diff --git a/.github/config/pr-labeler.yaml b/.github/config/pr-labeler.yaml index 6c1304ad54..9c080d1340 100644 --- a/.github/config/pr-labeler.yaml +++ b/.github/config/pr-labeler.yaml @@ -1,3 +1,51 @@ +# +# Versions. + +version/alpha: + - changed-files: + - any-glob-to-any-file: + - 'charts/camunda-platform-alpha/**' + +version/8.9: + - changed-files: + - any-glob-to-any-file: + - 'charts/camunda-platform-8.9/**' + +version/8.8: + - changed-files: + - any-glob-to-any-file: + - 'charts/camunda-platform-8.8/**' + +version/8.7: + - changed-files: + - any-glob-to-any-file: + - 'charts/camunda-platform-8.7/**' + +version/8.6: + - changed-files: + - any-glob-to-any-file: + - 'charts/camunda-platform-8.6/**' + +version/8.5: + - changed-files: + - any-glob-to-any-file: + - 'charts/camunda-platform-8.5/**' + +version/8.4: + - changed-files: + - any-glob-to-any-file: + - 'charts/camunda-platform-8.4/**' + +version/8.3: + - changed-files: + - any-glob-to-any-file: + - 'charts/camunda-platform-8.3/**' + +version/8.2: + - changed-files: + - any-glob-to-any-file: + - 'charts/camunda-platform-8.2/**' + # # Components. @@ -52,6 +100,12 @@ component/zeebe: - 'charts/camunda-platform-*/charts/zeebe/**' - 'charts/camunda-platform-*/templates/zeebe-gateway/**' - 'charts/camunda-platform-*/charts/zeebe-gateway/**' + +component/core: + - changed-files: + - any-glob-to-any-file: + - 'charts/camunda-platform-*/templates/core/**' + # # Tools. @@ -59,6 +113,7 @@ tool/github-actions: - changed-files: - any-glob-to-any-file: - '.github/actions/**' + - '.github/config/**' - '.github/workflows/**' tool/release-please: @@ -81,3 +136,13 @@ tool/script: - any-glob-to-any-file: - 'Makefile' - 'scripts/**' + +# +# Workflows. + +area/ci: + - changed-files: + - any-glob-to-any-file: + - '.github/actions/**' + - '.github/config/**' + - '.github/workflows/**' diff --git a/charts/camunda-platform-8.5/README.md b/charts/camunda-platform-8.5/README.md index 2ec502f5a7..80febc171f 100644 --- a/charts/camunda-platform-8.5/README.md +++ b/charts/camunda-platform-8.5/README.md @@ -1384,7 +1384,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `webModeler.nameOverride` | can be used to partly override the name of the WebModeler resources (names will still be prefixed with the release name) | `""` | | `webModeler.image` | configuration of the WebModeler Docker images | | | `webModeler.image.registry` | can be used to set the Docker registry for the WebModeler images (overwrites global.image.registry) | `registry.camunda.cloud` | -| `webModeler.image.tag` | can be used to set the Docker image tag for the WebModeler images (overwrites global.image.tag) | `8.5.12` | +| `webModeler.image.tag` | can be used to set the Docker image tag for the WebModeler images (overwrites global.image.tag) | `8.5.13` | | `webModeler.image.pullSecrets` | can be used to configure image pull secrets, see https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | | `webModeler.contextPath` | can be used to make WebModeler available on a custom sub-path. This is mainly used to run the Camunda web applications under a single domain. | `""` | @@ -1657,7 +1657,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `postgresql.enabled` | if true, a PostgreSQL database will be deployed as part of the Helm release by using the dependency chart | `false` | | `postgresql.nameOverride` | defines the name of the Postgres resources (names will be prefixed with the release name), see https://github.com/bitnami/charts/tree/main/bitnami/postgresql#common-parameters | `postgresql-web-modeler` | | `postgresql.image.repository` | PostgreSQL repo | `bitnami/postgresql` | -| `postgresql.image.tag` | PostgreSQL image tag | `14.15.0-debian-12-r2` | +| `postgresql.image.tag` | PostgreSQL image tag | `14.15.0-debian-12-r3` | | `postgresql.auth` | configuration of the database authentication | | | `postgresql.auth.username` | defines the name of the database user to be created for WebModeler | `web-modeler` | | `postgresql.auth.password` | can be used to provide the database user's password; a random password will be generated if left empty / ignored if `postgresql.auth.existingSecret` is set | `""` | diff --git a/charts/camunda-platform-8.5/templates/web-modeler/configmap-restapi.yaml b/charts/camunda-platform-8.5/templates/web-modeler/configmap-restapi.yaml index fece45d7e1..3706050723 100644 --- a/charts/camunda-platform-8.5/templates/web-modeler/configmap-restapi.yaml +++ b/charts/camunda-platform-8.5/templates/web-modeler/configmap-restapi.yaml @@ -6,8 +6,6 @@ metadata: labels: {{- include "webModeler.labels" . | nindent 4 }} annotations: {{- toYaml .Values.global.annotations | nindent 4 }} data: - pusher-app-id: web-modeler - pusher-app-key: {{ randAlphaNum 20 }} {{- if .Values.webModeler.restapi.configuration }} application.yaml: | {{ .Values.webModeler.restapi.configuration | indent 4 | trim }} @@ -26,7 +24,7 @@ data: pusher: host: {{ include "webModeler.websockets.fullname" . | quote }} port: {{ .Values.webModeler.websockets.service.port }} - + security: jwt: issuer: diff --git a/charts/camunda-platform-8.5/templates/web-modeler/configmap-webapp.yaml b/charts/camunda-platform-8.5/templates/web-modeler/configmap-webapp.yaml index c5caa9f662..a4f0e2764a 100644 --- a/charts/camunda-platform-8.5/templates/web-modeler/configmap-webapp.yaml +++ b/charts/camunda-platform-8.5/templates/web-modeler/configmap-webapp.yaml @@ -6,8 +6,6 @@ metadata: labels: {{- include "webModeler.labels" . | nindent 4 }} annotations: {{- toYaml .Values.global.annotations | nindent 4 }} data: - pusher-app-id: web-modeler - pusher-app-key: {{ randAlphaNum 20 }} {{- if .Values.webModeler.webapp.configuration }} application.toml: | {{ .Values.webModeler.webapp.configuration | indent 4 | trim }} diff --git a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/configmap-shared.golden.yaml b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/configmap-shared.golden.yaml index bbe99fbf7a..91790f8c22 100644 --- a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/configmap-shared.golden.yaml +++ b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/configmap-shared.