Initial draft of identity docs #5133
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| --- | ||
| id: configuration | ||
| title: "Configuration" | ||
| description: "Learn about the Identity configuration options available in your Orchestration cluster." | ||
| --- | ||
|
|
||
| import Tabs from '@theme/Tabs'; | ||
| import TabItem from '@theme/TabItem'; | ||
|
|
||
| As a Spring Boot application, Identity supports any standard | ||
| [Spring configuration](https://docs.spring.io/spring-boot/reference/features/external-config.html) method. | ||
|
|
||
| <!-- updates must be made to BOTH tables --> | ||
| <Tabs> | ||
|
There was a problem hiding this comment. ❓ what is the default config we want to refer to here? Because this differs by distribution, whether it's c8run or helm, based on the second tab it seems helm? I can then provide the actual defaults next. Some like There was a problem hiding this comment. I see in installation we refer to this as reference from a c8run perspective, I woudl thus suggest to have tabs by distribution c8run and helm. I would omit the ENV variable tab and instead extend the spring boot note by the fact that all properties can be provided as environment variables too, like we do in other places of the docs like here https://docs.camunda.io/docs/next/self-managed/zeebe-deployment/configuration/environment-variables/#environment-variables-for-configuration There was a problem hiding this comment. Ideally I think this guide should reflect Helm (and other production-ready distributions when ready) and not C8Run at all, as C8Run is unique, not for production, and its configuration requirements are largely handled on its own page. I assume that other production-ready distributions, when available, would reflect the same defaults as Helm? We've historically had difficulty with users converting from Helm config to environment variables, and the docs team has discussed listing them out separately as we can - @akeller do you have any input here? My thinking was to start having this available for Docker and other distributions down the line, to prevent our docs from being as Helm-biased a they are now. (Edit: Recognizing that Helm isn't ready for prod, either - but it will be!) There was a problem hiding this comment. My current understanding is C8Run is for onboarding and non-production use cases to get up and running as quickly as possible (and maybe even, ideally, with no configuration?). Since we prioritize the Java Spring dev during onboarding, leading with the Spring configuration makes sense. Once we start talking about production distributions, things are a bit unclear to me - what's our happy path or recommendation when it comes to config? Default config feels like a PM decision and I would defer to @FarkasRabai and/or @theburi. I do think we need to be super explicit about Helm config vs. environment variables vs. properties and not expect our users to do the mapping themselves and add 🤞 hope this helps. LMK if there if anything else I can clarify. |
||
| <TabItem value="env" label="Environment variables" default> | ||
|
|
||
| | Environment variable | Description | Default value | | ||
|
There was a problem hiding this comment. 💭 These variables are applicable to all components in the orchestration cluster so I think we need to find a central home for these. As per @megglos suggestion I wonder if we can create a new area for the Core components? It may be that its more important to just get this in place regardless and then adjust as we go, happy to align off PR. There was a problem hiding this comment. Followed up on the related issue, but I think ideally we move forward with this iteration, and then make additional Core-related changes in subsequent PRs: https://github.com/camunda/documentation-team/issues/465#issuecomment-2701824081 There was a problem hiding this comment. In favor of having this as a first increment too. |
||
| | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ------------------- | | ||
| | `SPRING_PROFILES_ACTIVE` | **Note:** This property will be deprecated as additional authentication methods become available. | `consolidated-auth` | | ||
| | `CAMUNDA_SECURITY_AUTHENTICATION_METHOD` | The authentication method to use. | `basic` | | ||
| | `CAMUNDA_SECURITY_AUTHENTICATION_UNAUTHENTICATED-API` | If the API is enabled without authentication. | `true` | | ||
| | `CAMUNDA_PERSISTENT_SESSIONS_ENABLED` | Enables shared authentication between the Orchestration web applications (Operate and Tasklist). | `true` | | ||
| | `CAMUNDA_SECURITY_AUTHORIZATIONS_ENABLED` | If authorizations are enabled. | `true` | | ||
| | `CAMUNDA_SECURITY_INITIALIZATION_USERS[0]_USERNAME` | The username of the first user. | `demo` | | ||
conceptualshark marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| | `CAMUNDA_SECURITY_INITIALIZATION_USERS[0]_PASSWORD` | The password of the first user. | `demo` | | ||
| | `CAMUNDA_SECURITY_INITIALIZATION_USERS[0]_NAME` | The name of the first user. | Demo | | ||
| | `CAMUNDA_SECURITY_INITIALIZATION_USERS[0]_EMAIL` | The email address of the first user. | `demo@demo.com` | | ||
|
|
||
| </TabItem> | ||
| <TabItem value="helm" label="Helm properties" default> | ||
|
|
||
| | Helm property | Description | Default value | | ||
| | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ------------------- | | ||
| | `spring.profiles.active` | **Note:** This property will be deprecated as additional authentication methods become available. | `consolidated-auth` | | ||
| | `camunda.security.authentication.method` | The authentication method to use. | `basic` | | ||
| | `camunda.security.authentication.unauthenticated-api` | If the API is enabled without authentication. | `true` | | ||
| | `camunda.persistent.sessions.enabled` | Enables shared authentication between the Orchestration web applications (Operate and Tasklist). | `true` | | ||
| | `camunda.security.authorizations.enabled` | If authorizations are enabled. | `true` | | ||
| | `camunda.security.initialization.users[0].username` | The username of the first user. | `demo` | | ||
| | `camunda.security.initialization.users[0].password` | The password of the first user. | `demo` | | ||
| | `camunda.security.initialization.users[0].name` | The name of the first user. | `Demo` | | ||
| | `camunda.security.initialization.users[0].email` | The email address of the first user. | `demo@demo.com` | | ||
|
|
||
| </TabItem> | ||
| </Tabs> | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| --- | ||
| id: installation | ||
conceptualshark marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| title: Installation | ||
conceptualshark marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| description: "Learn how Identity is bundled with your default Orchestration cluster." | ||
| --- | ||
|
|
||
| Identity is included by default with the deployment of any [Orchestration cluster](/self-managed/reference-architecture/reference-architecture.md#orchestration-cluster). Within an Orchestration cluster, Identity provides unified, cluster-level identity management and authorizations. | ||
|
|
||
| Identity for Orchestration clusters is available via [Helm install](/self-managed/setup/install.md), and for local development via [Camunda 8 Run](/self-managed/setup/deploy/local/c8run.md). | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔧 effectively Identity is part of the Camunda 8 application, I would thus keep this statement general with regards to Camunda 8 as spring boot application.