From 645ba911695b62b25cee21495597dfa11fdcb397 Mon Sep 17 00:00:00 2001 From: Kochetkov S Date: Thu, 9 Apr 2026 16:44:32 +0300 Subject: [PATCH] add camunda --- .../infrastructure/kustomization.yaml | 7 + .../infrastructure/patches/camunda.yaml | 301 ++++++++++++++++++ infrastructure/camunda/base/helmrelease.yaml | 27 ++ .../camunda/base/kustomization.yaml | 6 + infrastructure/camunda/base/namespace.yaml | 6 + infrastructure/camunda/kustomization.yaml | 4 + infrastructure/kustomization.yaml | 1 + 7 files changed, 352 insertions(+) create mode 100644 clusters/yc-k8s-test/infrastructure/patches/camunda.yaml create mode 100644 infrastructure/camunda/base/helmrelease.yaml create mode 100644 infrastructure/camunda/base/kustomization.yaml create mode 100644 infrastructure/camunda/base/namespace.yaml create mode 100644 infrastructure/camunda/kustomization.yaml diff --git a/clusters/yc-k8s-test/infrastructure/kustomization.yaml b/clusters/yc-k8s-test/infrastructure/kustomization.yaml index 6083c10..35bddf6 100644 --- a/clusters/yc-k8s-test/infrastructure/kustomization.yaml +++ b/clusters/yc-k8s-test/infrastructure/kustomization.yaml @@ -92,3 +92,10 @@ patches: kind: HelmRelease name: redis namespace: redis + - path: ./patches/camunda.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: camunda + namespace: camunda diff --git a/clusters/yc-k8s-test/infrastructure/patches/camunda.yaml b/clusters/yc-k8s-test/infrastructure/patches/camunda.yaml new file mode 100644 index 0000000..3d934d9 --- /dev/null +++ b/clusters/yc-k8s-test/infrastructure/patches/camunda.yaml @@ -0,0 +1,301 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: camunda + namespace: camunda +spec: + interval: 5m + timeout: 15m + values: + global: + identity: + auth: + publicIssuerUrl: "https://camunda-keycloak.contour.infra.sarex.tech/auth/realms/camunda-platform" + identity: + redirectUrl: "https://camunda-identity.contour.infra.sarex.tech" + operate: + redirectUrl: "https://camunda-operate.contour.infra.sarex.tech" + tasklist: + redirectUrl: "https://camunda-tasklist.contour.infra.sarex.tech" + optimize: + redirectUrl: "https://camunda-optimize.contour.infra.sarex.tech" + webModeler: + redirectUrl: "https://camunda-web-modeler.contour.infra.sarex.tech" + console: + redirectUrl: "https://camunda-console.contour.infra.sarex.tech" + virtualService: + keycloak: + annotations: {} + labels: {} + name: keycloak-virt-service + gateways: + - istio-system/camunda-gateway + hosts: + - camunda-keycloak.contour.infra.sarex.tech + http: + - match: + - uri: + prefix: /auth/ + route: + - destination: + host: camunda-keycloak + port: + number: 80 + operate: + annotations: {} + labels: {} + name: operate-virt-service + gateways: + - istio-system/camunda-gateway + hosts: + - camunda-operate.contour.infra.sarex.tech + http: + - match: + - uri: + prefix: / + route: + - destination: + host: camunda-operate + port: + number: 80 + identity: + annotations: {} + labels: {} + name: identity-virt-service + gateways: + - istio-system/camunda-gateway + hosts: + - camunda-identity.contour.infra.sarex.tech + http: + - match: + - uri: + prefix: / + route: + - destination: + host: camunda-identity + port: + number: 80 + tasklist: + annotations: {} + labels: {} + name: tasklist-virt-service + gateways: + - istio-system/camunda-gateway + hosts: + - camunda-tasklist.contour.infra.sarex.tech + http: + - match: + - uri: + prefix: / + route: + - destination: + host: camunda-tasklist + port: + number: 80 + optimize: + annotations: {} + labels: {} + name: optimize-virt-service + gateways: + - istio-system/camunda-gateway + hosts: + - camunda-optimize.contour.infra.sarex.tech + http: + - match: + - uri: + prefix: / + route: + - destination: + host: camunda-optimize + port: + number: 80 + console: + annotations: {} + labels: {} + name: console-virt-service + gateways: + - istio-system/camunda-gateway + hosts: + - camunda-console.contour.infra.sarex.tech + http: + - match: + - uri: + prefix: / + route: + - destination: + host: camunda-console + port: + number: 80 + gateway: + camunda: + name: camunda-gateway + namespace: istio-system + selector: + istio: ingressgateway + servers: + - hosts: + - camunda-keycloak.contour.infra.sarex.tech + port: + name: keycloak-https-443 + number: 443 + protocol: HTTPS + tls: + credentialName: camunda-keycloak-tls + mode: SIMPLE + - hosts: + - camunda-keycloak.contour.infra.sarex.tech + port: + name: keycloak-http-80 + number: 80 + protocol: HTTP + - hosts: + - camunda-operate.contour.infra.sarex.tech + port: + name: operate-https-443 + number: 443 + protocol: HTTPS + tls: + credentialName: camunda-operate-tls + mode: SIMPLE + - hosts: + - camunda-operate.contour.infra.sarex.tech + port: + name: operate-http-80 + number: 80 + protocol: HTTP + - hosts: + - camunda-identity.contour.infra.sarex.tech + port: + name: identity-https-443 + number: 443 + protocol: HTTPS + tls: + credentialName: camunda-identity-tls + mode: SIMPLE + - hosts: + - camunda-identity.contour.infra.sarex.tech + port: + name: identity-http-80 + number: 80 + protocol: HTTP + - hosts: + - camunda-tasklist.contour.infra.sarex.tech + port: + name: tasklist-https-443 + number: 443 + protocol: HTTPS + tls: + credentialName: camunda-tasklist-tls + mode: SIMPLE + - hosts: + - camunda-tasklist.contour.infra.sarex.tech + port: + name: tasklist-http-80 + number: 80 + protocol: HTTP + - hosts: + - camunda-optimize.contour.infra.sarex.tech + port: + name: optimize-https-443 + number: 443 + protocol: HTTPS + tls: + credentialName: camunda-optimize-tls + mode: SIMPLE + - hosts: + - camunda-optimize.contour.infra.sarex.tech + port: + name: optimize-http-80 + number: 80 + protocol: HTTP + - hosts: + - camunda-console.contour.infra.sarex.tech + port: + name: console-https-443 + number: 443 + protocol: HTTPS + tls: + credentialName: camunda-console-tls + mode: SIMPLE + - hosts: + - camunda-console.contour.infra.sarex.tech + port: + name: console-http-80 + number: 80 + protocol: HTTP + identityPostgresql: + primary: + persistence: + size: 10Gi + storageClass: local-path + identityKeycloak: + global: + storageClass: local-path + nodeSelector: {} + tolerations: [] + postgresql: + primary: + persistence: + size: 10Gi + storageClass: local-path + postgresql: + primary: + persistence: + size: 10Gi + storageClass: local-path + elasticsearch: + master: + persistence: + size: 10Gi + storageClass: local-path + nodeSelector: {} + tolerations: [] + metrics: + enabled: false + serviceMonitor: + enabled: false + prometheusRule: + enabled: false + nodeSelector: {} + tolerations: [] + camundaCanary: + enabled: false + prometheusServiceMonitor: + enabled: false + console: + nodeSelector: {} + tolerations: [] + zeebe: + nodeSelector: {} + tolerations: [] + zeebeGateway: + nodeSelector: {} + tolerations: [] + operate: + nodeSelector: {} + tolerations: [] + tasklist: + nodeSelector: {} + tolerations: [] + optimize: + nodeSelector: {} + tolerations: [] + executionIdentity: + nodeSelector: {} + tolerations: [] + identity: + nodeSelector: {} + tolerations: [] + webModeler: + restapi: + nodeSelector: {} + tolerations: [] + webapp: + nodeSelector: {} + tolerations: [] + websockets: + nodeSelector: {} + tolerations: [] + connectors: + nodeSelector: {} + tolerations: [] diff --git a/infrastructure/camunda/base/helmrelease.yaml b/infrastructure/camunda/base/helmrelease.yaml new file mode 100644 index 0000000..0599c2a --- /dev/null +++ b/infrastructure/camunda/base/helmrelease.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: camunda + namespace: camunda +spec: + interval: 10m + dependsOn: + - name: istio-base + namespace: istio-system + - name: istiod + namespace: istio-system + chart: + spec: + chart: camunda-contour + version: "11.0.4" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + interval: 10m + install: + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 diff --git a/infrastructure/camunda/base/kustomization.yaml b/infrastructure/camunda/base/kustomization.yaml new file mode 100644 index 0000000..2c662f6 --- /dev/null +++ b/infrastructure/camunda/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: camunda +resources: + - namespace.yaml + - helmrelease.yaml diff --git a/infrastructure/camunda/base/namespace.yaml b/infrastructure/camunda/base/namespace.yaml new file mode 100644 index 0000000..5029883 --- /dev/null +++ b/infrastructure/camunda/base/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: camunda + labels: + istio-injection: enabled diff --git a/infrastructure/camunda/kustomization.yaml b/infrastructure/camunda/kustomization.yaml new file mode 100644 index 0000000..3c2f51f --- /dev/null +++ b/infrastructure/camunda/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./base diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml index 4b37f77..2190819 100644 --- a/infrastructure/kustomization.yaml +++ b/infrastructure/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - camunda - cert-manager - dashboard - kafka