I have enabled TLS for Zeebe gateway and Zeebe broker, but the issue is I cannot connect to the Zeebe cluster through the desktop modeler.
I use kubectl port-forward command forwarded the zeebe gateway port to local. The spring-boot application could successfully connect to zeebe cluster to get the topology and deploy bpmn processes with the same trust cert but the camunda modeler cannot.
Not that this is the likely cause, but have you tried using
https://localhost:26500
rather than what’s configured in your screenshot (http://localhost:26500 )
the S in there instructs the software to wrap/unwrap the communications with TLS, so if you have one side configured to use TLS and tell the other side not to use TLS, they won’t be able to talk.
application log can be found on Mac in ~/Library/Logs/Camunda Modeler/log.log. You can run the following command to quickly copy it: cat ~/Library/Logs/Camunda\ Modeler/log.log | pbcopy.
First of all, I used the ’ ~/Desktop/… ’ as the cert path, which seems not permitted here. Modeler will find the cert file at ’ /~/Desktop/… ’ which is obviously not a valid path.
Secondly, I changed the cert path to an absolute path, but it is still not working and the error message shows as below:
2023-02-15T11:05:20.002Z ERROR app:zeebe-api Failed to connect with config (secrets omitted): { endpoint: { type: 'selfHosted', url: 'https://localhost:26500' } } Error: 14 UNAVAILABLE: No connection established
at Object.callErrorFromStatus (/Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/@grpc/grpc-js/build/src/call.js:31:19)
at Object.onReceiveStatus (/Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/@grpc/grpc-js/build/src/client.js:195:52)
at /Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/@grpc/grpc-js/build/src/call-stream.js:111:35
at Object.onReceiveStatus (/Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/zeebe-node/dist/lib/GrpcClient.js:135:36)
at InterceptingListenerImpl.onReceiveStatus (/Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/@grpc/grpc-js/build/src/call-stream.js:106:23)
at Object.onReceiveStatus (/Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:365:141)
at Object.onReceiveStatus (/Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:328:181)
at /Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/@grpc/grpc-js/build/src/call-stream.js:188:78
at process.processTicksAndRejections (node:internal/process/task_queues:78:11)
for call at
at ServiceClientImpl.makeUnaryRequest (/Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/@grpc/grpc-js/build/src/client.js:163:34)
at ServiceClientImpl.<anonymous> (/Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/@grpc/grpc-js/build/src/make-client.js:105:19)
at /Applications/Camunda Modeler.app/Contents/Resources/app.asar/node_modules/zeebe-node/dist/lib/GrpcClient.js:305:47 {
code: 14,
details: 'No connection established',
metadata: Metadata { internalRepr: Map(0) {}, options: {} }
}
I’m not sure if it is because I used kubectl port-forward command to map the zeebe gateway to local that the modeler cannot establish the TLS connection?
