[ISSUE] Make Optional Database and SMTP passwords for WebModeler Deployment

[leiicamundi]

Describe the issue:

When deploying Camunda 8.6 on an EKS cluster with IRSA and enabling the WebModeler (which is disabled by default), certain configurations are required, such as a existingSecret for the database and an SMTP configuration (email + password).

This restriction applies not only to IRSA-enabled deployments but also to standard deployments without a database password or SMTP server configured.

Allowing these parameters to be optional would provide more flexibility in deployment.

• database password should not be mandatory
• email should not be mandatory
• smtp password should not be mandatory

Actual behavior:

The WebModeler component fails to deploy unless a existingSecret is provided for the database password and an SMTP configuration is set, even if these settings aren't necessary for certain setups.

Expected behavior:

Deployment of WebModeler should succeed without requiring existingSecret for the database or SMTP configuration, making these parameters optional for deployments where they are not needed.

How to reproduce:

1. Deploy Camunda 8.6 on an EKS cluster with IRSA.
2. Enable the WebModeler by setting webModeler.enabled: true.
3. Attempt to deploy without specifying the database existingSecret or SMTP configuration.
4. Observe that the deployment fails due to missing required configurations.

Configuration:

webModeler:
  enabled: true # by default, WebModeler is not enabled

  serviceAccount:
    name: webmodeler-sa
    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::<account-id>:role/<role-name>

  restapi:
    externalDatabase:
      url: jdbc:aws-wrapper:postgresql://<database-endpoint>:5432/<database-name>?wrapperPlugins=iam
      user: <database-user>
      existingSecret: <existing-secret-name> # this fake password reference is needed to let the chart deploy WebModeler
      existingSecretPasswordKey: password
    env:
      - name: SPRING_DATASOURCE_DRIVER_CLASS_NAME
        value: software.amazon.jdbc.Driver
    mail:
      existingSecret: <existing-secret-name> # reference to SMTP password
      fromAddress: changeme@example.com # change this required value

Additional Context:

The requirement for a database existingSecret is detailed in the Camunda Helm chart templates, as shown in

camunda-platform-helm/charts/camunda-platform-8.6/templates/web-modeler/deployment-restapi.yaml

Line 44 in cdc6b70

- name: SPRING_DATASOURCE_PASSWORD

.

Logs:

Environment:

• Platform: AWS EKS with IRSA enabled
• Helm CLI version:
• Chart version:
• Values file:

[jessesimpson36]

I'm cleaning out old github issues and this one came up as it's greater than 1 year old.

I validated that the issue is still relevant for newer versions, however, I don't think customers care about this issue, as we have had no traffic on it and no support tickets related to it for over a year (even longer if you consider the earliest version of web modeler requires the fromAddress).

Closing as wontfix

[leiicamundi]

The reason why:

I don't think customers care about this issue, as we have had no traffic on it and no support tickets related to it for over a year (even longer if you consider the earliest version of web modeler requires the fromAddress).

Is because we integrated the workaround in the documentation. It does not means that the problem is solved.