From 15908634673158abbbf0a08b2c886fc1ed7484d8 Mon Sep 17 00:00:00 2001 From: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com> Date: Sun, 20 Oct 2024 16:42:20 +0200 Subject: [PATCH] feat(docker-compose): move compose files from camunda/camunda-platform Signed-off-by: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com> --- .github/actions/install-playwright/action.yml | 40 ++ .../workflows/docker-compose-e2e-setup.yaml | 38 ++ .../docker-compose-template-e2e-setup.yaml | 95 +++ LICENSE | 201 +++++++ README.md | 6 + docker-compose/test/e2e/package-lock.json | 80 +++ docker-compose/test/e2e/package.json | 15 + docker-compose/test/e2e/playwright.config.ts | 80 +++ .../test/e2e/tests/operate_login.spec.ts | 14 + .../test/e2e/tests/optimize_login.spec.ts | 22 + .../test/e2e/tests/tasklist_login.spec.ts | 16 + .../test/e2e/tests/web_modeler_login.spec.ts | 14 + docker-compose/versions/camunda-8.2/.env | 27 + .../versions/camunda-8.2/.keycloak/Dockerfile | 62 ++ .../.optimize/environment-config.yaml | 5 + .../camunda-8.2/connector-secrets.txt | 2 + .../connectors.self-signed-certificates.yaml | 9 + .../camunda-8.2/docker-compose-core.yaml | 164 +++++ .../docker-compose-web-modeler.yaml | 144 +++++ .../versions/camunda-8.2/docker-compose.yaml | 352 +++++++++++ docker-compose/versions/camunda-8.3/.env | 24 + .../.optimize/environment-config.yaml | 5 + .../camunda-8.3/connector-secrets.txt | 2 + .../connectors.self-signed-certificates.yaml | 9 + .../camunda-8.3/docker-compose-core.yaml | 163 +++++ .../docker-compose-web-modeler.yaml | 143 +++++ .../versions/camunda-8.3/docker-compose.yaml | 352 +++++++++++ docker-compose/versions/camunda-8.4/.env | 45 ++ .../.optimize/environment-config.yaml | 5 + .../camunda-8.4/connector-secrets.txt | 2 + .../connectors.self-signed-certificates.yaml | 9 + .../camunda-8.4/docker-compose-core.yaml | 166 ++++++ .../docker-compose-web-modeler.yaml | 146 +++++ .../versions/camunda-8.4/docker-compose.yaml | 369 ++++++++++++ docker-compose/versions/camunda-8.5/.env | 47 ++ .../.optimize/environment-config.yaml | 5 + .../camunda-8.5/connector-secrets.txt | 2 + .../connectors.self-signed-certificates.yaml | 9 + .../camunda-8.5/docker-compose-core.yaml | 167 ++++++ .../docker-compose-web-modeler.yaml | 146 +++++ .../versions/camunda-8.5/docker-compose.yaml | 381 ++++++++++++ docker-compose/versions/camunda-8.6/.env | 35 ++ .../.optimize/environment-config.yaml | 5 + ...er-config-authentication-mode-identity.env | 1 + ...luster-config-authentication-mode-none.env | 1 + docker-compose/versions/camunda-8.6/README.md | 0 .../camunda-8.6/connector-secrets.txt | 2 + .../camunda-8.6/docker-compose-core.yaml | 167 ++++++ .../versions/camunda-8.6/docker-compose.yaml | 564 ++++++++++++++++++ 49 files changed, 4358 insertions(+) create mode 100644 .github/actions/install-playwright/action.yml create mode 100644 .github/workflows/docker-compose-e2e-setup.yaml create mode 100644 .github/workflows/docker-compose-template-e2e-setup.yaml create mode 100644 LICENSE create mode 100644 docker-compose/test/e2e/package-lock.json create mode 100644 docker-compose/test/e2e/package.json create mode 100644 docker-compose/test/e2e/playwright.config.ts create mode 100644 docker-compose/test/e2e/tests/operate_login.spec.ts create mode 100644 docker-compose/test/e2e/tests/optimize_login.spec.ts create mode 100644 docker-compose/test/e2e/tests/tasklist_login.spec.ts create mode 100644 docker-compose/test/e2e/tests/web_modeler_login.spec.ts create mode 100644 docker-compose/versions/camunda-8.2/.env create mode 100644 docker-compose/versions/camunda-8.2/.keycloak/Dockerfile create mode 100644 docker-compose/versions/camunda-8.2/.optimize/environment-config.yaml create mode 100644 docker-compose/versions/camunda-8.2/connector-secrets.txt create mode 100644 docker-compose/versions/camunda-8.2/connectors.self-signed-certificates.yaml create mode 100644 docker-compose/versions/camunda-8.2/docker-compose-core.yaml create mode 100644 docker-compose/versions/camunda-8.2/docker-compose-web-modeler.yaml create mode 100644 docker-compose/versions/camunda-8.2/docker-compose.yaml create mode 100644 docker-compose/versions/camunda-8.3/.env create mode 100644 docker-compose/versions/camunda-8.3/.optimize/environment-config.yaml create mode 100644 docker-compose/versions/camunda-8.3/connector-secrets.txt create mode 100644 docker-compose/versions/camunda-8.3/connectors.self-signed-certificates.yaml create mode 100644 docker-compose/versions/camunda-8.3/docker-compose-core.yaml create mode 100644 docker-compose/versions/camunda-8.3/docker-compose-web-modeler.yaml create mode 100644 docker-compose/versions/camunda-8.3/docker-compose.yaml create mode 100644 docker-compose/versions/camunda-8.4/.env create mode 100644 docker-compose/versions/camunda-8.4/.optimize/environment-config.yaml create mode 100644 docker-compose/versions/camunda-8.4/connector-secrets.txt create mode 100644 docker-compose/versions/camunda-8.4/connectors.self-signed-certificates.yaml create mode 100644 docker-compose/versions/camunda-8.4/docker-compose-core.yaml create mode 100644 docker-compose/versions/camunda-8.4/docker-compose-web-modeler.yaml create mode 100644 docker-compose/versions/camunda-8.4/docker-compose.yaml create mode 100644 docker-compose/versions/camunda-8.5/.env create mode 100644 docker-compose/versions/camunda-8.5/.optimize/environment-config.yaml create mode 100644 docker-compose/versions/camunda-8.5/connector-secrets.txt create mode 100644 docker-compose/versions/camunda-8.5/connectors.self-signed-certificates.yaml create mode 100644 docker-compose/versions/camunda-8.5/docker-compose-core.yaml create mode 100644 docker-compose/versions/camunda-8.5/docker-compose-web-modeler.yaml create mode 100644 docker-compose/versions/camunda-8.5/docker-compose.yaml create mode 100644 docker-compose/versions/camunda-8.6/.env create mode 100644 docker-compose/versions/camunda-8.6/.optimize/environment-config.yaml create mode 100644 docker-compose/versions/camunda-8.6/.web-modeler/cluster-config-authentication-mode-identity.env create mode 100644 docker-compose/versions/camunda-8.6/.web-modeler/cluster-config-authentication-mode-none.env create mode 100644 docker-compose/versions/camunda-8.6/README.md create mode 100644 docker-compose/versions/camunda-8.6/connector-secrets.txt create mode 100644 docker-compose/versions/camunda-8.6/docker-compose-core.yaml create mode 100644 docker-compose/versions/camunda-8.6/docker-compose.yaml diff --git a/.github/actions/install-playwright/action.yml b/.github/actions/install-playwright/action.yml new file mode 100644 index 0000000..4ba153c --- /dev/null +++ b/.github/actions/install-playwright/action.yml @@ -0,0 +1,40 @@ +name: Install Playwright +description: Install Playwright and its dependencies + +inputs: + working-directory: + description: Path of Playwright config and tests + browsers: + description: Playwright browsers to install + default: chromium + +runs: + using: composite + steps: + - uses: actions/cache@v4 + id: npm-cache + with: + path: ~/.npm + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + + - name: Check cache hit + shell: bash + run: | + echo "Cache hit: ${{ steps.npm-cache.outputs.cache-hit }}" + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 18 + + - name: Install dependencies + working-directory: ${{ inputs.working-directory }} + shell: bash + run: npm ci + + - name: Install Playwright browsers + working-directory: ${{ inputs.working-directory }} + shell: bash + run: npx playwright install --with-deps ${{ inputs.browsers }} diff --git a/.github/workflows/docker-compose-e2e-setup.yaml b/.github/workflows/docker-compose-e2e-setup.yaml new file mode 100644 index 0000000..7df63b7 --- /dev/null +++ b/.github/workflows/docker-compose-e2e-setup.yaml @@ -0,0 +1,38 @@ +name: "Docker Compose | E2E Test - Setup" +on: + push: + branches: + - main + - 4-aa-migrate-docker-compose + paths: + - docker-compose/versions/** + +jobs: + test: + name: ${{ matrix.name }} + strategy: + fail-fast: false + matrix: + include: + - name: Camunda 8.3 - Full + camunda-version: "8.3" + compose-args: "-f docker-compose.yaml -f docker-compose-web-modeler.yaml" + e2e-test-enabled: true + - name: Camunda 8.4 - Full + camunda-version: "8.4" + compose-args: "-f docker-compose.yaml -f docker-compose-web-modeler.yaml" + e2e-test-enabled: true + - name: Camunda 8.5 - Full + camunda-version: "8.5" + compose-args: "-f docker-compose.yaml -f docker-compose-web-modeler.yaml" + e2e-test-enabled: true + - name: Camunda 8.6 - Full + camunda-version: "8.6" + compose-args: "--profile full" + e2e-test-enabled: true + uses: ./.github/workflows/docker-compose-template-e2e-setup.yaml + secrets: inherit + with: + camunda-version: ${{ matrix.camunda-version }} + compose-args: ${{ matrix.compose-args }} + e2e-test-enabled: ${{ matrix.e2e-test-enabled }} diff --git a/.github/workflows/docker-compose-template-e2e-setup.yaml b/.github/workflows/docker-compose-template-e2e-setup.yaml new file mode 100644 index 0000000..c820be5 --- /dev/null +++ b/.github/workflows/docker-compose-template-e2e-setup.yaml @@ -0,0 +1,95 @@ +name: "Docker Compose | Template - E2E Test - Setup" + +on: + workflow_call: + inputs: + camunda-version: + description: Camunda minor version in format x.y + required: true + type: string + compose-args: + description: Arguments supplied to Docker Compose + required: true + type: string + e2e-test-enabled: + description: Run Playwright tests + required: true + type: boolean + e2e-test-directory: + description: Directory of the E2E files + required: false + type: string + default: docker-compose/test/e2e + e2e-test-args: + description: Arguments supplied to Playwright + required: false + type: string + +env: + COMPOSE_WORKING_DIRECTORY: docker-compose/versions/camunda-${{ inputs.camunda-version }} + +jobs: + test: + name: Test + runs-on: ubuntu-latest + steps: + - name: disable and stop mono-xsp4.service + run: | + sudo systemctl stop mono-xsp4.service || true + sudo systemctl disable mono-xsp4.service || true + sudo killall mono || true + sudo killall xsp4 || true + + - name: Checkout + uses: actions/checkout@v4 + + - name: Login to Docker registries + run: | + # DockerHub registry. + echo '${{ secrets.DISTRO_CI_DOCKER_PASSWORD_DOCKERHUB }}' | + docker login -u '${{ secrets.DISTRO_CI_DOCKER_USERNAME_DOCKERHUB }}' --password-stdin + # Camunda registry. + echo '${{ secrets.DISTRO_CI_DOCKER_PASSWORD_CAMUNDA }}' | + docker login -u '${{ secrets.DISTRO_CI_DOCKER_USERNAME_CAMUNDA }}' --password-stdin registry.camunda.cloud + + # + # Docker Compose. + + - name: Bring up containers + working-directory: ${{ env.COMPOSE_WORKING_DIRECTORY }} + run: | + docker compose ${{ inputs.compose-args }} \ + up --quiet-pull -d + + - name: Wait until all containers are healthy + timeout-minutes: 5 + run: | + while $(docker container ls | grep -q -e 'unhealthy' -e 'health: starting'); do + echo "Some containers are not healthy yet" + docker container ls --format "table {{.Image}}\t{{.Status}}"; + sleep 15; + done + + # + # End-to-End tests. + + - name: Install Playwright + uses: ./.github/actions/install-playwright + if: ${{ inputs.e2e-test-enabled }} + with: + working-directory: ${{ inputs.e2e-test-directory }} + + - name: Run Playwright tests + if: ${{ inputs.e2e-test-enabled }} + id: test + working-directory: ${{ inputs.e2e-test-directory }} + run: | + npx playwright test ${{ inputs.e2e-test-args }} + + - name: Upload Playwright reports + if: always() && steps.test.conclusion != 'skipped' + uses: actions/upload-artifact@v4 + with: + name: docker-compose-playwright-report-${{ inputs.camunda-version }}-${{ steps.test.conclusion }}-${{ github.run_id }} + path: ${{ inputs.e2e-test-directory }}/playwright-report/ + retention-days: 30 diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md index b60e807..e99cf9d 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,9 @@ # Camunda 8 Self-Managed Distribution A mono repo for Camunda 8 Self-Managed Distributions. + +# Distributions + +## Docker Compose + +For more details, check the directory of [Camunda Docker Compose](./docker-compose/). diff --git a/docker-compose/test/e2e/package-lock.json b/docker-compose/test/e2e/package-lock.json new file mode 100644 index 0000000..ae5c5e8 --- /dev/null +++ b/docker-compose/test/e2e/package-lock.json @@ -0,0 +1,80 @@ +{ + "name": "connectors_uploader", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "connectors_uploader", + "version": "1.0.0", + "license": "ISC", + "devDependencies": { + "@playwright/test": "^1.33.0", + "playwright": "^1.33.0", + "playwright-core": "^1.33.0" + } + }, + "node_modules/@playwright/test": { + "version": "1.48.1", + "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.48.1.tgz", + "integrity": "sha512-s9RtWoxkOLmRJdw3oFvhFbs9OJS0BzrLUc8Hf6l2UdCNd1rqeEyD4BhCJkvzeEoD1FsK4mirsWwGerhVmYKtZg==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "playwright": "1.48.1" + }, + "bin": { + "playwright": "cli.js" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/playwright": { + "version": "1.48.1", + "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.48.1.tgz", + "integrity": "sha512-j8CiHW/V6HxmbntOfyB4+T/uk08tBy6ph0MpBXwuoofkSnLmlfdYNNkFTYD6ofzzlSqLA1fwH4vwvVFvJgLN0w==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "playwright-core": "1.48.1" + }, + "bin": { + "playwright": "cli.js" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "fsevents": "2.3.2" + } + }, + "node_modules/playwright-core": { + "version": "1.48.1", + "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.48.1.tgz", + "integrity": "sha512-Yw/t4VAFX/bBr1OzwCuOMZkY1Cnb4z/doAFSwf4huqAGWmf9eMNjmK7NiOljCdLmxeRYcGPPmcDgU0zOlzP0YA==", + "dev": true, + "license": "Apache-2.0", + "bin": { + "playwright-core": "cli.js" + }, + "engines": { + "node": ">=18" + } + } + } +} diff --git a/docker-compose/test/e2e/package.json b/docker-compose/test/e2e/package.json new file mode 100644 index 0000000..4ef92a9 --- /dev/null +++ b/docker-compose/test/e2e/package.json @@ -0,0 +1,15 @@ +{ + "name": "connectors_uploader", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": {}, + "keywords": [], + "author": "", + "license": "ISC", + "devDependencies": { + "@playwright/test": "^1.33.0", + "playwright": "^1.33.0", + "playwright-core": "^1.33.0" + } +} diff --git a/docker-compose/test/e2e/playwright.config.ts b/docker-compose/test/e2e/playwright.config.ts new file mode 100644 index 0000000..1067b87 --- /dev/null +++ b/docker-compose/test/e2e/playwright.config.ts @@ -0,0 +1,80 @@ +import { defineConfig, devices } from '@playwright/test'; + +/** + * Read environment variables from file. + * https://github.com/motdotla/dotenv + */ +// require('dotenv').config(); + +/** + * See https://playwright.dev/docs/test-configuration. + */ +export default defineConfig({ + testDir: './tests', + /* Run tests in files in parallel */ + fullyParallel: true, + /* Fail the build on CI if you accidentally left test.only in the source code. */ + forbidOnly: !!process.env.CI, + /* Retry on CI only */ + retries: process.env.CI ? 