Skip to content

feat(openshift): add RDBMS secondary storage variant for ROSA HCP#2345

Open
leiicamundi wants to merge 5 commits into
stable/8.9from
feat/rosa-hcp-rdbms-variant
Open

feat(openshift): add RDBMS secondary storage variant for ROSA HCP#2345
leiicamundi wants to merge 5 commits into
stable/8.9from
feat/rosa-hcp-rdbms-variant

Conversation

@leiicamundi
Copy link
Copy Markdown
Contributor

@leiicamundi leiicamundi commented Apr 20, 2026
edited
Loading

Stable/8.9 => then upstream 8.10

Add RDBMS (PostgreSQL) secondary storage support to the ROSA HCP single-region test workflow, reusing the existing ROSA cluster infrastructure.

  • Add 'no-domain-rdbms' declination with secondary_storage: rdbms
  • Add declination_mode field to decouple domain/no-domain mode from secondary storage type
  • Conditionally skip ECK deployment for RDBMS variant
  • Deploy pg-camunda CNPG cluster for RDBMS secondary storage
  • Merge camunda-rdbms-values.yml instead of camunda-elastic-values.yml
  • Disable Optimize and Elasticsearch tests for RDBMS variant
  • Remove optimize-api permissions from identity test values in RDBMS mode
  • Add pg-camunda cleanup step

Ref: team-infrastructure-experience#1064

@leiicamundi leiicamundi self-assigned this Apr 20, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 20, 2026

🔀 Skip Workflow Checklist

Check the boxes below to skip specific workflows for this PR.

Global options

  • skip_all - Skip all workflows

Individual workflows

  • skip_aws_cognito_daily_cleanup
  • skip_aws_common_procedure_s3_bucket
  • skip_aws_compute_ec2_single_region_daily_cleanup
  • skip_aws_compute_ec2_single_region_golden
  • skip_aws_compute_ec2_single_region_tests
  • skip_aws_ecs_single_region_fargate_daily_cleanup
  • skip_aws_ecs_single_region_fargate_golden
  • skip_aws_ecs_single_region_fargate_tests
  • skip_aws_eks_single_region_daily_cleanup
  • skip_aws_kubernetes_eks_dual_region_daily_cleanup
  • skip_aws_kubernetes_eks_dual_region_golden
  • skip_aws_kubernetes_eks_dual_region_teleport_tests
  • skip_aws_kubernetes_eks_dual_region_tests
  • skip_aws_kubernetes_eks_single_region_golden
  • skip_aws_kubernetes_eks_single_region_tests
  • skip_aws_modules_eks_rds_os_create_destruct_tests
  • skip_aws_modules_eks_rds_os_daily_cleanup
  • skip_aws_modules_eks_rds_os_tests
  • skip_aws_openshift_rosa_hcp_dual_region_golden
  • skip_aws_openshift_rosa_hcp_dual_region_tests
  • skip_aws_openshift_rosa_hcp_single_region_golden
  • skip_aws_openshift_rosa_hcp_single_region_tests
  • skip_aws_rosa_hcp_dual_region_daily_cleanup
  • skip_aws_rosa_hcp_single_region_daily_cleanup
  • skip_azure_aks_single_region_daily_cleanup
  • skip_azure_common_procedure_storageaccount_test
  • skip_azure_kubernetes_aks_single_region_golden
  • skip_azure_kubernetes_aks_single_region_tests
  • skip_generic_kubernetes_migration_test
  • skip_generic_kubernetes_operator_based_test
  • skip_internal_global_pr_todo_checker
  • skip_local_kubernetes_kind_single_region_tests

This checklist is automatically managed. Checked items will skip the corresponding workflow.

@leiicamundi leiicamundi force-pushed the feat/rosa-hcp-rdbms-variant branch from ce0e198 to 3e77cfc Compare April 21, 2026 13:20
@leiicamundi
feat(openshift): add RDBMS secondary storage variant for ROSA HCP sin…
b6c2873 
…gle-region

Add RDBMS (PostgreSQL) secondary storage support to the ROSA HCP
single-region test workflow, reusing the existing ROSA cluster
infrastructure.

- Add 'no-domain-rdbms' declination with secondary_storage: rdbms
- Add declination_mode field to decouple domain/no-domain mode from
  secondary storage type
- Conditionally skip ECK deployment for RDBMS variant
- Deploy pg-camunda CNPG cluster for RDBMS secondary storage
- Merge camunda-rdbms-values.yml instead of camunda-elastic-values.yml
- Disable Optimize and Elasticsearch tests for RDBMS variant
- Remove optimize-api permissions from identity test values in RDBMS mode
- Add pg-camunda cleanup step

Ref: team-infrastructure-experience#1064
@leiicamundi leiicamundi force-pushed the feat/rosa-hcp-rdbms-variant branch from 3e77cfc to b6c2873 Compare April 21, 2026 14:27
@github-actions github-actions Bot added the test label Apr 21, 2026
@leiicamundi leiicamundi changed the base branch from main to stable/8.9 April 21, 2026 14:28
@leiicamundi leiicamundi marked this pull request as ready for review April 22, 2026 08:21
@leiicamundi
trigger ci
a067be5
@leiicamundi
fix: remove Helm values keys not recognized by chart 14.0.0 schema
eceb93e 
The helm-deprecation-check action (validate-unknown-keys.py) flags
keys that are not defined in the chart's values.schema.json. These
keys were valid in older chart versions but are missing or restructured
in camunda-platform chart 14.0.0 (appVersion 8.9).

Removed keys:
- elasticsearch.global.imagePullSecrets: Bitnami ES sub-chart key not
  in chart schema (only elasticsearch.global.compatibility exists).
  Pull secrets are already set via global.image.pullSecrets.
- identityKeycloak.image.pullSecrets: not defined in schema (only
  repository/tag/digest). Pull secrets covered by global.image.pullSecrets.
- identityKeycloak.postgresql.enabled: not in schema properties for
  identityKeycloak.postgresql (only auth/image/metrics/primary exist).
- global.identity.enabled: never existed in schema. The correct key is
  identity.enabled which is already set in base.yml.
- global.identity.auth.console.secret: removed in 8.9 — Console no
  longer uses an Identity client secret.
- webModeler.restapi.externalDatabase.enabled: not in schema. External
  DB is activated implicitly when webModelerPostgresql.enabled=false.
- orchestration.security.initialization.defaultRoles.admin.clients:
  the admin role only supports 'users', not 'clients'. Moved test
  client 'venom' to connectors.clients which supports both.

Note: 3 keys (global.identity.keycloak.url.host/port/protocol) are
also flagged but are functionally correct — the schema defines url as
type:object without properties, which is a chart schema bug. A bug
report has been filed for camunda-platform-helm.
@leiicamundi
Copy link
Copy Markdown
Contributor Author

leiicamundi commented Apr 22, 2026

Errors of keys triggered by camunda/camunda-platform-helm#5930

@leiicamundi
fix: remove identity.redirectUrl and temporarily disable check-unknow…
a360f4b 
…n-keys

- Remove global.identity.auth.identity.redirectUrl from 5 value files
  (key removed in chart 14.0.0)
- Temporarily disable check-unknown-keys in OpenShift workflow pending
  camunda/camunda-platform-helm#5938
@leiicamundi
fix: venom tests
5bc4521
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented May 13, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented May 13, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcel-dias marcel-dias marcel-dias approved these changes

Assignees

@leiicamundi leiicamundi

Labels

backport stable/8.9 enhancement New feature or request test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@leiicamundi @CLAassistant @marcel-dias