Skip to content

feat(aks): evolve from embedded to operators for ref arch #1903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
marcel-dias wants to merge 3 commits into
base: main
Choose a base branch
from
+47 −18
Open

feat(aks): evolve from embedded to operators for ref arch #1903

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2d9fabc
feat(aks): evolve from embedded to operators for ref arch
marcel-dias Feb 23, 2026
dfbed24
fix comments
marcel-dias Feb 24, 2026
cc05472
fix(aks): add ECK Operator uninstall
marcel-dias Feb 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .github/workflows/azure_kubernetes_aks_single_region_tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ on:
- .github/actions/kubernetes-restart-coredns/**
- .github/actions/kubernetes-wildcard-certificate/**
- .github/actions/internal-camunda-chart-tests/**
- .github/actions/kubernetes-eck-operator/**
- .github/actions/kubernetes-eck-operator-cleanup/**
- generic/kubernetes/operator-based/elasticsearch/**

workflow_dispatch:
inputs:
Expand Down Expand Up @@ -505,6 +508,12 @@ jobs:
yq ". *+ load(\"azure/kubernetes/${{ matrix.scenario.name }}/helm-values/values-${{ matrix.declination.name }}.yml\")" values.yml > values-result.yml
cat values-result.yml && mv values-result.yml values.yml

# Merge ECK Elasticsearch operator overlay
echo "Merging ECK Elasticsearch config"
OPERATOR_ES_PATH="generic/kubernetes/operator-based/elasticsearch"
yq ". *+ load(\"${OPERATOR_ES_PATH}/camunda-elastic-values.yml\")" values.yml > values-merged.yml
cat values-merged.yml && mv values-merged.yml values.yml

# Merge auth provider specific overlays (keycloak-operator or OIDC)
AUTH_PROVIDER="${{ matrix.scenario.auth_provider }}"
HELM_VALUES_PATH="generic/kubernetes/single-region/helm-values"
Expand Down Expand Up @@ -612,6 +621,12 @@ jobs:
set -euo pipefail
./azure/kubernetes/${{ matrix.scenario.name }}/procedure/create-external-db-secrets.sh

- name: Deploy Elasticsearch via ECK Operator
timeout-minutes: 10
uses: ./.github/actions/kubernetes-eck-operator
with:
namespace: ${{ env.CAMUNDA_NAMESPACE }}

- name: 🐘 Deploy Keycloak via Operator (keycloak-operator mode)
if: ${{ matrix.scenario.auth_provider == 'keycloak-operator' }}
timeout-minutes: 15
Expand Down Expand Up @@ -709,6 +724,7 @@ jobs:
test-client-id: ${{ steps.secrets.outputs.CI_CAMUNDA_USER_TEST_CLIENT_ID }}
test-client-secret: ${{ steps.secrets.outputs.CI_CAMUNDA_USER_TEST_CLIENT_SECRET }}
keycloak-service-name: ${{ matrix.scenario.auth_provider == 'keycloak-operator' && 'keycloak-service:18080' || '' }}
elasticsearch-service-name: elasticsearch-es-http:9200

- name: 🔬🚨 Get failed certificate info
if: failure() && matrix.declination.name == 'domain'
Expand All @@ -725,6 +741,12 @@ jobs:
namespace: ${{ env.CAMUNDA_NAMESPACE }}
artifact-suffix: ${{ matrix.scenario.name }}-${{ matrix.declination.name }}

- name: 🧹 Cleanup ECK Elasticsearch deployment
if: always() && env.CLEANUP_CLUSTERS == 'true'
uses: ./.github/actions/kubernetes-eck-operator-cleanup
with:
namespace: ${{ env.CAMUNDA_NAMESPACE }}

- name: 🧹 Cleanup Keycloak Operator deployment
if: always() && env.CLEANUP_CLUSTERS == 'true' && matrix.scenario.auth_provider == 'keycloak-operator'
uses: ./.github/actions/kubernetes-keycloak-operator-cleanup
Expand Down
18 changes: 9 additions & 9 deletions azure/kubernetes/aks-single-region/helm-values/values-domain.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
---
# Azure AKS Domain Configuration for Camunda Platform
#
# This is the base values file. Auth provider configs are applied via overlays:
# - Keycloak Operator: merge with generic/kubernetes/operator-based/keycloak/camunda-keycloak-domain-values.yml
# - OIDC: merge with generic/kubernetes/single-region/helm-values/values-oidc.yml + values-oidc-domain.yml
# This is the base values file for Camunda components.
#
# Auth provider configs are applied via overlays:
# - Keycloak Operator: generic/kubernetes/operator-based/keycloak/camunda-keycloak-no-domain-values.yml
# - OIDC: generic/kubernetes/single-region/helm-values/values-oidc.yml + values-oidc-no-domain.yml
#
# Elasticsearch is managed via the ECK operator and configured through a separate overlay file:
# - Elasticsearch: generic/kubernetes/operator-based/elasticsearch/camunda-elastic-values.yml
#

global:
elasticsearch:
enabled: true

ingress:
enabled: true
host: ${CAMUNDA_DOMAIN}
Expand Down Expand Up @@ -116,6 +119,3 @@ orchestration:
console:
enabled: false # by default, console is not enabled
contextPath: /console

elasticsearch:
enabled: true
18 changes: 9 additions & 9 deletions azure/kubernetes/aks-single-region/helm-values/values-no-domain.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
---
# Azure AKS No-Domain Configuration for Camunda Platform
#
# This is the base values file. Auth provider configs are applied via overlays:
# - Keycloak Operator: merge with generic/kubernetes/operator-based/keycloak/camunda-keycloak-no-domain-values.yml
# - OIDC: merge with generic/kubernetes/single-region/helm-values/values-oidc.yml + values-oidc-no-domain.yml
# This is the base values file for Camunda components.
#
# Auth provider configs are applied via overlays:
# - Keycloak Operator: generic/kubernetes/operator-based/keycloak/camunda-keycloak-no-domain-values.yml
# - OIDC: generic/kubernetes/single-region/helm-values/values-oidc.yml + values-oidc-no-domain.yml
#
# Elasticsearch is managed via the ECK operator and configured through a separate overlay file:
# - Elasticsearch: generic/kubernetes/operator-based/elasticsearch/camunda-elastic-values.yml
#

global:
elasticsearch:
enabled: true

security:
authentication:
method: oidc
Expand Down Expand Up @@ -80,6 +83,3 @@ webModelerPostgresql:

console:
enabled: false # by default, console is not enabled

elasticsearch:
enabled: true
Loading