2 : 0, + /* Opt out of parallel tests on CI. */ + workers: process.env.CI ? 1 : undefined, + /* Reporter to use. See https://playwright.dev/docs/test-reporters */ + reporter: [ + ['list'], + ['html'] + ], + /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */ + use: { + /* Base URL to use in actions like `await page.goto('/')`. */ + // baseURL: 'http://127.0.0.1:3000', + + /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */ + trace: 'on-first-retry', + }, + + /* Configure projects for major browsers */ + projects: [ + { + name: 'chromium', + use: { ...devices['Desktop Chrome'] }, + }, + +// { +// name: 'firefox', +// use: { ...devices['Desktop Firefox'] }, +// }, +// +// { +// name: 'webkit', +// use: { ...devices['Desktop Safari'] }, +// }, + + /* Test against mobile viewports. */ + // { + // name: 'Mobile Chrome', + // use: { ...devices['Pixel 5'] }, + // }, + // { + // name: 'Mobile Safari', + // use: { ...devices['iPhone 12'] }, + // }, + + /* Test against branded browsers. */ + // { + // name: 'Microsoft Edge', + // use: { ...devices['Desktop Edge'], channel: 'msedge' }, + // }, + // { + // name: 'Google Chrome', + // use: { ..devices['Desktop Chrome'], channel: 'chrome' }, + // }, + ], + + /* Run your local dev server before starting the tests */ + // webServer: { + // command: 'npm run start', + // url: 'http://127.0.0.1:3000', + // reuseExistingServer: !process.env.CI, + // }, +}); diff --git a/docker-compose/test/e2e/tests/operate_login.spec.ts b/docker-compose/test/e2e/tests/operate_login.spec.ts new file mode 100644 index 0000000..72db944 --- /dev/null +++ b/docker-compose/test/e2e/tests/operate_login.spec.ts @@ -0,0 +1,14 @@ +import { test, expect } from '@playwright/test'; +const playwright = require('playwright'); + +test('Validate login page', async ({ page }) => { + test.setTimeout(60000); + await page.goto('http://localhost:8081/'); + await page.getByRole('heading', { name: 'Log in' }).waitFor(); + await page.getByLabel('Username or email').click(); + await page.getByLabel('Username or email').fill('demo'); + await page.getByLabel('Password').click(); + await page.getByLabel('Password').fill('demo'); + await page.getByRole('button', { name: 'Log in' }).click(); + await page.getByRole('link', { name: 'Processes' }).click(); +}); diff --git a/docker-compose/test/e2e/tests/optimize_login.spec.ts b/docker-compose/test/e2e/tests/optimize_login.spec.ts new file mode 100644 index 0000000..ee81980 --- /dev/null +++ b/docker-compose/test/e2e/tests/optimize_login.spec.ts @@ -0,0 +1,22 @@ +import { test, expect } from '@playwright/test'; +const playwright = require('playwright'); + +test('Validate login page', async ({ page }) => { + test.setTimeout(60000); + await page.goto('http://localhost:8083/'); + await page.getByRole('heading', { name: 'Log in' }).waitFor(); + await page.getByLabel('Username or email').click(); + await page.getByLabel('Username or email').fill('demo'); + await page.getByLabel('Password').click(); + await page.getByLabel('Password').fill('demo'); + await page.getByRole('button', { name: 'Log in' }).click(); + try { + await page.getByText('Close').click({timeout: 5000}); + } catch (e) { + if (e instanceof playwright.errors.TimeoutError) { + console.log("Popup of release features sometimes appears here. Perhaps you've already closed this out once. ignoring..."); + } + } + await page.getByText('Collections').click({timeout: 5000}); + await page.getByRole('button', { name: 'Create New Dashboard' }).click(); +}); diff --git a/docker-compose/test/e2e/tests/tasklist_login.spec.ts b/docker-compose/test/e2e/tests/tasklist_login.spec.ts new file mode 100644 index 0000000..1c209a0 --- /dev/null +++ b/docker-compose/test/e2e/tests/tasklist_login.spec.ts @@ -0,0 +1,16 @@ +import { test, expect } from '@playwright/test'; +const playwright = require('playwright'); + +test('Validate login page', async ({ page }) => { + test.setTimeout(60000); + await page.goto('http://localhost:8082/'); + await page.getByRole('heading', { name: 'Log in' }).waitFor(); + await page.getByLabel('Username or email').click(); + await page.getByLabel('Username or email').fill('demo'); + await page.getByLabel('Password').click(); + await page.getByLabel('Password').fill('demo'); + await page.getByRole('button', { name: 'Log in' }).click(); + // TODO: Update the assertion to work with versions before Camunda 8.6 + // await page.getByRole('listitem').filter({ hasText: 'Expand to show filters' }).getByRole('button').click(); + // await page.getByRole('link', { name: 'Assigned to me' }).click(); +}); diff --git a/docker-compose/test/e2e/tests/web_modeler_login.spec.ts b/docker-compose/test/e2e/tests/web_modeler_login.spec.ts new file mode 100644 index 0000000..3bcaac3 --- /dev/null +++ b/docker-compose/test/e2e/tests/web_modeler_login.spec.ts @@ -0,0 +1,14 @@ +import { test, expect } from '@playwright/test'; + +test('Validate login page', async ({ page }) => { + test.setTimeout(6000000); + await page.goto('http://localhost:8070/'); + await page.getByRole('heading', { name: 'Log in' }).waitFor(); + await page.getByLabel('Username or email').click(); + await page.getByLabel('Username or email').fill('demo'); + await page.getByLabel('Password').click(); + await page.getByLabel('Password').fill('demo'); + await page.getByRole('button', { name: 'Log in' }).click(); + await page.getByText('Projects').waitFor(); + await page.locator('[data-test="create-project"]').click(); +}); diff --git a/docker-compose/versions/camunda-8.2/.env b/docker-compose/versions/camunda-8.2/.env new file mode 100644 index 0000000..9264b4e --- /dev/null +++ b/docker-compose/versions/camunda-8.2/.env @@ -0,0 +1,27 @@ +## Image versions ## +# renovate: datasource=docker depName=camunda/connectors-bundle +CAMUNDA_CONNECTORS_VERSION=0.23.2 +# renovate: datasource=docker depName=camunda/optimize +CAMUNDA_OPTIMIZE_VERSION=3.10.14 +CAMUNDA_PLATFORM_VERSION=8.2.31 + +# renovate: datasource=docker depName=camunda/operate +CAMUNDA_OPERATE_VERSION=8.2.31 + +# renovate: datasource=docker depName=camunda/web-modeler lookupName=registry.camunda.cloud/web-modeler-ee/modeler-restapi +CAMUNDA_WEB_MODELER_VERSION=8.2.20 +ELASTIC_VERSION=7.17.9 +KEYCLOAK_SERVER_VERSION=19.0.3 +MAILPIT_VERSION=v1.5.4 +POSTGRES_VERSION=14.5-alpine + +## Configuration ## +# By default the zeebe api is public, when setting this to `identity` a valid zeebe client token is required +ZEEBE_AUTHENTICATION_MODE=none +ZEEBE_CLIENT_ID=zeebe +ZEEBE_CLIENT_SECRET=zecret + +# Set to 'true' to enable resource based authorizations for users and groups +# This can be used to limit access for users or groups to view/update specific +# processes and decisions in Operate and Tasklist +RESOURCE_AUTHORIZATIONS_ENABLED=false diff --git a/docker-compose/versions/camunda-8.2/.keycloak/Dockerfile b/docker-compose/versions/camunda-8.2/.keycloak/Dockerfile new file mode 100644 index 0000000..33ea394 --- /dev/null +++ b/docker-compose/versions/camunda-8.2/.keycloak/Dockerfile @@ -0,0 +1,62 @@ +# This Dockerfile will build an arm64 Keycloak image that can be used in the same way +# as the docker images provided by bitnami/keycloak +ARG KEYCLOAK_VERSION=19.0.3 + +# Inspired by https://github.com/keycloak/keycloak/blob/main/quarkus/container/Dockerfile +# and https://github.com/bitnami/containers/blob/main/bitnami/keycloak/19/debian-11/Dockerfile +FROM registry.access.redhat.com/ubi8-minimal AS build + +ARG KEYCLOAK_VERSION +ARG KEYCLOAK_DIST=https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz + +RUN microdnf install -y tar gzip + +ADD $KEYCLOAK_DIST /tmp/keycloak/ + +# The next step makes it uniform for local development and upstream built. +# If it is a local tar archive then it is unpacked, if from remote is just downloaded. +RUN (cd /tmp/keycloak && \ + tar -xvf /tmp/keycloak/keycloak-*.tar.gz && \ + rm /tmp/keycloak/keycloak-*.tar.gz) || true + +RUN mv /tmp/keycloak/keycloak-* /opt/keycloak && mkdir -p /opt/keycloak/data + +RUN chmod -R g+rwX /opt/keycloak + +FROM docker.io/bitnami/keycloak:${KEYCLOAK_VERSION} as bitnami-env + +FROM registry.access.redhat.com/ubi8-minimal +ARG KEYCLOAK_VERSION +ENV LANG en_US.UTF-8 + +COPY --from=build --chown=1000:0 /opt/keycloak /opt/keycloak +COPY --from=bitnami-env --chown=1000:0 /opt/bitnami/scripts /opt/bitnami/scripts +RUN ln -s /opt/keycloak /opt/bitnami/keycloak + +# prevent JAVA_HOME from being changed +RUN sed -i 's/export JAVA_HOME=\"\/opt\/bitnami\/java\"//' /opt/bitnami/scripts/keycloak-env.sh + +RUN microdnf update -y && \ + microdnf install -y --nodocs java-11-openjdk-headless glibc-langpack-en hostname tar gzip tzdata-java-2023c && microdnf clean all && rm -rf /var/cache/yum/* && \ + echo "keycloak:x:0:root" >> /etc/group && \ + echo "keycloak:x:1000:0:keycloak user:/opt/keycloak:/sbin/nologin" >> /etc/passwd + +# Install wait-for-port which is required by bitnami scripts +# ref: https://github.com/bitnami/containers/blob/main/bitnami/keycloak/19/debian-11/Dockerfile#L25 +RUN \ + curl -SsLf "https://github.com/bitnami/wait-for-port/releases/download/v1.0.5/wait-for-port-linux-arm64.tar.gz" -O && \ + tar -zxf "wait-for-port-linux-arm64.tar.gz" && \ + rm -rf "wait-for-port-linux-arm64.tar.gz" && \ + mv ./wait-for-port-linux-arm64 /usr/bin/wait-for-port + +ENV APP_VERSION="$KEYCLOAK_VERSION" \ + BITNAMI_APP_NAME="keycloak" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/keycloak/bin:$PATH" + +USER 1000 + +EXPOSE 8080 +EXPOSE 8443 + +ENTRYPOINT [ "/opt/bitnami/scripts/keycloak/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/keycloak/run.sh" ] diff --git a/docker-compose/versions/camunda-8.2/.optimize/environment-config.yaml b/docker-compose/versions/camunda-8.2/.optimize/environment-config.yaml new file mode 100644 index 0000000..de4cd58 --- /dev/null +++ b/docker-compose/versions/camunda-8.2/.optimize/environment-config.yaml @@ -0,0 +1,5 @@ +es: + settings: + index: + number_of_replicas: 0 + diff --git a/docker-compose/versions/camunda-8.2/connector-secrets.txt b/docker-compose/versions/camunda-8.2/connector-secrets.txt new file mode 100644 index 0000000..5b761a3 --- /dev/null +++ b/docker-compose/versions/camunda-8.2/connector-secrets.txt @@ -0,0 +1,2 @@ +# add secrets per line in the format NAME=VALUE +# WARNING: ensure not to commit changes to this file diff --git a/docker-compose/versions/camunda-8.2/connectors.self-signed-certificates.yaml b/docker-compose/versions/camunda-8.2/connectors.self-signed-certificates.yaml new file mode 100644 index 0000000..debbebe --- /dev/null +++ b/docker-compose/versions/camunda-8.2/connectors.self-signed-certificates.yaml @@ -0,0 +1,9 @@ +services: + connectors: + environment: + - JAVAX_NET_SSL_TRUSTSTORE=/opt/security/truststore/ + - JAVAX_NET_SSL_TRUSTSTOREPASSWORD=password + #- JAVA_OPTS=-Djavax.net.debug=all # Uncomment this line to fine tune additional JVM options + #- DEBUG_JVM_PRINT_JAVA_OPTS=1 # Uncomment this line to debug print $JAVA_OPTS + volumes: + - /path/to/your/folder/with/trust/store:/opt/security/truststore \ No newline at end of file diff --git a/docker-compose/versions/camunda-8.2/docker-compose-core.yaml b/docker-compose/versions/camunda-8.2/docker-compose-core.yaml new file mode 100644 index 0000000..12ea1f5 --- /dev/null +++ b/docker-compose/versions/camunda-8.2/docker-compose-core.yaml @@ -0,0 +1,164 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a lightweight configuration with Zeebe, Operate, Tasklist, and Elasticsearch +# See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak. + +services: + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: always + volumes: + - zeebe:/usr/local/zeebe/data + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - elasticsearch + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_OPERATE_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - elasticsearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - elasticsearch + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - OPERATE_CLIENT_ENABLED=true + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_OPERATE_CLIENT_USERNAME=demo + - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + env_file: connector-secrets.txt + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - operate + + elasticsearch: # https://hub.docker.com/_/elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + container_name: elasticsearch + ports: + - "9200:9200" + - "9300:9300" + environment: + - bootstrap.memory_lock=true + - discovery.type=single-node + - xpack.security.enabled=false + # allow running with low disk space + - cluster.routing.allocation.disk.threshold_enabled=false + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 5s + retries: 3 + volumes: + - elastic:/usr/share/elasticsearch/data + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - elasticsearch + profiles: + - kibana + +volumes: + zeebe: + elastic: + kibana: + +networks: + camunda-platform: diff --git a/docker-compose/versions/camunda-8.2/docker-compose-web-modeler.yaml b/docker-compose/versions/camunda-8.2/docker-compose-web-modeler.yaml new file mode 100644 index 0000000..05e47d1 --- /dev/null +++ b/docker-compose/versions/camunda-8.2/docker-compose-web-modeler.yaml @@ -0,0 +1,144 @@ +# Docker Compose file for Web Modeler Self-Managed. This file is not intended to be used stand-alone. +# Use it in combination with docker-compose.yaml: +# +# docker-compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml up -d +# +# Note: this file is using Mailpit to simulate a mail server + +version: "2.4" + +services: + + modeler-db: + container_name: modeler-db + image: postgres:${POSTGRES_VERSION} + healthcheck: + test: pg_isready -d modeler-db -U modeler-db-user + interval: 5s + timeout: 15s + retries: 30 + environment: + POSTGRES_DB: modeler-db + POSTGRES_USER: modeler-db-user + POSTGRES_PASSWORD: modeler-db-password + networks: + - modeler + + modeler-websockets: + container_name: modeler-websockets + image: registry.camunda.cloud/web-modeler-ee/modeler-websockets:${CAMUNDA_WEB_MODELER_VERSION} + ports: + - "8060:8060" + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8060/up" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + APP_NAME: "Web Modeler Self-Managed WebSockets" + APP_DEBUG: "true" + PUSHER_APP_ID: modeler-app + PUSHER_APP_KEY: modeler-app-key + PUSHER_APP_SECRET: modeler-app-secret + networks: + - modeler + + mailpit: + # If you want to use your own SMTP server, you can remove this container + # and configure RESTAPI_MAIL_HOST, RESTAPI_MAIL_PORT, REST_API_MAIL_USER, + # REST_API_MAIL_PASSWORD and RESTAPI_MAIL_ENABLE_TLS in modeler-restapi + container_name: mailpit + image: axllent/mailpit:${MAILPIT_VERSION} + ports: + - "1025:1025" + - "8075:8025" + healthcheck: + test: /usr/bin/nc -v localhost 1025 + interval: 30s + networks: + - modeler + + # Modeler containers + modeler-restapi: + container_name: modeler-restapi + image: registry.camunda.cloud/web-modeler-ee/modeler-restapi:${CAMUNDA_WEB_MODELER_VERSION} + command: /bin/sh -c "java $JAVA_OPTIONS org.springframework.boot.loader.JarLauncher" + depends_on: + modeler-db: + condition: service_healthy + mailpit: + condition: service_started + identity: + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8091/health/readiness" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + JAVA_OPTIONS: -Xmx128m + LOGGING_LEVEL_IO_CAMUNDA_MODELER: DEBUG + SPRING_PROFILES_INCLUDE: default-logging + RESTAPI_PUSHER_HOST: modeler-websockets + RESTAPI_PUSHER_PORT: "8060" + RESTAPI_PUSHER_APP_ID: modeler-app + RESTAPI_PUSHER_KEY: modeler-app-key + RESTAPI_PUSHER_SECRET: modeler-app-secret + RESTAPI_OAUTH2_TOKEN_ISSUER: http://localhost:18080/auth/realms/camunda-platform + RESTAPI_OAUTH2_TOKEN_ISSUER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform + RESTAPI_IDENTITY_BASE_URL: http://identity:8084/ + RESTAPI_SERVER_URL: http://localhost:8070 + RESTAPI_DB_HOST: modeler-db + RESTAPI_DB_NAME: modeler-db + RESTAPI_DB_PORT: 5432 + RESTAPI_DB_USER: modeler-db-user + RESTAPI_DB_PASSWORD: modeler-db-password + RESTAPI_MAIL_HOST: mailpit + RESTAPI_MAIL_PORT: 1025 + RESTAPI_MAIL_ENABLE_TLS: "false" + RESTAPI_MAIL_FROM_ADDRESS: "noreply@example.com" + networks: + - modeler + - camunda-platform + + modeler-webapp: + container_name: modeler-webapp + image: registry.camunda.cloud/web-modeler-ee/modeler-webapp:${CAMUNDA_WEB_MODELER_VERSION} + ports: + - "8070:8070" + depends_on: + modeler-restapi: + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8071/health/readiness" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + RESTAPI_HOST: modeler-restapi + SERVER_HOST: modeler-webapp + SERVER_URL: http://localhost:8070 + PUSHER_APP_ID: modeler-app + PUSHER_KEY: modeler-app-key + PUSHER_SECRET: modeler-app-secret + PUSHER_HOST: modeler-websockets + PUSHER_PORT: "8060" + CLIENT_PUSHER_HOST: localhost + CLIENT_PUSHER_PORT: "8060" + CLIENT_PUSHER_FORCE_TLS: "false" + CLIENT_PUSHER_KEY: modeler-app-key + OAUTH2_CLIENT_ID: web-modeler + OAUTH2_TOKEN_AUDIENCE: web-modeler + OAUTH2_TOKEN_ISSUER: http://localhost:18080/auth/realms/camunda-platform + KEYCLOAK_BASE_URL: http://localhost:18080 + KEYCLOAK_REALM: camunda-platform + KEYCLOAK_JWKS_URL: http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + IDENTITY_BASE_URL: http://identity:8084/ + PLAY_ENABLED: "true" + networks: + - modeler + - camunda-platform + +networks: + camunda-platform: + modeler: \ No newline at end of file diff --git a/docker-compose/versions/camunda-8.2/docker-compose.yaml b/docker-compose/versions/camunda-8.2/docker-compose.yaml new file mode 100644 index 0000000..5381b63 --- /dev/null +++ b/docker-compose/versions/camunda-8.2/docker-compose.yaml @@ -0,0 +1,352 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and Elasticsearch +# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. + +services: + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: always + volumes: + - zeebe:/usr/local/zeebe/data + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - elasticsearch + - identity + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_OPERATE_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://localhost:18080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate + - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://localhost:18080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - identity + - elasticsearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://localhost:18080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist + - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://localhost:18080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + zeebe: + condition: service_started + elasticsearch: + condition: service_healthy + identity: + condition: service_healthy + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_CLIENT_KEYCLOAK-URL=http://keycloak:8080 + - CAMUNDA_OPERATE_CLIENT_CLIENT-ID=connectors + - CAMUNDA_OPERATE_CLIENT_CLIENT-SECRET=c0nn3ct0rsAr3Aw3s0me + - CAMUNDA_OPERATE_CLIENT_KEYCLOAK-REALM=camunda-platform + - OPERATE_CLIENT_ENABLED=true + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + env_file: connector-secrets.txt + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - operate + - identity + + optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize + image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} + container_name: optimize + ports: + - "8083:8090" + environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables + - OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch + - OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 + - SPRING_PROFILES_ACTIVE=ccsm + - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true + - CAMUNDA_OPTIMIZE_ENTERPRISE=false + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://localhost:18080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api + - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false + - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + volumes: + - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml" + restart: on-failure + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - identity + - elasticsearch + + identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity + container_name: identity + image: camunda/identity:${CAMUNDA_PLATFORM_VERSION} + ports: + - "8084:8084" + environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ + SERVER_PORT: 8084 + IDENTITY_RETRY_DELAY_SECONDS: 30 + KEYCLOAK_URL: http://keycloak:8080/auth + IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform + IDENTITY_DATABASE_HOST: postgres + IDENTITY_DATABASE_PORT: 5432 + IDENTITY_DATABASE_NAME: bitnami_keycloak + IDENTITY_DATABASE_USERNAME: bn_keycloak + IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPERATE_ROOT_URL: http://localhost:8081 + KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://localhost:8082 + KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://localhost:8083 + KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://localhost:8070 + KEYCLOAK_INIT_CONNECTORS_SECRET: c0nn3ct0rsAr3Aw3s0me + KEYCLOAK_INIT_ZEEBE_NAME: zeebe + KEYCLOAK_USERS_0_USERNAME: "demo" + KEYCLOAK_USERS_0_PASSWORD: "demo" + KEYCLOAK_USERS_0_FIRST_NAME: "demo" + KEYCLOAK_USERS_0_EMAIL: "demo@acme.com" + KEYCLOAK_USERS_0_ROLES_0: "Identity" + KEYCLOAK_USERS_0_ROLES_1: "Optimize" + KEYCLOAK_USERS_0_ROLES_2: "Operate" + KEYCLOAK_USERS_0_ROLES_3: "Tasklist" + KEYCLOAK_USERS_0_ROLES_4: "Web Modeler" + KEYCLOAK_CLIENTS_0_NAME: zeebe + KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID} + KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET} + KEYCLOAK_CLIENTS_0_TYPE: M2M + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:* + RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED} + healthcheck: + test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ] + interval: 5s + timeout: 15s + retries: 30 + start_period: 60s + restart: on-failure + volumes: + - keycloak-theme:/app/keycloak-theme + networks: + - camunda-platform + - identity-network + depends_on: + keycloak: + condition: service_healthy + + postgres: # https://hub.docker.com/_/postgres + container_name: postgres + image: postgres:${POSTGRES_VERSION} + environment: + POSTGRES_DB: bitnami_keycloak + POSTGRES_USER: bn_keycloak + POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + restart: on-failure + healthcheck: + test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - postgres:/var/lib/postgresql/data + networks: + - identity-network + + keycloak: # https://hub.docker.com/r/bitnami/keycloak + container_name: keycloak + image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} + volumes: + - keycloak-theme:/opt/bitnami/keycloak/themes/identity + ports: + - "18080:8080" + environment: + KEYCLOAK_HTTP_RELATIVE_PATH: /auth + KEYCLOAK_DATABASE_HOST: postgres + KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_ADMIN_USER: admin + KEYCLOAK_ADMIN_PASSWORD: admin + restart: on-failure + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:8080/auth" ] + interval: 30s + timeout: 15s + retries: 5 + start_period: 30s + networks: + - camunda-platform + - identity-network + depends_on: + - postgres + + elasticsearch: # https://hub.docker.com/_/elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + container_name: elasticsearch + ports: + - "9200:9200" + - "9300:9300" + environment: + - bootstrap.memory_lock=true + - discovery.type=single-node + - xpack.security.enabled=false + # allow running with low disk space + - cluster.routing.allocation.disk.threshold_enabled=false + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 5s + retries: 3 + volumes: + - elastic:/usr/share/elasticsearch/data + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - elasticsearch + profiles: + - kibana + +volumes: + zeebe: + elastic: + postgres: + keycloak-theme: + kibana: + +networks: + # Note there are two bridge networks: One for Camunda Platform and one for Identity. + # Identity and Keycloak are part of both as they need to be accessible by platform components. + camunda-platform: + identity-network: diff --git a/docker-compose/versions/camunda-8.3/.env b/docker-compose/versions/camunda-8.3/.env new file mode 100644 index 0000000..19d6336 --- /dev/null +++ b/docker-compose/versions/camunda-8.3/.env @@ -0,0 +1,24 @@ +## Image versions ## +# renovate: datasource=docker depName=camunda/connectors-bundle +CAMUNDA_CONNECTORS_VERSION=8.3.18 +CAMUNDA_PLATFORM_VERSION=8.3.15 +# renovate: datasource=docker depName=camunda/optimize +CAMUNDA_OPTIMIZE_VERSION=8.3.14 +# renovate: datasource=docker depName=camunda/web-modeler lookupName=registry.camunda.cloud/web-modeler-ee/modeler-restapi +CAMUNDA_WEB_MODELER_VERSION=8.3.12 +ELASTIC_VERSION=8.8.2 +KEYCLOAK_SERVER_VERSION=21.1.2 +MAILPIT_VERSION=v1.9.9 +POSTGRES_VERSION=14.5-alpine +HOST=localhost + +## Configuration ## +# By default the zeebe api is public, when setting this to `identity` a valid zeebe client token is required +ZEEBE_AUTHENTICATION_MODE=none +ZEEBE_CLIENT_ID=zeebe +ZEEBE_CLIENT_SECRET=zecret + +# Set to 'true' to enable resource based authorizations for users and groups +# This can be used to limit access for users or groups to view/update specific +# processes and decisions in Operate and Tasklist +RESOURCE_AUTHORIZATIONS_ENABLED=false diff --git a/docker-compose/versions/camunda-8.3/.optimize/environment-config.yaml b/docker-compose/versions/camunda-8.3/.optimize/environment-config.yaml new file mode 100644 index 0000000..de4cd58 --- /dev/null +++ b/docker-compose/versions/camunda-8.3/.optimize/environment-config.yaml @@ -0,0 +1,5 @@ +es: + settings: + index: + number_of_replicas: 0 + diff --git a/docker-compose/versions/camunda-8.3/connector-secrets.txt b/docker-compose/versions/camunda-8.3/connector-secrets.txt new file mode 100644 index 0000000..5b761a3 --- /dev/null +++ b/docker-compose/versions/camunda-8.3/connector-secrets.txt @@ -0,0 +1,2 @@ +# add secrets per line in the format NAME=VALUE +# WARNING: ensure not to commit changes to this file diff --git a/docker-compose/versions/camunda-8.3/connectors.self-signed-certificates.yaml b/docker-compose/versions/camunda-8.3/connectors.self-signed-certificates.yaml new file mode 100644 index 0000000..debbebe --- /dev/null +++ b/docker-compose/versions/camunda-8.3/connectors.self-signed-certificates.yaml @@ -0,0 +1,9 @@ +services: + connectors: + environment: + - JAVAX_NET_SSL_TRUSTSTORE=/opt/security/truststore/ + - JAVAX_NET_SSL_TRUSTSTOREPASSWORD=password + #- JAVA_OPTS=-Djavax.net.debug=all # Uncomment this line to fine tune additional JVM options + #- DEBUG_JVM_PRINT_JAVA_OPTS=1 # Uncomment this line to debug print $JAVA_OPTS + volumes: + - /path/to/your/folder/with/trust/store:/opt/security/truststore \ No newline at end of file diff --git a/docker-compose/versions/camunda-8.3/docker-compose-core.yaml b/docker-compose/versions/camunda-8.3/docker-compose-core.yaml new file mode 100644 index 0000000..5494d83 --- /dev/null +++ b/docker-compose/versions/camunda-8.3/docker-compose-core.yaml @@ -0,0 +1,163 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a lightweight configuration with Zeebe, Operate, Tasklist, and Elasticsearch +# See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak. + +services: + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: always + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - zeebe:/usr/local/zeebe/data + networks: + - camunda-platform + depends_on: + - elasticsearch + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - elasticsearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - elasticsearch + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_OPERATE_CLIENT_USERNAME=demo + - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + env_file: connector-secrets.txt + networks: + - camunda-platform + depends_on: + - zeebe + - operate + + elasticsearch: # https://hub.docker.com/_/elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + container_name: elasticsearch + ports: + - "9200:9200" + - "9300:9300" + environment: + - bootstrap.memory_lock=true + - discovery.type=single-node + - xpack.security.enabled=false + # allow running with low disk space + - cluster.routing.allocation.disk.threshold_enabled=false + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 5s + retries: 3 + volumes: + - elastic:/usr/share/elasticsearch/data + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - elasticsearch + profiles: + - kibana + +volumes: + zeebe: + elastic: + kibana: + +networks: + camunda-platform: diff --git a/docker-compose/versions/camunda-8.3/docker-compose-web-modeler.yaml b/docker-compose/versions/camunda-8.3/docker-compose-web-modeler.yaml new file mode 100644 index 0000000..e6d6354 --- /dev/null +++ b/docker-compose/versions/camunda-8.3/docker-compose-web-modeler.yaml @@ -0,0 +1,143 @@ +# Docker Compose file for Web Modeler Self-Managed. This file is not intended to be used stand-alone. +# Use it in combination with docker-compose.yaml: +# +# docker-compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml up -d +# +# Note: this file is using Mailpit to simulate a mail server + +version: "2.4" + +services: + + modeler-db: + container_name: modeler-db + image: postgres:${POSTGRES_VERSION} + healthcheck: + test: pg_isready -d modeler-db -U modeler-db-user + interval: 5s + timeout: 15s + retries: 30 + environment: + POSTGRES_DB: modeler-db + POSTGRES_USER: modeler-db-user + POSTGRES_PASSWORD: modeler-db-password + networks: + - modeler + + modeler-websockets: + container_name: modeler-websockets + image: registry.camunda.cloud/web-modeler-ee/modeler-websockets:${CAMUNDA_WEB_MODELER_VERSION} + ports: + - "8060:8060" + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8060/up" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + APP_NAME: "Web Modeler Self-Managed WebSockets" + APP_DEBUG: "true" + PUSHER_APP_ID: modeler-app + PUSHER_APP_KEY: modeler-app-key + PUSHER_APP_SECRET: modeler-app-secret + networks: + - modeler + + mailpit: + # If you want to use your own SMTP server, you can remove this container + # and configure RESTAPI_MAIL_HOST, RESTAPI_MAIL_PORT, REST_API_MAIL_USER, + # REST_API_MAIL_PASSWORD and RESTAPI_MAIL_ENABLE_TLS in modeler-restapi + container_name: mailpit + image: axllent/mailpit:${MAILPIT_VERSION} + ports: + - "1025:1025" + - "8075:8025" + healthcheck: + test: /usr/bin/nc -v localhost 1025 + interval: 30s + networks: + - modeler + + # Modeler containers + modeler-restapi: + container_name: modeler-restapi + image: registry.camunda.cloud/web-modeler-ee/modeler-restapi:${CAMUNDA_WEB_MODELER_VERSION} + command: /bin/sh -c "java $JAVA_OPTIONS org.springframework.boot.loader.JarLauncher" + depends_on: + modeler-db: + condition: service_healthy + mailpit: + condition: service_started + identity: + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8091/health/readiness" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + JAVA_OPTIONS: -Xmx128m + LOGGING_LEVEL_IO_CAMUNDA_MODELER: DEBUG + SPRING_DATASOURCE_URL: jdbc:postgresql://modeler-db:5432/modeler-db + SPRING_DATASOURCE_USERNAME: modeler-db-user + SPRING_DATASOURCE_PASSWORD: modeler-db-password + SPRING_PROFILES_INCLUDE: default-logging + RESTAPI_PUSHER_HOST: modeler-websockets + RESTAPI_PUSHER_PORT: "8060" + RESTAPI_PUSHER_APP_ID: modeler-app + RESTAPI_PUSHER_KEY: modeler-app-key + RESTAPI_PUSHER_SECRET: modeler-app-secret + RESTAPI_OAUTH2_TOKEN_ISSUER: http://localhost:18080/auth/realms/camunda-platform + RESTAPI_OAUTH2_TOKEN_ISSUER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform + RESTAPI_IDENTITY_BASE_URL: http://identity:8084/ + RESTAPI_SERVER_URL: http://localhost:8070 + RESTAPI_MAIL_HOST: mailpit + RESTAPI_MAIL_PORT: 1025 + RESTAPI_MAIL_ENABLE_TLS: "false" + RESTAPI_MAIL_FROM_ADDRESS: "noreply@example.com" + networks: + - modeler + - camunda-platform + + modeler-webapp: + container_name: modeler-webapp + image: registry.camunda.cloud/web-modeler-ee/modeler-webapp:${CAMUNDA_WEB_MODELER_VERSION} + ports: + - "8070:8070" + depends_on: + modeler-restapi: + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8071/health/readiness" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + RESTAPI_HOST: modeler-restapi + SERVER_HOST: modeler-webapp + SERVER_HTTPS_ONLY: "false" + SERVER_URL: http://localhost:8070 + PUSHER_APP_ID: modeler-app + PUSHER_KEY: modeler-app-key + PUSHER_SECRET: modeler-app-secret + PUSHER_HOST: modeler-websockets + PUSHER_PORT: "8060" + CLIENT_PUSHER_HOST: localhost + CLIENT_PUSHER_PORT: "8060" + CLIENT_PUSHER_FORCE_TLS: "false" + CLIENT_PUSHER_KEY: modeler-app-key + OAUTH2_CLIENT_ID: web-modeler + OAUTH2_TOKEN_AUDIENCE: web-modeler + OAUTH2_TOKEN_ISSUER: http://localhost:18080/auth/realms/camunda-platform + KEYCLOAK_BASE_URL: http://localhost:18080 + KEYCLOAK_REALM: camunda-platform + KEYCLOAK_JWKS_URL: http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + IDENTITY_BASE_URL: http://identity:8084/ + PLAY_ENABLED: "true" + networks: + - modeler + - camunda-platform + +networks: + camunda-platform: + modeler: \ No newline at end of file diff --git a/docker-compose/versions/camunda-8.3/docker-compose.yaml b/docker-compose/versions/camunda-8.3/docker-compose.yaml new file mode 100644 index 0000000..0fe61c5 --- /dev/null +++ b/docker-compose/versions/camunda-8.3/docker-compose.yaml @@ -0,0 +1,352 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and Elasticsearch +# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. + +services: + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: always + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - zeebe:/usr/local/zeebe/data + networks: + - camunda-platform + depends_on: + - elasticsearch + - identity + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate + - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://${HOST}:18080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://${HOST}:18080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - identity + - elasticsearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist + - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://${HOST}:18080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://${HOST}:18080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + zeebe: + condition: service_started + elasticsearch: + condition: service_healthy + identity: + condition: service_healthy + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_CLIENT_KEYCLOAK-URL=http://keycloak:8080 + - CAMUNDA_OPERATE_CLIENT_CLIENT-ID=connectors + - CAMUNDA_OPERATE_CLIENT_CLIENT-SECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPERATE_CLIENT_KEYCLOAK-REALM=camunda-platform + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + env_file: connector-secrets.txt + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - operate + - identity + + optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize + image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} + container_name: optimize + ports: + - "8083:8090" + environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables + - OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch + - OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 + - SPRING_PROFILES_ACTIVE=ccsm + - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true + - CAMUNDA_OPTIMIZE_ENTERPRISE=false + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api + - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false + - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml" + restart: on-failure + networks: + - camunda-platform + depends_on: + - identity + - elasticsearch + + identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity + container_name: identity + image: camunda/identity:${CAMUNDA_PLATFORM_VERSION} + ports: + - "8084:8084" + environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ + SERVER_PORT: 8084 + IDENTITY_RETRY_DELAY_SECONDS: 30 + KEYCLOAK_URL: http://keycloak:8080/auth + IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform + IDENTITY_DATABASE_HOST: postgres + IDENTITY_DATABASE_PORT: 5432 + IDENTITY_DATABASE_NAME: bitnami_keycloak + IDENTITY_DATABASE_USERNAME: bn_keycloak + IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPERATE_ROOT_URL: http://${HOST}:8081 + KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://${HOST}:8082 + KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://${HOST}:8083 + KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://${HOST}:8070 + KEYCLOAK_INIT_CONNECTORS_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_CONNECTORS_ROOT_URL: http://${HOST}:8085 + KEYCLOAK_INIT_ZEEBE_NAME: zeebe + KEYCLOAK_USERS_0_USERNAME: "demo" + KEYCLOAK_USERS_0_PASSWORD: "demo" + KEYCLOAK_USERS_0_FIRST_NAME: "demo" + KEYCLOAK_USERS_0_EMAIL: "demo@acme.com" + KEYCLOAK_USERS_0_ROLES_0: "Identity" + KEYCLOAK_USERS_0_ROLES_1: "Optimize" + KEYCLOAK_USERS_0_ROLES_2: "Operate" + KEYCLOAK_USERS_0_ROLES_3: "Tasklist" + KEYCLOAK_USERS_0_ROLES_4: "Web Modeler" + KEYCLOAK_CLIENTS_0_NAME: zeebe + KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID} + KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET} + KEYCLOAK_CLIENTS_0_TYPE: M2M + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:* + RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED} + healthcheck: + test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ] + interval: 5s + timeout: 15s + retries: 30 + start_period: 60s + restart: on-failure + volumes: + - keycloak-theme:/app/keycloak-theme + networks: + - camunda-platform + - identity-network + depends_on: + keycloak: + condition: service_healthy + + postgres: # https://hub.docker.com/_/postgres + container_name: postgres + image: postgres:${POSTGRES_VERSION} + environment: + POSTGRES_DB: bitnami_keycloak + POSTGRES_USER: bn_keycloak + POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + restart: on-failure + healthcheck: + test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - postgres:/var/lib/postgresql/data + networks: + - identity-network + + keycloak: # https://hub.docker.com/r/bitnami/keycloak + container_name: keycloak + image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} + volumes: + - keycloak-theme:/opt/bitnami/keycloak/themes/identity + ports: + - "18080:8080" + environment: + KEYCLOAK_HTTP_RELATIVE_PATH: /auth + KEYCLOAK_DATABASE_HOST: postgres + KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_ADMIN_USER: admin + KEYCLOAK_ADMIN_PASSWORD: admin + restart: on-failure + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:8080/auth" ] + interval: 30s + timeout: 15s + retries: 5 + start_period: 30s + networks: + - camunda-platform + - identity-network + depends_on: + - postgres + + elasticsearch: # https://hub.docker.com/_/elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + container_name: elasticsearch + ports: + - "9200:9200" + - "9300:9300" + environment: + - bootstrap.memory_lock=true + - discovery.type=single-node + - xpack.security.enabled=false + # allow running with low disk space + - cluster.routing.allocation.disk.threshold_enabled=false + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 5s + retries: 3 + volumes: + - elastic:/usr/share/elasticsearch/data + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - elasticsearch + profiles: + - kibana + +volumes: + zeebe: + elastic: + postgres: + keycloak-theme: + kibana: + +networks: + # Note there are two bridge networks: One for Camunda Platform and one for Identity. + # Identity and Keycloak are part of both as they need to be accessible by platform components. + camunda-platform: + identity-network: diff --git a/docker-compose/versions/camunda-8.4/.env b/docker-compose/versions/camunda-8.4/.env new file mode 100644 index 0000000..e3e5054 --- /dev/null +++ b/docker-compose/versions/camunda-8.4/.env @@ -0,0 +1,45 @@ +## Image versions ## +# renovate: datasource=docker depName=camunda/connectors-bundle +CAMUNDA_CONNECTORS_VERSION=8.4.13 + +# renovate: datasource=docker depName=camunda/zeebe +CAMUNDA_PLATFORM_VERSION=8.4.12 + +# renovate: datasource=docker depName=camunda/identity +CAMUNDA_IDENTITY_VERSION=8.4.12 + +# renovate: datasource=docker depName=camunda/operate +CAMUNDA_OPERATE_VERSION=8.4.13 + +# renovate: datasource=docker depName=camunda/tasklist +CAMUNDA_TASKLIST_VERSION=8.4.13 + +# renovate: datasource=docker depName=camunda/optimize +CAMUNDA_OPTIMIZE_VERSION=8.4.9 + +# renovate: datasource=docker depName=camunda/web-modeler lookupName=registry.camunda.cloud/web-modeler-ee/modeler-restapi +CAMUNDA_WEB_MODELER_VERSION=8.4.10 +# renovate: datasource=docker depName=elasticsearch +ELASTIC_VERSION=8.12.2 +KEYCLOAK_SERVER_VERSION=21.1.2 +MAILPIT_VERSION=v1.9.9 +POSTGRES_VERSION=14.5-alpine +HOST=localhost + +## Configuration ## +# By default the zeebe api is public, when setting this to `identity` a valid zeebe client token is required +ZEEBE_AUTHENTICATION_MODE=none +ZEEBE_CLIENT_ID=zeebe +ZEEBE_CLIENT_SECRET=zecret + +# Set to 'true' to enable resource based authorizations for users and groups +# This can be used to limit access for users or groups to view/update specific +# processes and decisions in Operate and Tasklist +RESOURCE_AUTHORIZATIONS_ENABLED=false + +# Set to 'true' to enable multi-tenancy across all components +# This requires use of identity for authentication +# +# ZEEBE_AUTHENTICATION_MODE=identity +# +MULTI_TENANCY_ENABLED=false diff --git a/docker-compose/versions/camunda-8.4/.optimize/environment-config.yaml b/docker-compose/versions/camunda-8.4/.optimize/environment-config.yaml new file mode 100644 index 0000000..de4cd58 --- /dev/null +++ b/docker-compose/versions/camunda-8.4/.optimize/environment-config.yaml @@ -0,0 +1,5 @@ +es: + settings: + index: + number_of_replicas: 0 + diff --git a/docker-compose/versions/camunda-8.4/connector-secrets.txt b/docker-compose/versions/camunda-8.4/connector-secrets.txt new file mode 100644 index 0000000..5b761a3 --- /dev/null +++ b/docker-compose/versions/camunda-8.4/connector-secrets.txt @@ -0,0 +1,2 @@ +# add secrets per line in the format NAME=VALUE +# WARNING: ensure not to commit changes to this file diff --git a/docker-compose/versions/camunda-8.4/connectors.self-signed-certificates.yaml b/docker-compose/versions/camunda-8.4/connectors.self-signed-certificates.yaml new file mode 100644 index 0000000..debbebe --- /dev/null +++ b/docker-compose/versions/camunda-8.4/connectors.self-signed-certificates.yaml @@ -0,0 +1,9 @@ +services: + connectors: + environment: + - JAVAX_NET_SSL_TRUSTSTORE=/opt/security/truststore/ + - JAVAX_NET_SSL_TRUSTSTOREPASSWORD=password + #- JAVA_OPTS=-Djavax.net.debug=all # Uncomment this line to fine tune additional JVM options + #- DEBUG_JVM_PRINT_JAVA_OPTS=1 # Uncomment this line to debug print $JAVA_OPTS + volumes: + - /path/to/your/folder/with/trust/store:/opt/security/truststore \ No newline at end of file diff --git a/docker-compose/versions/camunda-8.4/docker-compose-core.yaml b/docker-compose/versions/camunda-8.4/docker-compose-core.yaml new file mode 100644 index 0000000..aab09df --- /dev/null +++ b/docker-compose/versions/camunda-8.4/docker-compose-core.yaml @@ -0,0 +1,166 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a lightweight configuration with Zeebe, Operate, Tasklist, and Elasticsearch +# See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak. + +services: + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: always + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - zeebe:/usr/local/zeebe/data + networks: + - camunda-platform + depends_on: + - elasticsearch + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_OPERATE_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - elasticsearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_CSRFPREVENTIONENABLED=false + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - elasticsearch + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_OPERATE_CLIENT_BASEURL=http://operate:8080 + - CAMUNDA_OPERATE_CLIENT_USERNAME=demo + - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + env_file: connector-secrets.txt + networks: + - camunda-platform + depends_on: + - zeebe + - operate + + elasticsearch: # https://hub.docker.com/_/elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + container_name: elasticsearch + ports: + - "9200:9200" + - "9300:9300" + environment: + - bootstrap.memory_lock=true + - discovery.type=single-node + - xpack.security.enabled=false + # allow running with low disk space + - cluster.routing.allocation.disk.threshold_enabled=false + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 5s + retries: 3 + volumes: + - elastic:/usr/share/elasticsearch/data + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - elasticsearch + profiles: + - kibana + +volumes: + zeebe: + elastic: + kibana: + +networks: + camunda-platform: diff --git a/docker-compose/versions/camunda-8.4/docker-compose-web-modeler.yaml b/docker-compose/versions/camunda-8.4/docker-compose-web-modeler.yaml new file mode 100644 index 0000000..2166430 --- /dev/null +++ b/docker-compose/versions/camunda-8.4/docker-compose-web-modeler.yaml @@ -0,0 +1,146 @@ +# Docker Compose file for Web Modeler Self-Managed. This file is not intended to be used stand-alone. +# Use it in combination with docker-compose.yaml: +# +# docker-compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml up -d +# +# Note: this file is using Mailpit to simulate a mail server + +version: "2.4" + +services: + + modeler-db: + container_name: modeler-db + image: postgres:${POSTGRES_VERSION} + healthcheck: + test: pg_isready -d modeler-db -U modeler-db-user + interval: 5s + timeout: 15s + retries: 30 + environment: + POSTGRES_DB: modeler-db + POSTGRES_USER: modeler-db-user + POSTGRES_PASSWORD: modeler-db-password + networks: + - modeler + volumes: + - postgres-web:/var/lib/postgresql/data + + modeler-websockets: + container_name: modeler-websockets + image: registry.camunda.cloud/web-modeler-ee/modeler-websockets:${CAMUNDA_WEB_MODELER_VERSION} + ports: + - "8060:8060" + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8060/up" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + APP_NAME: "Web Modeler Self-Managed WebSockets" + APP_DEBUG: "true" + PUSHER_APP_ID: modeler-app + PUSHER_APP_KEY: modeler-app-key + PUSHER_APP_SECRET: modeler-app-secret + networks: + - modeler + + mailpit: + # If you want to use your own SMTP server, you can remove this container + # and configure RESTAPI_MAIL_HOST, RESTAPI_MAIL_PORT, REST_API_MAIL_USER, + # REST_API_MAIL_PASSWORD and RESTAPI_MAIL_ENABLE_TLS in modeler-restapi + container_name: mailpit + image: axllent/mailpit:${MAILPIT_VERSION} + ports: + - "1025:1025" + - "8075:8025" + healthcheck: + test: /usr/bin/nc -v localhost 1025 + interval: 30s + networks: + - modeler + + # Modeler containers + modeler-restapi: + container_name: modeler-restapi + image: registry.camunda.cloud/web-modeler-ee/modeler-restapi:${CAMUNDA_WEB_MODELER_VERSION} + command: /bin/sh -c "java $JAVA_OPTIONS org.springframework.boot.loader.JarLauncher" + depends_on: + modeler-db: + condition: service_healthy + mailpit: + condition: service_started + identity: + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8091/health/readiness" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + JAVA_OPTIONS: -Xmx128m + LOGGING_LEVEL_IO_CAMUNDA_MODELER: DEBUG + CAMUNDA_IDENTITY_BASEURL: http://identity:8084/ + SPRING_DATASOURCE_URL: jdbc:postgresql://modeler-db:5432/modeler-db + SPRING_DATASOURCE_USERNAME: modeler-db-user + SPRING_DATASOURCE_PASSWORD: modeler-db-password + SPRING_PROFILES_INCLUDE: default-logging + RESTAPI_PUSHER_HOST: modeler-websockets + RESTAPI_PUSHER_PORT: "8060" + RESTAPI_PUSHER_APP_ID: modeler-app + RESTAPI_PUSHER_KEY: modeler-app-key + RESTAPI_PUSHER_SECRET: modeler-app-secret + RESTAPI_OAUTH2_TOKEN_ISSUER: http://localhost:18080/auth/realms/camunda-platform + RESTAPI_OAUTH2_TOKEN_ISSUER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform + RESTAPI_SERVER_URL: http://localhost:8070 + RESTAPI_MAIL_HOST: mailpit + RESTAPI_MAIL_PORT: 1025 + RESTAPI_MAIL_ENABLE_TLS: "false" + RESTAPI_MAIL_FROM_ADDRESS: "noreply@example.com" + networks: + - modeler + - camunda-platform + + modeler-webapp: + container_name: modeler-webapp + image: registry.camunda.cloud/web-modeler-ee/modeler-webapp:${CAMUNDA_WEB_MODELER_VERSION} + ports: + - "8070:8070" + depends_on: + modeler-restapi: + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8071/health/readiness" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + RESTAPI_HOST: modeler-restapi + SERVER_HOST: modeler-webapp + SERVER_HTTPS_ONLY: "false" + SERVER_URL: http://localhost:8070 + PUSHER_APP_ID: modeler-app + PUSHER_KEY: modeler-app-key + PUSHER_SECRET: modeler-app-secret + PUSHER_HOST: modeler-websockets + PUSHER_PORT: "8060" + CLIENT_PUSHER_HOST: localhost + CLIENT_PUSHER_PORT: "8060" + CLIENT_PUSHER_FORCE_TLS: "false" + CLIENT_PUSHER_KEY: modeler-app-key + OAUTH2_CLIENT_ID: web-modeler + OAUTH2_JWKS_URL: http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + OAUTH2_TOKEN_AUDIENCE: web-modeler + OAUTH2_TOKEN_ISSUER: http://localhost:18080/auth/realms/camunda-platform + IDENTITY_BASE_URL: http://identity:8084/ + PLAY_ENABLED: "true" + networks: + - modeler + - camunda-platform + +networks: + camunda-platform: + modeler: + +volumes: + postgres-web: diff --git a/docker-compose/versions/camunda-8.4/docker-compose.yaml b/docker-compose/versions/camunda-8.4/docker-compose.yaml new file mode 100644 index 0000000..28140b4 --- /dev/null +++ b/docker-compose/versions/camunda-8.4/docker-compose.yaml @@ -0,0 +1,369 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and Elasticsearch +# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. + +services: + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084 + - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: always + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - zeebe:/usr/local/zeebe/data + networks: + - camunda-platform + depends_on: + - elasticsearch + - identity + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_OPERATE_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate + - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api + - CAMUNDA_OPERATE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - operate_tmp:/tmp + networks: + - camunda-platform + depends_on: + - zeebe + - identity + - elasticsearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist + - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api + - CAMUNDA_TASKLIST_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - tasklist_tmp:/tmp + networks: + - camunda-platform + depends_on: + zeebe: + condition: service_started + elasticsearch: + condition: service_healthy + identity: + condition: service_healthy + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_IDENTITY_CLIENT_ID=connectors + - CAMUNDA_IDENTITY_CLIENT_SECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_IDENTITY_TYPE=KEYCLOAK + - CAMUNDA_IDENTITY_AUDIENCE=operate-api + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + env_file: connector-secrets.txt + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - operate + - identity + + optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize + image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} + container_name: optimize + ports: + - "8083:8090" + environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables + - OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch + - OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 + - SPRING_PROFILES_ACTIVE=ccsm + - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true + - CAMUNDA_OPTIMIZE_ENTERPRISE=false + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api + - CAMUNDA_OPTIMIZE_IDENTITY_BASE_URL=http://identity:8084 + - CAMUNDA_OPTIMIZE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false + - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml" + restart: on-failure + networks: + - camunda-platform + depends_on: + - identity + - elasticsearch + + identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity + container_name: identity + image: camunda/identity:${CAMUNDA_IDENTITY_VERSION} + ports: + - "8084:8084" + environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ + SERVER_PORT: 8084 + IDENTITY_RETRY_DELAY_SECONDS: 30 + KEYCLOAK_URL: http://keycloak:8080/auth + IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform + IDENTITY_DATABASE_HOST: postgres + IDENTITY_DATABASE_PORT: 5432 + IDENTITY_DATABASE_NAME: bitnami_keycloak + IDENTITY_DATABASE_USERNAME: bn_keycloak + IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPERATE_ROOT_URL: http://${HOST}:8081 + KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://${HOST}:8082 + KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://${HOST}:8083 + KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://${HOST}:8070 + KEYCLOAK_INIT_CONNECTORS_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_CONNECTORS_ROOT_URL: http://${HOST}:8085 + KEYCLOAK_INIT_ZEEBE_NAME: zeebe + KEYCLOAK_USERS_0_USERNAME: "demo" + KEYCLOAK_USERS_0_PASSWORD: "demo" + KEYCLOAK_USERS_0_FIRST_NAME: "demo" + KEYCLOAK_USERS_0_EMAIL: "demo@acme.com" + KEYCLOAK_USERS_0_ROLES_0: "Identity" + KEYCLOAK_USERS_0_ROLES_1: "Optimize" + KEYCLOAK_USERS_0_ROLES_2: "Operate" + KEYCLOAK_USERS_0_ROLES_3: "Tasklist" + KEYCLOAK_USERS_0_ROLES_4: "Web Modeler" + KEYCLOAK_CLIENTS_0_NAME: zeebe + KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID} + KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET} + KEYCLOAK_CLIENTS_0_TYPE: M2M + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:* + MULTITENANCY_ENABLED: ${MULTI_TENANCY_ENABLED} + RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED} + healthcheck: + test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ] + interval: 5s + timeout: 15s + retries: 30 + start_period: 60s + restart: on-failure + volumes: + - keycloak-theme:/app/keycloak-theme + networks: + - camunda-platform + - identity-network + depends_on: + keycloak: + condition: service_healthy + + postgres: # https://hub.docker.com/_/postgres + container_name: postgres + image: postgres:${POSTGRES_VERSION} + environment: + POSTGRES_DB: bitnami_keycloak + POSTGRES_USER: bn_keycloak + POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + restart: on-failure + healthcheck: + test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - postgres:/var/lib/postgresql/data + networks: + - identity-network + + keycloak: # https://hub.docker.com/r/bitnami/keycloak + container_name: keycloak + image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} + volumes: + - keycloak-theme:/opt/bitnami/keycloak/themes/identity + ports: + - "18080:8080" + environment: + KEYCLOAK_HTTP_RELATIVE_PATH: /auth + KEYCLOAK_DATABASE_HOST: postgres + KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_ADMIN_USER: admin + KEYCLOAK_ADMIN_PASSWORD: admin + restart: on-failure + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:8080/auth" ] + interval: 30s + timeout: 15s + retries: 5 + start_period: 30s + networks: + - camunda-platform + - identity-network + depends_on: + - postgres + + elasticsearch: # https://hub.docker.com/_/elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + container_name: elasticsearch + ports: + - "9200:9200" + - "9300:9300" + environment: + - bootstrap.memory_lock=true + - discovery.type=single-node + - xpack.security.enabled=false + # allow running with low disk space + - cluster.routing.allocation.disk.threshold_enabled=false + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 5s + retries: 3 + volumes: + - elastic:/usr/share/elasticsearch/data + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - elasticsearch + profiles: + - kibana + +volumes: + zeebe: + elastic: + postgres: + keycloak-theme: + kibana: + operate_tmp: + tasklist_tmp: + +networks: + # Note there are two bridge networks: One for Camunda Platform and one for Identity. + # Identity and Keycloak are part of both as they need to be accessible by platform components. + camunda-platform: + identity-network: diff --git a/docker-compose/versions/camunda-8.5/.env b/docker-compose/versions/camunda-8.5/.env new file mode 100644 index 0000000..08ac220 --- /dev/null +++ b/docker-compose/versions/camunda-8.5/.env @@ -0,0 +1,47 @@ +## Image versions ## +# renovate: datasource=docker depName=camunda/connectors-bundle +CAMUNDA_CONNECTORS_VERSION=8.5.9 + +# renovate: datasource=docker depName=camunda/zeebe +CAMUNDA_PLATFORM_VERSION=8.5.8 + +# renovate: datasource=docker depName=camunda/identity +CAMUNDA_IDENTITY_VERSION=8.5.6 + +# renovate: datasource=docker depName=camunda/operate +CAMUNDA_OPERATE_VERSION=8.5.7 + +# renovate: datasource=docker depName=camunda/tasklist +CAMUNDA_TASKLIST_VERSION=8.5.8 + +# renovate: datasource=docker depName=camunda/optimize +CAMUNDA_OPTIMIZE_VERSION=8.5.6 + +# renovate: datasource=docker depName=camunda/web-modeler lookupName=registry.camunda.cloud/web-modeler-ee/modeler-restapi +CAMUNDA_WEB_MODELER_VERSION=8.5.10 + +# renovate: datasource=docker depName=elasticsearch +ELASTIC_VERSION=8.14.0 +KEYCLOAK_SERVER_VERSION=21.1.2 +# renovate: datasource=docker depName=axllent/mailpit +MAILPIT_VERSION=v1.18.5 +POSTGRES_VERSION=14.5-alpine +HOST=localhost + +## Configuration ## +# By default the zeebe api is public, when setting this to `identity` a valid zeebe client token is required +ZEEBE_AUTHENTICATION_MODE=none +ZEEBE_CLIENT_ID=zeebe +ZEEBE_CLIENT_SECRET=zecret + +# Set to 'true' to enable resource based authorizations for users and groups +# This can be used to limit access for users or groups to view/update specific +# processes and decisions in Operate and Tasklist +RESOURCE_AUTHORIZATIONS_ENABLED=false + +# Set to 'true' to enable multi-tenancy across all components +# This requires use of identity for authentication +# +# ZEEBE_AUTHENTICATION_MODE=identity +# +MULTI_TENANCY_ENABLED=false diff --git a/docker-compose/versions/camunda-8.5/.optimize/environment-config.yaml b/docker-compose/versions/camunda-8.5/.optimize/environment-config.yaml new file mode 100644 index 0000000..de4cd58 --- /dev/null +++ b/docker-compose/versions/camunda-8.5/.optimize/environment-config.yaml @@ -0,0 +1,5 @@ +es: + settings: + index: + number_of_replicas: 0 + diff --git a/docker-compose/versions/camunda-8.5/connector-secrets.txt b/docker-compose/versions/camunda-8.5/connector-secrets.txt new file mode 100644 index 0000000..5b761a3 --- /dev/null +++ b/docker-compose/versions/camunda-8.5/connector-secrets.txt @@ -0,0 +1,2 @@ +# add secrets per line in the format NAME=VALUE +# WARNING: ensure not to commit changes to this file diff --git a/docker-compose/versions/camunda-8.5/connectors.self-signed-certificates.yaml b/docker-compose/versions/camunda-8.5/connectors.self-signed-certificates.yaml new file mode 100644 index 0000000..debbebe --- /dev/null +++ b/docker-compose/versions/camunda-8.5/connectors.self-signed-certificates.yaml @@ -0,0 +1,9 @@ +services: + connectors: + environment: + - JAVAX_NET_SSL_TRUSTSTORE=/opt/security/truststore/ + - JAVAX_NET_SSL_TRUSTSTOREPASSWORD=password + #- JAVA_OPTS=-Djavax.net.debug=all # Uncomment this line to fine tune additional JVM options + #- DEBUG_JVM_PRINT_JAVA_OPTS=1 # Uncomment this line to debug print $JAVA_OPTS + volumes: + - /path/to/your/folder/with/trust/store:/opt/security/truststore \ No newline at end of file diff --git a/docker-compose/versions/camunda-8.5/docker-compose-core.yaml b/docker-compose/versions/camunda-8.5/docker-compose-core.yaml new file mode 100644 index 0000000..ecd47e9 --- /dev/null +++ b/docker-compose/versions/camunda-8.5/docker-compose-core.yaml @@ -0,0 +1,167 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a lightweight configuration with Zeebe, Operate, Tasklist, and Elasticsearch +# See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak. + +services: + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + - "8088:8080" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: unless-stopped + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - zeebe:/usr/local/zeebe/data + networks: + - camunda-platform + depends_on: + - elasticsearch + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_OPERATE_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - elasticsearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 + - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_CSRFPREVENTIONENABLED=false + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - elasticsearch + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_OPERATE_CLIENT_USERNAME=demo + - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + env_file: connector-secrets.txt + networks: + - camunda-platform + depends_on: + - zeebe + - operate + + elasticsearch: # https://hub.docker.com/_/elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + container_name: elasticsearch + ports: + - "9200:9200" + - "9300:9300" + environment: + - bootstrap.memory_lock=true + - discovery.type=single-node + - xpack.security.enabled=false + # allow running with low disk space + - cluster.routing.allocation.disk.threshold_enabled=false + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + restart: unless-stopped + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 5s + retries: 3 + volumes: + - elastic:/usr/share/elasticsearch/data + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - elasticsearch + profiles: + - kibana + +volumes: + zeebe: + elastic: + kibana: + +networks: + camunda-platform: diff --git a/docker-compose/versions/camunda-8.5/docker-compose-web-modeler.yaml b/docker-compose/versions/camunda-8.5/docker-compose-web-modeler.yaml new file mode 100644 index 0000000..2166430 --- /dev/null +++ b/docker-compose/versions/camunda-8.5/docker-compose-web-modeler.yaml @@ -0,0 +1,146 @@ +# Docker Compose file for Web Modeler Self-Managed. This file is not intended to be used stand-alone. +# Use it in combination with docker-compose.yaml: +# +# docker-compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml up -d +# +# Note: this file is using Mailpit to simulate a mail server + +version: "2.4" + +services: + + modeler-db: + container_name: modeler-db + image: postgres:${POSTGRES_VERSION} + healthcheck: + test: pg_isready -d modeler-db -U modeler-db-user + interval: 5s + timeout: 15s + retries: 30 + environment: + POSTGRES_DB: modeler-db + POSTGRES_USER: modeler-db-user + POSTGRES_PASSWORD: modeler-db-password + networks: + - modeler + volumes: + - postgres-web:/var/lib/postgresql/data + + modeler-websockets: + container_name: modeler-websockets + image: registry.camunda.cloud/web-modeler-ee/modeler-websockets:${CAMUNDA_WEB_MODELER_VERSION} + ports: + - "8060:8060" + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8060/up" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + APP_NAME: "Web Modeler Self-Managed WebSockets" + APP_DEBUG: "true" + PUSHER_APP_ID: modeler-app + PUSHER_APP_KEY: modeler-app-key + PUSHER_APP_SECRET: modeler-app-secret + networks: + - modeler + + mailpit: + # If you want to use your own SMTP server, you can remove this container + # and configure RESTAPI_MAIL_HOST, RESTAPI_MAIL_PORT, REST_API_MAIL_USER, + # REST_API_MAIL_PASSWORD and RESTAPI_MAIL_ENABLE_TLS in modeler-restapi + container_name: mailpit + image: axllent/mailpit:${MAILPIT_VERSION} + ports: + - "1025:1025" + - "8075:8025" + healthcheck: + test: /usr/bin/nc -v localhost 1025 + interval: 30s + networks: + - modeler + + # Modeler containers + modeler-restapi: + container_name: modeler-restapi + image: registry.camunda.cloud/web-modeler-ee/modeler-restapi:${CAMUNDA_WEB_MODELER_VERSION} + command: /bin/sh -c "java $JAVA_OPTIONS org.springframework.boot.loader.JarLauncher" + depends_on: + modeler-db: + condition: service_healthy + mailpit: + condition: service_started + identity: + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8091/health/readiness" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + JAVA_OPTIONS: -Xmx128m + LOGGING_LEVEL_IO_CAMUNDA_MODELER: DEBUG + CAMUNDA_IDENTITY_BASEURL: http://identity:8084/ + SPRING_DATASOURCE_URL: jdbc:postgresql://modeler-db:5432/modeler-db + SPRING_DATASOURCE_USERNAME: modeler-db-user + SPRING_DATASOURCE_PASSWORD: modeler-db-password + SPRING_PROFILES_INCLUDE: default-logging + RESTAPI_PUSHER_HOST: modeler-websockets + RESTAPI_PUSHER_PORT: "8060" + RESTAPI_PUSHER_APP_ID: modeler-app + RESTAPI_PUSHER_KEY: modeler-app-key + RESTAPI_PUSHER_SECRET: modeler-app-secret + RESTAPI_OAUTH2_TOKEN_ISSUER: http://localhost:18080/auth/realms/camunda-platform + RESTAPI_OAUTH2_TOKEN_ISSUER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform + RESTAPI_SERVER_URL: http://localhost:8070 + RESTAPI_MAIL_HOST: mailpit + RESTAPI_MAIL_PORT: 1025 + RESTAPI_MAIL_ENABLE_TLS: "false" + RESTAPI_MAIL_FROM_ADDRESS: "noreply@example.com" + networks: + - modeler + - camunda-platform + + modeler-webapp: + container_name: modeler-webapp + image: registry.camunda.cloud/web-modeler-ee/modeler-webapp:${CAMUNDA_WEB_MODELER_VERSION} + ports: + - "8070:8070" + depends_on: + modeler-restapi: + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8071/health/readiness" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + RESTAPI_HOST: modeler-restapi + SERVER_HOST: modeler-webapp + SERVER_HTTPS_ONLY: "false" + SERVER_URL: http://localhost:8070 + PUSHER_APP_ID: modeler-app + PUSHER_KEY: modeler-app-key + PUSHER_SECRET: modeler-app-secret + PUSHER_HOST: modeler-websockets + PUSHER_PORT: "8060" + CLIENT_PUSHER_HOST: localhost + CLIENT_PUSHER_PORT: "8060" + CLIENT_PUSHER_FORCE_TLS: "false" + CLIENT_PUSHER_KEY: modeler-app-key + OAUTH2_CLIENT_ID: web-modeler + OAUTH2_JWKS_URL: http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + OAUTH2_TOKEN_AUDIENCE: web-modeler + OAUTH2_TOKEN_ISSUER: http://localhost:18080/auth/realms/camunda-platform + IDENTITY_BASE_URL: http://identity:8084/ + PLAY_ENABLED: "true" + networks: + - modeler + - camunda-platform + +networks: + camunda-platform: + modeler: + +volumes: + postgres-web: diff --git a/docker-compose/versions/camunda-8.5/docker-compose.yaml b/docker-compose/versions/camunda-8.5/docker-compose.yaml new file mode 100644 index 0000000..287cf40 --- /dev/null +++ b/docker-compose/versions/camunda-8.5/docker-compose.yaml @@ -0,0 +1,381 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, and Elasticsearch +# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. + +services: + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + - "8088:8080" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084 + - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: always + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - zeebe:/usr/local/zeebe/data + networks: + - camunda-platform + depends_on: + - elasticsearch + - identity + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_OPERATE_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate + - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api + - CAMUNDA_OPERATE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - operate_tmp:/tmp + networks: + - camunda-platform + depends_on: + - zeebe + - identity + - elasticsearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist + - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api + - CAMUNDA_TASKLIST_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:8080/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - tasklist_tmp:/tmp + networks: + - camunda-platform + depends_on: + zeebe: + condition: service_started + elasticsearch: + condition: service_healthy + identity: + condition: service_healthy + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_IDENTITY_CLIENT_ID=connectors + - CAMUNDA_IDENTITY_CLIENT_SECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_IDENTITY_TYPE=KEYCLOAK + - CAMUNDA_IDENTITY_AUDIENCE=operate-api + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + env_file: connector-secrets.txt + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - operate + - identity + + optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize + image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} + container_name: optimize + ports: + - "8083:8090" + environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables + - OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch + - OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 + - SPRING_PROFILES_ACTIVE=ccsm + - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true + - CAMUNDA_OPTIMIZE_ENTERPRISE=false + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api + - CAMUNDA_OPTIMIZE_IDENTITY_BASE_URL=http://identity:8084 + - CAMUNDA_OPTIMIZE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false + - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml" + restart: on-failure + networks: + - camunda-platform + depends_on: + - identity + - elasticsearch + + identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity + container_name: identity + image: camunda/identity:${CAMUNDA_IDENTITY_VERSION} + ports: + - "8084:8084" + environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ + SERVER_PORT: 8084 + IDENTITY_RETRY_DELAY_SECONDS: 30 + KEYCLOAK_URL: http://keycloak:8080/auth + IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform + IDENTITY_DATABASE_HOST: postgres + IDENTITY_DATABASE_PORT: 5432 + IDENTITY_DATABASE_NAME: bitnami_keycloak + IDENTITY_DATABASE_USERNAME: bn_keycloak + IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPERATE_ROOT_URL: http://${HOST}:8081 + KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://${HOST}:8082 + KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://${HOST}:8083 + KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://${HOST}:8070 + KEYCLOAK_INIT_CONNECTORS_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_CONNECTORS_ROOT_URL: http://${HOST}:8085 + KEYCLOAK_INIT_ZEEBE_NAME: zeebe + KEYCLOAK_USERS_0_USERNAME: "demo" + KEYCLOAK_USERS_0_PASSWORD: "demo" + KEYCLOAK_USERS_0_FIRST_NAME: "demo" + KEYCLOAK_USERS_0_EMAIL: "demo@acme.com" + KEYCLOAK_USERS_0_ROLES_0: "Identity" + KEYCLOAK_USERS_0_ROLES_1: "Optimize" + KEYCLOAK_USERS_0_ROLES_2: "Operate" + KEYCLOAK_USERS_0_ROLES_3: "Tasklist" + KEYCLOAK_USERS_0_ROLES_4: "Web Modeler" + KEYCLOAK_CLIENTS_0_NAME: zeebe + KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID} + KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET} + KEYCLOAK_CLIENTS_0_TYPE: M2M + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_1_RESOURCE_SERVER_ID: operate-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_1_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_2_RESOURCE_SERVER_ID: tasklist-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_2_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_3_RESOURCE_SERVER_ID: optimize-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_3_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_4_RESOURCE_SERVER_ID: tasklist-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_4_DEFINITION: read:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_5_RESOURCE_SERVER_ID: operate-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_5_DEFINITION: read:* + MULTITENANCY_ENABLED: ${MULTI_TENANCY_ENABLED} + RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED} + healthcheck: + test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ] + interval: 5s + timeout: 15s + retries: 30 + start_period: 60s + restart: on-failure + volumes: + - keycloak-theme:/app/keycloak-theme + networks: + - camunda-platform + - identity-network + depends_on: + keycloak: + condition: service_healthy + + postgres: # https://hub.docker.com/_/postgres + container_name: postgres + image: postgres:${POSTGRES_VERSION} + environment: + POSTGRES_DB: bitnami_keycloak + POSTGRES_USER: bn_keycloak + POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + restart: on-failure + healthcheck: + test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - postgres:/var/lib/postgresql/data + networks: + - identity-network + + keycloak: # https://hub.docker.com/r/bitnami/keycloak + container_name: keycloak + image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} + volumes: + - keycloak-theme:/opt/bitnami/keycloak/themes/identity + ports: + - "18080:8080" + environment: + KEYCLOAK_HTTP_RELATIVE_PATH: /auth + KEYCLOAK_DATABASE_HOST: postgres + KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_ADMIN_USER: admin + KEYCLOAK_ADMIN_PASSWORD: admin + restart: on-failure + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:8080/auth" ] + interval: 30s + timeout: 15s + retries: 5 + start_period: 30s + networks: + - camunda-platform + - identity-network + depends_on: + - postgres + + elasticsearch: # https://hub.docker.com/_/elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + container_name: elasticsearch + ports: + - "9200:9200" + - "9300:9300" + environment: + - bootstrap.memory_lock=true + - discovery.type=single-node + - xpack.security.enabled=false + # allow running with low disk space + - cluster.routing.allocation.disk.threshold_enabled=false + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 5s + retries: 3 + volumes: + - elastic:/usr/share/elasticsearch/data + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - elasticsearch + profiles: + - kibana + +volumes: + zeebe: + elastic: + postgres: + keycloak-theme: + kibana: + operate_tmp: + tasklist_tmp: + +networks: + # Note there are two bridge networks: One for Camunda Platform and one for Identity. + # Identity and Keycloak are part of both as they need to be accessible by platform components. + camunda-platform: + identity-network: diff --git a/docker-compose/versions/camunda-8.6/.env b/docker-compose/versions/camunda-8.6/.env new file mode 100644 index 0000000..2f88b91 --- /dev/null +++ b/docker-compose/versions/camunda-8.6/.env @@ -0,0 +1,35 @@ +## Image versions ## +# renovate: datasource=docker depName=camunda/connectors-bundle +CAMUNDA_CONNECTORS_VERSION=8.6.2 +# renovate: datasource=docker depName=camunda/zeebe +CAMUNDA_PLATFORM_VERSION=8.6.1 +# renovate: datasource=docker depName=camunda/optimize +CAMUNDA_OPTIMIZE_VERSION=8.6.1 +# renovate: datasource=docker depName=camunda/web-modeler-restapi +CAMUNDA_WEB_MODELER_VERSION=8.6.2 +# renovate: datasource=docker depName=elasticsearch +ELASTIC_VERSION=8.15.3 +KEYCLOAK_SERVER_VERSION=24.0.5 +# renovate: datasource=docker depName=axllent/mailpit +MAILPIT_VERSION=v1.20.7 +POSTGRES_VERSION=14.5-alpine +HOST=localhost +KEYCLOAK_HOST=localhost + +## Configuration ## +# By default the zeebe api is public, when setting this to `identity` a valid zeebe client token is required +ZEEBE_AUTHENTICATION_MODE=none +ZEEBE_CLIENT_ID=zeebe +ZEEBE_CLIENT_SECRET=zecret + +# Set to 'true' to enable resource based authorizations for users and groups +# This can be used to limit access for users or groups to view/update specific +# processes and decisions in Operate and Tasklist +RESOURCE_AUTHORIZATIONS_ENABLED=false + +# Set to 'true' to enable multi-tenancy across all components +# This requires use of identity for authentication +# +# ZEEBE_AUTHENTICATION_MODE=identity +# +MULTI_TENANCY_ENABLED=false diff --git a/docker-compose/versions/camunda-8.6/.optimize/environment-config.yaml b/docker-compose/versions/camunda-8.6/.optimize/environment-config.yaml new file mode 100644 index 0000000..de4cd58 --- /dev/null +++ b/docker-compose/versions/camunda-8.6/.optimize/environment-config.yaml @@ -0,0 +1,5 @@ +es: + settings: + index: + number_of_replicas: 0 + diff --git a/docker-compose/versions/camunda-8.6/.web-modeler/cluster-config-authentication-mode-identity.env b/docker-compose/versions/camunda-8.6/.web-modeler/cluster-config-authentication-mode-identity.env new file mode 100644 index 0000000..cc68bfa --- /dev/null +++ b/docker-compose/versions/camunda-8.6/.web-modeler/cluster-config-authentication-mode-identity.env @@ -0,0 +1 @@ +CAMUNDA_MODELER_CLUSTERS_0_AUTHENTICATION: oauth diff --git a/docker-compose/versions/camunda-8.6/.web-modeler/cluster-config-authentication-mode-none.env b/docker-compose/versions/camunda-8.6/.web-modeler/cluster-config-authentication-mode-none.env new file mode 100644 index 0000000..d3607dd --- /dev/null +++ b/docker-compose/versions/camunda-8.6/.web-modeler/cluster-config-authentication-mode-none.env @@ -0,0 +1 @@ +CAMUNDA_MODELER_CLUSTERS_0_AUTHENTICATION: none diff --git a/docker-compose/versions/camunda-8.6/README.md b/docker-compose/versions/camunda-8.6/README.md new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose/versions/camunda-8.6/connector-secrets.txt b/docker-compose/versions/camunda-8.6/connector-secrets.txt new file mode 100644 index 0000000..5b761a3 --- /dev/null +++ b/docker-compose/versions/camunda-8.6/connector-secrets.txt @@ -0,0 +1,2 @@ +# add secrets per line in the format NAME=VALUE +# WARNING: ensure not to commit changes to this file diff --git a/docker-compose/versions/camunda-8.6/docker-compose-core.yaml b/docker-compose/versions/camunda-8.6/docker-compose-core.yaml new file mode 100644 index 0000000..e53ee5a --- /dev/null +++ b/docker-compose/versions/camunda-8.6/docker-compose-core.yaml @@ -0,0 +1,167 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a lightweight configuration with Zeebe, Operate, Tasklist, and Elasticsearch +# See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak. + +services: + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + - "8088:8080" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: unless-stopped + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - zeebe:/usr/local/zeebe/data + networks: + - camunda-platform + depends_on: + - elasticsearch + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:9600/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - elasticsearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 + - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_CSRFPREVENTIONENABLED=false + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:9600/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - elasticsearch + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_OPERATE_CLIENT_USERNAME=demo + - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + env_file: connector-secrets.txt + networks: + - camunda-platform + depends_on: + - zeebe + - operate + + elasticsearch: # https://hub.docker.com/_/elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + container_name: elasticsearch + ports: + - "9200:9200" + - "9300:9300" + environment: + - bootstrap.memory_lock=true + - discovery.type=single-node + - xpack.security.enabled=false + # allow running with low disk space + - cluster.routing.allocation.disk.threshold_enabled=false + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + restart: unless-stopped + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 5s + retries: 3 + volumes: + - elastic:/usr/share/elasticsearch/data + networks: + - camunda-platform + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - elasticsearch + profiles: + - kibana + +volumes: + zeebe: + elastic: + kibana: + +networks: + camunda-platform: diff --git a/docker-compose/versions/camunda-8.6/docker-compose.yaml b/docker-compose/versions/camunda-8.6/docker-compose.yaml new file mode 100644 index 0000000..7bfe203 --- /dev/null +++ b/docker-compose/versions/camunda-8.6/docker-compose.yaml @@ -0,0 +1,564 @@ +# While the Docker images themselves are supported for production usage, +# this docker-compose.yaml is designed to be used by developers to run +# an environment locally. It is not designed to be used in production. +# We recommend to use Kubernetes in production with our Helm Charts: +# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/ +# For local development, we recommend using KIND instead of `docker-compose`: +# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/ + +# This is a full configuration with Zeebe, Operate, Tasklist, Optimize, Identity, Keycloak, Elasticsearch and Web Modeler. +# See docker-compose-core.yml for a lightweight configuration that does not include Optimize, Identity, and Keycloak. + +services: + + zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe + profiles: + - full + image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION} + container_name: zeebe + ports: + - "26500:26500" + - "9600:9600" + - "8088:8080" + environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/ + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE} + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:18080/auth/realms/camunda-platform + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api + - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084 + - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200 + # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259 + - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1 + # allow running with low disk space + - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998 + - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999 + - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m" + restart: always + healthcheck: + test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - zeebe:/usr/local/zeebe/data + networks: + - camunda-platform + depends_on: + - elasticsearch + - identity + + operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate + profiles: + - full + image: camunda/operate:${CAMUNDA_PLATFORM_VERSION} + container_name: operate + ports: + - "8081:8080" + environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/ + - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform + - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate + - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api + - CAMUNDA_OPERATE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:18080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:9600/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - operate_tmp:/tmp + networks: + - camunda-platform + depends_on: + - zeebe + - identity + - elasticsearch + + tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist + profiles: + - full + image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION} + container_name: tasklist + ports: + - "8082:8080" + environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/ + - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500 + - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080 + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200 + - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200 + # For more information regarding configuration with Identity see: + # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity + - SPRING_PROFILES_ACTIVE=identity-auth + - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084 + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform + - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist + - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api + - CAMUNDA_TASKLIST_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:18080/auth/realms/camunda-platform + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/certs + - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED} + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:9600/actuator/health/readiness'" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - tasklist_tmp:/tmp + networks: + - camunda-platform + depends_on: + zeebe: + condition: service_started + elasticsearch: + condition: service_healthy + identity: + condition: service_healthy + + connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/ + profiles: + - full + image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION} + container_name: connectors + ports: + - "8085:8080" + environment: + - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500 + - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true + - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID} + - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET} + - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache + - ZEEBE_TOKEN_AUDIENCE=zeebe-api + - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token + - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080 + - CAMUNDA_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform + - CAMUNDA_IDENTITY_CLIENT_ID=connectors + - CAMUNDA_IDENTITY_CLIENT_SECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_IDENTITY_TYPE=KEYCLOAK + - CAMUNDA_IDENTITY_AUDIENCE=operate-api + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + env_file: connector-secrets.txt + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + networks: + - camunda-platform + depends_on: + - zeebe + - operate + - identity + + optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize + profiles: + - full + image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION} + container_name: optimize + ports: + - "8083:8090" + environment: # https://docs.camunda.io/docs/self-managed/optimize-deployment/setup/installation/#available-environment-variables + - OPTIMIZE_ELASTICSEARCH_HOST=elasticsearch + - OPTIMIZE_ELASTICSEARCH_HTTP_PORT=9200 + - SPRING_PROFILES_ACTIVE=ccsm + - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true + - CAMUNDA_OPTIMIZE_ENTERPRISE=false + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize + - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api + - CAMUNDA_OPTIMIZE_IDENTITY_BASE_URL=http://identity:8084 + - CAMUNDA_OPTIMIZE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED} + - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false + - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true + - management.endpoints.web.exposure.include=health + - management.endpoint.health.probes.enabled=true + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:8090/api/readyz" ] + interval: 30s + timeout: 1s + retries: 5 + start_period: 30s + volumes: + - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml" + restart: on-failure + networks: + - camunda-platform + depends_on: + - identity + - elasticsearch + + identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity + profiles: + - full + - modeling + container_name: identity + image: camunda/identity:${CAMUNDA_PLATFORM_VERSION} + ports: + - "8084:8084" + environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ + SERVER_PORT: 8084 + IDENTITY_RETRY_DELAY_SECONDS: 30 + IDENTITY_URL: http://${HOST}:8084 + KEYCLOAK_URL: http://keycloak:18080/auth + IDENTITY_AUTH_PROVIDER_ISSUER_URL: http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform + IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:18080/auth/realms/camunda-platform + IDENTITY_DATABASE_HOST: postgres + IDENTITY_DATABASE_PORT: 5432 + IDENTITY_DATABASE_NAME: bitnami_keycloak + IDENTITY_DATABASE_USERNAME: bn_keycloak + IDENTITY_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPERATE_ROOT_URL: http://${HOST}:8081 + KEYCLOAK_INIT_TASKLIST_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_TASKLIST_ROOT_URL: http://${HOST}:8082 + KEYCLOAK_INIT_OPTIMIZE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_OPTIMIZE_ROOT_URL: http://${HOST}:8083 + KEYCLOAK_INIT_WEBMODELER_ROOT_URL: http://${HOST}:8070 + KEYCLOAK_INIT_CONNECTORS_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7 + KEYCLOAK_INIT_CONNECTORS_ROOT_URL: http://${HOST}:8085 + KEYCLOAK_INIT_ZEEBE_NAME: zeebe + KEYCLOAK_USERS_0_USERNAME: "demo" + KEYCLOAK_USERS_0_PASSWORD: "demo" + KEYCLOAK_USERS_0_FIRST_NAME: "demo" + KEYCLOAK_USERS_0_EMAIL: "demo@acme.com" + KEYCLOAK_USERS_0_ROLES_0: "Identity" + KEYCLOAK_USERS_0_ROLES_1: "Optimize" + KEYCLOAK_USERS_0_ROLES_2: "Operate" + KEYCLOAK_USERS_0_ROLES_3: "Tasklist" + KEYCLOAK_USERS_0_ROLES_4: "Web Modeler" + KEYCLOAK_USERS_0_ROLES_5: "Web Modeler Admin" + KEYCLOAK_CLIENTS_0_NAME: zeebe + KEYCLOAK_CLIENTS_0_ID: ${ZEEBE_CLIENT_ID} + KEYCLOAK_CLIENTS_0_SECRET: ${ZEEBE_CLIENT_SECRET} + KEYCLOAK_CLIENTS_0_TYPE: M2M + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_RESOURCE_SERVER_ID: zeebe-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_0_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_1_RESOURCE_SERVER_ID: operate-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_1_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_2_RESOURCE_SERVER_ID: tasklist-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_2_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_3_RESOURCE_SERVER_ID: optimize-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_3_DEFINITION: write:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_4_RESOURCE_SERVER_ID: tasklist-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_4_DEFINITION: read:* + KEYCLOAK_CLIENTS_0_PERMISSIONS_5_RESOURCE_SERVER_ID: operate-api + KEYCLOAK_CLIENTS_0_PERMISSIONS_5_DEFINITION: read:* + MULTITENANCY_ENABLED: ${MULTI_TENANCY_ENABLED} + RESOURCE_PERMISSIONS_ENABLED: ${RESOURCE_AUTHORIZATIONS_ENABLED} + healthcheck: + test: [ "CMD", "wget", "-q", "--tries=1", "--spider", "http://localhost:8082/actuator/health" ] + interval: 5s + timeout: 15s + retries: 30 + start_period: 60s + restart: on-failure + volumes: + - keycloak-theme:/app/keycloak-theme + networks: + - camunda-platform + - identity-network + depends_on: + keycloak: + condition: service_healthy + + postgres: # https://hub.docker.com/_/postgres + profiles: + - full + - modeling + container_name: postgres + image: postgres:${POSTGRES_VERSION} + environment: + POSTGRES_DB: bitnami_keycloak + POSTGRES_USER: bn_keycloak + POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + restart: on-failure + healthcheck: + test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - postgres:/var/lib/postgresql/data + networks: + - identity-network + + keycloak: # https://hub.docker.com/r/bitnami/keycloak + profiles: + - full + - modeling + container_name: keycloak + image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION} + volumes: + - keycloak-theme:/opt/bitnami/keycloak/themes/identity + ports: + - "18080:18080" + environment: + KEYCLOAK_HTTP_PORT: 18080 + KEYCLOAK_HTTP_RELATIVE_PATH: /auth + KEYCLOAK_DATABASE_HOST: postgres + KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5" + KEYCLOAK_ADMIN_USER: admin + KEYCLOAK_ADMIN_PASSWORD: admin + restart: on-failure + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:18080/auth"] + interval: 30s + timeout: 15s + retries: 5 + start_period: 30s + networks: + - camunda-platform + - identity-network + depends_on: + - postgres + + elasticsearch: # https://hub.docker.com/_/elasticsearch + profiles: + - full + image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + container_name: elasticsearch + ports: + - "9200:9200" + - "9300:9300" + environment: + - bootstrap.memory_lock=true + - discovery.type=single-node + - xpack.security.enabled=false + # allow running with low disk space + - cluster.routing.allocation.disk.threshold_enabled=false + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ] + interval: 30s + timeout: 5s + retries: 3 + volumes: + - elastic:/usr/share/elasticsearch/data + networks: + - camunda-platform + + web-modeler-db: + profiles: + - full + - modeling + container_name: web-modeler-db + image: postgres:${POSTGRES_VERSION} + healthcheck: + test: pg_isready -d web-modeler-db -U web-modeler-db-user + interval: 5s + timeout: 15s + retries: 30 + environment: + POSTGRES_DB: web-modeler-db + POSTGRES_USER: web-modeler-db-user + POSTGRES_PASSWORD: web-modeler-db-password + networks: + - web-modeler + volumes: + - postgres-web:/var/lib/postgresql/data + + mailpit: + # If you want to use your own SMTP server, you can remove this container + # and configure RESTAPI_MAIL_HOST, RESTAPI_MAIL_PORT, REST_API_MAIL_USER, + # REST_API_MAIL_PASSWORD and RESTAPI_MAIL_ENABLE_TLS in web-modeler-restapi + profiles: + - full + - modeling + container_name: mailpit + image: axllent/mailpit:${MAILPIT_VERSION} + ports: + - "1025:1025" + - "8075:8025" + healthcheck: + test: /usr/bin/nc -v localhost 1025 + interval: 30s + networks: + - web-modeler + + web-modeler-restapi: + profiles: + - full + - modeling + container_name: web-modeler-restapi + image: camunda/web-modeler-restapi:${CAMUNDA_WEB_MODELER_VERSION} + command: /bin/sh -c "java $JAVA_OPTIONS org.springframework.boot.loader.JarLauncher" + depends_on: + web-modeler-db: + condition: service_healthy + mailpit: + condition: service_started + identity: + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8091/health/readiness" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + JAVA_OPTIONS: -Xmx128m + LOGGING_LEVEL_IO_CAMUNDA_MODELER: DEBUG + CAMUNDA_IDENTITY_BASEURL: http://identity:8084/ + SPRING_DATASOURCE_URL: jdbc:postgresql://web-modeler-db:5432/web-modeler-db + SPRING_DATASOURCE_USERNAME: web-modeler-db-user + SPRING_DATASOURCE_PASSWORD: web-modeler-db-password + SPRING_PROFILES_INCLUDE: default-logging + RESTAPI_PUSHER_HOST: web-modeler-websockets + RESTAPI_PUSHER_PORT: "8060" + RESTAPI_PUSHER_APP_ID: web-modeler-app + RESTAPI_PUSHER_KEY: web-modeler-app-key + RESTAPI_PUSHER_SECRET: web-modeler-app-secret + RESTAPI_OAUTH2_TOKEN_ISSUER: http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform + RESTAPI_OAUTH2_TOKEN_ISSUER_BACKEND_URL: http://keycloak:18080/auth/realms/camunda-platform + RESTAPI_SERVER_URL: http://localhost:8070 + RESTAPI_MAIL_HOST: mailpit + RESTAPI_MAIL_PORT: 1025 + RESTAPI_MAIL_ENABLE_TLS: "false" + RESTAPI_MAIL_FROM_ADDRESS: "noreply@example.com" + CAMUNDA_MODELER_CLUSTERS_0_NAME: "Local Zeebe instance" + CAMUNDA_MODELER_CLUSTERS_0_VERSION: ${CAMUNDA_PLATFORM_VERSION} + CAMUNDA_MODELER_CLUSTERS_0_URL_ZEEBE_GRPC: http://zeebe:26500 + CAMUNDA_MODELER_CLUSTERS_0_URL_ZEEBE_REST: http://zeebe:8080 + CAMUNDA_MODELER_CLUSTERS_0_URL_OPERATE: http://operate:8080 + CAMUNDA_MODELER_CLUSTERS_0_URL_TASKLIST: http://tasklist:8080 + CAMUNDA_MODELER_CLUSTERS_0_OAUTH_URL: http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token + # extra cluster configuration depending on the authentication mode + env_file: ./.web-modeler/cluster-config-authentication-mode-${ZEEBE_AUTHENTICATION_MODE}.env + networks: + - web-modeler + - camunda-platform + + web-modeler-webapp: + profiles: + - full + - modeling + container_name: web-modeler-webapp + image: camunda/web-modeler-webapp:${CAMUNDA_WEB_MODELER_VERSION} + ports: + - "8070:8070" + depends_on: + web-modeler-restapi: + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8071/health/readiness" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + RESTAPI_HOST: web-modeler-restapi + SERVER_HOST: web-modeler-webapp + SERVER_HTTPS_ONLY: "false" + SERVER_URL: http://localhost:8070 + PUSHER_APP_ID: web-modeler-app + PUSHER_KEY: web-modeler-app-key + PUSHER_SECRET: web-modeler-app-secret + PUSHER_HOST: web-modeler-websockets + PUSHER_PORT: "8060" + CLIENT_PUSHER_HOST: localhost + CLIENT_PUSHER_PORT: "8060" + CLIENT_PUSHER_FORCE_TLS: "false" + CLIENT_PUSHER_KEY: web-modeler-app-key + OAUTH2_CLIENT_ID: web-modeler + OAUTH2_JWKS_URL: http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/certs + OAUTH2_TOKEN_AUDIENCE: web-modeler-api + OAUTH2_TOKEN_ISSUER: http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform + IDENTITY_BASE_URL: http://identity:8084/ + PLAY_ENABLED: "true" + networks: + - web-modeler + - camunda-platform + + web-modeler-websockets: + profiles: + - full + - modeling + container_name: web-modeler-websockets + image: camunda/web-modeler-websockets:${CAMUNDA_WEB_MODELER_VERSION} + ports: + - "8060:8060" + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8060/up" ] + interval: 5s + timeout: 15s + retries: 30 + environment: + APP_NAME: "Web Modeler Self-Managed WebSockets" + APP_DEBUG: "true" + PUSHER_APP_ID: web-modeler-app + PUSHER_APP_KEY: web-modeler-app-key + PUSHER_APP_SECRET: web-modeler-app-secret + networks: + - web-modeler + + kibana: + image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION} + container_name: kibana + ports: + - 5601:5601 + volumes: + - kibana:/usr/share/kibana/data + networks: + - camunda-platform + depends_on: + - elasticsearch + profiles: + - kibana + +volumes: + zeebe: + elastic: + postgres: + keycloak-theme: + kibana: + operate_tmp: + tasklist_tmp: + postgres-web: + +networks: + # Note there are three bridge networks: One for Camunda Platform, one for Identity and one for Web Modeler. + # Identity and Keycloak are part of the first two as they need to be accessible by platform components. + # Web Modeler has its own network because it consists of three components that communicate with each other. + # It is also part of the canunda-platform network to communicate with the platform components like Zeebe to run + # processes or Identity to log in. + camunda-platform: + identity-network: + web-modeler: