Enabling Web-Modeler in Self-Managed environment

atultewari · November 27, 2024, 5:55am

Hello,
We are trying to include web-modeler component as part of our Self-Managed cluster in GCP.

Is there a set of default values.yaml tags and env variables we need to include for the web-modeler? We used this for starters with no luck.

webModeler:
  contextPath: "/modeler"
  fullURL: "https://dev-camunda.abcdefg.dev/modeler"
  enabled: true
  replicas: 1
  restapi:
    mail:
      fromAddress: "noreply@abcdefg.com"

There are several dependent components to get web-modeler to work. And each of these components have several environment variables.

web app
modeler
rest
web sockets
postgres

Any insights on what values.yaml to choose?

Best regards,
Atul

cpbpm · November 27, 2024, 12:18pm

If you could tell specific variable, we can help you.

Web-Modeler needs database to store all the projects.

Are you using existing keycloak for your setup. Keycloak also needs postgres for storing the data.

atultewari · November 27, 2024, 12:46pm

Thanks for your response. All components are working, except web-modeler. These components are working as expected:

Keycloak with postgres
optimize
tasklist
operate
zeebe
zeebe-gateway
connectors
console

We have also deployed BPMNs and executed them successfully with several process instances.

The error we get is this when we try to enable WebModeler in our values.yaml; file. Strangely, 3 services are enabled but there are no deployments or pods for any of these:

camunda-web-modeler-webapp
camunda-web-modeler-websockets
camunda-web-modeler-restapi

 failed to create resource: Deployment.apps "camunda-web-modeler-restapi" is invalid: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name: Invalid value: "": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')

Any thoughts?

cpbpm · November 27, 2024, 1:05pm

As the error clearly states that your subdomain entry is invalid in the restapi setup. Source of the issue is on restapi configuration.

atultewari · November 27, 2024, 1:29pm

We have set no environment variables other than the license_key. This is all I have under webModeler. What domain are you referring to? Also, web-app appears to ignore license-key env variable

webModeler:
  contextPath: "/modeler"
  fullURL: "https://dev-camunda.abcdefg.dev/modeler"
  enabled: true
  replicas: 1
  restapi:
    mail:
      fromAddress: "noreply@abcdefg.com"
  env:
  # License
    - name: CAMUNDA_LICENSE_KEY
      value: |
        --------------- BEGIN CAMUNDA LICENSE KEY ---------------
        fake-license-key;
        customer = xxxxxxxxxxxxxxxx;
        expiryDate = 2025-02-10;
        cawemo = true;
        optimize = true;
        camundaBPM = true;
        ---------------  END CAMUNDA LICENSE KEY  ---------------

For web-modeler-webapp pod, I get License errors even if I have that setup above.

