feature(sm): extract oidc from ref arch #7906
Draft
+459
−735
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
leiicamundi
added
component:self-managed
Contributor
|
👋 🤖 🤔 Hello, @leiicamundi! Did you make your changes in all the right places? These files were changed only in docs/. You might want to duplicate these changes in versioned_docs/version-8.8/.
You may have done this intentionally, but we wanted to point it out in case you didn't. You can read more about the versioning within our docs in our documentation guidelines. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| @@ -0,0 +1,27 @@ | |||
| :::note Identity Provider (IdP) prerequisite | |||
| An OIDC-compatible identity provider (IdP) is required. This reference architecture does **not** include an IdP. You must configure your own before proceeding. Options include: | |||
| - **Keycloak via the Keycloak Operator**: See the [vendor-supported infrastructure guide](/self-managed/deployment/helm/configure/vendor-supported-infrastructure.md#keycloak-deployment) for installation steps and the corresponding Helm values overlay. | |||
Contributor
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
Suggested change
| - **Keycloak via the Keycloak Operator**: See the [vendor-supported infrastructure guide](/self-managed/deployment/helm/configure/vendor-supported-infrastructure.md#keycloak-deployment) for installation steps and the corresponding Helm values overlay. | |
| - **Keycloak via the Keycloak Operator**: See the [vendor-supported infrastructure guide](/self-managed/deployment/helm/configure/vendor-supported-infrastructure.md#keycloak-deployment) for installation steps and the corresponding Helm values overlay. |
| ``` | ||
|
|
||
| The overlay files are available in the [Keycloak operator-based directory](https://github.com/camunda/camunda-deployment-references/tree/main/generic/kubernetes/operator-based/keycloak). The identity secrets are created automatically by the Keycloak Operator. | ||
| </details> |
Contributor
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
Suggested change
| </details> | |
| </details> |
| <summary><strong>External OIDC provider</strong></summary> | ||
|
|
||
| To connect Camunda to an external OIDC provider, follow the dedicated guide: [Connect to an OIDC provider](/self-managed/components/management-identity/configuration/connect-to-an-oidc-provider.md). It covers client registration, Helm values configuration, and secret creation. | ||
| </details> |
Contributor
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
Suggested change
| </details> | |
| </details> |
Comment on lines
+12
to
+19
| import IdpPrerequisite from '../../_partials/_idp-prerequisite.md' | ||
| import NoDomainIdpChoice from '../../_partials/_no-domain-idp-choice.md' | ||
| import WhyNoIdp from '../../_partials/_why-no-idp.md' | ||
| import SingleNamespaceDeployment from '../../_partials/_single-namespace-deployment.md' | ||
| import NoDomainInfo from '../../_partials/_no-domain-info.md' | ||
| import HelmUpgradeNote from '../../_partials/_helm-upgrade-note.md' | ||
| import KubefwdTip from '../../_partials/_kubefwd-tip.md' | ||
| import PortForwardServices from '../../_partials/_port-forward-services.md' |
Contributor
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
Suggested change
| import IdpPrerequisite from '../../_partials/_idp-prerequisite.md' | |
| import NoDomainIdpChoice from '../../_partials/_no-domain-idp-choice.md' | |
| import WhyNoIdp from '../../_partials/_why-no-idp.md' | |
| import SingleNamespaceDeployment from '../../_partials/_single-namespace-deployment.md' | |
| import NoDomainInfo from '../../_partials/_no-domain-info.md' | |
| import HelmUpgradeNote from '../../_partials/_helm-upgrade-note.md' | |
| import KubefwdTip from '../../_partials/_kubefwd-tip.md' | |
| import PortForwardServices from '../../_partials/_port-forward-services.md' | |
