports: - - "8070:8070" - depends_on: - modeler-restapi: - condition: service_healthy - healthcheck: - test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8071/health/readiness" ] - interval: 5s - timeout: 15s - retries: 30 - environment: - RESTAPI_HOST: modeler-restapi - SERVER_HOST: modeler-webapp - SERVER_URL: http://localhost:8070 - PUSHER_APP_ID: modeler-app - PUSHER_KEY: modeler-app-key - PUSHER_SECRET: modeler-app-secret - PUSHER_HOST: modeler-websockets - PUSHER_PORT: "8060" - CLIENT_PUSHER_HOST: localhost - CLIENT_PUSHER_PORT: "8060" - CLIENT_PUSHER_FORCE_TLS: "false" - CLIENT_PUSHER_KEY: modeler-app-key - OAUTH2_CLIENT_ID: web-modeler - OAUTH2_TOKEN_AUDIENCE: web-modeler - OAUTH2_TOKEN_ISSUER: http://localhost:18080/auth/realms/camunda-platform - KEYCLOAK_BASE_URL: http://localhost:18080 - KEYCLOAK_REALM: camunda-platform - KEYCLOAK_JWKS_URL: http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs - IDENTITY_BASE_URL: http://identity:8084/ - PLAY_ENABLED: "true" - networks: - - modeler - - camunda-platform - -networks: - camunda-platform: - modeler: \ No newline at end of file diff --git a/docker-compose/versions/camunda-8.2/docker-compose.yaml b/docker-compose/versions/camunda-8.2/docker-compose.yaml deleted file mode 100644 index 5381b63..0000000 --- a/docker-compose/versions/camunda-8.2/docker-compose.yaml +++ /dev/null @@ -1,352 +0,0 @@ -# While the Docker images themselves are supported for production usage, -# this docker-compose.yaml is designed to be used by developers to run -# an environment locally. It is not designed to be used in production. -# We recommend to use Kubernetes in production with our Helm Charts: -# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ -# For local development, we recommend using KIND instead of `docker-compose`: -# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ - -# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and Elasticsearch -# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. - -services: - - zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe - image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} - container_name: zeebe - ports: - - "26500:26500" - - "9600:9600" - environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform - - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 - # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 - - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 - # allow running with low disk space - - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 - - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 - - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" - restart: always - volumes: - - zeebe:/usr/local/zeebe/data - healthcheck: - test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] - interval: 30s - timeout: 5s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - elasticsearch - - identity - - operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate - image: camunda/operate:${CAMUNDA_OPERATE_VERSION} - container_name: operate - ports: - - "8081:8080" - environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ - - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 - - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 - # For more information regarding configuration with Identity see: - # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity - - SPRING_PROFILES_ACTIVE=identity-auth - - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084 - - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://localhost:18080/auth/realms/camunda-platform - - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate - - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://localhost:18080/auth/realms/camunda-platform - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/certs - - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - identity - - elasticsearch - - tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist - image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} - container_name: tasklist - ports: - - "8082:8080" - environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ - - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 - - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 - - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 - # For more information regarding configuration with Identity see: - # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity - - SPRING_PROFILES_ACTIVE=identity-auth - - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084 - - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://localhost:18080/auth/realms/camunda-platform - - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist - - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://localhost:18080/auth/realms/camunda-platform - - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/certs - - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - healthcheck: - test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - zeebe: - condition: service_started - elasticsearch: - condition: service_healthy - identity: - condition: service_healthy - - connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ - image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} - container_name: connectors - ports: - - "8085:8080" - environment: - - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 - - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true - - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} - - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} - - ZEEBE_TOKEN_AUDIENCE=zeebe-api - - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token - - CAMUNDA_OPERATE_CLIENT_KEYCLOAK-URL=http://keycloak:8080 - - CAMUNDA_OPERATE_CLIENT_CLIENT-ID=connectors - - CAMUNDA_OPERATE_CLIENT_CLIENT-SECRET=c0nn3ct0rsAr3Aw3s0me - - CAMUNDA_OPERATE_CLIENT_KEYCLOAK-REALM=camunda-platform - - OPERATE_CLIENT_ENABLED=true - - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - env_file: connector-secrets.txt - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - zeebe - - operate - - identity - - optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize - image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} - container_name: optimize - ports: - - "8083:8090" - environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables - - OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch - - OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 - - SPRING_PROFILES_ACTIVE=ccsm - - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true - - CAMUNDA_OPTIMIZE_ENTERPRISE=false - - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://localhost:18080/auth/realms/camunda-platform - - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform - - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize - - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api - - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false - - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true - - management.endpoints.web.exposure.include=health - - management.endpoint.health.probes.enabled=true - volumes: - - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml" - restart: on-failure - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ] - interval: 30s - timeout: 1s - retries: 5 - start_period: 30s - networks: - - camunda-platform - depends_on: - - identity - - elasticsearch - - identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity - container_name: identity - image: camunda/identity:${CAMUNDA_PLATFORM_VERSION} - ports: - - "8084:8084" - environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ - SERVER_PORT: 8084 - IDENTITY_RETRY_DELAY_SECONDS: 30 - KEYCLOAK_URL: http://keycloak:8080/auth - IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform - IDENTITY_DATABASE_HOST: postgres - IDENTITY_DATABASE_PORT: 5432 - IDENTITY_DATABASE_NAME: bitnami_keycloak - IDENTITY_DATABASE_USERNAME: bn_keycloak - IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" - KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_OPERATE_ROOT_URL: http://localhost:8081 - KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://localhost:8082 - KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 - KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://localhost:8083 - KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://localhost:8070 - KEYCLOAK_INIT_CONNECTORS_SECRET: c0nn3ct0rsAr3Aw3s0me - KEYCLOAK_INIT_ZEEBE_NAME: zeebe - KEYCLOAK_USERS_0_USERNAME: "demo" - KEYCLOAK_USERS_0_PASSWORD: "demo" - KEYCLOAK_USERS_0_FIRST_NAME: "demo" - KEYCLOAK_USERS_0_EMAIL: "demo@acme.com" - KEYCLOAK_USERS_0_ROLES_0: "Identity" - KEYCLOAK_USERS_0_ROLES_1: "Optimize" - KEYCLOAK_USERS_0_ROLES_2: "Operate" - KEYCLOAK_USERS_0_ROLES_3: "Tasklist" - KEYCLOAK_USERS_0_ROLES_4: "Web Modeler" - KEYCLOAK_CLIENTS_0_NAME: zeebe - KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID} - KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET} - KEYCLOAK_CLIENTS_0_TYPE: M2M - KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api - KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:* - RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED} - healthcheck: - test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ] - interval: 5s - timeout: 15s - retries: 30 - start_period: 60s - restart: on-failure - volumes: - - keycloak-theme:/app/keycloak-theme - networks: - - camunda-platform - - identity-network - depends_on: - keycloak: - condition: service_healthy - - postgres: # https://hub.docker.com/_/postgres - container_name: postgres - image: postgres:${POSTGRES_VERSION} - environment: - POSTGRES_DB: bitnami_keycloak - POSTGRES_USER: bn_keycloak - POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" - restart: on-failure - healthcheck: - test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] - interval: 10s - timeout: 5s - retries: 5 - volumes: - - postgres:/var/lib/postgresql/data - networks: - - identity-network - - keycloak: # https://hub.docker.com/r/bitnami/keycloak - container_name: keycloak - image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} - volumes: - - keycloak-theme:/opt/bitnami/keycloak/themes/identity - ports: - - "18080:8080" - environment: - KEYCLOAK_HTTP_RELATIVE_PATH: /auth - KEYCLOAK_DATABASE_HOST: postgres - KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" - KEYCLOAK_ADMIN_USER: admin - KEYCLOAK_ADMIN_PASSWORD: admin - restart: on-failure - healthcheck: - test: [ "CMD", "curl", "-f", "http://localhost:8080/auth" ] - interval: 30s - timeout: 15s - retries: 5 - start_period: 30s - networks: - - camunda-platform - - identity-network - depends_on: - - postgres - - elasticsearch: # https://hub.docker.com/_/elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} - container_name: elasticsearch - ports: - - "9200:9200" - - "9300:9300" - environment: - - bootstrap.memory_lock=true - - discovery.type=single-node - - xpack.security.enabled=false - # allow running with low disk space - - cluster.routing.allocation.disk.threshold_enabled=false - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - ulimits: - memlock: - soft: -1 - hard: -1 - restart: always - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] - interval: 30s - timeout: 5s - retries: 3 - volumes: - - elastic:/usr/share/elasticsearch/data - networks: - - camunda-platform - - kibana: - image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} - container_name: kibana - ports: - - 5601:5601 - volumes: - - kibana:/usr/share/kibana/data - networks: - - camunda-platform - depends_on: - - elasticsearch - profiles: - - kibana - -volumes: - zeebe: - elastic: - postgres: - keycloak-theme: - kibana: - -networks: - # Note there are two bridge networks: One for Camunda Platform and one for Identity. - # Identity and Keycloak are part of both as they need to be accessible by platform components. - camunda-platform: - identity-network: diff --git a/docker-compose/versions/camunda-8.3/README.md b/docker-compose/versions/camunda-8.3/README.md new file mode 100644 index 0000000..a8d5c8c --- /dev/null +++ b/docker-compose/versions/camunda-8.3/README.md @@ -0,0 +1,5 @@ +# Camunda 8 Self-Managed - Docker Compose + +## Usage + +For end user usage, please check the offical documentation of [Camunda 8 Self-Managed Docker Compose](https://docs.camunda.io/docs/8.3/self-managed/platform-deployment/docker/#docker-compose). diff --git a/docker-compose/versions/camunda-8.4/README.md b/docker-compose/versions/camunda-8.4/README.md new file mode 100644 index 0000000..c31da0a --- /dev/null +++ b/docker-compose/versions/camunda-8.4/README.md @@ -0,0 +1,5 @@ +# Camunda 8 Self-Managed - Docker Compose + +## Usage + +For end user usage, please check the offical documentation of [Camunda 8 Self-Managed Docker Compose](https://docs.camunda.io/docs/8.4/self-managed/platform-deployment/docker/#docker-compose). diff --git a/docker-compose/versions/camunda-8.5/README.md b/docker-compose/versions/camunda-8.5/README.md new file mode 100644 index 0000000..bab94c9 --- /dev/null +++ b/docker-compose/versions/camunda-8.5/README.md @@ -0,0 +1,5 @@ +# Camunda 8 Self-Managed - Docker Compose + +## Usage + +For end user usage, please check the offical documentation of [Camunda 8 Self-Managed Docker Compose](https://docs.camunda.io/docs/8.5/self-managed/setup/deploy/local/docker-compose/). diff --git a/docker-compose/versions/camunda-8.6/README.md b/docker-compose/versions/camunda-8.6/README.md index e69de29..c7a0e42 100644 --- a/docker-compose/versions/camunda-8.6/README.md +++ b/docker-compose/versions/camunda-8.6/README.md @@ -0,0 +1,5 @@ +# Camunda 8 Self-Managed - Docker Compose + +## Usage + +For end user usage, please check the offical documentation of [Camunda 8 Self-Managed Docker Compose](https://docs.camunda.io/docs/8.6/self-managed/setup/deploy/local/docker-compose/). diff --git a/docker-compose/versions/camunda-alpha/README.md b/docker-compose/versions/camunda-alpha/README.md index da0a2f0..5b124aa 100644 --- a/docker-compose/versions/camunda-alpha/README.md +++ b/docker-compose/versions/camunda-alpha/README.md @@ -1,264 +1,5 @@ -# Camunda Platform 8 +# Camunda 8 Self-Managed - Docker Compose -This repository contains links to Camunda Platform 8 resources, the official release artifacts (binaries), and supporting config files for running Docker Compose as a local development option. +## Usage -:warning: **Docker Compose is only recommended for local development.** :warning: - -We recommend using [SaaS](https://camunda.com/get-started/) or [Helm/Kubernetes](https://docs.camunda.io/docs/self-managed/setup/overview/) for development. - -For more information, check Camunda 8 Self-Managed official [documentation](https://docs.camunda.io/docs/self-managed/about-self-managed/). - -For production setups we recommend using [Helm charts](https://docs.camunda.io/docs/self-managed/setup/install/) which can be found at [helm.camunda.io](https://helm.camunda.io/) - -## Links to additional Camunda Platform 8 repos and assets - -- [Documentation](https://docs.camunda.io) -- [Camunda Platform SaaS](https://camunda.io) -- [Getting Started Guide](https://github.com/camunda/camunda-platform-get-started) -- [Releases](https://github.com/camunda/camunda-platform/releases) -- [Helm Charts](https://helm.camunda.io/) -- [Zeebe Workflow Engine](https://github.com/camunda/zeebe) -- [Contact](https://docs.camunda.io/contact/) - -## Using docker compose - -> :information_source: The docker-compose file in this repository uses the latest [compose specification](https://docs.docker.com/compose/compose-file/), which was introduced with docker compose version 1.27.0+. Please make sure to use an up-to-date docker compose version. - -> :information_source: Docker 20.10.16+ is required. - -> :information_source: The Web Modeler service names have changed with `8.6.0-alpha2`. Run `docker compose stop modeler-webapp modeler-restapi modeler-websockets` when upgrading from a previous version to stop the old services. - -Be sure you are in the correct directory when running all the following commands. Use `cd docker-compose/camunda-8.6` to navigate to the correct directory. - -To spin up a complete Camunda Platform 8 Self-Managed environment locally the [docker-compose.yaml](docker-compose.yaml) file in this repository can be used. - -The full environment contains these components: -- Zeebe -- Operate -- Tasklist -- Connectors -- Optimize -- Identity -- Elasticsearch -- Keycloak -- PostgreSQL -- Web Modeler (Restapi, Webapp and Websockets) - - -Clone this repo and issue the following command to start your environment: - -``` -docker compose --profile full up -d -``` - -Wait a few minutes for the environment to start up and settle down. Monitor the logs, especially the Keycloak container log, to ensure the components have started. - -Now you can navigate to the different web apps and log in with the user `demo` and password `demo`: -- Operate: [http://localhost:8081](http://localhost:8081) -- Tasklist: [http://localhost:8082](http://localhost:8082) -- Optimize: [http://localhost:8083](http://localhost:8083) -- Identity: [http://localhost:8084](http://localhost:8084) -- Elasticsearch: [http://localhost:9200](http://localhost:9200) -- Web Modeler: [http://localhost:8070](http://localhost:8070) - -Keycloak is used to manage users. Here you can log in with the user `admin` and password `admin` -- Keycloak: [http://localhost:18080/auth/](http://localhost:18080/auth/) - -The workflow engine Zeebe is available using gRPC at `localhost:26500`. - -To tear down the whole environment run the following command: - -``` -docker compose --profile full down -v -``` - -Zeebe, Operate, Tasklist, Web Modeler along with Optimize require a separate network from Identity as you'll see in the docker-compose file. Web Modeler also requires another separate network. - -### Using the basic components - -If Optimize, Web Modeler, Identity, and Keycloak are not needed you can use the [docker-compose-core.yaml](docker-compose-core.yaml) instead which does not include these components: - -``` -docker compose -f docker-compose-core.yaml up -d -``` - -### Deploying BPMN diagrams - -In addition to the local environment setup with docker compose, use the [Camunda Desktop Modeler](#desktop-modeler) to locally model BPMN diagrams for execution and directly deploy them to your local environment. -As an enterprise customer, you can [use Web Modeler](#web-modeler-self-managed). - -Feedback and updates are welcome! - -## Securing the Zeebe API - -By default, the Zeebe gRPC API is publicly accessible without requiring any client credentials for development purposes. - -You can however enable authentication of gRPC requests in Zeebe by setting the environment variable `ZEEBE_AUTHENTICATION_MODE` to `identity`, e.g. via running: -``` -ZEEBE_AUTHENTICATION_MODE=identity docker compose --profile full up -d -``` -or by modifying the default value in the [`.env`](.env) file. - -## Connectors - -Both docker-compose files contain our [out-of-the-box Connectors](https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/). - -Refer to the [Connector installation guide](https://docs.camunda.io/docs/self-managed/connectors-deployment/install-and-start/) for details on how to provide the related Connector templates for modeling. - -To inject secrets into the Connector runtime they can be added to the -[`connector-secrets.txt`](connector-secrets.txt) file inside the repository in the format `NAME=VALUE` -per line. The secrets will then be available in the Connector runtime with the -format `secrets.NAME`. - -To add custom Connectors either create a new docker image bundling them as -described [here](https://github.com/camunda/connectors-bundle/tree/main/runtime). - -Alternatively, you can mount new Connector JARs as volumes into the `/opt/app` folder by adding this to the docker-compose file. Keep in mind that the Connector JARs need to bring along all necessary dependencies inside the JAR. - -## Kibana - -A `kibana` profile is available in the provided docker compose files to support inspection and exploration of the Camunda Platform 8 data in Elasticsearch. -It can be enabled by adding `--profile kibana` to your docker compose command. -In addition to the other components, this profile spins up [Kibana](https://www.elastic.co/kibana/). -Kibana can be used to explore the records exported by Zeebe into Elasticsearch, or to discover the data in Elasticsearch used by the other components (e.g. Operate). - -You can navigate to the Kibana web app and start exploring the data without login credentials: - -- Kibana: [http://localhost:5601](http://localhost:5601) - -> **Note** -> You need to configure the index patterns in Kibana before you can explore the data. -> - Go to `Management > Stack Management > Kibana > Index Patterns`. -> - Create a new index pattern. For example, `zeebe-record-*` matches the exported records. -> - If you don't see any indexes then make sure to export some data first (e.g. deploy a process). The indexes of the records are created when the first record of this type is exported. -> - Go to `Analytics > Discover` and select the index pattern. - -## Desktop Modeler - -> :information_source: The Desktop Modeler is [open source, free to use](https://github.com/camunda/camunda-modeler). - -[Download the Desktop Modeler](https://camunda.com/download/modeler/) and start modeling BPMN, DMN and Camunda Forms on your local machine. - -### Deploy or execute a process - -#### Without authentication -Once you are ready to deploy or execute processes use these settings to deploy to the local Zeebe instance: -* Authentication: `None` -* URL: `http://localhost:26500` - -#### With Zeebe request authentication -If you enabled [authentication for gRPC requests](#securing-the-zeebe-api) on Zeebe you need to provide client credentials when deploying and executing processes: -* Authentication: `OAuth` -* URL: `http://localhost:26500` -* Client ID: `zeebe` -* Client secret: `zecret` -* OAuth URL: `http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token` -* Audience: `zeebe-api` - -## Web Modeler - -> [!IMPORTANT] -> Non-production installations of Web Modeler are restricted to five collaborators per project. -> Refer to [the documentation](https://docs.camunda.io/docs/next/reference/licenses/) for more information. - -### Standalone setup - -Web Modeler can be run standalone with only Identity, Keycloak and Postgres as dependencies by using the Docker Compose `modeling` profile. - -Issue the following commands to only start Web Modeler and its dependencies: - -``` -docker compose --profile modeling up -d -``` - -To tear down the whole environment run the following command: - -``` -docker compose --profile modeling down -v -``` - -> [!WARNING] -> This will also delete any data you created. - -Alternatively, if you want to keep the data, run: - -``` -docker compose --profile modeling down -``` - -### Login -You can access Web Modeler and log in with the user `demo` and password `demo` at [http://localhost:8070](http://localhost:8070). - -### Deploy or execute a process - -The local Zeebe instance (that is started when using the Docker Compose [`full` profile](#start-full-profile)) is pre-configured in Web Modeler. - -Once you are ready to deploy or execute a process, you can just use this instance without having to enter the cluster endpoint manually. -The correct authentication type is also preset based on the [`ZEEBE_AUTHENTICATION_MODE` environment variable](#securing-the-zeebe-api). - -#### Without authentication -No additional input is required. - -#### With Zeebe request authentication -If you enabled [authentication for gRPC requests](#securing-the-zeebe-api) on Zeebe, use the following client credentials when deploying and executing processes: -* Client ID: `zeebe` -* Client secret: `zecret` - -> [!NOTE] -> The correct OAuth token URL and audience are preset internally. - -### Emails -The setup includes [Mailpit](https://github.com/axllent/mailpit) as a test SMTP server. It captures all emails sent by Web Modeler, but does not forward them to the actual recipients. - -You can access emails in Mailpit's Web UI at [http://localhost:8075](http://localhost:8075). - -## Troubleshooting - -### Submitting Issues -When submitting an issue on this repository, please make sure your issue is related to the docker compose deployment -method of the Camunda Platform. All questions regarding to functionality of the web applications should be instead -posted on the [Camunda Forum](https://forum.camunda.io/). This is the best way for users to query for existing answers -that others have already encountered. We also have a category on that forum specifically for [Deployment Related Topics](https://forum.camunda.io/c/camunda-platform-8-topics/deploying-camunda-platform-8/33). - -### Running on arm64 based hardware -When using arm64-based hardware like a M1 or M2 Mac the Keycloak container might not start because Bitnami only -provides amd64-based images for versions < 22. You can build and tag an arm-based -image locally using the following command. After building and tagging the image you can start the environment as -described in [Using docker-compose](#using-docker-compose). - -``` -$ DOCKER_BUILDKIT=0 docker build -t bitnami/keycloak:19.0.3 "https://github.com/camunda/camunda-platform.git#8.2.15:.keycloak/" -``` - -## Resource based authorizations - -You can control access to specific processes and decision tables in Operate and Tasklist with [resource based authorization](https://docs.camunda.io/docs/self-managed/concepts/access-control/resource-authorizations/). - -This feature is disabled by default and can be enabled by setting -`RESOURCE_AUTHORIZATIONS_ENABLED` to `true`, either via the [`.env`](.env) file or through the command line: - -``` -RESOURCE_AUTHORIZATIONS_ENABLED=true docker compose --profile full up -d -``` - -## Multi-Tenancy - -You can use [multi-tenancy](https://docs.camunda.io/docs/self-managed/concepts/multi-tenancy/) to achieve tenant-based isolation. - -This feature is disabled by default and can be enabled by setting -`MULTI_TENANCY_ENABLED` to `true`, either via the [`.env`](.env) file or through the command line: - -``` -ZEEBE_AUTHENICATION_MODE=identity MULTI_TENANCY_ENABLED=true docker compose --profile full up -d -``` - -As seen above the feature also requires you to use `identity` as an authentication provider. - -Ensure you [setup tenants in identity](https://docs.camunda.io/docs/self-managed/identity/user-guide/tenants/managing-tenants/) after you started the platform. - -## Camunda Platform 7 - -Looking for information on Camunda Platform 7? Check out the links below: - -- [Documentation](https://docs.camunda.org/) -- [GitHub](https://github.com/camunda/camunda-bpm-platform) +For end user usage, please check the offical documentation of [Camunda 8 Self-Managed Docker Compose](https://docs.camunda.io/docs/next/self-managed/setup/deploy/local/docker-compose/).