fix(8.10): back Web Modeler restapi /tmp with a per-pod ephemeral volume

The restapi persistence PVC backs only the pod-local /tmp scratch directory.
Backing disposable per-pod scratch with a shared chart-managed ReadWriteOnce
PVC was the root cause of the install Pending (claimName casing mismatch,
SUPPORT-30069) and the helm-upgrade Multi-Attach deadlock.

Switch the chart-managed path to a generic ephemeral volume (per-pod PVC),
remove the standalone persistentvolumeclaim-restapi.yaml, and add the
component-persistence (cprst) CI scenario that exercises it. emptyDir
default and existingClaim paths are unchanged.

Requires Kubernetes 1.23+ / OpenShift 4.10+ (generic ephemeral volumes GA).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Author: eamonnmoloney

charts/camunda-platform-8.10/README.md

@@ -927,7 +927,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out
 | `webModeler.persistence.existingClaim`                                    | can be used to specify an existing PVC instead of creating a new one                                                                                                                                                                                                                                                                                         | `""`                     |
 | `webModeler.persistence.annotations`                                      | can be used to define annotations to add to the persistent volume claim                                                                                                                                                                                                                                                                                      | `{}`                     |
 | `webModeler.persistence.selector`                                         | can be used to define a label selector for the persistent volume claim                                                                                                                                                                                                                                                                                       | `{}`                     |
-| `webModeler.persistence.deploymentStrategy`                               | update strategy for the restapi Deployment. Defaults to RollingUpdate (zero-downtime), which only works when the PVC supports concurrent attach (RWX storage, or accessModes including ReadWriteMany). For chart-managed PVCs on RWO storage, set to "Recreate" to avoid Multi-Attach deadlocks during helm upgrade (introduces brief downtime per upgrade). | `RollingUpdate`          |
+| `webModeler.persistence.deploymentStrategy`                               | update strategy for the restapi Deployment. Defaults to RollingUpdate, which is always safe because the default chart-managed persistence path uses a per-pod ephemeral volume (no concurrent-attach contention). Set to "Recreate" only when using existingClaim with a ReadWriteOnce volume that cannot tolerate concurrent attach during a rollout (introduces brief downtime per upgrade). | `RollingUpdate`          |
 | `webModeler.serviceAccount`                                               | configuration for the service account the WebModeler pods are assigned to                                                                                                                                                                                                                                                                                    |                          |
 
 ### Connectors Parameters

charts/camunda-platform-8.10/templates/web-modeler/deployment-restapi.yaml

@@ -4,7 +4,7 @@
 {{- fail "webModeler.persistence.deploymentStrategy value must be one of 'RollingUpdate', 'Recreate'" -}}
 {{- end -}}
 {{- if and (eq $deploymentStrategy "Recreate") (not (or .Values.camundaHub.webModeler.persistence.enabled .Values.webModeler.persistence.enabled)) -}}
-{{- fail "webModeler.persistence.deploymentStrategy: Recreate requires webModeler.persistence.enabled: true (it avoids a Multi-Attach deadlock on the chart-managed RWO PVC; without persistence it only adds upgrade downtime)" -}}
+{{- fail "webModeler.persistence.deploymentStrategy: Recreate requires webModeler.persistence.enabled: true. The default chart-managed path uses a per-pod ephemeral volume with no Multi-Attach contention, so Recreate is only useful when existingClaim points to a ReadWriteOnce volume; without persistence it only adds upgrade downtime" -}}
 {{- end -}}
 apiVersion: apps/v1
 kind: Deployment
@@ -189,8 +189,23 @@ spec:
           persistentVolumeClaim:
             claimName: {{ (or .Values.camundaHub.webModeler.persistence.existingClaim .Values.webModeler.persistence.existingClaim) }}
           {{- else if (or .Values.camundaHub.webModeler.persistence.enabled .Values.webModeler.persistence.enabled) }}
-          persistentVolumeClaim:
-            claimName: {{ include "camundaPlatform.fullname" . }}-webmodeler-data
+          ephemeral:
+            volumeClaimTemplate:
+              {{- with (or .Values.camundaHub.webModeler.persistence.annotations .Values.webModeler.persistence.annotations) }}
+              metadata:
+                annotations: {{- toYaml . | nindent 18 }}
+              {{- end }}
+              spec:
+                accessModes: {{ (or .Values.camundaHub.webModeler.persistence.accessModes .Values.webModeler.persistence.accessModes) | default (list "ReadWriteOnce") | toYaml | nindent 18 }}
+                {{- with (or .Values.camundaHub.webModeler.persistence.storageClassName .Values.webModeler.persistence.storageClassName) }}
+                storageClassName: {{ . | quote }}
+                {{- end }}
+                {{- with (or .Values.camundaHub.webModeler.persistence.selector .Values.webModeler.persistence.selector) }}
+                selector: {{- toYaml . | nindent 18 }}
+                {{- end }}
+                resources:
+                  requests:
+                    storage: {{ (or .Values.camundaHub.webModeler.persistence.size .Values.webModeler.persistence.size) | default "1Gi" | quote }}
           {{- else }}
           emptyDir: {}
           {{- end }}

charts/camunda-platform-8.10/templates/web-modeler/persistentvolumeclaim-restapi.yaml

