[ENHANCEMENT] Selectively configure the authentication for each component #863
Description
The helm charts currently do not allow for selective toggling of authentication for individual subcharts. In our example,
we don't expose zeebe(-gateway) outside the cluster and only use internal communication, plus the occasional port-forward to deploy processes or use zbctl. Hence, we do not use authentication nor TLS there.
However, we do expose Operate, but without identity, one is stuck with the default users in elasticsearch (demo/demo...) and can't use keycloak to define users. Enabling it allows to use keycloak, but will for example require a Bearer Token with zbctl.
Actual behavior:
The setting zeebe.gateway.security of zeebe gateway's application.yaml (line 147) is only exposed through the helm chart by the global setting global.identity.auth.enabled ( File gateway-deployment.yaml (line 74) ).
Expected behavior:
Possible to disable security on zeebe-gateway exlusively and use keycloak/identity on other products such as Operate, Tasklist, etc.
How to reproduce:
global.identity.auth.enabled=true,identity.enabled=true: Operate can be used with custom defined users in keycloak, gateway requires authenticationglobal.identity.auth.enabled=false,identity.enabled=true: Operate uses default users, gateway requires no authentication
Logs:
N/A
Environment:
- Platform: Self-Managed k8s
- Helm CLI version: v3.11.3
- Chart version: 8.2.12
- Values file: