I have tried to deploy Camunda Platform 8 using Helm Chart (https://artifacthub.io/packages/helm/camunda-platform/camunda-platform) but am unable to use ingress or load balancer IP for identity service as it redirects to localohost:18080 for keycloak and there is no option for changing localhost:18080 to ingress ip in helm chart. So please suggest how to deploy camunda platform 8 on production on Kubernetes, mainly GKE.
Asked
Active
Viewed 797 times
2 Answers
2
Like any helm chart you can overwrite the configuration values via separate (custom) values.yaml file. The exact entry for your yaml file will be
global:
identity.auth.publicIssuerUrl: *yourcustomtokenissuerendpoint*
More details on helm global variables and how to use/override can be found here https://helm.sh/docs/chart_template_guide/subcharts_and_globals/#global-chart-values
Vanitha Kumar
- 186
- 7
0
In case that helps: You can configure URLs like this:
global:
image:
tag: 8.0.0
identity:
auth:
publicIssuerUrl: "https://camundakeycloak.my.cluster/auth/realms/camunda-platform"
operate:
existingSecret: camunda8-operate-identity-secret
redirectUrl: "https://operate.my.cluster"
optimize:
existingSecret: camunda8-optimize-identity-secret
redirectUrl: "https://optimize.my.cluster"
tasklist:
existingSecret: camunda8-tasklist-identity-secret
redirectUrl: "https://tasklist.my.cluster"
identity:
ingress:
enabled: true
host: identity.my.cluster
tls:
enabled: true
secretName: "my-tls-secret"
operate:
ingress:
enabled: true
host: operate.my.cluster
tls:
enabled: true
secretName: "my-tls-secret"
optimize:
ingress:
enabled: true
host: optimize.my.cluster
tls:
enabled: true
secretName: "my-tls-secret"
tasklist:
ingress:
enabled: true
host: tasklist.my.cluster
tls:
enabled: true
secretName: "my-tls-secret"
But this will work up to the point where Keycloak writes the redirect url for the camunda-identity client, which is generated with http instead of https.
Frank
- 741
- 1
- 10
- 24