I have set up Camunda 8 on an Azure Kubernetes (AKS) cluster by following the instructions given in the wonderful blog post Using Helm and Kubernetes to deploy Camunda 8 by @Hafflgav.
Thanks to @Zelldon who helped me resolve some issues concerning the ingress usage (see forum post 38364), Camunda is up and running now.
However, at the moment, only basic security is available as I have not yet managed to get Keycloak properly configured so that it could be used. Whenever I try to install the full Camunda 8 Helm package including Identity and Optimize (which depends on Identity), a few pods fail to start up after the installation. I can see in the logs that the pod belonging to the Keycloak StatefulSet shows a ReadinessProbe failure. Without Keycloak, the Identity deployment does not work either and Optimize cannot run without Identity.
Unfortunately, I do not (yet) understand how Identity and Keycloak correlate in the Camunda setup and how Keycloak would need to be reconfigured to make it work. @Hafflgav mentioned in his blog post a port-forward at port 18080 but obviously, this specific port cannot be exposed via the ingress controller that I use. What service(s) do I need to expose to enable Identity? Are special ports or paths required?
Can anyone explain me in brief how a valid setup is supposed to look like? I would love to understand how the Keycloak-based access management is integrated into the Camunda architecture on Kubernetes and what that means for the involved Kubernetes resources and their respective interaction. I could not find much documentation, so any help is highly appreciated!