{"message":"Master started","timestamp":"2024-11-27T13:02:33.478Z","severity":"INFO","pid":1}
{"message":"Using configuration {\n \"ssl\": {\n \"enabled\": false\n },\n \"httpPort\": 8070,\n \"httpWorkers\": 2,\n \"managementSsl\": {\n \"enabled\": false\n },\n \"managementHttpPort\": 8071,\n \"shutdownTimeout\": 5000,\n \"maintenanceMode\": false,\n \"camundaCloudBaseDomain\": \"example.com\",\n \"server\": {\n \"httpsOnly\": true,\n \"redirectHosts\": false,\n \"host\": \"localhost\",\n \"url\": \"https://dev-camunda.abcdefg.dev/modeler\",\n \"additionalRedirectHosts\": [],\n \"additionalDestinationHosts\": [],\n \"basePath\": \"/modeler\"\n },\n \"log\": {\n \"levelClient\": \"WARN\",\n \"levelWebapp\": \"INFO\"\n },\n \"restapi\": {\n \"sslEnabled\": false,\n \"host\": \"camunda-web-modeler-restapi\",\n \"port\": 80,\n \"managementSslEnabled\": false,\n \"managementPort\": 8091,\n \"requestTimeout\": 30000,\n \"requestSizeLimitBytes\": 3145728\n },\n \"oAuth2\": {\n \"clientId\": \"web-modeler\",\n \"type\": \"keycloak\",\n \"token\": {\n \"audience\": \"web-modeler-api\",\n \"issuer\": \"https://dev-camunda.abcdefg.dev/auth/realms/camunda-platform\",\n \"jwksUrl\": \"http://camunda-keycloak:80/auth/realms/camunda-platform/protocol/openid-connect/certs\"\n },\n \"m2m\": {\n \"connectorsApi\": {\n \"audience\": \"audience\",\n \"scope\": \"scope\"\n },\n \"operateApi\": {\n \"audience\": \"audience\"\n },\n \"tasklistApi\": {\n \"audience\": \"audience\"\n }\n }\n },\n \"pusher\": {\n \"appId\": \"web-modeler\",\n \"key\": \"erCk0ICoFfXruiEU13bc\",\n \"secret\": \"*****\",\n \"host\": \"camunda-web-modeler-websockets\",\n \"port\": \"80\"\n },\n \"client\": {\n \"pusher\": {\n \"key\": \"erCk0ICoFfXruiEU13bc\",\n \"host\": \"localhost\",\n \"port\": \"8085\",\n \"path\": \"/\",\n \"forceTLS\": false\n },\n \"sentry\": {\n \"enabled\": false,\n \"key\": \"*****\",\n \"environment\": \"dev\"\n }\n },\n \"mixpanel\": {\n \"enabled\": false,\n \"apiHost\": \"https://api-eu.mixpanel.com\",\n \"stage\": \"dev\",\n \"token\": \"token\"\n },\n \"play\": {\n \"enabled\": true\n },\n \"osano\": {\n \"token\": \"token\"\n },\n \"appcues\": {\n \"enabled\": true\n },\n \"sentry\": {\n \"enabled\": false,\n \"key\": \"*****\",\n \"environment\": \"dev\"\n },\n \"openai\": {\n \"apiKey\": \"*****\"\n },\n \"features\": {\n \"assetRefreshEnabled\": true,\n \"trackTopbarEnabled\": true,\n \"modelingTrackingEnabled\": true\n },\n \"identity\": {\n \"baseUrl\": \"http://camunda-identity:80/identity\"\n },\n \"zeebe\": {\n \"bpmnDeploymentEnabled\": true,\n \"dmnDeploymentEnabled\": true\n },\n \"importResources\": {\n \"maxCountOfFiles\": 20,\n \"maxAllowedSize\": 3145728\n },\n \"marketplace\": {\n \"enabled\": true,\n \"apiBaseUrl\": \"https://marketplace.cloud.camunda.io/api/v1\"\n },\n \"targetEnv\": \"dev\",\n \"statsig\": {\n \"enabled\": false,\n \"sdkKey\": \"sdkKey\"\n },\n \"license\": {\n \"isValid\": false\n }\n}","timestamp":"2024-11-27T13:02:33.480Z","severity":"INFO","pid":1}
{"message":"Master setting up 2 worker(s)...","timestamp":"2024-11-27T13:02:33.492Z","severity":"INFO","pid":1}
{"message":"Management server listening on port 8071","timestamp":"2024-11-27T13:02:33.510Z","severity":"INFO","pid":1}
{"message":"Worker 13 is online","timestamp":"2024-11-27T13:02:33.607Z","severity":"INFO","pid":1}
{"message":"Worker 14 is online","timestamp":"2024-11-27T13:02:33.719Z","severity":"INFO","pid":1}
{"message":"CAMUNDA_LICENSE_KEY is not set","timestamp":"2024-11-27T13:02:36.911Z","severity":"ERROR","pid":13}
{"message":"Worker started","timestamp":"2024-11-27T13:02:36.969Z","severity":"INFO","pid":13}
{"message":"CAMUNDA_LICENSE_KEY is not set","timestamp":"2024-11-27T13:02:37.180Z","severity":"ERROR","pid":14}

Are we missing and environment variable to set this domain name? And why is the license key not getting picked up through the values.yaml?

cpbpm · November 27, 2024, 1:35pm

Please make sure that you have purchased license to use web-modeler along with your other modules… From the license-key, web-modeler is not listed and hence it’s showing camunda_license_key is not set.

