camunda

Chainguard Container for camunda

Camunda is a scalable platform for process orchestration and automation

Chainguard Containers are regularly-updated, secure-by-default container images.

Download this Container Image

For those with access, this container image is available on cgr.dev:

docker pull cgr.dev/ORGANIZATION/camunda:latest

Be sure to replace the ORGANIZATION placeholder with the name used for your organization's private repository within the Chainguard Registry.

Compatibility Notes

The camunda image is compatible with Helm Chart 13.x (Camunda 8.8.x) and later.

Starting with Helm chart 13.x, Camunda introduced a unified orchestration image. Earlier chart versions use a separate Zeebe-based image.

Chainguard provides images for both deployment models:

• camunda-zeebe for Helm chart 12.x and earlier (Camunda 8.7.x and older)
• camunda for Helm chart 13.x and later (Camunda 8.8.x and newer)

Warning about logs

While testing this image, some ERROR logs may appear that originate from the Camunda application itself. By default, Camunda writes logs to the container filesystem under /usr/local/camunda/logs, which is not recommended for production use. Instead, disable filesystem logging and configure a logging driver to collect logs or emit them to stdout. For details, refer to the related upstream issue in the Camunda Helm chart repository.

Getting Started

This section shows how to deploy Camunda 8 to a Kubernetes cluster using the official Helm chart and the Chainguard camunda image.

Prerequisites

To follow these examples, you will need:

• A Kubernetes cluster
• kubectl
• helm

Deploying with Helm

Add the Camunda Helm repository and update your local index:

helm repo add camunda https://helm.camunda.io
helm repo update

Create a values.yaml file to override the orchestration image with the Chainguard image:

cat > values.yaml <<EOF
orchestration:
  image:
    registry: cgr.dev
    repository: ORGANIZATION/camunda
    tag: latest
EOF

Replace the ORGANIZATION placeholder with the name of your organization’s private repository in the Chainguard registry.

Camunda provides both a quick install guide and a production install guide with additional configuration options.

Install Camunda using the values file:

helm install camunda-platform camunda/camunda-platform \
  --version <chart-version> \
  -f values.yaml

To determine which Helm chart versions are compatible with a given Camunda image tag, refer to the Camunda Helm chart compatibility matrix.

Verifying the Deployment

Once the installation completes, verify that the pods are running:

kubectl get pods

NAME                                  READY   STATUS    RESTARTS   AGE
camunda-connectors-75fdbcc648-bd7sg   1/1     Running   0          2m
camunda-elasticsearch-master-0        1/1     Running   0          2m
camunda-zeebe-0                       1/1     Running   0          2m

If you are deploying Camunda locally, you can use port-forwarding to access the Camunda service:

kubectl port-forward svc/camunda-platform 8080:8080

With port-forwarding in place, you can verify connectivity to the orchestration API:

curl http://localhost:8080/v2/topology

You can also access the Camunda web interface in your browser at:

http://localhost:8080

Documentation and Resources

For more detailed deployment options, configuration guidance, and usage examples, refer to the following resources:

• Camunda Documentation
• Camunda GitHub Repository
• Camunda Helm Chart

What are Chainguard Containers?

Chainguard's free tier of Starter container images are built with Wolfi, our minimal Linux undistro.

All other Chainguard Containers are built with Chainguard OS, Chainguard's minimal Linux operating system designed to produce container images that meet the requirements of a more secure software supply chain.

The main features of Chainguard Containers include:

• Minimal design, without unnecessary software bloat
• Daily builds to ensure container images are up-to-date with available security patches
• High quality build-time SBOMs attesting to the provenance of all artifacts within the image
• Verifiable signatures provided by Sigstore
• Reproducible builds with Cosign and apko (read more about reproducibility)

For cases where you need container images with shells and package managers to build or debug, most Chainguard Containers come paired with a development, or -dev, variant.

In all other cases, including Chainguard Containers tagged as :latest or with a specific version number, the container images include only an open-source application and its runtime dependencies. These minimal container images typically do not contain a shell or package manager.

Although the -dev container image variants have similar security features as their more minimal versions, they include additional software that is typically not necessary in production environments. We recommend using multi-stage builds to copy artifacts from the -dev variant into a more minimal production image.

Need additional packages?

To improve security, Chainguard Containers include only essential dependencies. Need more packages? Chainguard customers can use Custom Assembly to add packages, either through the Console, chainctl, or API.

To use Custom Assembly in the Chainguard Console: navigate to the image you'd like to customize in your Organization's list of images, and click on the Customize image button at the top of the page.

Learn More

Refer to our Chainguard Containers documentation on Chainguard Academy. Chainguard also offers VMs and Libraries — contact us for access.

Trademarks

This software listing is packaged by Chainguard. The trademarks set forth in this offering are owned by their respective companies, and use of them does not imply any affiliation, sponsorship, or endorsement by such companies.