@@ -603,6 +603,37 @@ integration:
               env-vars:
                 - RDBMS_POSTGRESQL_USERNAME
                 - RDBMS_POSTGRESQL_PASSWORD
+        - name: component-persistence
+          enabled: true
+          shortname: cprst
+          auth: keycloak
+          flow: install,upgrade-minor
+          platforms:
+            - gke
+          exclude: []
+          tier: 2
+          infra-type:
+            gke: distroci
+          identity: keycloak
+          persistence: elasticsearch
+          features:
+            - persistence
+          dependencies:
+            - chart: charts/internal-keycloak-26
+              release-name: keycloak
+              values-file: test/integration/companion-values/keycloak.yaml
+            - chart: elastic/elasticsearch
+              version: 8.5.1
+              release-name: elasticsearch
+              values-file: test/integration/companion-values/elasticsearch.yaml
+              repo-name: elastic
+              repo-url: https://helm.elastic.co
+            - chart: charts/internal-postgresql
+              release-name: postgresql
+              values-file: test/integration/companion-values/postgresql.yaml
+              env-vars:
+                - RDBMS_POSTGRESQL_USERNAME
+                - RDBMS_POSTGRESQL_PASSWORD
         - name: hub-legacy
           enabled: true
           shortname: huble

charts/camunda-platform-8.10/test/ci/registry-snapshot.yaml

@@ -83,6 +83,10 @@ integration:
       shortname: rdbms
       tier: 2
       enabled: true
+    - id: component-persistence
+      shortname: cprst
+      tier: 2
+      enabled: true
     - id: hub-legacy-install
       shortname: huble
       tier: 2

charts/camunda-platform-8.10/test/ci/registry/manifest.yaml

@@ -0,0 +1,16 @@
+name: component-persistence
+auth: keycloak
+flows:
+  - install,upgrade-minor
+identity: keycloak
+persistence: elasticsearch
+features:
+  - persistence
+platforms:
+  - gke
+infra-type:
+  gke: distroci
+dependencies:
+  - keycloak
+  - elasticsearch
+  - postgresql

charts/camunda-platform-8.10/test/ci/registry/scenarios/component-persistence.yaml

@@ -0,0 +1,32 @@
+# =============================================================================
+# Component Persistence Feature
+# =============================================================================
+# Layer 4: Optional feature - exercises persistent volume configuration on
+# Camunda components so the chart's PVC/StatefulSet templates are covered by
+# nightly CI. Tracks the regressions reported in:
+#   SUPPORT-30042 (Optimize PVC pending)
+#   SUPPORT-30069 (web-modeler PVC pending / install failure)
+#   SUPPORT-30094 (orchestration extraVolumeClaimTemplates rejected)
+# Used with: TEST_VALUES_FEATURES containing "persistence"
+# =============================================================================
+
+optimize:
+  enabled: true
+  persistence:
+    enabled: true
+    size: 1Gi
+
+webModeler:
+  persistence:
+    enabled: true
+    size: 1Gi
+
+orchestration:
+  extraVolumeClaimTemplates:
+    - metadata:
+        name: extra-data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi

charts/camunda-platform-8.10/test/integration/scenarios/chart-full-setup/values/features/persistence.yaml

@@ -109,9 +109,12 @@ func (s *PersistenceTemplateTest) TestPersistenceConfiguration() {
 
 				// then
 				s.Require().NotNil(tmpVolume, "tmp volume should exist")
-				s.Require().NotNil(tmpVolume.PersistentVolumeClaim, "should use PVC when persistence is enabled")
+				s.Require().NotNil(tmpVolume.Ephemeral, "should use a per-pod ephemeral volume when persistence is enabled")
 				s.Require().Nil(tmpVolume.EmptyDir, "should not use emptyDir when persistence is enabled")
-				s.Require().Equal("camunda-platform-test-webmodeler-data", tmpVolume.PersistentVolumeClaim.ClaimName)
+				s.Require().Nil(tmpVolume.PersistentVolumeClaim, "should not reference a shared PVC when persistence is enabled")
+				spec := tmpVolume.Ephemeral.VolumeClaimTemplate.Spec
+				s.Require().Equal("5Gi", spec.Resources.Requests.Storage().String())
+				s.Require().Equal(corev1.ReadWriteOnce, spec.AccessModes[0])
 			},
 		},
 		{
@@ -182,39 +185,10 @@ func (s *PersistenceTemplateTest) TestPersistenceConfiguration() {
 	}
 }
 
-func TestPVCManifestCreated(t *testing.T) {
-	t.Parallel()
-
-	chartPath, err := filepath.Abs("../../../")
-	require.NoError(t, err)
-
-	testCase := testhelpers.TestCase{
-		Name: "TestPVCManifestCreated",
-		Values: map[string]string{
-			"identity.enabled":   "true",
-			"webModeler.enabled": "true",
-			"camundaHub.webModeler.restapi.mail.fromAddress":   "test@test.com",
-			"camundaHub.webModeler.persistence.enabled":        "true",
-			"camundaHub.webModeler.persistence.size":           "5Gi",
-			"camundaHub.webModeler.persistence.accessModes[0]": "ReadWriteOnce",
-		},
-		Verifier: func(t *testing.T, output string, err error) {
-			var pvc corev1.PersistentVolumeClaim
-			helm.UnmarshalK8SYaml(t, output, &pvc)
-			require.Equal(t, "camunda-platform-test-webmodeler-data", pvc.Name)
-			require.Equal(t, "5Gi", pvc.Spec.Resources.Requests.Storage().String())
-			require.Equal(t, corev1.ReadWriteOnce, pvc.Spec.AccessModes[0])
-		},
-	}
-
-	testhelpers.RunTestCasesE(t, chartPath, "camunda-platform-test", "camunda-platform-webmodeler", []string{"templates/web-modeler/persistentvolumeclaim-restapi.yaml"}, []testhelpers.TestCase{testCase})
-}
-
 // TestDeploymentStrategyDefaultsToRollingUpdate asserts the default strategy
-// is RollingUpdate (preserves zero-downtime upgrade for users with RWX/
-// existingClaim setups). Users with chart-managed RWO PVCs hit a Multi-Attach
-// deadlock with RollingUpdate and must opt into "Recreate" — see
-// TestDeploymentStrategyRecreateOptIn.
+// is RollingUpdate. The restapi /tmp volume is a per-pod ephemeral volume, so
+// rollouts never contend for a shared RWO volume and zero-downtime RollingUpdate
+// is always safe.
 func TestDeploymentStrategyDefaultsToRollingUpdate(t *testing.T) {
 	t.Parallel()
 	chartPath, err := filepath.Abs("../../../")

charts/camunda-platform-8.10/test/unit/web-modeler/persistence_test.go

@@ -1026,7 +1026,7 @@
                                         "RollingUpdate",
                                         "Recreate"
                                     ],
-                                    "description": "update strategy for the restapi Deployment. Defaults to RollingUpdate (zero-downtime), which only works when the PVC supports concurrent attach (RWX storage, or accessModes including ReadWriteMany). For chart-managed PVCs on RWO storage, set to \"Recreate\" to avoid Multi-Attach deadlocks during helm upgrade (introduces brief downtime per upgrade).",
+                                    "description": "update strategy for the restapi Deployment. Defaults to RollingUpdate, which is always safe because the default chart-managed persistence path uses a per-pod ephemeral volume (no concurrent-attach contention). Set to \"Recreate\" only when using existingClaim with a ReadWriteOnce volume that cannot tolerate concurrent attach during a rollout (introduces brief downtime per upgrade).",
                                     "default": "RollingUpdate"
                                 }
                             }

charts/camunda-platform-8.10/values.schema.extra.json

@@ -2506,7 +2506,7 @@
                                         "RollingUpdate",
                                         "Recreate"
                                     ],
-                                    "description": "update strategy for the restapi Deployment. Defaults to RollingUpdate (zero-downtime), which only works when the PVC supports concurrent attach (RWX storage, or accessModes including ReadWriteMany). For chart-managed PVCs on RWO storage, set to \"Recreate\" to avoid Multi-Attach deadlocks during helm upgrade (introduces brief downtime per upgrade).",
+                                    "description": "update strategy for the restapi Deployment. Defaults to RollingUpdate, which is always safe because the default chart-managed persistence path uses a per-pod ephemeral volume (no concurrent-attach contention). Set to \"Recreate\" only when using existingClaim with a ReadWriteOnce volume that cannot tolerate concurrent attach during a rollout (introduces brief downtime per upgrade).",
                                     "default": "RollingUpdate"
                                 }
                             }
@@ -3577,7 +3577,7 @@
                         },
                         "deploymentStrategy": {
                             "type": "string",
-                            "description": "update strategy for the restapi Deployment. Defaults to RollingUpdate (zero-downtime), which only works when the PVC supports concurrent attach (RWX storage, or accessModes including ReadWriteMany). For chart-managed PVCs on RWO storage, set to \"Recreate\" to avoid Multi-Attach deadlocks during helm upgrade (introduces brief downtime per upgrade).",
+                            "description": "update strategy for the restapi Deployment. Defaults to RollingUpdate, which is always safe because the default chart-managed persistence path uses a per-pod ephemeral volume (no concurrent-attach contention). Set to \"Recreate\" only when using existingClaim with a ReadWriteOnce volume that cannot tolerate concurrent attach during a rollout (introduces brief downtime per upgrade).",
                             "default": "RollingUpdate",
                             "enum": [
                                 "RollingUpdate",