Skip to content

[ISSUE] Connecting to existing Keycloak does not match documentation #2130

New issue
New issue
Open
Open
[ISSUE] Connecting to existing Keycloak does not match documentation#2130
Labels
kind/issueUnidentified issue, it could be a bug, misconfig, or anything in betweenpossibly-outdatedFor github issues over a year old
@ManuelDittmar

Description

@ManuelDittmar
ManuelDittmar
opened on Jul 16, 2024

Describe the issue:

Identity can be configured to connect to an existing realm, without the need to use the admin-cli in master realm. https://docs.camunda.io/docs/self-managed/identity/user-guide/configuration/connect-to-an-existing-keycloak/

Setting IDENTITY_CLIENT_ID and IDENTITY_CLIENT_SECRET allows me to use a created client to apply the starting configuration. The helm chart enforces to provide an admin user:

global:
  identity:
    keycloak:
      auth:
        adminUser: "dummy"
        existingSecret: "keycloak"
        existingSecretKey: "admin-password"

Actual behavior:

If I don't provide the adminuser + secret in identity pod:

  Warning  Failed     5s (x4 over 30s)  kubelet            Error: secret "camunda-keycloak" not found

Expected behavior:

If I don't provide an admin user and i am connecting to an external Keycloak, only clientID and clientSecret are required. No need to provide a dummy user.

How to reproduce:

it*s required to set

 - name: IDENTITY_CLIENT_ID
    value: camunda-identity
  - name: IDENTITY_CLIENT_SECRET
    value: zWUXZ7vURI9cM0LHopcWmcpNBq1tsBNC

to disable the 'setup' mechanism in camunda-identity

global:
  multitenancy:
    enabled: true
  ingress:
    enabled: true
    className: nginx
    host: "example.de"
    tls:
      enabled: true
      secretName: camunda-tls
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      ingress.kubernetes.io/rewrite-target: "/"
      nginx.ingress.kubernetes.io/ssl-redirect: "false"
  identity:
    keycloak:
      url: 
        protocol: "https"
        host: "keycloak.example.de"
        port: "443"
      contextPath: "/"
      realm: "/realms/camunda-platform"
  #    auth:
   #     adminUser: "dummy"
   #     existingSecret: "keycloak"
   #     existingSecretKey: "admin-password"
    auth:
      publicIssuerUrl: "https://keycloak.example.de/realms/camunda-platform"
      operate:
        redirectUrl: "https://example.de/operate"
      tasklist:
        redirectUrl: "https://example.de/tasklist"
      optimize:
        redirectUrl: "https://example.de/optimize"

identity:
  contextPath: "/identity"
  env:
  - name: IDENTITY_CLIENT_ID
    value: camunda-identity
  - name: IDENTITY_CLIENT_SECRET
    value: zWUXZ7vURI9cM0LHopcWmcpNBq1tsBNC

identityKeycloak:
  enabled: false

identityPostgresql:
  enabled: true

operate:
  contextPath: "/operate"

optimize:
  contextPath: "/optimize"

tasklist:
  contextPath: "/tasklist"

Logs:

Environment:

Please note: Without the following info, it's hard to resolve the issue and probably it will be closed.

  • Platform: GCP
  • Helm CLI version: version.BuildInfo{Version:"v3.15.3", GitCommit:"3bb50bbbdd9c946ba9989fbe4fb4104766302a64", GitTreeState:"clean", GoVersion:"go1.22.5"}
  • Chart version: 10.2.0
  • Values file: see above

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/issueUnidentified issue, it could be a bug, misconfig, or anything in betweenpossibly-outdatedFor github issues over a year old

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions