Everythink works, i can access the components (e.g. operate) via the browser and the zeebe-gateway with zbctl (under zeebe.camunda.local:443).
But when i try to connect to zeebe in Node i get the following error:
zeebe | ERROR: [deployResource]: 14 UNAVAILABLE: No connection established. Last error: Client network socket disconnected before secure TLS connection was established
This is my index.ts:
import { Camunda8 } from "@camunda8/sdk";
import path from "path";
const camunda = new Camunda8({
ZEEBE_GRPC_ADDRESS: 'zeebe.camunda.local:443',
ZEEBE_CLIENT_ID: 'zeebe',
ZEEBE_CLIENT_SECRET: 'zecret',
CAMUNDA_OAUTH_DISABLED: true, // Identity is disabled
});
const zeebe = camunda.getZeebeGrpcApiClient();
async function main() {
const deploy = await zeebe.deployResource({
processFilename: path.join(process.cwd(), "process.bpmn"),
});
console.log(
`[Zeebe] Deployed process ${deploy.deployments[0].process.bpmnProcessId}`
);
}
main();
I assume i have to pass my generated cert anywhere because when i use zbctl i pass the certificate aswell.
There is an option called CAMUNDA_CUSTOM_ROOT_CERT_PATH but i dont know if thats what i need (putting the cert in my folder and adding the path does not help).
Strange is that it does not matter what the ZEEBE_GRPC_ADDRESS is, i always get the error. So maybe its a general problem and not because of the missing cert? Are there any major differences when trying to connect to zeebe with the node sdk over an ingress?
Ideally, it shouldnāt be an cert issue. With the details you shared, I can guess it can be due to ZEEBE_CLIENT_ID.
Did you change or configure the value for ZEEBE_CLIENT_ID? Usually it will be zeebe-api not zeebe in Camunda identity.
Below is the high level of how identity works in a client app (node/springboot) integration:
Create new credentails for the Node client app. Generally will be M2M connection.
Configure ID and Secret for the Node app. Identity will authenticate the client app and generates a access token.
The access token is passed while making the call to Zeebe gateway.
I did not configure anything and strictly followed the guide for the local kind-ingress-setup. As i said, identity is disabled:
global:
ingress:
enabled: true
className: nginx
host: "camunda.local"
tls:
enabled: true
secretName: "tls-secret"
identity:
auth:
# Disable Identity authentication for local development
# it will fall back to basic-auth: demo/demo as default user
enabled: false
# Disable Identity for local development
identity:
enabled: false
# Disable Optimize
optimize:
enabled: false
operate:
contextPath: "/operate"
tasklist:
contextPath: "/tasklist"
# Reduce for Zeebe and Gateway the configured replicas and with that the required resources
# to get it running locally
zeebe:
clusterSize: 1
partitionCount: 1
replicationFactor: 1
pvcSize: 10Gi
resources: {}
initResources: {}
zeebe-gateway:
replicas: 1
ingress:
enabled: true
className: nginx
host: "zeebe.camunda.local"
tls:
enabled: true
secretName: "tls-secret-zeebe"
connectors:
enabled: true
inbound:
mode: disabled
elasticsearch:
master:
replicaCount: 1
# Request smaller persistent volumes.
persistence:
size: 15Gi
Do i need to enable identity to be able to connect to zeebe-gateway with the node-sdk? The documentation (github) states that it should work with an minimal setup too (without identity).
You als mentioned the client credentials. The only thing i found on how to configure these is with the camunda console which is an enterprise feature for self managed. So do i need an enterprise license to get this whole thing working or is there a āstandardā client that i can use (i tought this would be the ZEEBE_CLIENT_ID=āzeebeā as shown in the documentation)?