| import IdpPrerequisite from '../../\_partials/\_idp-prerequisite.md' | |
| import NoDomainIdpChoice from '../../\_partials/\_no-domain-idp-choice.md' | |
| import WhyNoIdp from '../../\_partials/\_why-no-idp.md' | |
| import SingleNamespaceDeployment from '../../\_partials/\_single-namespace-deployment.md' | |
| import NoDomainInfo from '../../\_partials/\_no-domain-info.md' | |
| import HelmUpgradeNote from '../../\_partials/\_helm-upgrade-note.md' | |
| import KubefwdTip from '../../\_partials/\_kubefwd-tip.md' | |
| import PortForwardServices from '../../\_partials/\_port-forward-services.md' |
|
|
||
| :::important Database initialization prerequisite | ||
| If you are using an external Aurora PostgreSQL database, you must create the individual component databases (Identity, Web Modeler) before installing the Helm chart. This initialization step is covered in the infrastructure setup guides: | ||
| - **Terraform**: See [Configure the database and associated access](./terraform-setup.md#configure-the-database-and-associated-access) in the Terraform setup guide. |
Contributor
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
Suggested change
| - **Terraform**: See [Configure the database and associated access](./terraform-setup.md#configure-the-database-and-associated-access) in the Terraform setup guide. | |
| - **Terraform**: See [Configure the database and associated access](./terraform-setup.md#configure-the-database-and-associated-access) in the Terraform setup guide. |
Comment on lines
+12
to
+13
| import TerraformAwsAuth from '../../_partials/_terraform-aws-auth.md' | ||
| import TerraformS3Bucket from '../../_partials/_terraform-s3-bucket.md' |
Contributor
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
Suggested change
| import TerraformAwsAuth from '../../_partials/_terraform-aws-auth.md' | |
| import TerraformS3Bucket from '../../_partials/_terraform-s3-bucket.md' | |
| import TerraformAwsAuth from '../../\_partials/\_terraform-aws-auth.md' | |
| import TerraformS3Bucket from '../../\_partials/\_terraform-s3-bucket.md' |
Comment on lines
+12
to
+13
| import TerraformAwsAuth from '../../_partials/_terraform-aws-auth.md' | ||
| import TerraformS3Bucket from '../../_partials/_terraform-s3-bucket.md' |
Contributor
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
Suggested change
| import TerraformAwsAuth from '../../_partials/_terraform-aws-auth.md' | |
| import TerraformS3Bucket from '../../_partials/_terraform-s3-bucket.md' | |
| import TerraformAwsAuth from '../../\_partials/\_terraform-aws-auth.md' | |
| import TerraformS3Bucket from '../../\_partials/\_terraform-s3-bucket.md' |
Comment on lines
+10
to
+17
| import IdpPrerequisite from '../../_partials/_idp-prerequisite.md' | ||
| import NoDomainIdpChoice from '../../_partials/_no-domain-idp-choice.md' | ||
| import WhyNoIdp from '../../_partials/_why-no-idp.md' | ||
| import SingleNamespaceDeployment from '../../_partials/_single-namespace-deployment.md' | ||
| import NoDomainInfo from '../../_partials/_no-domain-info.md' | ||
| import HelmUpgradeNote from '../../_partials/_helm-upgrade-note.md' | ||
| import KubefwdTip from '../../_partials/_kubefwd-tip.md' | ||
| import PortForwardServices from '../../_partials/_port-forward-services.md' |
Contributor
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
Suggested change
| import IdpPrerequisite from '../../_partials/_idp-prerequisite.md' | |
| import NoDomainIdpChoice from '../../_partials/_no-domain-idp-choice.md' | |
| import WhyNoIdp from '../../_partials/_why-no-idp.md' | |
| import SingleNamespaceDeployment from '../../_partials/_single-namespace-deployment.md' | |
| import NoDomainInfo from '../../_partials/_no-domain-info.md' | |
| import HelmUpgradeNote from '../../_partials/_helm-upgrade-note.md' | |
| import KubefwdTip from '../../_partials/_kubefwd-tip.md' | |
| import PortForwardServices from '../../_partials/_port-forward-services.md' | |