atultewari · November 27, 2024, 2:04pm

Thanks again. We are working on getting a valid license. However, we still the same error even though our webModeler section in values.yaml has the correct domain

webModeler:
  enabled: true
  contextPath: "/modeler"
  fullURL: "https://dev-camunda.abcdefg.dev/modeler"
  # replicas: 1
  service:
    annotations:
      cloud.google.com/neg: '{"ingress": true}' # Creates a NEG after an Ingress is created
      cloud.google.com/backend-config: '{"default": "camunda-hc-modeler"}' # Attach the backend config to the service
  postgresql:
    enabled: true
  restapi:
    mail:
      smtpHost: smtp.abcdefg.dev
      smtpPort: 587
      smtpUser: user
      smtpPassword: xxxxxx
      # Email address to be displayed as sender of emails from Web Modeler
      fromAddress: no-reply@abcdefg.dev

The error is:

Error: INSTALLATION FAILED: 1 error occurred:
	* Deployment.apps "camunda-web-modeler-restapi" is invalid: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name: Invalid value: "": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')

What domain is it refering to? Is there another environment variable for restapi to be set?

Thanks,
Atul

deepakkapoor23 · February 22, 2025, 1:07am

Hello @atultewari @cpbpm What was the resolution here? I am stuck on the same error and everything looks right to me in the helm params for webModeler.restapi

cpbpm · February 22, 2025, 1:34am

What version are you using? Are you using Self Managed? What kind of error are you getting

deepakkapoor23 · February 22, 2025, 1:38am

self managed local k8s. helm chart version 11.2.1

exact same error:

Deployment.apps "camunda-platform-web-modeler-restapi" is invalid: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name: Invalid value: ""

atultewari · February 23, 2025, 2:04pm

Hello Deepak,
We ended up using the entire helm values file for the web-modeler-api. See GitHub - camunda/camunda-platform-helm: Camunda Platform 8 Self-Managed Helm charts for 8.6 We were unable to get our custom values working, and so we use the values.yaml from under 8.6 with our env values.

Hope this helps!

Thanks,
Atul

deepakkapoor23 · February 24, 2025, 2:00am

Thanks @atultewari I looked at the values in 8.6 helm chart as well but still can’t tell what’s wrong. I guess its trying to validate the fromAddress value.

github.com

camunda/camunda-platform-helm/blob/99d399d9877b1eea3754428e365c699572e0c5b1/charts/camunda-platform-8.6/values.yaml#L2826


      
            ## @param webModeler.restapi.mail.smtpPassword can be used to provide a password for the SMTP server; ignored if `webModeler.restapi.mail.existingSecret` is set
            smtpPassword: ""
            ## @param webModeler.restapi.mail.smtpTlsEnabled if true, enforces TLS encryption for SMTP connections (using STARTTLS)
            smtpTlsEnabled: true
            ## @param webModeler.restapi.mail.existingSecret can be used to provide the name of an existing secret resource containing the SMTP password
            existingSecret:
            ## @param webModeler.restapi.mail.existingSecretPasswordKey can be used to provide the name of an existing secret key containing the SMTP password
            existingSecretPasswordKey: "smtp-password"
            ## @param webModeler.restapi.mail.fromAddress defines the email address that will be displayed as the sender of emails sent by WebModeler
            # NOTE: This value is mandatory.
            fromAddress: ""
            ## @param webModeler.restapi.mail.fromName defines the name that will be displayed as the sender of emails sent by WebModeler
            fromName: "Camunda 8"
          
          ## @param webModeler.restapi.podAnnotations can be used to define extra restapi pod annotations
          podAnnotations: {}
          ## @param webModeler.restapi.podLabels can be used to define extra restapi pod labels
          podLabels: {}
          
          ## @param webModeler.restapi.env can be used to set extra environment variables in each restapi container
          env: []

GotnOGuts · February 24, 2025, 5:14pm

This error is saying that the Secret Key Reference is not valid because it’s null.

I’m not a helm user, so I can’t really guide you on how to fix it,

lxlx · April 17, 2025, 2:12pm

maybe someone else gets here how I did
( search for camunda and valueFrom.secretKeyRef.name )

key-naming is a mess, so here’s a working version for C8.7 and Keycloak.
( # lines are wrong and just for reference how not to do it )

identityKeycloak:
  enabled: true
  auth:
    adminUser: admin
    existingSecret: keycloak-admin-secret
      #   name: WRONG-LEVEL
    existingSecretKey: admin-password
  postgresql:
    enabled: true
    auth:
      existingSecret: keycloak-postgresql-secret
      #   name: WRONG-LEVEL
      secretKeys:
        userPasswordKey: postgresql-password
      # existingSecretKey: WRONG-NAME