Camunda Self-Managed for Absolute Beginners

@djhair01 - no, run the command make helm.dependency-update in the main folder, instead of helm dependency update. We include a Makefile with the repo that contains a handful of useful commands, and this is one of those cases.

I am working in Mac/Linux, so Windows might have some differences in syntax, but the primary error in your first screenshot is repo camunda-platform-helm-main not found. You might need to add a ./ before the directory, like so:

helm install camunda-platform -f camunda-values.yaml ./camunda-platform-helm-main/charts/camunda-platform

Hey @nathan.loding - sorry about misinterpreting your instructions…Figured out how to run make in Windows, but getting a 401 even when I do β€œmake helm.dependency-update”:

Hi @djhair01 - first, thanks so much for sticking with this and troubleshooting it to the end! I’ve taken a lot of notes and will be working to make some changes to our documentation to better clarify some of the things encountered here.

I cannot replicate that particular error. It’s not a Camunda error, but rather Docker is unable to access the Bitnami repository to pull the Elasticsearch image. I did a little bit of digging and I found this GitHub issue: Bitnami repo site returns "Access Denied" Β· Issue #13309 Β· bitnami/charts Β· GitHub

… It seems there are some known connectivity issues when pulling this image. That issue points to a possible DNS issue, but also mentions Cloudfront issues. It’s also possible that there is a proxy or firewall issue preventing your workstation from downloading the image.

If you try running this command, does it fail with a similar 401 Unauthorized error? This will not β€œfix” the Camunda Docker install, but this will attempt to pull the Elasticsearch container from Bitnami and start it, which can help us identify what might be preventing you from pulling the image.

docker run --name elasticsearch bitnami/elasticsearch:latest

Hey @nathan.loding - thanks for your patience and perseverance! The β€œdocker run” command didn’t encounter the 401 error…Including full log for your review - it has a lot of β€œnoise” at the beginning where I was trying to get to the right subdirectory.

I don’t have a good sense of where to go from here, so I eagerly await your guidance. Thanks.

Camunda 8.3 - Logs - 202311071240.yaml (21.1 KB)

I admit that I’m not quite sure where to look next either! We’ve narrowed the issue down, but not quite enough to really pinpoint a cause unfortunately.

The specific error is β€œunexpected status from GET request” and the unexpected status is β€œ401 Unauthorized” … the URL it is trying to hit is

https://auth.docker.io/token?scope=repository%3Abitnamicharts%2Felasticsearch%3Apull&service=registry.docker.io

When I open that URL in my browser (or use curl), it returns a JWT token for me. If you try to open that URL (or try to issue a HTTP GET request from the command line, which I don’t know how to do in Windows :joy:), what response do you get?

Update: I’m finding quite a few similar questions about 401 errors with Docker registries around the internet. One theory is that Docker has low request limits based on IP, so if you’re on a shared network that is pulling frequently from Docker, you might be rate limited.

One other suggestion to look into: perhaps you have expired/invalid cached credentials for the Docker repository on your machine? It might be worth checking the credential store to make sure Docker isn’t accidentally using bad credentials. These images should be public, you shouldn’t need a username/password.

Hi @nathan.loding - i, too, get the JWT token when i hit the ElasticSearch chart URL from a browser.

Regarding invalid docker credentials stored on my machine, i didn’t quite understand what i was looking for and what, if anything needed to change, but i did find the following in ~.docker\config.json:

{
β€œauths”: {},
β€œcredsStore”: β€œdesktop”,
β€œcurrentContext”: β€œdefault”
}

Also note that Windows Credential Manager, which was mentioned in the articles that you referenced, did not have an entry for Docker:

Finally note that it appears that elasticsearch is already running from the β€œdocker run --name elasticsearch bitnami/elasticsearch:latest” command:

Your thoughts on next steps? Thanks.

Hi @djhair01 - the Elasticsearch container that is running can be removed. That was just a test to make sure your workstation could pull the image, which it can. You could spin up a separate Elasticsearch instance and configure Camunda to use it (you would need to point all Elasticsearch configuration parameters to your instance).

As for next steps, unfortunately I don’t know! This is not an issue with Camunda or with our Helm charts or container images; for some reason, your workstation is blocked from fetching the bitnami/elasticsearch charts. There is a thread in the bitnami GitHub repository that says that upgrading your Helm client to v3.13.1 may fix it.

Hi @nathan.loding - thanks for the follow-up. I read the bitnami thread and see that i am indeed running an older Helm client:

PS C:\Users\dujua.kube\camunda-platform-helm-main\charts> helm version
version.BuildInfo{Version:β€œv3.13.0”, GitCommit:β€œ825e86f6a7a38cef1112bfa606e4127a706749b1”, GitTreeState:β€œclean”, GoVersion:β€œgo1.20.8”}

I’ve run several permutations of the β€œhelm upgrade” command using file names and subdirectories for the [CHART] argument, but to no avail (error message transcript is below):

Usage:
helm upgrade [RELEASE] [CHART] [flags]

My question is: what should I use for the [CHART] argument? Thanks.

TRANSCRIPT

PS C:\Users\dujua.kube\camunda-platform-helm-main\charts\camunda-platform> helm upgrade v3.13.1 Chart.yaml
Error: file β€˜C:\Users\dujua.kube\camunda-platform-helm-main\charts\camunda-platform\Chart.yaml’ seems to be a YAML file, but expected a gzipped archive
PS C:\Users\dujua.kube\camunda-platform-helm-main\charts\camunda-platform> helm upgrade v3.13.1 charts
Error: Chart.yaml file is missing
PS C:\Users\dujua.kube\camunda-platform-helm-main\charts\camunda-platform> helm upgrade v3.13.1 Chart
Error: non-absolute URLs should be in form of repo_name/path_to_chart, got: Chart
PS C:\Users\dujua.kube\camunda-platform-helm-main\charts\camunda-platform> helm upgrade v3.13.1 Chart.yaml
Error: file β€˜C:\Users\dujua.kube\camunda-platform-helm-main\charts\camunda-platform\Chart.yaml’ seems to be a YAML file, but expected a gzipped archive
PS C:\Users\dujua.kube\camunda-platform-helm-main\charts\camunda-platform> helm upgrade v3.13.1
Error: β€œhelm upgrade” requires 2 arguments

Usage: helm upgrade [RELEASE] [CHART] [flags]
PS C:\Users\dujua.kube\camunda-platform-helm-main\charts\camunda-platform> helm upgrade v3.13.1 /charts
Error: repo not found

The helm upgrade command upgrades a deployed cluster with a new chart; it doesn’t upgrade the version of helm installed on your workstation. For that, you need to follow the installation instructions in Helm’s documentation.

Thanks @nathan.loding - making progress…

I did a β€œchoco install kubernetes-helm --version 3.13.1”
and the β€œmake.helm dependency-update”
commands and i’m no longer getting the 401 errors.

Next I tried running a few permutations of the final command from the blog post (I’m not quite sure on the argument values), and I’m getting errors:

I think we’re in the β€œlast mile” and your expertise is much appreciated…Thanks.

This is where I lack some knowledge about Windows and Powershell. I think you need to have a ./ before the folder path for the local copy of the charts:

helm install camunda-platform -f camunda-values.yaml ./camunda-platform-helm-main/charts/camunda-platform

The other set of errors (β€œcannot re-use a name that is still in use”) means you may already have a cluster using that name. I would recommend removing anything installed (easy to do with Docker, just delete the control planes), then start the installation from the first step again. Hopefully adding a ./ before the path resolves it!

Hi @nathan.loding - thanks, Camunda is running (kind of)…

I tried doing the port forwarding and hitting URLs for Tasklist, Operate and their healthchecks but got errors. I’ve attached β€œDescribe” and β€œLog” files from k9s for the pods.

Next steps to get me running? Thanks and have a great weekend.

K9S DESCRIBE.yaml (32.4 KB)
K9S LOGS.yaml (53.7 KB)

They are unable to connect to Elasticsearch, and in the k9s screenshot Elasticsearch hasn’t started yet. Did you delete everything in Docker and start from the beginning again? If not, try that first. If you did, then this might be a case where you need to give Docker more resources.

Hi @T-san - it may be three months later, but I finally got a new blog post published that shows how to enable ingress controllers. If that’s something you’re still working on, you can read it here:

1 Like

Install on a Ubuntu 24.04 VM.

I followed the instructions and get an error:
$ sudo helm install camunda-platform camunda/camunda-platform -f camunda-values.yaml

sudo helm install camunda-platform camunda/camunda-platform -f camunda-values.yaml
Error: INSTALLATION FAILED: execution error at (camunda-platform/templates/camunda/constraints.tpl:60:52):
[camunda][error] Identity is disabled but identityKeycloak is enabled. Please ensure that if identityKeycloak is enabled, Identity must also be enabled.

Hi @Franz - can you share your camunda-values.yaml file?

Hi, I used the exact file from the blog entry.

I have completed the part on and part two ingress. There are a number of things that are not clear:

  • It would be great to have the commands to set up a demo/dev cluster all in one place and not spread across the blog with the files and information continuously changing and evolving through the blog.
  • The setup is anything but straightforward and easy, and the number of posts on the forum support this. Is it not possible to release a demo/dev cluster fully setup as a VM image that we can just download and run please. This may be informative to those who want to run their own clusters, but for those who wish to setup a simple demo/dev cluster it is onerous. I am wanting to support camunda as a reseller but the Saas model does not allow for a simple demo setup without getting into several thousands of dollars. By having at least a basic cluster available on the free plan would make this whole setup thing moot. But here we are messing with devops stuff that is really not necessary. For open source projects this is fine, but not for paid platforms.
  • I have downloaded the values.yaml file:
global:
  ingress:
    enabled: true
    className: nginx
    host: "camunda.local"
    tls:
      enabled: true
      secretName: "tls-secret"
  identity:
    auth:
      # Disable Identity authentication for local development
      # it will fall back to basic-auth: demo/demo as default user
      enabled: false

# Disable Identity for local development
identity:
  enabled: false

# Disable Optimize
optimize:
  enabled: false

operate:
  contextPath: "/operate"

tasklist:
  contextPath: "/tasklist"

# Reduce resource usage for Zeebe and Zeebe-Gateway
zeebe:
  clusterSize: 1
  partitionCount: 1
  replicationFactor: 1
  pvcSize: 10Gi
  resources: {}
  initResources: {}

zeebe-gateway:
  replicas: 1
  ingress:
    enabled: true
    className: nginx
    host: "zeebe.camunda.local"
    tls:
      enabled: true
      secretName: "tls-secret-zeebe"

# Enable Outbound Connectors only
connectors:
  enabled: true
  inbound:
    mode: "disabled"

# Configure Elasticsearch to make it running for local development
elasticsearch:
  resources: {}
  initResources: {}
  replicas: 1
  minimumMasterNodes: 1
  # Allow no backup for single node setups
  clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"

  # Request smaller persistent volumes.
  volumeClaimTemplate:
    accessModes: [ "ReadWriteOnce" ]
    storageClassName: "standard"
    resources:
      requests:
        storage: 15Gi

When installing this it causes the error I described in my previous post.

I then modified the config file to enable the keycloak identity:

global:
  ingress:
    enabled: true
    className: nginx
    host: "camunda.local"
    tls:
      enabled: true
      secretName: "tls-secret"
  identity:
    auth:
      # Disable Identity authentication for local development
      # it will fall back to basic-auth: demo/demo as default user
      enabled: true

# Disable Identity for local development
identity:
  enabled: true

# Disable Optimize
optimize:
  enabled: false

operate:
  contextPath: "/operate"

tasklist:
  contextPath: "/tasklist"

# Reduce resource usage for Zeebe and Zeebe-Gateway
zeebe:
  clusterSize: 1
  partitionCount: 1
  replicationFactor: 1
  pvcSize: 10Gi
  resources: {}
  initResources: {}

zeebe-gateway:
  replicas: 1
  ingress:
    enabled: true
    className: nginx
    host: "zeebe.camunda.local"
    tls:
      enabled: true
      secretName: "tls-secret-zeebe"

# Enable Outbound Connectors only
connectors:
  enabled: true
  inbound:
    mode: "disabled"

# Configure Elasticsearch to make it running for local development
elasticsearch:
  resources: {}
  initResources: {}
  replicas: 1
  minimumMasterNodes: 1
  # Allow no backup for single node setups
  clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"

  # Request smaller persistent volumes.
  volumeClaimTemplate:
    accessModes: [ "ReadWriteOnce" ]
    storageClassName: "standard"
    resources:
      requests:
        storage: 15Gi

This now starts the cluster - I think. All the services in k9s are pending, except for the keycloak:

