Camunda 8 selfhosted fails in kubernetes

I have created a kubenetes cluster as a managed service on Scaleway, with camunda helm chart
The pods are mapped to 10.x.x.x addresses.
It seams that keycloak uses 100.x.x.x address instead of 10.x.x.x to get the readiness status, so the pods fail to start

I there a way to solve this issue ?
Thanks for your help

@Camunda : can you provide some help for me ? FYI this is an important feature related to a large project for one of me customers. Reply would be appreciated. Thanks

Hi,
we had same issue until we understand that identity pod is not in same net as the keycloak. For keycloak it isn’t a local net. So you have to setup a tls encrytion to communicate from identity to keycloak or you configure keycloak so that it accept a none tls connection.
If you don’t use an ingress controller then this is the way to configure:

1. kubectl get secrets -n camunda camunda-keycloak -o=jsonpath=‘{.data.admin-password}’|base64 --decode;echo
2. kubectl exec -it -n camunda camunda-keycloak-0
3. /opt/bitnami/keycloak/bin
4. ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --config /tmp/kcadm.config
5. ./kcadm.sh update realms/master -s sslRequired=NONE
6. Restart Identity Pod
7. ./kcadm.sh update realms/camunda-platform -s sslRequired=NONE --config /tmp/kcadm.config
8. Restart Identity Pod
   Then Identity Pod is coming up and the other comunda pods.
   But this not a secure solution it is a dirty one.
   If you have the posibillity to use MS EntraID or you want use it anyway then you don’t need the Keycloak anymore since Camunda 8.4

@jrh.koenig Sorry to interupt the conversation.
Could you please provide the values yaml regarding to ENTRA?
I would like to move from Keycloak to Entra. Do you have any example/reference for it?

Thanks a lot

Hi,
here are the official description from Camunda how to do it:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.