Helm chart non-default components enabling
In the Camunda 8.8 Helm chart (version 13.x.x), only the Orchestration Cluster and Connectors are enabled by default. The rest of the applications are disabled, including Management Identity, Modeler, Console, and Optimize. This page explains how to configure these components and manage Connectors.
Management Identity
Check the authentication and authorization guide for steps of enabling Management Identity.
Web Modeler
To enable Web Modeler, configure the required values in the Helm chart. For the full list of options, see the Web Modeler Helm values.
- Set
webModeler.enabled: true(disabled by default). - Configure your SMTP server under
webModeler.restapi.mail. Web Modeler requires an SMTP server to send notification emails to users. - Configure the database connection. Web Modeler requires a PostgreSQL database for persistent storage. Other databases are not supported.
- Option 1: Set
webModelerPostgresql.enabled: trueto install a new PostgreSQL instance using the Bitnami PostgreSQL Helm chart. - Option 2: Set
webModelerPostgresql.enabled: falseand connect to an external PostgreSQL instance.
- Option 1: Set
We recommend specifying values in a YAML file and passing it to the helm install command.
Minimal configuration file:
webModeler:
enabled: true
restapi:
mail:
# Email address to be displayed as sender of emails from Web Modeler.
fromAddress: no-reply@example.com
smtpHost: smtp.example.com
smtpPort: 587
smtpUser: user
smtpPassword: secret
# Also, the key "webModeler.restapi.mail.smtpPassword" could be used,
# but it's not secure to save sensitive data in the values file.
secret:
existingSecret: "camunda-credentials-webmodeler"
existingSecretKey: "webmodeler-smtp-user-password"
webModelerPostgresql:
enabled: true
To connect Web Modeler to an external database, set webModelerPostgresql.enabled: false and provide values under webModeler.restapi.externalDatabase:
webModeler:
restapi:
externalDatabase:
url: jdbc:postgresql://postgres.example.com:5432/modeler-db
user: modeler-user
# Also, the key "webModeler.restapi.externalDatabase.password" could be used,
# but it's not secure to save sensitive data in the values file.
secret:
existingSecret: "camunda-credentials-webmodeler"
existingSecretKey: "webmodeler-postgresql-user-password"
webModelerPostgresql:
# Disables the PostgreSQL chart dependency.
enabled: false
For more details, see the Web Modeler Helm values.
Console
Console Self-Managed is disabled by default in the Camunda 8 Helm chart. To enable it, set console.enabled: true in the values file:
console:
enabled: true
For a full list of options, see the Console Helm values.
Console requires the Identity component for authentication. The Camunda Helm chart installs Identity by default. If you log in to Console using port-forward, you must also port-forward the Keycloak service:
kubectl port-forward svc/<RELEASE-NAME>-keycloak 18080:80
Alternatively, configure Identity with Ingress. See the Ingress setup guide.
Optimize
Optimize is disabled by default in the Camunda 8 Helm chart. To enable it, set optimize.enabled: true in a values file:
optimize:
enabled: true
For a full list of options, see the Optimize Helm values.
Connectors
The Connector runtime is enabled by default. To use connectors, install connector element templates. For details, see Manage connector templates in Web Modeler or Configuring templates in Desktop Modeler.
For the full list of options, see the Connectors Helm values.
Disable Connectors
To disable Connectors, set connectors.enabled: false when deploying the Helm chart.
Polling authentication mode
Connectors use the Operate API to fetch process definitions that contain inbound connectors. Depending on your Camunda architecture, choose one of the following values for the inbound.mode parameter:
disabled— Polling from Operate is disabled. The connector runtime supports only outbound interactions, such as HTTP REST calls.credentials— The connector runtime authenticates to the Operate API with basic HTTP authentication.oauth— (Recommended, and enabled by default) The connector runtime authenticates to the Operate API with OAuth 2.0. Camunda uses Keycloak as the default OAuth provider.