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.5.12" + app.kubernetes.io/version: "8.5.13" annotations: {} data: diff --git a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-restapi.golden.yaml b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-restapi.golden.yaml index 1c1661077c..73e0859e67 100644 --- a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-restapi.golden.yaml +++ b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-restapi.golden.yaml @@ -41,7 +41,7 @@ spec: [] containers: - name: web-modeler-restapi - image: "registry.camunda.cloud/web-modeler-ee/modeler-restapi:8.5.12" + image: "registry.camunda.cloud/web-modeler-ee/modeler-restapi:8.5.13" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-webapp.golden.yaml b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-webapp.golden.yaml index d71d02de98..a91c3eb410 100644 --- a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-webapp.golden.yaml +++ b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-webapp.golden.yaml @@ -41,7 +41,7 @@ spec: [] containers: - name: web-modeler-webapp - image: "registry.camunda.cloud/web-modeler-ee/modeler-webapp:8.5.12" + image: "registry.camunda.cloud/web-modeler-ee/modeler-webapp:8.5.13" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-websockets.golden.yaml b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-websockets.golden.yaml index cf7c1969d4..219169e1ba 100644 --- a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-websockets.golden.yaml +++ b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/deployment-websockets.golden.yaml @@ -41,7 +41,7 @@ spec: [] containers: - name: web-modeler-websockets - image: "registry.camunda.cloud/web-modeler-ee/modeler-websockets:8.5.12" + image: "registry.camunda.cloud/web-modeler-ee/modeler-websockets:8.5.13" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml index 6cad6aeb75..de3a59a2df 100644 --- a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml +++ b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.5.12" + app.kubernetes.io/version: "8.5.13" annotations: ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-buffer-size: 128k diff --git a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/ingress.golden.yaml b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/ingress.golden.yaml index 6104516df0..5f954d6c8d 100644 --- a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/ingress.golden.yaml +++ b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/ingress.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.5.12" + app.kubernetes.io/version: "8.5.13" annotations: ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-buffer-size: 128k diff --git a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/secret-shared.golden.yaml b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/secret-shared.golden.yaml index 378e18284f..29418682d2 100644 --- a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/secret-shared.golden.yaml +++ b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/secret-shared.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.5.12" + app.kubernetes.io/version: "8.5.13" annotations: {} type: Opaque diff --git a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/serviceaccount.golden.yaml b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/serviceaccount.golden.yaml index 601f3bec93..a8af6ce730 100644 --- a/charts/camunda-platform-8.5/test/unit/web-modeler/golden/serviceaccount.golden.yaml +++ b/charts/camunda-platform-8.5/test/unit/web-modeler/golden/serviceaccount.golden.yaml @@ -11,5 +11,5 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.5.12" + app.kubernetes.io/version: "8.5.13" automountServiceAccountToken: false \ No newline at end of file diff --git a/charts/camunda-platform-8.5/values-latest.yaml b/charts/camunda-platform-8.5/values-latest.yaml index 26bd1a77ca..a916871b1e 100644 --- a/charts/camunda-platform-8.5/values-latest.yaml +++ b/charts/camunda-platform-8.5/values-latest.yaml @@ -30,7 +30,7 @@ operate: # https://hub.docker.com/r/camunda/operate/tags image: repository: camunda/operate - tag: 8.5.4 + tag: 8.5.9 optimize: # https://hub.docker.com/r/camunda/optimize/tags @@ -42,26 +42,26 @@ tasklist: # https://hub.docker.com/r/camunda/tasklist/tags image: repository: camunda/tasklist - tag: 8.5.2 + tag: 8.5.10 webModeler: # Camunda Enterprise repository. # registry.camunda.cloud/web-modeler-ee image: # renovate: datasource=docker depName=camunda/web-modeler lookupName=registry.camunda.cloud/web-modeler-ee/modeler-restapi - tag: 8.5.12 + tag: 8.5.13 zeebe: # https://hub.docker.com/r/camunda/zeebe/tags image: repository: camunda/zeebe - tag: 8.5.3 + tag: 8.5.10 zeebeGateway: # https://hub.docker.com/r/camunda/zeebe/tags image: repository: camunda/zeebe - tag: 8.5.3 + tag: 8.5.10 # # Identity @@ -71,7 +71,7 @@ identity: # https://hub.docker.com/r/camunda/identity/tags image: repository: camunda/identity - tag: 8.5.5 + tag: 8.5.10 identityKeycloak: # https://hub.docker.com/r/bitnami/keycloak/tags diff --git a/charts/camunda-platform-8.5/values.yaml b/charts/camunda-platform-8.5/values.yaml index 26b6fd4e0d..20594fcd9c 100644 --- a/charts/camunda-platform-8.5/values.yaml +++ b/charts/camunda-platform-8.5/values.yaml @@ -2511,7 +2511,7 @@ webModeler: registry: registry.camunda.cloud ## @param webModeler.image.tag can be used to set the Docker image tag for the WebModeler images (overwrites global.image.tag) # renovate: datasource=docker depName=camunda/web-modeler lookupName=registry.camunda.cloud/web-modeler-ee/modeler-restapi - tag: 8.5.12 + tag: 8.5.13 ## @param webModeler.image.pullSecrets can be used to configure image pull secrets, see https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod # Note: A secret will be required, if the WebModeler images are pulled directly from Camunda's private registry. # @@ -3132,7 +3132,7 @@ postgresql: ## @param postgresql.image.tag PostgreSQL image tag image: repository: bitnami/postgresql - tag: 14.15.0-debian-12-r2 + tag: 14.15.0-debian-12-r3 ## @extra postgresql.auth configuration of the database authentication auth: ## @param postgresql.auth.username defines the name of the database user to be created for WebModeler diff --git a/charts/camunda-platform-8.6/Chart.yaml b/charts/camunda-platform-8.6/Chart.yaml index a332909f40..670b970104 100644 --- a/charts/camunda-platform-8.6/Chart.yaml +++ b/charts/camunda-platform-8.6/Chart.yaml @@ -38,7 +38,7 @@ dependencies: # Shared Dependencies. - name: elasticsearch repository: oci://registry-1.docker.io/bitnamicharts - version: 21.4.0 + version: 21.4.1 condition: "elasticsearch.enabled" # Helpers. - name: common diff --git a/charts/camunda-platform-8.6/README.md b/charts/camunda-platform-8.6/README.md index 345a624874..9327697267 100644 --- a/charts/camunda-platform-8.6/README.md +++ b/charts/camunda-platform-8.6/README.md @@ -560,7 +560,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `console.configuration` | Configuration passed directly to Console as YAML file. More details on [Console official documenations](https://docs.camunda.io/docs/self-managed/console-deployment/configuration/) | `""` | | `console.image.registry` | can be used to set container image registry. | `""` | | `console.image.repository` | defines which image repository to use | `camunda/console` | -| `console.image.tag` | can be used to set the Docker image tag for the Console image (overwrites global.image.tag) | `8.6.37` | +| `console.image.tag` | can be used to set the Docker image tag for the Console image (overwrites global.image.tag) | `8.6.41` | | `console.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | | `console.sidecars` | can be used to attach extra containers to the console deployment | `[]` | | `console.replicas` | Number of Console replicas | `1` | @@ -1490,7 +1490,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `webModeler.nameOverride` | can be used to partly override the name of the WebModeler resources (names will still be prefixed with the release name) | `""` | | `webModeler.image` | configuration of the WebModeler Docker images | | | `webModeler.image.registry` | can be used to set the Docker registry for the WebModeler images (overwrites global.image.registry) | `""` | -| `webModeler.image.tag` | can be used to set the Docker image tag for the WebModeler images (overwrites global.image.tag) | `8.6.4` | +| `webModeler.image.tag` | can be used to set the Docker image tag for the WebModeler images (overwrites global.image.tag) | `8.6.5` | | `webModeler.image.pullSecrets` | can be used to configure image pull secrets, see https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | | `webModeler.contextPath` | can be used to make WebModeler available on a custom sub-path. This is mainly used to run the Camunda web applications under a single domain. | `""` | @@ -1759,7 +1759,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `postgresql.global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: force (perform the adaptation always), disabled (do not perform adaptation) | `{{ .Values.global.compatibility.openshift.adaptSecurityContext | default "disabled" }}` | | `postgresql.nameOverride` | defines the name of the Postgres resources (names will be prefixed with the release name), see https://github.com/bitnami/charts/tree/main/bitnami/postgresql#common-parameters | `postgresql-web-modeler` | | `postgresql.image.repository` | PostgreSQL repo | `bitnami/postgresql` | -| `postgresql.image.tag` | PostgreSQL image tag | `14.15.0-debian-12-r2` | +| `postgresql.image.tag` | PostgreSQL image tag | `14.15.0-debian-12-r3` | | `postgresql.auth` | configuration of the database authentication | | | `postgresql.auth.username` | defines the name of the database user to be created for WebModeler | `web-modeler` | | `postgresql.auth.password` | can be used to provide the database user's password; a random password will be generated if left empty / ignored if `postgresql.auth.existingSecret` is set | `""` | diff --git a/charts/camunda-platform-8.6/templates/camunda/ingress.yaml b/charts/camunda-platform-8.6/templates/camunda/ingress.yaml index 4071c56e62..5c1b511ecc 100644 --- a/charts/camunda-platform-8.6/templates/camunda/ingress.yaml +++ b/charts/camunda-platform-8.6/templates/camunda/ingress.yaml @@ -111,8 +111,7 @@ spec: {{- end }} {{- if .Values.global.ingress.tls.enabled }} {{- if and (not .Values.global.ingress.tls.secretName) (contains "openshift-" (default "" .Values.global.ingress.className)) }} - # The tls block is not applied because .Values.global.ingress.tls.secretName is empty - # and .Values.global.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/templates/connectors/ingress.yaml b/charts/camunda-platform-8.6/templates/connectors/ingress.yaml index a9355abe46..20f2f174a9 100644 --- a/charts/camunda-platform-8.6/templates/connectors/ingress.yaml +++ b/charts/camunda-platform-8.6/templates/connectors/ingress.yaml @@ -29,8 +29,7 @@ spec: number: 8080 {{- if .Values.connectors.ingress.tls.enabled }} {{- if and (not .Values.connectors.ingress.tls.secretName) (contains "openshift-" (default "" .Values.connectors.ingress.className)) }} - # The tls block is not applied because .Values.connectors.ingress.tls.secretName is empty - # and .Values.connectors.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/templates/console/ingress.yaml b/charts/camunda-platform-8.6/templates/console/ingress.yaml index d8d0e04579..4a36e03467 100644 --- a/charts/camunda-platform-8.6/templates/console/ingress.yaml +++ b/charts/camunda-platform-8.6/templates/console/ingress.yaml @@ -28,8 +28,7 @@ spec: number: 80 {{- if .Values.console.ingress.tls.enabled }} {{- if and (not .Values.console.ingress.tls.secretName) (contains "openshift-" (default "" .Values.console.ingress.className)) }} - # The tls block is not applied because .Values.console.ingress.tls.secretName is empty - # and .Values.console.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/templates/execution-identity/ingress.yaml b/charts/camunda-platform-8.6/templates/execution-identity/ingress.yaml index 1ab597f469..846b04f165 100644 --- a/charts/camunda-platform-8.6/templates/execution-identity/ingress.yaml +++ b/charts/camunda-platform-8.6/templates/execution-identity/ingress.yaml @@ -28,8 +28,7 @@ spec: number: 80 {{- if .Values.executionIdentity.ingress.tls.enabled }} {{- if and (not .Values.executionIdentity.ingress.tls.secretName) (contains "openshift-" (default "" .Values.executionIdentity.ingress.className)) }} - # The tls block is not applied because .Values.executionIdentity.ingress.tls.secretName is empty - # and .Values.executionIdentity.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/templates/identity/configmap.yaml b/charts/camunda-platform-8.6/templates/identity/configmap.yaml index d892eb16f4..deb9deba0b 100644 --- a/charts/camunda-platform-8.6/templates/identity/configmap.yaml +++ b/charts/camunda-platform-8.6/templates/identity/configmap.yaml @@ -218,7 +218,7 @@ data: - name: Identity id: {{ printf "%s" (include "identity.authClientId" .) | default "camunda-identity" | quote }} type: CONFIDENTIAL - secret: ${CAMUNDA_IDENTITY_CLIENT_SECRET:} + secret: ${CAMUNDA_IDENTITY_CLIENT_SECRET:${IDENTITY_CLIENT_SECRET}} root-url: {{ include "identity.externalUrl" . | quote }} redirect-uris: - "/auth/login-callback" diff --git a/charts/camunda-platform-8.6/templates/identity/ingress.yaml b/charts/camunda-platform-8.6/templates/identity/ingress.yaml index 32e027588f..e3e1632b08 100644 --- a/charts/camunda-platform-8.6/templates/identity/ingress.yaml +++ b/charts/camunda-platform-8.6/templates/identity/ingress.yaml @@ -29,8 +29,7 @@ spec: number: 80 {{- if .Values.identity.ingress.tls.enabled }} {{- if and (not .Values.identity.ingress.tls.secretName) (contains "openshift-" (default "" .Values.identity.ingress.className)) }} - # The tls block is not applied because .Values.identity.ingress.tls.secretName is empty - # and .Values.identity.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/templates/operate/ingress.yaml b/charts/camunda-platform-8.6/templates/operate/ingress.yaml index 0ef6d0848a..9b04732235 100644 --- a/charts/camunda-platform-8.6/templates/operate/ingress.yaml +++ b/charts/camunda-platform-8.6/templates/operate/ingress.yaml @@ -28,8 +28,7 @@ spec: number: 80 {{- if .Values.operate.ingress.tls.enabled }} {{- if and (not .Values.operate.ingress.tls.secretName) (contains "openshift-" (default "" .Values.operate.ingress.className)) }} - # The tls block is not applied because .Values.operate.ingress.tls.secretName is empty - # and .Values.operate.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/templates/optimize/ingress.yaml b/charts/camunda-platform-8.6/templates/optimize/ingress.yaml index 36be2a7b06..3a2bc1ab11 100644 --- a/charts/camunda-platform-8.6/templates/optimize/ingress.yaml +++ b/charts/camunda-platform-8.6/templates/optimize/ingress.yaml @@ -28,8 +28,7 @@ spec: number: 80 {{- if .Values.optimize.ingress.tls.enabled }} {{- if and (not .Values.optimize.ingress.tls.secretName) (contains "openshift-" (default "" .Values.optimize.ingress.className)) }} - # The tls block is not applied because .Values.optimize.ingress.tls.secretName is empty - # and .Values.optimize.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/templates/tasklist/ingress.yaml b/charts/camunda-platform-8.6/templates/tasklist/ingress.yaml index 850f00fa7f..59e2f4fa7e 100644 --- a/charts/camunda-platform-8.6/templates/tasklist/ingress.yaml +++ b/charts/camunda-platform-8.6/templates/tasklist/ingress.yaml @@ -28,8 +28,7 @@ spec: number: 80 {{- if .Values.tasklist.ingress.tls.enabled }} {{- if and (not .Values.tasklist.ingress.tls.secretName) (contains "openshift-" (default "" .Values.tasklist.ingress.className)) }} - # The tls block is not applied because .Values.tasklist.ingress.tls.secretName is empty - # and .Values.tasklist.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/templates/web-modeler/configmap-restapi.yaml b/charts/camunda-platform-8.6/templates/web-modeler/configmap-restapi.yaml index fece45d7e1..3706050723 100644 --- a/charts/camunda-platform-8.6/templates/web-modeler/configmap-restapi.yaml +++ b/charts/camunda-platform-8.6/templates/web-modeler/configmap-restapi.yaml @@ -6,8 +6,6 @@ metadata: labels: {{- include "webModeler.labels" . | nindent 4 }} annotations: {{- toYaml .Values.global.annotations | nindent 4 }} data: - pusher-app-id: web-modeler - pusher-app-key: {{ randAlphaNum 20 }} {{- if .Values.webModeler.restapi.configuration }} application.yaml: | {{ .Values.webModeler.restapi.configuration | indent 4 | trim }} @@ -26,7 +24,7 @@ data: pusher: host: {{ include "webModeler.websockets.fullname" . | quote }} port: {{ .Values.webModeler.websockets.service.port }} - + security: jwt: issuer: diff --git a/charts/camunda-platform-8.6/templates/web-modeler/configmap-webapp.yaml b/charts/camunda-platform-8.6/templates/web-modeler/configmap-webapp.yaml index c5caa9f662..a4f0e2764a 100644 --- a/charts/camunda-platform-8.6/templates/web-modeler/configmap-webapp.yaml +++ b/charts/camunda-platform-8.6/templates/web-modeler/configmap-webapp.yaml @@ -6,8 +6,6 @@ metadata: labels: {{- include "webModeler.labels" . | nindent 4 }} annotations: {{- toYaml .Values.global.annotations | nindent 4 }} data: - pusher-app-id: web-modeler - pusher-app-key: {{ randAlphaNum 20 }} {{- if .Values.webModeler.webapp.configuration }} application.toml: | {{ .Values.webModeler.webapp.configuration | indent 4 | trim }} diff --git a/charts/camunda-platform-8.6/templates/web-modeler/ingress.yaml b/charts/camunda-platform-8.6/templates/web-modeler/ingress.yaml index af120587da..63e8e8e1a6 100644 --- a/charts/camunda-platform-8.6/templates/web-modeler/ingress.yaml +++ b/charts/camunda-platform-8.6/templates/web-modeler/ingress.yaml @@ -37,8 +37,7 @@ spec: (not .Values.webModeler.ingress.websockets.tls.secretName) (contains "openshift-" (default "" .Values.webModeler.ingress.className)) }} - # The tls block is not applied because both .Values.webModeler.ingress.webapp.tls.secretName and .Values.webModeler.ingress.websockets.tls.secretName are empty - # and .Values.webModeler.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/templates/zeebe-gateway/ingress-grpc.yaml b/charts/camunda-platform-8.6/templates/zeebe-gateway/ingress-grpc.yaml index 9b7cfc70d2..b939128154 100644 --- a/charts/camunda-platform-8.6/templates/zeebe-gateway/ingress-grpc.yaml +++ b/charts/camunda-platform-8.6/templates/zeebe-gateway/ingress-grpc.yaml @@ -31,8 +31,7 @@ spec: (not .Values.zeebeGateway.ingress.grpc.tls.secretName) (contains "openshift-" (default "" .Values.zeebeGateway.ingress.grpc.className)) }} - # The tls block is not applied because .Values.zeebeGateway.ingress.grpc.tls.secretName is empty - # and .Values.zeebeGateway.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/templates/zeebe-gateway/ingress-rest.yaml b/charts/camunda-platform-8.6/templates/zeebe-gateway/ingress-rest.yaml index 801b100ae8..936ead66aa 100644 --- a/charts/camunda-platform-8.6/templates/zeebe-gateway/ingress-rest.yaml +++ b/charts/camunda-platform-8.6/templates/zeebe-gateway/ingress-rest.yaml @@ -31,8 +31,7 @@ spec: (not .Values.zeebeGateway.ingress.rest.tls.secretName) (contains "openshift-" (default "" .Values.zeebeGateway.ingress.rest.className)) }} - # The tls block is not applied because .Values.zeebeGateway.ingress.rest.tls.secretName is empty - # and .Values.zeebeGateway.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-8.6/test/unit/console/golden/configmap.golden.yaml b/charts/camunda-platform-8.6/test/unit/console/golden/configmap.golden.yaml index 273dca4e68..9b0d1ae457 100644 --- a/charts/camunda-platform-8.6/test/unit/console/golden/configmap.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/console/golden/configmap.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: console - app.kubernetes.io/version: "8.6.37" + app.kubernetes.io/version: "8.6.41" data: application.yaml: |- # https://docs.camunda.io/docs/self-managed/console-deployment/configuration/ diff --git a/charts/camunda-platform-8.6/test/unit/console/golden/deployment.golden.yaml b/charts/camunda-platform-8.6/test/unit/console/golden/deployment.golden.yaml index b538ca3bac..a821638397 100644 --- a/charts/camunda-platform-8.6/test/unit/console/golden/deployment.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/console/golden/deployment.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: console - app.kubernetes.io/version: "8.6.37" + app.kubernetes.io/version: "8.6.41" annotations: {} spec: @@ -49,7 +49,7 @@ spec: type: RuntimeDefault containers: - name: camunda-platform - image: camunda/console:8.6.37 + image: camunda/console:8.6.41 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/charts/camunda-platform-8.6/test/unit/console/golden/ingress-all-enabled.golden.yaml b/charts/camunda-platform-8.6/test/unit/console/golden/ingress-all-enabled.golden.yaml index 95b2ac4844..f2456c4b0d 100644 --- a/charts/camunda-platform-8.6/test/unit/console/golden/ingress-all-enabled.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/console/golden/ingress-all-enabled.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: console - app.kubernetes.io/version: "8.6.37" + app.kubernetes.io/version: "8.6.41" annotations: ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-buffer-size: 128k diff --git a/charts/camunda-platform-8.6/test/unit/console/golden/ingress.golden.yaml b/charts/camunda-platform-8.6/test/unit/console/golden/ingress.golden.yaml index ee76115074..aaea2404c5 100644 --- a/charts/camunda-platform-8.6/test/unit/console/golden/ingress.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/console/golden/ingress.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: console - app.kubernetes.io/version: "8.6.37" + app.kubernetes.io/version: "8.6.41" annotations: ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-buffer-size: 128k diff --git a/charts/camunda-platform-8.6/test/unit/console/golden/service.golden.yaml b/charts/camunda-platform-8.6/test/unit/console/golden/service.golden.yaml index 52fc3aee63..cf7b3835b3 100644 --- a/charts/camunda-platform-8.6/test/unit/console/golden/service.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/console/golden/service.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: console - app.kubernetes.io/version: "8.6.37" + app.kubernetes.io/version: "8.6.41" annotations: spec: type: ClusterIP diff --git a/charts/camunda-platform-8.6/test/unit/console/golden/serviceaccount.golden.yaml b/charts/camunda-platform-8.6/test/unit/console/golden/serviceaccount.golden.yaml index 2d4d2e42d4..a46ff11d80 100644 --- a/charts/camunda-platform-8.6/test/unit/console/golden/serviceaccount.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/console/golden/serviceaccount.golden.yaml @@ -11,5 +11,5 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: console - app.kubernetes.io/version: "8.6.37" + app.kubernetes.io/version: "8.6.41" automountServiceAccountToken: false \ No newline at end of file diff --git a/charts/camunda-platform-8.6/test/unit/identity/golden/configmap.golden.yaml b/charts/camunda-platform-8.6/test/unit/identity/golden/configmap.golden.yaml index 700cd4fefb..5bf3c5391b 100644 --- a/charts/camunda-platform-8.6/test/unit/identity/golden/configmap.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/identity/golden/configmap.golden.yaml @@ -208,7 +208,7 @@ data: - name: Identity id: "camunda-identity" type: CONFIDENTIAL - secret: ${CAMUNDA_IDENTITY_CLIENT_SECRET:} + secret: ${CAMUNDA_IDENTITY_CLIENT_SECRET:${IDENTITY_CLIENT_SECRET}} root-url: "http://localhost:8080" redirect-uris: - "/auth/login-callback" diff --git a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/configmap-shared.golden.yaml b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/configmap-shared.golden.yaml index fedfb107d2..3f66ab8d41 100644 --- a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/configmap-shared.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/configmap-shared.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.6.4" + app.kubernetes.io/version: "8.6.5" annotations: {} data: diff --git a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-restapi.golden.yaml b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-restapi.golden.yaml index 9ddd305d9b..8361e5d68c 100644 --- a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-restapi.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-restapi.golden.yaml @@ -41,7 +41,7 @@ spec: [] containers: - name: web-modeler-restapi - image: "camunda/web-modeler-restapi:8.6.4" + image: "camunda/web-modeler-restapi:8.6.5" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-webapp.golden.yaml b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-webapp.golden.yaml index cc9ae275e5..ea2ede80a1 100644 --- a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-webapp.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-webapp.golden.yaml @@ -41,7 +41,7 @@ spec: [] containers: - name: web-modeler-webapp - image: "camunda/web-modeler-webapp:8.6.4" + image: "camunda/web-modeler-webapp:8.6.5" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-websockets.golden.yaml b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-websockets.golden.yaml index 13554761b0..57be953289 100644 --- a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-websockets.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/deployment-websockets.golden.yaml @@ -41,7 +41,7 @@ spec: [] containers: - name: web-modeler-websockets - image: "camunda/web-modeler-websockets:8.6.4" + image: "camunda/web-modeler-websockets:8.6.5" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml index 5b1f0b1d52..e83669097d 100644 --- a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/ingress-all-enabled.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.6.4" + app.kubernetes.io/version: "8.6.5" annotations: ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-buffer-size: 128k diff --git a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/ingress.golden.yaml b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/ingress.golden.yaml index 0ffc22dc65..1ead102aa4 100644 --- a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/ingress.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/ingress.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.6.4" + app.kubernetes.io/version: "8.6.5" annotations: ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-buffer-size: 128k diff --git a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/secret-shared.golden.yaml b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/secret-shared.golden.yaml index e8ea5e9b27..49c368a1b5 100644 --- a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/secret-shared.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/secret-shared.golden.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.6.4" + app.kubernetes.io/version: "8.6.5" annotations: {} type: Opaque diff --git a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/serviceaccount.golden.yaml b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/serviceaccount.golden.yaml index 131934280c..a719ba7f5a 100644 --- a/charts/camunda-platform-8.6/test/unit/web-modeler/golden/serviceaccount.golden.yaml +++ b/charts/camunda-platform-8.6/test/unit/web-modeler/golden/serviceaccount.golden.yaml @@ -11,5 +11,5 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: camunda-platform app.kubernetes.io/component: web-modeler - app.kubernetes.io/version: "8.6.4" + app.kubernetes.io/version: "8.6.5" automountServiceAccountToken: false \ No newline at end of file diff --git a/charts/camunda-platform-8.6/values-latest.yaml b/charts/camunda-platform-8.6/values-latest.yaml index c888dbf787..2b86fd5951 100644 --- a/charts/camunda-platform-8.6/values-latest.yaml +++ b/charts/camunda-platform-8.6/values-latest.yaml @@ -13,7 +13,7 @@ console: # https://hub.docker.com/r/camunda/console/tags image: repository: camunda/console - tag: 8.6.36 + tag: 8.6.41 connectors: # https://hub.docker.com/r/camunda/connectors-bundle/tags @@ -43,7 +43,7 @@ webModeler: # https://hub.docker.com/r/camunda/web-modeler-restapi image: # renovate: datasource=docker depName=camunda/web-modeler-restapi - tag: 8.6.4 + tag: 8.6.5 zeebe: # https://hub.docker.com/r/camunda/zeebe/tags diff --git a/charts/camunda-platform-8.6/values.yaml b/charts/camunda-platform-8.6/values.yaml index df1a1ab31f..b335c88ce4 100644 --- a/charts/camunda-platform-8.6/values.yaml +++ b/charts/camunda-platform-8.6/values.yaml @@ -406,7 +406,7 @@ console: ## @param console.image.repository defines which image repository to use repository: camunda/console ## @param console.image.tag can be used to set the Docker image tag for the Console image (overwrites global.image.tag) - tag: 8.6.37 + tag: 8.6.41 ## @param console.image.pullSecrets can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod pullSecrets: [] @@ -2761,7 +2761,7 @@ webModeler: registry: "" ## @param webModeler.image.tag can be used to set the Docker image tag for the WebModeler images (overwrites global.image.tag) # renovate: datasource=docker depName=camunda/web-modeler-restapi - tag: 8.6.4 + tag: 8.6.5 ## @param webModeler.image.pullSecrets can be used to configure image pull secrets, see https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod pullSecrets: [] @@ -3375,7 +3375,7 @@ postgresql: ## @param postgresql.image.tag PostgreSQL image tag image: repository: bitnami/postgresql - tag: 14.15.0-debian-12-r2 + tag: 14.15.0-debian-12-r3 ## @extra postgresql.auth configuration of the database authentication auth: ## @param postgresql.auth.username defines the name of the database user to be created for WebModeler diff --git a/charts/camunda-platform-alpha/Chart.yaml b/charts/camunda-platform-alpha/Chart.yaml index e1e505b818..bb4fe38d4a 100644 --- a/charts/camunda-platform-alpha/Chart.yaml +++ b/charts/camunda-platform-alpha/Chart.yaml @@ -39,7 +39,7 @@ dependencies: # Shared Dependencies. - name: elasticsearch repository: oci://registry-1.docker.io/bitnamicharts - version: 21.4.0 + version: 21.4.1 condition: "elasticsearch.enabled" # Helpers. - name: common diff --git a/charts/camunda-platform-alpha/README.md b/charts/camunda-platform-alpha/README.md index ac295f5d2e..69319058b5 100644 --- a/charts/camunda-platform-alpha/README.md +++ b/charts/camunda-platform-alpha/README.md @@ -1060,7 +1060,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `webModelerPostgresql.global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: force (perform the adaptation always), disabled (do not perform adaptation) | `{{ .Values.global.compatibility.openshift.adaptSecurityContext | default "disabled" }}` | | `webModelerPostgresql.nameOverride` | defines the name of the Postgres resources (names will be prefixed with the release name), see https://github.com/bitnami/charts/tree/main/bitnami/postgresql#common-parameters | `postgresql-web-modeler` | | `webModelerPostgresql.image.repository` | PostgreSQL repo | `bitnami/postgresql` | -| `webModelerPostgresql.image.tag` | PostgreSQL image tag | `14.15.0-debian-12-r2` | +| `webModelerPostgresql.image.tag` | PostgreSQL image tag | `14.15.0-debian-12-r3` | | `postgresql.auth` | configuration of the database authentication | | | `webModelerPostgresql.auth.username` | defines the name of the database user to be created for WebModeler | `web-modeler` | | `webModelerPostgresql.auth.password` | can be used to provide the database user's password; a random password will be generated if left empty / ignored if `postgresql.auth.existingSecret` is set | `""` | @@ -1129,7 +1129,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `connectors.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | | `connectors.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | | `connectors.readinessProbe` | configuration | | -| `connectors.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `false` | +| `connectors.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `true` | | `connectors.readinessProbe.scheme` | defines the startup probe scheme used on calling the probePath | `HTTP` | | `connectors.readinessProbe.probePath` | defines the readiness probe route used on the app | `/actuator/health/readiness` | | `connectors.