docs: update OpenShift guide for operator-based infrastructure#7968
docs: update OpenShift guide for operator-based infrastructure#7968leiicamundi wants to merge 15 commits intomainfrom
Conversation
leiicamundi
added
hold
|
👋 🤖 🤔 Hello, @leiicamundi! Did you make your changes in all the right places? These files were changed only in docs/. You might want to duplicate these changes in versioned_docs/version-8.8/.
You may have done this intentionally, but we wanted to point it out in case you didn't. You can read more about the versioning within our docs in our documentation guidelines. |
Update the Red Hat OpenShift deployment guide to reflect the migration from Bitnami Helm subcharts to Kubernetes operators (ECK, CNPG, Keycloak Operator) for infrastructure services. Changes: - Add architecture section describing operator-based infrastructure - Add 'Deploy prerequisite services' section with ECK, CNPG, and Keycloak Operator deployment instructions - Add operator overlay merge sections (camunda-elastic-values, camunda-keycloak-values, camunda-identity-values, camunda-webmodeler-values) using yq deep merge - Remove embedded Elasticsearch from base values - Align terminology with operator-based-infrastructure.md (PR #7904) - Point file preview links to feat/ocp-single-region-to-operators branch (to revert to main before merging) Ref: camunda/camunda-deployment-references#1872
- Add 'Obtain a copy of the reference architecture' section with get-your-copy.sh - Add 'Environment setup' section with 0-set-environment.sh - Replace bash reference to full deploy.sh scripts with simple cd + ./deploy.sh commands - Keep details blocks for YAML operator configurations
- Copy base.yml instead of 'creating' values.yml (repo is already cloned) - Use subshells (cd ... && ./deploy.sh) to preserve cwd at repo root - Add 'Working directory' admonition explaining the convention
- Replace all DOMAIN_NAME references with CAMUNDA_DOMAIN - Update Keycloak service name to keycloak-service (operator-managed) - Update Keycloak port from 8080 to 18080 - Update Architecture section (remove Keycloak from core components) - Use generic IdP wording instead of Keycloak-specific - Update Desktop Modeler OAuth Token URL description - Add TODO for partial imports when PR #7906 merges
leiicamundi
force-pushed
the
feature/update-rosa-operators
branch
from
9cc8561 to
833c280
Compare
# Conflicts: # docs/self-managed/deployment/helm/cloud-providers/openshift/redhat-openshift.md
…ters/elasticsearch-exporter.md
There was a problem hiding this comment.
Pull request overview
This PR updates the Red Hat OpenShift deployment guide to reflect the migration from Bitnami Helm subcharts to Kubernetes operators for infrastructure services (Elasticsearch, PostgreSQL, and Keycloak). This aligns the OpenShift guide with the new operator-based infrastructure approach introduced in Camunda 8.9 and documented in PR #7904.
Changes:
- Adds comprehensive operator-based infrastructure deployment instructions including ECK for Elasticsearch, CloudNativePG for PostgreSQL, and Keycloak Operator for identity management
- Introduces yq-based deep merge workflow for combining Helm value overlays (base, routes, domain, SCC, and operator configurations)
- Restructures deployment flow to deploy infrastructure operators before Camunda Helm chart installation
- Includes YAML indentation corrections in elasticsearch-exporter.md and minor whitespace cleanup in other files
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| docs/self-managed/deployment/helm/cloud-providers/openshift/redhat-openshift.md | Complete overhaul to use operator-based infrastructure: adds architecture overview, environment setup, prerequisite services deployment (Elasticsearch, PostgreSQL, Keycloak), operator overlay merging instructions, and updated Keycloak localhost configuration for no-domain deployments |
| docs/self-managed/deployment/helm/configure/ingress/accessing-components-without-ingress.md | Removes extra blank line for formatting cleanup |
| docs/self-managed/deployment/helm/configure/enable-additional-components.md | Removes extra blank line for formatting cleanup |
| docs/self-managed/components/orchestration-cluster/zeebe/exporters/elasticsearch-exporter.md | Corrects YAML indentation in configuration examples from inconsistent spacing to proper 2-space indentation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| Infrastructure components are deployed using **official Kubernetes operators** as described in [Deploy infrastructure with Kubernetes operators](/self-managed/deployment/helm/configure/operator-based-infrastructure.md): | ||
|
|
||
| - **[Elasticsearch with ECK](#deploy-elasticsearch)**: Deployed via [Elastic Cloud on Kubernetes](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html) for secondary storage | ||
| - **[PostgreSQL with CloudNativePG](#deploy-postgresql)**: Deployed via [CloudNativePG](https://cloudnative-pg.io/) for Identity and Web Modeler databases |
There was a problem hiding this comment.
The architecture section lists Elasticsearch and PostgreSQL as infrastructure components deployed with operators, but Keycloak is not mentioned here despite being listed in the prerequisites (line 41) and having its own deployment section later. Consider adding Keycloak to this list with a note that it's optional, to maintain consistency with the operator-based-infrastructure.md guide which lists all three components in its infrastructure components table. This would help readers understand the full scope of operator-based infrastructure from the start.
| - **[PostgreSQL with CloudNativePG](#deploy-postgresql)**: Deployed via [CloudNativePG](https://cloudnative-pg.io/) for Identity and Web Modeler databases | |
| - **[PostgreSQL with CloudNativePG](#deploy-postgresql)**: Deployed via [CloudNativePG](https://cloudnative-pg.io/) for Identity and Web Modeler databases | |
| - **[Keycloak](#deploy-keycloak) (optional)**: Deployed via a Keycloak operator as an identity provider for Single Sign-On (SSO) |
| 1. Configure all other applications running inside the cluster and connecting to the Zeebe Gateway to also use TLS. | ||
|
|
||
| <!--Intended space left for not breaking the build!--> | ||
| 1. Set up the global configuration to enable the single Ingress definition with the host. Merge the domain overlay: | ||
|
|
||
| ```bash | ||
| yq '. *+ load("generic/openshift/single-region/helm-values/domain.yml")' values.yml > values-merged.yml && mv values-merged.yml values.yml | ||
| ``` | ||
|
|
||
| <details> | ||
| <summary>Review the domain configuration</summary> | ||
|
|
||
| ```yaml reference | ||
| https://github.com/camunda/camunda-deployment-references/blob/main/generic/openshift/single-region/helm-values/domain.yml | ||
| ``` | ||
|
|
||
| </details> |
There was a problem hiding this comment.
These two nested list items under "Connectors" don't appear to be connector-specific configuration steps. Item 1 ("Configure all other applications...") is a general TLS configuration note, and item 2 ("Set up the global configuration...") is about domain configuration that applies to all components. Consider either:
- Moving these as separate top-level numbered items (3 and 4) after the Connectors section, or
- Rewording to clarify how these steps specifically relate to Connectors configuration
This would improve the logical flow and make it clearer that these are general deployment steps rather than connector-specific configuration.
|
The preview environment relating to the commit e0dca81 has successfully been deployed. You can access it at https://preview.docs.camunda.cloud/pr-7968/ |
2 participants
Update the Red Hat OpenShift deployment guide to reflect the migration from Bitnami Helm subcharts to Kubernetes operators (ECK, CNPG, Keycloak Operator) for infrastructure services.
Changes:
Ref: camunda/camunda-deployment-references#1872
Description
When should this change go live?
bugorsupportlabel)available & undocumentedlabel)holdlabel)low priolabel)PR Checklist
{type}(scope): {description}commit message(s)/docsdirectory (version 8.9)./versioned_docsdirectory.@camunda/tech-writersunless working with an embedded writer.