| import IdpPrerequisite from '../../\_partials/\_idp-prerequisite.md' | |
| import NoDomainIdpChoice from '../../\_partials/\_no-domain-idp-choice.md' | |
| import WhyNoIdp from '../../\_partials/\_why-no-idp.md' | |
| import SingleNamespaceDeployment from '../../\_partials/\_single-namespace-deployment.md' | |
| import NoDomainInfo from '../../\_partials/\_no-domain-info.md' | |
| import HelmUpgradeNote from '../../\_partials/\_helm-upgrade-note.md' | |
| import KubefwdTip from '../../\_partials/\_kubefwd-tip.md' | |
| import PortForwardServices from '../../\_partials/\_port-forward-services.md' |
Comment on lines
+12
to
+19
| import IdpPrerequisite from '../_partials/_idp-prerequisite.md' | ||
| import NoDomainIdpChoice from '../_partials/_no-domain-idp-choice.md' | ||
| import WhyNoIdp from '../_partials/_why-no-idp.md' | ||
| import SingleNamespaceDeployment from '../_partials/_single-namespace-deployment.md' | ||
| import NoDomainInfo from '../_partials/_no-domain-info.md' | ||
| import HelmUpgradeNote from '../_partials/_helm-upgrade-note.md' | ||
| import KubefwdTip from '../_partials/_kubefwd-tip.md' | ||
| import PortForwardServices from '../_partials/_port-forward-services.md' |
Contributor
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
Suggested change
| import IdpPrerequisite from '../_partials/_idp-prerequisite.md' | |
| import NoDomainIdpChoice from '../_partials/_no-domain-idp-choice.md' | |
| import WhyNoIdp from '../_partials/_why-no-idp.md' | |
| import SingleNamespaceDeployment from '../_partials/_single-namespace-deployment.md' | |
| import NoDomainInfo from '../_partials/_no-domain-info.md' | |
| import HelmUpgradeNote from '../_partials/_helm-upgrade-note.md' | |
| import KubefwdTip from '../_partials/_kubefwd-tip.md' | |
| import PortForwardServices from '../_partials/_port-forward-services.md' | |
| import IdpPrerequisite from '../\_partials/\_idp-prerequisite.md' | |
| import NoDomainIdpChoice from '../\_partials/\_no-domain-idp-choice.md' | |
| import WhyNoIdp from '../\_partials/\_why-no-idp.md' | |
| import SingleNamespaceDeployment from '../\_partials/\_single-namespace-deployment.md' | |
| import NoDomainInfo from '../\_partials/\_no-domain-info.md' | |
| import HelmUpgradeNote from '../\_partials/\_helm-upgrade-note.md' | |
| import KubefwdTip from '../\_partials/\_kubefwd-tip.md' | |
| import PortForwardServices from '../\_partials/\_port-forward-services.md' |
| https://github.com/camunda/camunda-deployment-references/blob/main/generic/openshift/single-region/procedure/chart-env.sh | ||
| https://github.com/camunda/camunda-deployment-references/blob/feature/aws-cognito/generic/openshift/single-region/procedure/create-webmodeler-secret.sh | ||
| ``` | ||
| ::: |
Contributor
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
Suggested change
| ::: | |
| ::: |
Contributor
|
The preview environment relating to the commit 76e543e has successfully been deployed. You can access it at https://preview.docs.camunda.cloud/pr-7906/ |
Langleu
previously approved these changes
Feb 12, 2026
Member
Langleu
left a comment
Langleu
left a comment
There was a problem hiding this comment.
Generally cool idea from my side to de-duplicate common building blocks that we have to partials.
Didn't check things thoroughly as I assume you just outsourced and replaced those with the partials.
Checked some pages and they look correctly rendered.
Sure, some branch changes are in the PR that you would need to revert.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
WIP related to camunda/camunda-deployment-references#1630
When should this change go live?
bugorsupportlabel)available & undocumentedlabel)holdlabel)low priolabel)PR Checklist
{type}(scope): {description}commit message(s)/docsdirectory (version 8.9)./versioned_docsdirectory.@camunda/tech-writersunless working with an embedded writer.