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated. | `30` | @@ -1231,10 +1231,10 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `core.ioThreadCount` | defines how many threads can be used for the exporting on each broker pod | `3` | | `core.resources` | configuration to set request and limit configuration for the container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | | `core.resources.requests` | | | -| `core.resources.requests.cpu` | | `800m` | -| `core.resources.requests.memory` | | `1200Mi` | -| `core.resources.limits.cpu` | | `960m` | -| `core.resources.limits.memory` | | `1920Mi` | +| `core.resources.requests.cpu` | | `1000m` | +| `core.resources.requests.memory` | | `1500Mi` | +| `core.resources.limits.cpu` | | `2000m` | +| `core.resources.limits.memory` | | `3000Mi` | | `core.persistenceType` | defines the type of persistence which is used by core. Possible values are: disk, local and memory. | `disk` | | `core.pvcSize` | defines the persistent volume claim size, which is used by each broker pod https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims | `32Gi` | | `core.pvcAccessModes` | can be used to configure the persistent volume claim access mode https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes | `["ReadWriteOnce"]` | diff --git a/charts/camunda-platform-alpha/templates/camunda/ingress-grpc.yaml b/charts/camunda-platform-alpha/templates/camunda/ingress-grpc.yaml index 317edc4d89..d4befe4877 100644 --- a/charts/camunda-platform-alpha/templates/camunda/ingress-grpc.yaml +++ b/charts/camunda-platform-alpha/templates/camunda/ingress-grpc.yaml @@ -29,10 +29,9 @@ spec: {{- if .Values.core.ingress.grpc.tls.enabled }} {{- if and (not .Values.core.ingress.grpc.tls.secretName) - (contains "openshift-" (default "" .Values.core.ingress.className)) + (contains "openshift-" (default "" .Values.core.ingress.grpc.className)) }} - # The tls block is not applied because .Values.core.ingress.grpc.tls.secretName is empty - # and .Values.core.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-alpha/templates/camunda/ingress-http.yaml b/charts/camunda-platform-alpha/templates/camunda/ingress-http.yaml index d7da331719..fb7a9a85d6 100644 --- a/charts/camunda-platform-alpha/templates/camunda/ingress-http.yaml +++ b/charts/camunda-platform-alpha/templates/camunda/ingress-http.yaml @@ -99,8 +99,7 @@ spec: (not .Values.global.ingress.tls.secretName) (contains "openshift-" (default "" .Values.global.ingress.className)) }} - # The tls block is not applied because .Values.global.ingress.tls.secretName is empty - # and .Values.global.ingress.className contains "openshift-". + # The tls block is not applied because secretName is empty and className contains "openshift-". # This is necessary to use the certificate managed by the OpenShift Ingress operator, # which will automatically convert this Ingress into a Route (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress). {{- else }} diff --git a/charts/camunda-platform-alpha/templates/core/statefulset.yaml b/charts/camunda-platform-alpha/templates/core/statefulset.yaml index 8b4c77d893..692e0c34e6 100644 --- a/charts/camunda-platform-alpha/templates/core/statefulset.yaml +++ b/charts/camunda-platform-alpha/templates/core/statefulset.yaml @@ -45,7 +45,11 @@ spec: {{- if .Values.core.containerSecurityContext }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.core.containerSecurityContext "context" $) | nindent 12 }} {{- end }} + {{- if .Values.core.command }} + command: {{ toYaml .Values.core.command | nindent 10 }} + {{- else }} command: ["bash", "/usr/local/bin/startup.sh"] + {{- end }} env: - name: CAMUNDA_LICENSE_KEY valueFrom: @@ -89,9 +93,6 @@ spec: envFrom: {{- .Values.core.envFrom | toYaml | nindent 12 }} {{- end }} - {{- if .Values.core.command }} - command: {{ toYaml .Values.core.command | nindent 10 }} - {{- end }} ports: - containerPort: {{ .Values.core.service.httpPort }} name: {{ default "http" .Values.core.service.httpName }} diff --git a/charts/camunda-platform-alpha/templates/identity/configmap.yaml b/charts/camunda-platform-alpha/templates/identity/configmap.yaml index 248e269204..758f84548a 100644 --- a/charts/camunda-platform-alpha/templates/identity/configmap.yaml +++ b/charts/camunda-platform-alpha/templates/identity/configmap.yaml @@ -225,7 +225,7 @@ data: - name: Identity id: {{ printf "%s" (include "identity.authClientId" .) | default "camunda-identity" | quote }} type: CONFIDENTIAL - secret: ${VALUES_CAMUNDA_IDENTITY_CLIENT_SECRET:} + secret: ${CAMUNDA_IDENTITY_CLIENT_SECRET:${IDENTITY_CLIENT_SECRET}} root-url: {{ include "identity.externalUrl" . | quote }} redirect-uris: - "/auth/login-callback" diff --git a/charts/camunda-platform-alpha/templates/identity/deployment.yaml b/charts/camunda-platform-alpha/templates/identity/deployment.yaml index bad71f151b..0d7bbe5871 100644 --- a/charts/camunda-platform-alpha/templates/identity/deployment.yaml +++ b/charts/camunda-platform-alpha/templates/identity/deployment.yaml @@ -43,6 +43,11 @@ spec: key: {{ include "camundaPlatform.licenseSecretKey" . }} {{- if .Values.global.identity.auth.enabled }} {{- if eq .Values.global.identity.auth.type "KEYCLOAK"}} + - name: VALUES_KEYCLOAK_INIT_CONNECTORS_SECRET + valueFrom: + secretKeyRef: + name: {{ include "connectors.authClientSecretName" . }} + key: {{ include "connectors.authClientSecretKey" . }} - name: VALUES_KEYCLOAK_INIT_CORE_SECRET valueFrom: secretKeyRef: diff --git a/charts/camunda-platform-alpha/templates/web-modeler/configmap-restapi.yaml b/charts/camunda-platform-alpha/templates/web-modeler/configmap-restapi.yaml index 5dd7dc3c47..1dadbe3f14 100644 --- a/charts/camunda-platform-alpha/templates/web-modeler/configmap-restapi.yaml +++ b/charts/camunda-platform-alpha/templates/web-modeler/configmap-restapi.yaml @@ -6,8 +6,6 @@ metadata: labels: {{- include "webModeler.labels" . | nindent 4 }} annotations: {{- toYaml .Values.global.annotations | nindent 4 }} data: - pusher-app-id: web-modeler - pusher-app-key: {{ randAlphaNum 20 }} {{- if .Values.webModeler.restapi.configuration }} application.yaml: | {{ .Values.webModeler.restapi.configuration | indent 4 | trim }} diff --git a/charts/camunda-platform-alpha/templates/web-modeler/configmap-webapp.yaml b/charts/camunda-platform-alpha/templates/web-modeler/configmap-webapp.yaml index c5caa9f662..a4f0e2764a 100644 --- a/charts/camunda-platform-alpha/templates/web-modeler/configmap-webapp.yaml +++ b/charts/camunda-platform-alpha/templates/web-modeler/configmap-webapp.yaml @@ -6,8 +6,6 @@ metadata: labels: {{- include "webModeler.labels" . | nindent 4 }} annotations: {{- toYaml .Values.global.annotations | nindent 4 }} data: - pusher-app-id: web-modeler - pusher-app-key: {{ randAlphaNum 20 }} {{- if .Values.webModeler.webapp.configuration }} application.toml: | {{ .Values.webModeler.webapp.configuration | indent 4 | trim }} diff --git a/charts/camunda-platform-alpha/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml b/charts/camunda-platform-alpha/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml index 82b3346d76..a6705297e6 100644 --- a/charts/camunda-platform-alpha/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml +++ b/charts/camunda-platform-alpha/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml @@ -18,6 +18,7 @@ global: auth: publicIssuerUrl: "https://{{ .Values.global.ingress.host }}/auth/realms/camunda-platform" admin: + enabled: true existingSecret: name: "integration-test-credentials" ####################### diff --git a/charts/camunda-platform-alpha/test/unit/connectors/golden/deployment.golden.yaml b/charts/camunda-platform-alpha/test/unit/connectors/golden/deployment.golden.yaml index b03ae378f7..ae7dea8499 100644 --- a/charts/camunda-platform-alpha/test/unit/connectors/golden/deployment.golden.yaml +++ b/charts/camunda-platform-alpha/test/unit/connectors/golden/deployment.golden.yaml @@ -79,6 +79,15 @@ spec: requests: cpu: 1 memory: 1Gi + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: http + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 5 + timeoutSeconds: 1 volumeMounts: - mountPath: /tmp name: tmp diff --git a/charts/camunda-platform-alpha/test/unit/core/golden/statefulset.golden.yaml b/charts/camunda-platform-alpha/test/unit/core/golden/statefulset.golden.yaml index 02e5967666..73799ed0e2 100644 --- a/charts/camunda-platform-alpha/test/unit/core/golden/statefulset.golden.yaml +++ b/charts/camunda-platform-alpha/test/unit/core/golden/statefulset.golden.yaml @@ -108,11 +108,11 @@ spec: timeoutSeconds: 1 resources: limits: - cpu: 960m - memory: 1920Mi + cpu: 2000m + memory: 3000Mi requests: - cpu: 800m - memory: 1200Mi + cpu: 1000m + memory: 1500Mi volumeMounts: - name: config mountPath: /usr/local/bin/startup.sh diff --git a/charts/camunda-platform-alpha/test/unit/identity/golden/configmap.golden.yaml b/charts/camunda-platform-alpha/test/unit/identity/golden/configmap.golden.yaml index 08dea823d6..1b5726e7c7 100644 --- a/charts/camunda-platform-alpha/test/unit/identity/golden/configmap.golden.yaml +++ b/charts/camunda-platform-alpha/test/unit/identity/golden/configmap.golden.yaml @@ -203,7 +203,7 @@ data: - name: Identity id: "camunda-identity" type: CONFIDENTIAL - secret: ${VALUES_CAMUNDA_IDENTITY_CLIENT_SECRET:} + secret: ${CAMUNDA_IDENTITY_CLIENT_SECRET:${IDENTITY_CLIENT_SECRET}} root-url: "http://localhost:8080" redirect-uris: - "/auth/login-callback" diff --git a/charts/camunda-platform-alpha/test/unit/identity/golden/deployment.golden.yaml b/charts/camunda-platform-alpha/test/unit/identity/golden/deployment.golden.yaml index 5d3e2cf36c..63d399c750 100644 --- a/charts/camunda-platform-alpha/test/unit/identity/golden/deployment.golden.yaml +++ b/charts/camunda-platform-alpha/test/unit/identity/golden/deployment.golden.yaml @@ -60,6 +60,11 @@ spec: secretKeyRef: name: camunda-platform-test-license key: CAMUNDA_LICENSE_KEY + - name: VALUES_KEYCLOAK_INIT_CONNECTORS_SECRET + valueFrom: + secretKeyRef: + name: camunda-credentials + key: identity-connectors-client-token - name: VALUES_KEYCLOAK_INIT_CORE_SECRET valueFrom: secretKeyRef: diff --git a/charts/camunda-platform-alpha/values.yaml b/charts/camunda-platform-alpha/values.yaml index 5825a9e964..4b73537536 100644 --- a/charts/camunda-platform-alpha/values.yaml +++ b/charts/camunda-platform-alpha/values.yaml @@ -1726,7 +1726,7 @@ webModelerPostgresql: ## @param webModelerPostgresql.image.tag PostgreSQL image tag image: repository: bitnami/postgresql - tag: 14.15.0-debian-12-r2 + tag: 14.15.0-debian-12-r3 ## @extra postgresql.auth configuration of the database authentication auth: ## @param webModelerPostgresql.auth.username defines the name of the database user to be created for WebModeler @@ -1907,7 +1907,7 @@ connectors: readinessProbe: # TODO: Enalbe the readiness again once the Zeebe client in Connectors is updated (it should be done before 8.7 release). ## @param connectors.readinessProbe.enabled if true, the readiness probe is enabled in app container - enabled: false + enabled: true ## @param connectors.readinessProbe.scheme defines the startup probe scheme used on calling the probePath scheme: HTTP ## @param connectors.readinessProbe.probePath defines the readiness probe route used on the app @@ -2159,11 +2159,11 @@ core: ## @param core.resources.limits.memory resources: requests: - cpu: 800m - memory: 1200Mi + cpu: 1000m + memory: 1500Mi limits: - cpu: 960m - memory: 1920Mi + cpu: 2000m + memory: 3000Mi ## @param core.persistenceType defines the type of persistence which is used by core. Possible values are: disk, local and memory. # disk - means a persistence volume claim is configured and used diff --git a/charts/web-modeler-postgresql/README.md b/charts/web-modeler-postgresql/README.md index 2acd8b639d..997bc85aae 100644 --- a/charts/web-modeler-postgresql/README.md +++ b/charts/web-modeler-postgresql/README.md @@ -99,7 +99,7 @@ kubectl delete pvc -l release=my-release | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | `image.registry` | PostgreSQL image registry | `docker.io` | | `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `14.15.0-debian-12-r1` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `14.15.0-debian-12-r3` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` | diff --git a/charts/web-modeler-postgresql/values.yaml b/charts/web-modeler-postgresql/values.yaml index 4bf1b78a60..6c17102e37 100644 --- a/charts/web-modeler-postgresql/values.yaml +++ b/charts/web-modeler-postgresql/values.yaml @@ -95,7 +95,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 14.15.0-debian-12-r2 + tag: 14.15.0-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'