Camunda k8s ingress

Camunda 7 Topics Discussion & Questions
1

Hello,

We are using the following docker image: camunda/camunda-bpm-platform:run-7.15.0

We are deploying camunda in a k8s cluster and using it without any problem, my issue is related to the ingress to reach the engine.

When i enable the ingress to reach camunda using this ingress

---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: camunda-ingress
  namespace: NAMESPACE
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
spec:
  tls:
  - hosts:
    - APP-URL
    secretName: tls-secret
  rules:
    - host: APP-URL
      http:
        paths:
        - path: /
          backend:
            serviceName: camunda
            servicePort: 8443
...

it returns the following message:

Bad Request
This combination of host and port requires TLS.

I used this code the ingress in the past without any issue at all, but now it is not working, and i tested on 3 different clusters with the same exact result.

This is the svc and the deployment:

---
kind: Service
apiVersion: v1
metadata:
  name: camunda
  namespace: %%NAMESPACE%%
spec:
  ports:
  - port: 8443
    name: https-camunda-8443
  selector:
    app: camunda
  clusterIP: None
...
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: camunda
  namespace: %%NAMESPACE%%
  annotations:
    app.kubernetes.io/name: %%NAMESPACE%%-camunda
spec:
  replicas: 1
  selector:
    matchLabels:
      app: camunda
  template:
    metadata:
      labels:
        app: camunda
    spec:
      serviceAccountName: camunda-sa
      containers:
      - name: camunda
        image: "%%DOCKERREPO%%/bpm:run-7.15.0"
        imagePullPolicy: Always
        ports:
        - containerPort: 8443
          name: camunda
        workingDir: /camunda
        command:
        - /bin/sh
        - -c
        args:
        - |
          ./camunda.sh --production;
        env:
        - name: CAM_DB_USER
          valueFrom:
            secretKeyRef:
              name: camunda-db-secret
              key: username
        - name: CAM_DB_PASS
          valueFrom:
            secretKeyRef:
              name: camunda-db-secret
              key: password
        - name: SPRING_DATASOURCE_DRIVER_CLASS_NAME
          value: com.mysql.cj.jdbc.Driver
        - name: SPRING_DATASOURCE_USERNAME
          valueFrom:
            secretKeyRef:
              name: somekeys
              key: username
        - name: SPRING_DATASOURCE_PASSWORD
          valueFrom:
            secretKeyRef:
              name: somekeys
              key: password
        - name: SPRING_DATASOURCE_URL
          value: someinfos
      imagePullSecrets:
      - name: %%REGSECRET%%
      volumes:
      - name: %%PREFIX%%-backend-shared-pv-volume
        persistentVolumeClaim:
          claimName: %%PREFIX%%-backend-shared-pv-claim
...

I tried to add some labels to the ingress without any success.

Any help is appreciated.

2

You might want to read through @Grond 's thread Error during SSL handshake

The "Bad Request / This combination of host and port requires TLS " is because the Ingress is trying to talk HTTP to the backend service.

1 Like
3

I have no idea why it was not working, I applied the label:
nginx.ingress.kubernetes.io/backend-protocol: “HTTPS”
and now it is accessing…
Thank you for the suggestion!

4