 Context: kind-camunda-local                       <0> all       <a>      Attach     <l>       Logs               <y> YAML                                                                                                                                                                                    ____  __.________         Cluster: kind-camunda-local                       <1> default   <ctrl-d> Delete     <p>       Logs Previous                                                                                                                                                                                                 |    |/ _/   __   \______  User:    kind-camunda-local                                     <d>      Describe   <shift-f> Port-Forward                                                                                                                                                                                                  |      < \____    /  ___/  K9s Rev: v0.27.4 ⚑v0.32.5                                      <e>      Edit       <s>       Shell                                                                                                                                                                                                         |    |  \   /    /\___ \   K8s Rev: v1.31.0                                                <?>      Help       <n>       Show Node                                                                                                                                                                                                     |____|__ \ /____//____  >  CPU:     n/a                                                    <ctrl-k> Kill       <f>       Show PortForward                                                                                                                                                                                                      \/            \/   MEM:     n/a
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ Pods(all)[19] ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐│ NAMESPACE↑                             NAME                                                                    PF                    READY                                        RESTARTS STATUS                        IP                              NODE                                             AGE                       β”‚β”‚ default                                camunda-platform-connectors-577944c584-l4h4s                            ●                     0/0                                                 0 Pending                       n/a                             n/a                                              22m                       β”‚β”‚ default                                camunda-platform-elasticsearch-master-0                                 ●                     0/0                                                 0 Pending                       n/a                             n/a                                              22m                       β”‚β”‚ default                                camunda-platform-elasticsearch-master-1                                 ●                     0/0                                                 0 Pending                       n/a                             n/a                                              22m                       β”‚β”‚ default                                camunda-platform-identity-6c9699bd4f-sf665                              ●                     0/0                                                 0 Pending                       n/a                             n/a                                              22m                       β”‚β”‚ default                                camunda-platform-keycloak-0                                             ●                     1/1                                                 0 Running                       10.244.0.5                      camunda-local-control-plane                      22m                       β”‚β”‚ default                                camunda-platform-operate-6cb6fb99f9-j6xww                               ●                     0/1                                                 0 Init:0/1                      10.244.0.7                      camunda-local-control-plane                      22m                       β”‚β”‚ default                                camunda-platform-postgresql-0                                           ●                     1/1                                                 0 Running                       10.244.0.9                      camunda-local-control-plane                      22m                       β”‚β”‚ default                                camunda-platform-tasklist-76dc686c86-l82hq                              ●                     0/0                                                 0 Pending                       n/a                             n/a                                              22m                       β”‚β”‚ default                                camunda-platform-zeebe-0                                                ●                     0/0                                                 0 Pending                       n/a                             n/a                                              22m                       β”‚β”‚ default                                camunda-platform-zeebe-gateway-6777b8d5d4-xt7wl                         ●                     1/1                                                 0 Running                       10.244.0.8                      camunda-local-control-plane                      22m                       β”‚β”‚ kube-system                            coredns-6f6b679f8f-dd9kc                                                ●                     1/1                                                 0 Running                       10.244.0.4                      camunda-local-control-plane                      26m                       β”‚β”‚ kube-system                            coredns-6f6b679f8f-mhk4c                                                ●                     1/1                                                 0 Running                       10.244.0.2                      camunda-local-control-plane                      26m                       β”‚β”‚ kube-system                            etcd-camunda-local-control-plane                                        ●                     1/1                                                 0 Running                       172.18.0.2                      camunda-local-control-plane                      26m                       β”‚β”‚ kube-system                            kindnet-tsb4r                                                           ●                     1/1                                                 0 Running                       172.18.0.2                      camunda-local-control-plane                      26m                       β”‚β”‚ kube-system                            kube-apiserver-camunda-local-control-plane                              ●                     1/1                                                 0 Running                       172.18.0.2                      camunda-local-control-plane                      26m                       β”‚β”‚ kube-system                            kube-controller-manager-camunda-local-control-plane                     ●                     1/1                                                 0 Running                       172.18.0.2                      camunda-local-control-plane                      26m                       β”‚β”‚ kube-system                            kube-proxy-ck4b9                                                        ●                     1/1                                                 0 Running                       172.18.0.2                      camunda-local-control-plane                      26m                       β”‚β”‚ kube-system                            kube-scheduler-camunda-local-control-plane                              ●                     1/1                                                 0 Running                       172.18.0.2                      camunda-local-control-plane                      26m                       β”‚β”‚ local-path-storage                     local-path-provisioner-57c5987fd4-nrllp                                 ●                     1/1                                                 0 Running                       10.244.0.3                      camunda-local-control-plane                      26m     

I now have no idea of where to point an external browser to get to a login screen??? And your blog is unfortunately very silent on this matter.

So the problem I am facing is that the very starting point of having identity setup is apparently required, but you leave this as an exercise for the user!?!

@Franz - I think a point of confusion here is that blog posts aren’t the same as documentation, and they aren’t updated to reflect the latest releases. In a more recent release of the Helm charts, well after this post was published, some new values were added. If you don’t want to enable Identity, as in the blog post, you should also add this to your values.yaml:

identityKeycloak:
  enabled: false

For a maintained guide that is similar to this blog post, you can reference our documentation here: Local Kubernetes cluster | Camunda 8 Docs … our documentation is much more in the style of having the commands β€œin one place” (or at least not spread out so much). The intention of the blog post was to educate, not provide a copy/paste environment.

Setting up any service in Kubernetes is often complicated. There will always be questions. We do offer an out-of-the-box fully configured Docker Compose configuration for development and testing, that you can then further customize as needed. Again, the intention of the blog post was to introduce Kubernetes to those not familiar with it, not to provide a fully featured copy/paste Camunda environment, nor to say that Camunda believes this configuration is the best for a local development cluster.