Camunda Self-Managed and Desktop Modeler access

Camunda 8 Topics Discussion & Questions
1

This is very similar to the thread below but since that wasn’t answered I try to ask again.

We are evaluating Camunda Self-Managed and we used the below repo as a baseline for our setup:

We used the Azure-specific setup since we are using Azure as our cloud provider and deploying it to an Azure Kubernetes Service. We have managed to deploy it and access the web applications from outside the cluster. We have configured it with a custom domain and TLS. The web applications are accessed like this:

https://identity.<ourcustomdomain>.com
https://keycloak.<ourcustomdomain>.com
https://operate.<ourcustomdomain>.com
https://optimize.<ourcustomdomain>.com
https://tasklist.<ourcustomdomain>.com

The problem now is how to use the Desktop Modeler and deploy diagrams to Zeebe? For a production setup it’s not possible to use port-forwarding to access the cluster and I cannot find any documentation on how to do it without port-forwarding?

The Ingress in the github repo doesn’t seem to setup an ingress resource for the zeebe-gateway? Are there additional documentation on how to do this?

2

Hi @exkoria,

the Zeebe gateway is not protected by any Authorization. If you expose it on the internet, everybody can access your cluster.

To deploy processes on the production environment:

Hope this helps, Ingo

3

Thanks for the reply!

So the best practice is really not to expose the zeebe-gateway outside the cluster? Is the preferred solution to deploy a custom application in the kubernetes cluster which acts as a proxy between the public network and the zeebe-gateway?

4

Hi @exkoria,

yes

yes. Here you can control the access by yourself.

Hope this helps, Ingo

1 Like
5

Checkout this project

and this blog post:

https://vdan.niceneasy.ch/camunda-8-oauth-for-zeebe-with-istio/

1 Like