Camunda 8.8 Self Managed Enterprise

Hello Camunda Team,

Can you advise on the below ask.

We are planning to install Camunda 8.8 self managed enterprise version on AWS. do we need to pull the images from registry.camunda.cloud for elasticsearch , identity, os-shell image as well. Not directly from the open source docker images?

From the Camunda Helm chart, do we need to refer specific values.yaml for the self managed enterprise. if you can provide valid steps for enterprise would be great.

For Camunda 8.8 Self-Managed Enterprise on AWS, you should use the enterprise images from registry.camunda.cloud for Elasticsearch, Identity, and os-shell components rather than open source Docker images, and there is a specific values-enterprise.yaml file for enterprise deployments. I found the following relevant resources:

• Install Bitnami enterprise images
• Install Camunda for production with Helm
• Install Camunda 8 on an EKS cluster
• Air-gapped installation guide
• Helm chart parameters

Does this help? If not, can anyone from the community jump in?

Hints: Use the Ask AI feature in Camunda’s documentation to chat with AI and get fast help. Report bugs and features in Camuda’s GitHub issue tracker. Trust the process.

Thanks, I am specifically looking for AKS with Entra ID integration as well. just i need to pass values-enterprise.yaml alone, or anyother values.yaml should i use for other set of parameters.

Any updates pl

Hi @Preethis,

Great questions. Here’s the breakdown:

1. Docker images

There are two categories of images to consider:

• Camunda component images (Zeebe, Connectors, Identity, etc.): These are pulled from Docker Hub (camunda/*). No special enterprise registry is needed for these.
• Infrastructure images (Elasticsearch, PostgreSQL, Keycloak — deployed via Bitnami subcharts): By default, the Helm chart uses open-source Bitnami images, which are fine for development and testing. For production, as an Enterprise customer you have access to Bitnami Premium images via registry.camunda.cloud, which receive timely security patches.

2. Enterprise values file

Yes, Camunda provides a values-enterprise.yaml that configures the chart to use the Bitnami Premium images. To use it:

First, create a registry secret with your Enterprise credentials:

kubectl create secret docker-registry registry-camunda-cloud \
  --docker-server=registry.camunda.cloud \
  --docker-username=<your-username> \
  --docker-password=<your-password> \
  --docker-email=unused@example.com

Then include the enterprise values file during installation:

helm install camunda camunda/camunda-platform --version $HELM_CHART_VERSION \
  --values https://raw.githubusercontent.com/camunda/camunda-platform-helm/main/charts/camunda-platform-8.8/values-enterprise.yaml

Full details here: Install Bitnami enterprise images

3. AWS deployment

Since you’re deploying on AWS, I recommend following the reference architecture guide for EKS:
Install Camunda 8 on an EKS cluster

Important note for production: Starting with Camunda 8.8, Bitnami subcharts (Elasticsearch, PostgreSQL, Keycloak) are primarily intended for development and testing. For production, Camunda recommends using managed services (e.g., Amazon OpenSearch, Amazon RDS for PostgreSQL) or operator-based deployments. The EKS guide above covers this approach.

4. Values files and Entra ID setup

Which values files do you need?

There is no single monolithic values file that covers everything. You combine multiple values files and --set overrides depending on your setup. Here’s how it works for your case:

1. values-enterprise.yaml — This only configures the chart to use Bitnami Premium images (Elasticsearch, PostgreSQL, Keycloak) from registry.camunda.cloud. It does not configure Entra ID or any cloud-provider-specific settings.
2. Your own custom values.yaml — You will need to create your own values file (or use --set flags) for everything else: ingress, database endpoints, Entra ID configuration, etc.

Entra ID integration

Entra ID integration is not part of the AKS reference architecture and there is no pre-built values file for it. It is a separate configuration step that you apply on top of the base installation.

Follow this dedicated guide to configure it:
Set up the Helm chart with an external Microsoft Entra tenant

This guide walks you through:

• Creating the required app registrations in Entra ID (one per Camunda component)
• Creating Kubernetes secrets for the client credentials
• Configuring each component’s OIDC settings via Helm values
• A full configuration example you can adapt

In summary, your Helm install will look something like:

helm install camunda camunda/camunda-platform --version $HELM_CHART_VERSION -–values values-enterprise.yaml --values your-custom-values.yaml

Where your-custom-values.yaml contains the Entra ID OIDC configuration (from the guide above), plus any AKS-specific settings (ingress, external database endpoints, etc.). For the AKS-specific deployment steps, refer to: (Install Camunda 8 on an AKS cluster | Camunda 8 Docs)

For the AKS-specific deployment steps, refer to:
Install Camunda 8 on an AKS cluster

Hope this helps! Let us know if you have further questions.