Skip to content

[ISSUE] Using external keycloak #2435

New issue
New issue
Open
Open
[ISSUE] Using external keycloak#2435
Labels
kind/issueUnidentified issue, it could be a bug, misconfig, or anything in betweenpossibly-outdatedFor github issues over a year old
@jlett1990

Description

@jlett1990
jlett1990
opened on Oct 6, 2024

Describe the issue:

Can't get external Keycloak to work with existing values.

Actual behavior:

Identity can't connect to keycloak.

Expected behavior:

Using the global identity.keycloak section would configure keycloak.

How to reproduce:

  global:
    identity:
      auth:
        # Disable the Identity authentication for local development
        # it will fall back to basic-auth: demo/demo as default user
        enabled: false
      keycloak:
        url:
          protocol: http
          host: keycloak-linux
          port: 8080
        realm: "camunda-platform"
        auth:
          adminUser: test
          existingSecret: keycloak-password
          existingSecretKey: password

I believe this section of the identity deployment.yaml should be updated, I don't actually see these in the values.yaml. Sorry if I'm mistaken.

            - name: KEYCLOAK_URL
              value: {{ include "identity.keycloak.url" . | quote }}
            - name: KEYCLOAK_SETUP_USER
              value: {{ include "identity.keycloak.authAdminUser" . | quote }}
            - name: KEYCLOAK_SETUP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "identity.keycloak.authExistingSecret" . }}
                  key: {{ include "identity.keycloak.authExistingSecretKey" . }}

Logs:

Environment:

Please note: Without the following info, it's hard to resolve the issue and probably it will be closed.

  • Platform: Docker Desktop]
  • Helm CLI version: v3.15.3
  • Chart version: Latest
  • Values file: Below

camunda-platform:
  global:
    identity:
      auth:
        # Disable the Identity authentication for local development
        # it will fall back to basic-auth: demo/demo as default user
        enabled: false
      keycloak:
        url:
          protocol: http
          host: mcm-keycloak-linux
          port: 8080
        realm: "camunda-platform"
        auth:
          adminUser: test
          existingSecret: keycloak-password
          existingSecretKey: password

    ingress:
      enabled: true
      className: nginx
      host: "camunda.local"

  # Disable identity as part of the Camunda core
  identity:
    enabled: true
    firstUser:
      enabled: true
      username: test
      password: test

  # Disable keycloak
  identityKeycloak:
    enabled: false

  optimize:
    enabled: false

  operate:
    contextPath: "/operate"
  tasklist:
    contextPath: "/tasklist"

  # Reduce for Zeebe and Gateway the configured replicas and with that the required resources
  # to get it running locally
  zeebe:

    connectors:
      inbound:
        enabled: true
      outbound:
        enabled: true
    clusterSize: 1
    partitionCount: 1
    replicationFactor: 1
    pvcSize: 10Gi

  zeebeGateway:
    ingress:
      enabled: true
      className: nginx
      host: "zeebe.camunda.local"
    replicas: 1

    inbound:
      mode: disabled

  elasticsearch:
    master:
      replicaCount: 1
      # Request smaller persistent volumes.
      persistence:
        size: 15Gi

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/issueUnidentified issue, it could be a bug, misconfig, or anything in betweenpossibly-outdatedFor github issues over a year old

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions