Update to camunda 8.7.2

Author: Klemens Hollinetz-Schneck

docker-compose-8.7-kafka/.env

@@ -0,0 +1,43 @@
+## Image versions ##
+# renovate: datasource=docker depName=camunda/connectors-bundle
+CAMUNDA_CONNECTORS_VERSION=8.7.2
+# renovate: datasource=docker depName=camunda/zeebe
+CAMUNDA_ZEEBE_VERSION=8.7.2
+# renovate: datasource=docker depName=camunda/identity
+CAMUNDA_IDENTITY_VERSION=8.7.1
+# renovate: datasource=docker depName=camunda/operate
+CAMUNDA_OPERATE_VERSION=8.7.2
+# renovate: datasource=docker depName=camunda/tasklist
+CAMUNDA_TASKLIST_VERSION=8.7.2
+# renovate: datasource=docker depName=camunda/optimize
+CAMUNDA_OPTIMIZE_VERSION=8.7.1
+# renovate: datasource=docker depName=camunda/web-modeler-restapi
+CAMUNDA_WEB_MODELER_VERSION=8.7.1
+# renovate: datasource=docker depName=elasticsearch
+ELASTIC_VERSION=8.17.4
+KEYCLOAK_SERVER_VERSION=26.1.4
+### KEYCLOAK_SERVER_VERSION=24.0.5
+
+# renovate: datasource=docker depName=axllent/mailpit
+MAILPIT_VERSION=v1.20.7
+POSTGRES_VERSION=14.5-alpine
+HOST=localhost
+KEYCLOAK_HOST=localhost
+
+## Configuration ##
+# By default the zeebe api is public, when setting this to `identity` a valid zeebe client token is required
+ZEEBE_AUTHENTICATION_MODE=identity
+ZEEBE_CLIENT_ID=zeebe
+ZEEBE_CLIENT_SECRET=zecret
+
+# Set to 'true' to enable resource based authorizations for users and groups
+# This can be used to limit access for users or groups to view/update specific
+# processes and decisions in Operate and Tasklist
+RESOURCE_AUTHORIZATIONS_ENABLED=false
+
+# Set to 'true' to enable multi-tenancy across all components
+# This requires use of identity for authentication
+#
+#  ZEEBE_AUTHENTICATION_MODE=identity
+#
+MULTI_TENANCY_ENABLED=true

docker-compose-8.7-kafka/.optimize/environment-config.yaml

@@ -0,0 +1,5 @@
+es:
+  settings:
+    index:
+      number_of_replicas: 0
+

docker-compose-8.7-kafka/.web-modeler/cluster-config-authentication-mode-identity.env

@@ -0,0 +1 @@
+CAMUNDA_MODELER_CLUSTERS_0_AUTHENTICATION: oauth

docker-compose-8.7-kafka/.web-modeler/cluster-config-authentication-mode-none.env

@@ -0,0 +1 @@
+CAMUNDA_MODELER_CLUSTERS_0_AUTHENTICATION: none

docker-compose-8.7-kafka/README.md

@@ -0,0 +1,15 @@
+# Camunda 8 Self-Managed - Docker Compose
+
+## Usage
+
+For end user usage, please check the offical documentation of [Camunda 8 Self-Managed Docker Compose](https://docs.camunda.io/docs/8.7/self-managed/setup/deploy/local/docker-compose/).
+
+## Changes
+
+In this copy of Camunda platform 8.7.2 these changes have been applied:
+
+1. All containers restart policy is set to `no`.
+1. Tenants enabled.
+1. Kafka 3.7.2 added, configured to listen on localhost:9092.
+1. Kafka exporter added to Zeebe.<br>
+   For topic configuration see [exporter.yml](./exporters/exporter.yml).

docker-compose-8.7-kafka/connector-secrets.txt

@@ -0,0 +1,2 @@
+# add secrets per line in the format NAME=VALUE
+# WARNING: ensure not to commit changes to this file

docker-compose-8.7-kafka/docker-compose-core.yaml

@@ -0,0 +1,167 @@
+# While the Docker images themselves are supported for production usage,
+# this docker-compose.yaml is designed to be used by developers to run
+# an environment locally. It is not designed to be used in production.
+# We recommend to use Kubernetes in production with our Helm Charts:
+# https://docs.camunda.io/docs/self-managed/platform-deployment/kubernetes-helm/
+# For local development, we recommend using KIND instead of `docker-compose`:
+# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/
+
+# This is a lightweight configuration with Zeebe, Operate, Tasklist, and Elasticsearch
+# See docker-compose.yml for a configuration that also includes Optimize, Identity, and Keycloak.
+
+services:
+
+  zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe
+    image: camunda/zeebe:${CAMUNDA_ZEEBE_VERSION}
+    container_name: zeebe
+    ports:
+      - "26500:26500"
+      - "9600:9600"
+      - "8088:8080"
+    environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/
+      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter
+      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=http://elasticsearch:9200
+      # default is 1000, see here: https://github.com/camunda/zeebe/blob/main/exporters/elasticsearch-exporter/src/main/java/io/camunda/zeebe/exporter/ElasticsearchExporterConfiguration.java#L259
+      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1
+      # allow running with low disk space
+      - ZEEBE_BROKER_DATA_DISKUSAGECOMMANDWATERMARK=0.998
+      - ZEEBE_BROKER_DATA_DISKUSAGEREPLICATIONWATERMARK=0.999
+      - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m"
+    restart: unless-stopped
+    healthcheck:
+      test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/9600' || exit 1" ]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    volumes:
+      - zeebe:/usr/local/zeebe/data
+    networks:
+      - camunda-platform
+    depends_on:
+      - elasticsearch
+
+  operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate
+    image: camunda/operate:${CAMUNDA_OPERATE_VERSION}
+    container_name: operate
+    ports:
+      - "8081:8080"
+    environment: # https://docs.camunda.io/docs/self-managed/operate-deployment/configuration/
+      - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500
+      - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200
+      - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
+      - CAMUNDA_OPERATE_CSRFPREVENTIONENABLED=false
+      - management.endpoints.web.exposure.include=health
+      - management.endpoint.health.probes.enabled=true
+    healthcheck:
+      test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:9600/actuator/health/readiness'" ]
+      interval: 30s
+      timeout: 1s
+      retries: 5
+      start_period: 30s
+    networks:
+      - camunda-platform
+    depends_on:
+      - zeebe
+      - elasticsearch
+
+  tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist
+    image: camunda/tasklist:${CAMUNDA_TASKLIST_VERSION}
+    container_name: tasklist
+    ports:
+      - "8082:8080"
+    environment: # https://docs.camunda.io/docs/self-managed/tasklist-deployment/configuration/
+      - CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500
+      - CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080
+      - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200
+      - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
+      - CAMUNDA_TASKLIST_CSRFPREVENTIONENABLED=false
+      - management.endpoints.web.exposure.include=health
+      - management.endpoint.health.probes.enabled=true
+    healthcheck:
+      test: [ "CMD-SHELL", "wget -O - -q 'http://localhost:9600/actuator/health/readiness'" ]
+      interval: 30s
+      timeout: 1s
+      retries: 5
+      start_period: 30s
+    networks:
+      - camunda-platform
+    depends_on:
+      - zeebe
+      - elasticsearch
+
+  connectors: # https://docs.camunda.io/docs/components/integration-framework/connectors/out-of-the-box-connectors/available-connectors-overview/
+    image: camunda/connectors-bundle:${CAMUNDA_CONNECTORS_VERSION}
+    container_name: connectors
+    ports:
+      - "8085:8080"
+    environment:
+      - ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS=zeebe:26500
+      - ZEEBE_CLIENT_SECURITY_PLAINTEXT=true
+      - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080
+      - CAMUNDA_OPERATE_CLIENT_USERNAME=demo
+      - CAMUNDA_OPERATE_CLIENT_PASSWORD=demo
+      - management.endpoints.web.exposure.include=health
+      - management.endpoint.health.probes.enabled=true
+    healthcheck:
+      test: [ "CMD-SHELL", "curl -f http://localhost:8080/actuator/health/readiness" ]
+      interval: 30s
+      timeout: 1s
+      retries: 5
+      start_period: 30s
+    env_file: connector-secrets.txt
+    networks:
+      - camunda-platform
+    depends_on:
+      - zeebe
+      - operate
+
+  elasticsearch: # https://hub.docker.com/_/elasticsearch
+    image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
+    container_name: elasticsearch
+    ports:
+      - "9200:9200"
+      - "9300:9300"
+    environment:
+      - bootstrap.memory_lock=true
+      - discovery.type=single-node
+      - xpack.security.enabled=false
+      # allow running with low disk space
+      - cluster.routing.allocation.disk.threshold_enabled=false
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    restart: unless-stopped
+    healthcheck:
+      test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cat/health | grep -q green" ]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+    volumes:
+      - elastic:/usr/share/elasticsearch/data
+    networks:
+      - camunda-platform
+
+  kibana:
+    image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION}
+    container_name: kibana
+    ports:
+      - 5601:5601
+    volumes:
+      - kibana:/usr/share/kibana/data
+    networks:
+      - camunda-platform
+    depends_on:
+      - elasticsearch
+    profiles:
+      - kibana
+
+volumes:
+  zeebe:
+  elastic:
+  kibana:
+
+networks:
+  camunda-platform:

docker-compose-8.7-kafka/docker-compose-web-modeler.yaml

@@ -0,0 +1,156 @@
+# Docker Compose file for Web Modeler Self-Managed. This file is not intended to be used stand-alone.
+# Use it in combination with docker-compose.yaml:
+#
+#    docker-compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml up -d
+#
+# Note: this file is using Mailpit to simulate a mail server
+
+services:
+
+  modeler-db:
+    container_name: modeler-db
+    image: postgres:${POSTGRES_VERSION}
+    healthcheck:
+      test: pg_isready -d modeler-db -U modeler-db-user
+      interval: 5s
+      timeout: 15s
+      retries: 30
+    environment:
+      POSTGRES_DB: modeler-db
+      POSTGRES_USER: modeler-db-user
+      POSTGRES_PASSWORD: modeler-db-password
+    networks:
+      - modeler
+    volumes:
+      - postgres-web:/var/lib/postgresql/data
+    profiles:
+      - ''
+      - web-modeler-standalone
+
+  modeler-websockets:
+    container_name: modeler-websockets
+    image: camunda/web-modeler-websockets:${CAMUNDA_WEB_MODELER_VERSION}
+    ports:
+      - "8060:8060"
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8060/up"]
+      interval: 5s
+      timeout: 15s
+      retries: 30
+    environment:
+      APP_NAME: "Web Modeler Self-Managed WebSockets"
+      APP_DEBUG: "true"
+      PUSHER_APP_ID: modeler-app
+      PUSHER_APP_KEY: modeler-app-key
+      PUSHER_APP_SECRET: modeler-app-secret
+    networks:
+      - modeler
+    profiles:
+      - ''
+      - web-modeler-standalone
+
+  modeler-mailpit:
+    # If you want to use your own SMTP server, you can remove this container
+    # and configure RESTAPI_MAIL_HOST, RESTAPI_MAIL_PORT, REST_API_MAIL_USER,
+    # REST_API_MAIL_PASSWORD and RESTAPI_MAIL_ENABLE_TLS in modeler-restapi
+    container_name: modeler-mailpit
+    image: axllent/mailpit:${MAILPIT_VERSION}
+    ports:
+      - "1025:1025"
+      - "8075:8025"
+    healthcheck:
+      test: /usr/bin/nc -v localhost 1025
+      interval: 30s
+    networks:
+      - modeler
+    profiles:
+      - ''
+      - web-modeler-standalone
+
+  # Modeler containers
+  modeler-restapi:
+    container_name: modeler-restapi
+    image: camunda/web-modeler-restapi:${CAMUNDA_WEB_MODELER_VERSION}
+    command: /bin/sh -c "java $JAVA_OPTIONS org.springframework.boot.loader.JarLauncher"
+    depends_on:
+      modeler-db:
+        condition: service_healthy
+      modeler-mailpit:
+        condition: service_started
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8091/health/readiness"]
