This issue is next step to https://forum.camunda.io/t/self-managed-local-cluster-with-ingress-controller-does-not-diaplay-identity/50529
as above chart value mentioned, I’ve setup ingress and tls. see the following snippet.
zeebe-gateway:
replicas: 1
ingress:
enabled: true
className: nginx
host: "zeebe.camunda-demo-ingress.committed.co.kr"
tls:
enabled: true
secretName: camunda-demo-ingress-tls
When I test connection with
zbctl \
--address zeebe.camunda-demo-ingress.committed.co.kr \
--authzUrl https://camunda-demo-ingress.committed.co.kr/auth/realms/camunda-platform/protocol/openid-connect/token \
--clientId <client id> \
--clientSecret <client secret> \
--host zeebe.camunda-demo-ingress.committed.co.kr \
--port 443 \
status
It throws deadline exception.
Error: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority"
So, I’ve tested certificate using openssl
openssl s_client -connect camunda-demo-ingress.committed.co.kr:443
subject=C = KR, ST = Seoul, L = Guro, O = Committed Korea, OU = Camunda, CN = *.committed.co.kr, emailAddress = minsoo.jo@committed.co.kr
issuer=C = KR, ST = Seoul, L = Guro, O = Committed Korea, OU = camunda, CN = camunda-demo-ingress.committed.co.kr, emailAddress = minsoo.jo@committed.co.kr
above command shows that the server crt configured correctly. but using the following test
openssl s_client -connect zeebe.camunda-demo-ingress.committed.co.kr:443
subject=O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
issuer=O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
It shows that zeebe-gateway host configuration ‘zeebe.camunda-demo-ingress.committed.co.kr’ does not applied.
What did I missed?