Launching Camunda BPM on Kubernetes

Using Kubernetes? Ready to move your Camunda BPM instances from VMs, or just try running them on Kubernetes? Let's take a look at some common configurations and individual elements that can be tailored to your specific needs.

This assumes you have used Kubernetes before. If not, why not take a look at the manual and start your first cluster?

Authors

• Alastair Firth - Senior Site Reliability Engineer on Camunda Cloud Team;
• Lars Lange is a DevOps Engineer at Camunda.

In short:

git clone https://github.com/camunda-cloud/camunda-examples.git

cd camunda-examples/camunda-bpm-demo

make skaffold



Ok, it probably didn't work, since you don't have skaffold and kustomize installed. Well then read on!

What is Camunda BPM

Camunda BPM is an open source business process management and decision automation platform that connects business users and software developers. It's perfect for coordinating and connecting people, (micro) services or even bots! You can read more about the different use cases here .

Why use Kubernetes

Kubernetes - Linux. , . API-, Kubernetes , : , . 2020 6 , , , ( Linux). , .

Camunda BPM Engine , , Kubernetes , , ( ).

, Prometheus, Grafana, Loki, Fluentd Elasticsearch, . , Prometheus Java (JVM).

, Docker- Camunda BPM (github), Kubernetes.

1. ;
2. ;
3. ;
4. .

.

: Enterprise? .

Skaffold Docker Google Cloud Build. ( Kustomize Helm), CI , . skaffold.yaml.tmpl Google Cloud Build GKE, .

make skaffold Dockerfile Cloud Build, GCR, . , make skaffold, Skaffold .

yaml Kubernetes kustomize yaml , git pull --rebase . kubectl .

envsubst GCP * .yaml.tmpl. , makefile .

• Kubernetes
• Kustomize
• Skaffold — docker GKE
• Envsubst

kustomize skaffold, generated-manifest.yaml .

Prometheus Kubernetes. , AWS Cloudwatch Metrics, Cloudwatch Alerts, Stackdriver Metrics, StatsD, Datadog, Nagios, vSphere Metrics . . Grafana — , . prometheus-operator.

Prometheus <service>/metrics, sidecar- . , JMX JVM, sidecar- . jmx_exporter Prometheus JVM, , /metrics .

Prometheus jmx_exporter

-- images/camunda-bpm/Dockerfile

FROM camunda/camunda-bpm-platform:tomcat-7.11.0



## Add prometheus exporter

RUN wget https://repo1.maven.org/maven2/io/prometheus/jmx/

jmx_prometheus_javaagent/0.11.0/jmx_prometheus_javaagent-0.11.0.jar -P lib/

#9404 is the reserved prometheus-jmx port

ENV CATALINA_OPTS -javaagent:lib/

jmx_prometheus_javaagent-0.11.0.jar=9404:/etc/config/prometheus-jmx.yaml



, . tomcat Prometheus <svc>:9404/metrics

, prometheus-jmx.yaml? , JVM, tomcat — , . tomcat, wildfly, kafka . tomcat ConfigMap Kubernetes, .

-, platform/config/

platform/config

└── prometheus-jmx.yaml



ConfigMapGenerator kustomization.yaml.tmpl:

-- platform/kustomization.yaml.tmpl

apiVersion: kustomize.config.k8s.io/v1beta1

kind: Kustomization

[...]

configMapGenerator:

- name: config

files:

- config/prometheus-jmx.yaml



files[] ConfigMap. ConfigMapGenerators , , . Deployment, «» VolumeMount.

, ConfigMap :

-- platform/deployment.yaml

apiVersion: apps/v1

kind: Deployment

[...]

spec:

template:

spec:

[...]

volumes:

- name: config

configMap:

name: config

defaultMode: 0744

containers:

- name: camunda-bpm

volumeMounts:

- mountPath: /etc/config/

name: config

[...]



. Prometheus , , , , . Prometheus Operator service-monitor.yaml . Service-monitor.yaml, operator design ServiceMonitorSpec .

, ConfigMapGenerator, /etc/config. . . subPath . xml- xmlstarlet sed. .