+      interval: 5s
+      timeout: 15s
+      retries: 30
+    environment:
+      JAVA_OPTIONS: -Xmx128m
+      LOGGING_LEVEL_IO_CAMUNDA_MODELER: DEBUG
+      CAMUNDA_IDENTITY_BASEURL: http://identity:8084/
+      SPRING_DATASOURCE_URL: jdbc:postgresql://modeler-db:5432/modeler-db
+      SPRING_DATASOURCE_USERNAME: modeler-db-user
+      SPRING_DATASOURCE_PASSWORD: modeler-db-password
+      SPRING_PROFILES_INCLUDE: default-logging
+      RESTAPI_PUSHER_HOST: modeler-websockets
+      RESTAPI_PUSHER_PORT: "8060"
+      RESTAPI_PUSHER_APP_ID: modeler-app
+      RESTAPI_PUSHER_KEY: modeler-app-key
+      RESTAPI_PUSHER_SECRET: modeler-app-secret
+      RESTAPI_OAUTH2_TOKEN_ISSUER: http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+      RESTAPI_OAUTH2_TOKEN_ISSUER_BACKEND_URL: http://keycloak:18080/auth/realms/camunda-platform
+      RESTAPI_SERVER_URL: http://localhost:8070
+      RESTAPI_MAIL_HOST: modeler-mailpit
+      RESTAPI_MAIL_PORT: 1025
+      RESTAPI_MAIL_ENABLE_TLS: "false"
+      RESTAPI_MAIL_FROM_ADDRESS: "[email protected]"
+    networks:
+      - modeler
+      - camunda-platform
+    profiles:
+      - ''
+      - web-modeler-standalone
+
+  modeler-webapp:
+    container_name: modeler-webapp
+    image: camunda/web-modeler-webapp:${CAMUNDA_WEB_MODELER_VERSION}
+    ports:
+      - "8070:8070"
+    depends_on:
+      modeler-restapi:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8071/health/readiness"]
+      interval: 5s
+      timeout: 15s
+      retries: 30
+    environment:
+      RESTAPI_HOST: modeler-restapi
+      SERVER_HTTPS_ONLY: "false"
+      SERVER_URL: http://localhost:8070
+      PUSHER_APP_ID: modeler-app
+      PUSHER_KEY: modeler-app-key
+      PUSHER_SECRET: modeler-app-secret
+      PUSHER_HOST: modeler-websockets
+      PUSHER_PORT: "8060"
+      CLIENT_PUSHER_HOST: localhost
+      CLIENT_PUSHER_PORT: "8060"
+      CLIENT_PUSHER_FORCE_TLS: "false"
+      CLIENT_PUSHER_KEY: modeler-app-key
+      OAUTH2_CLIENT_ID: web-modeler
+      OAUTH2_JWKS_URL: http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/certs
+      OAUTH2_TOKEN_AUDIENCE: web-modeler
+      OAUTH2_TOKEN_ISSUER: http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+      IDENTITY_BASE_URL: http://identity:8084/
+      PLAY_ENABLED: "true"
+    networks:
+      - modeler
+      - camunda-platform
+    profiles:
+      - ''
+      - web-modeler-standalone
+
+networks:
+  camunda-platform:
+  modeler:
+
+volumes:
+  postgres-web: