Camunda Self-Managed for Absolute Beginners, Part 2—Ingress and TLS SSL

Announcements Blog
1
2

Thanks for providing the ingress controller configuration. The Helm chart works without problems.

Then, I tried to add other components, Keycloak, Identity, and Optimize.
When using version 8.3.0, no problem to run all pods. I used the following command.

helm install camunda-platform camunda/camunda-platform -f yaml/camunda-values.yaml --version 8.3.0

    NAME                                        READY   STATUS    RESTARTS      AGE
    camunda-pf-connectors-5b864ffc88-kwvxn      1/1     Running   1 (65m ago)   67m
    camunda-pf-elasticsearch-master-0           1/1     Running   0             67m
    camunda-pf-elasticsearch-master-1           1/1     Running   0             67m
    camunda-pf-identity-69b46b5b7f-ps9nr        1/1     Running   0             56m
    camunda-pf-keycloak-0                       1/1     Running   0             67m
    camunda-pf-operate-648b8d98c-25wb8          1/1     Running   1 (64m ago)   67m
    camunda-pf-optimize-7cd888746-2g79t         1/1     Running   0             67m
    camunda-pf-postgresql-0                     1/1     Running   0             67m
    camunda-pf-tasklist-85b86bbdd7-tl4bh        1/1     Running   0             67m
    camunda-pf-zeebe-0                          1/1     Running   0             67m
    camunda-pf-zeebe-gateway-5444cbf778-4cdcn   1/1     Running   0             67m

However, there is one problem. Identity does not work. It’s console shows,

Failed to load resource: the server responded with a status of 404 ()
main.3583aa1b.js:1       
        
Failed to load resource: the server responded with a status of 404 ()
identity/:1 Uncaught (in promise) DOMException: Failed to register a ServiceWorker for scope ('https://camunda.local/identity/') with script ('https://camunda.local/identity/serviceWorker.js?basePath=%2Fidentity'): An SSL certificate error occurred when fetching the script.
main.67df43a4.css:1        
        
Failed to load resource: the server responded with a status of 404 ()
manifest.json:1      
        
Failed to load resource: the server responded with a status of 404 ()

Then, I tried the latest version. This time some pods cannot become up and running.

helm install camunda-pf camunda/camunda-platform -f yaml/values-ingress-all.yaml -n camunda

k get po -n camunda

NAME                                        READY   STATUS                  RESTARTS      AGE
camunda-pf-connectors-7d7cdd4f56-twfxf      0/1     Running                 0             20m
camunda-pf-elasticsearch-master-0           1/1     Running                 0             55m
camunda-pf-elasticsearch-master-1           1/1     Running                 0             55m
camunda-pf-identity-86648f688b-cmskd        1/1     Running                 0             55m
camunda-pf-keycloak-0                       1/1     Running                 0             55m
camunda-pf-operate-85fc6448df-frgsd         0/1     Running                 2 (85s ago)   22m
camunda-pf-optimize-77659b5b74-mmb2p        0/1     Init:CrashLoopBackOff   7 (92s ago)   12m
camunda-pf-postgresql-0                     1/1     Running                 0             55m
camunda-pf-tasklist-55c49fb8f8-klj7t        0/1     Running                 2 (42s ago)   21m
camunda-pf-zeebe-0                          1/1     Running                 0             55m
camunda-pf-zeebe-gateway-6b6b96d8d7-5sxfv   1/1     Running                 0             55m

The following is the values.yaml file that I used. Could you please advise me the possible cause of the problem?

global:
  ingress:
    enabled: true
    className: nginx
    host: "camunda.local"
    tls:
      enabled: true
      secretName: "tls-secret"
  identity:
    auth:
      publicIssuerUrl: "https://camunda.local/auth/realms/camunda-platform"
      operate:
        redirectUrl: "https://camunda.local/operate"
      tasklist:
        redirectUrl: "https://camunda.local/tasklist"
      optimize:
        redirectUrl: "https://camunda.local/optimize"

identity:
  contextPath: "/identity"
  fullURL: "https://camunda.local/identity"
  env:
    - name: LOGGING_LEVEL_ROOT
      value: "DEBUG"

keycloak:
  logging:
    level: "TRACE"

optimize:
  contextPath: "/optimize"
  resources:
    limits:
      cpu: 1
      memory: 1Gi   
    requests:
      cpu: 200m
      memory: 256Mi  

operate:
  contextPath: "/operate"
  resources:
    limits:
      cpu: 1
      memory: 1Gi   
    requests:
      cpu: 200m
      memory: 256Mi      

tasklist:
  contextPath: "/tasklist"
  resources:
    limits:
      cpu: 1
      memory: 1Gi   
    requests:
      cpu: 200m
      memory: 256Mi    

# Reduce resource usage for Zeebe and Zeebe-Gateway
zeebe:
  clusterSize: 1
  partitionCount: 1
  replicationFactor: 1
  pvcSize: 10Gi
  resources: {}
  initResources: {}

zeebe-gateway:
  replicas: 1
  ingress:
    enabled: true
    className: nginx
    host: "zeebe.camunda.local"
    tls:
      enabled: true
      secretName: "tls-secret-zeebe"      

connectors:
  enabled: true
  resources:
    limits:
      cpu: 1
      memory: 1Gi   
    requests:
      cpu: 200m
      memory: 256Mi   

# Configure Elasticsearch to make it running for local development
elasticsearch:
  resources: {}
  initResources: {}
  replicas: 1
  minimumMasterNodes: 1
  # Allow no backup for single node setups
  clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"

  # Request smaller persistent volumes.
  volumeClaimTemplate:
    accessModes: [ "ReadWriteOnce" ]
    storageClassName: "standard"
    resources:
      requests:
        storage: 15Gi
3

Hi @T-san - I don’t see anything obviously incorrect in your values file. The first set of errors is related to the certificate: perhaps your browser was blocking the resources because it didn’t trust the certificate. This happens with self-signed certificates sometimes.

For the issue with Optimize not starting, can you share what you see in the logs and in the events for that pod?

4

Nathan, all problems are solved. This time I used version 10.0.2. Then, no 404. I do know whether 10.0.2 solves this error or not.

As to the optimize error, I think it is caused by the storage shortage. I increased the size of the storage. F.Y.I., the following is my updated my values.yaml.

helm install camunda-pf camunda/camunda-platform -f yaml/values-ingress-all.yaml -n camunda --version 10.0.2

global:
  ingress:
    enabled: true
    className: nginx
    host: "camunda.local"
    tls:
      enabled: true
      secretName: "tls-secret"
  identity:
    auth:
      publicIssuerUrl: "https://camunda.local/auth/realms/camunda-platform"
      operate:
        redirectUrl: "https://camunda.local/operate"
      tasklist:
        redirectUrl: "https://camunda.local/tasklist"
      optimize:
        redirectUrl: "https://camunda.local/optimize"

identity:
  contextPath: "/identity"
  fullURL: "https://camunda.local/identity"

optimize:
  contextPath: "/optimize"
  resources:
    limits:
      cpu: 1
      memory: 1Gi   
    requests:
      cpu: 200m
      memory: 256Mi  

operate:
  contextPath: "/operate"
  resources:
    limits:
      cpu: 1
      memory: 1Gi   
    requests:
      cpu: 200m
      memory: 256Mi      

tasklist:
  contextPath: "/tasklist"
  resources:
    limits:
      cpu: 1
      memory: 1Gi   
    requests:
      cpu: 200m
      memory: 256Mi    

# Reduce resource usage for Zeebe and Zeebe-Gateway
zeebe:
  clusterSize: 1
  partitionCount: 1
  replicationFactor: 1
  pvcSize: 10Gi

zeebe-gateway:
  replicas: 1
  ingress:
    enabled: true
    className: nginx
    host: "zeebe.camunda.local"
    tls:
      enabled: true
      secretName: "tls-secret-zeebe"      

connectors:
  enabled: true
  resources:
    limits:
      cpu: 1
      memory: 1Gi   
    requests:
      cpu: 200m
      memory: 256Mi   

# Configure Elasticsearch to make it running for local development
elasticsearch:
  master:
    replicaCount: 1
    # Request smaller persistent volumes.
    persistence:
      size: 15Gi
1 Like