! stdout, , kubectl logs. Fluentd ( GKE) Elasticsearch, Loki . jsonify , logback.

H2. , Google Cloud SQL Cloud SQL Proxy — . , . AWS RDS .

, H2, platform/deploy.yaml. :

-- platform/deployment.yaml

apiVersion: apps/v1

kind: Deployment

[...]

spec:

template:

spec:

[...]

containers:

- name: camunda-bpm

env:

- name: DB_DRIVER

value: org.postgresql.Driver

- name: DB_URL

value: jdbc:postgresql://postgres-proxy.db:5432/process-engine

- name: DB_USERNAME

valueFrom:

secretKeyRef:

name: cambpm-db-credentials

key: db_username

- name: DB_PASSWORD

valueFrom:

secretKeyRef:

name: cambpm-db-credentials

key: db_password

[...]



: Kustomize : .

: valueFrom: secretKeyRef. , Kubernetes , .

, Kubernetes. , : KMS , K8S CD- — MozillaSOPS — Kustomize. , dotGPG — : HashiCorp Vault, Kustomize Secret Value Plugins.

Ingress

, Ingress Controller. ingress-nginx (Helm chart) , , , ingress-patch.yaml.tmpl platform/ingress.yaml. ingress-nginx nginx ingress class , DNS DNS, — . Ingress Controller DNS .

TLS

cert-manager kube-lego letsencrypt — . , ingress-patch.yaml.tmpl .

!

, make skaffold HOSTNAME=<you.example.com> <hostname>/camunda

URL-, localhost: kubectl port-forward -n camunda-bpm-demo svc/camunda-bpm 8080:8080 localhost:8080/camunda

, tomcat . Cert-manager . — , , kubetail, kubectl:

kubectl logs -n camunda-bpm-demo $(kubectl get pods -o=name -n camunda-bpm-demo) -f



Camunda BPM, Kubernetes, , REST API . , JWT. configmaps xml, xmlstarlet (. ) , wget, init .

, Camunda BPM JVM, , , sticky sessions (, ingress-nginx), , , Max-Age cookie. Session Manager Tomcat. , - :

wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/

2.3.2/memcached-session-manager-2.3.2.jar -P lib/ && \

wget http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc9/

2.3.2/memcached-session-manager-tc9-2.3.2.jar -P lib/ && \



sed -i '/^<\/Context>/i \

<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager" \

memcachedNodes="redis://redis-proxy.db:22121" \

sticky="false" \

sessionBackupAsync="false" \

storageKeyPrefix="context" \

lockingMode="auto" \

/>' conf/context.xml



: xmlstarlet sed

twemproxy Google Cloud Memorystore, memcached-session-manager ( Redis) .

, ( ) Camunda BPM . « ». intialSize settings.xml. HorizontalPodAutoscaler (HPA) .

platform/deployment.yaml , . HPA, . kustomize. . ingress-patch.yaml.tmpl ./kustomization.yaml.tmpl

So we installed Camunda BPM on Kubernetes with Prometheus metrics, logs, H2 database, TLS and Ingress. We have added jar and config files using ConfigMaps and Dockerfile. We talked about communicating with volumes and directly into environment variables from secrets. In addition, provided an overview of Camunda setup for multiple replicas and authenticated API.

Links

github.com/camunda-cloud/camunda-examples/camunda-bpm-kubernetes

│

├── generated-manifest.yaml <- manifest for use without kustomize

├── images

│ └── camunda-bpm

│ └── Dockerfile <- overlay docker image

├── ingress-patch.yaml.tmpl <- site-specific ingress configuration

├── kustomization.yaml.tmpl <- main Kustomization

├── Makefile <- make targets

├── namespace.yaml

├── platform

│ ├── config

│ │ └── prometheus-jmx.yaml <- prometheus exporter config file

│ ├── deployment.yaml <- main deployment

│ ├── ingress.yaml

│ ├── kustomization.yaml <- "base" kustomization

│ ├── service-monitor.yaml <- example prometheus-operator config

│ └── service.yaml

└── skaffold.yaml.tmpl <- skaffold directives



08/05/2020, translation of the article by Alastair Firth, Lars Lange