Due to a shortage in private IP address (10.x.x.x), I had to configure our EKS node to utilize from another CIDR (100.x.x.x).
When deploying Camunda, Identity cannot connect to Keycloak and the following error occurred:
Failure #1. Unable to connect to Keycloak.
From keycloak documentation https://www.keycloak.org/docs/16.1/server_admin/#_ssl_modes, it says
external requests:: Users can interact with Keycloak without SSL so long as they stick to private IP addresses such as localhost, 127.0.0.1, 10.x.x.x, 192.168.x.x, and 172.16.x.x. If you try to access Keycloak without SSL from a non-private IP address, you will get an error.
From Camunda documentation, there’s a workaround which “require ssl” can be disabled
However this is not recommended for non-dev environment. As far as I know, HTTPS is configured in our environment so that should do the trick but it didn’t. What is the solution for this problem?
- Platform: AWS
- Chart version: 8.1.5
- Values file:
operate: service: type: NodePort identity: service: type: NodePort keycloak: service: type: NodePort extraEnvVars: - name: KEYCLOAK_PROXY_ADDRESS_FORWARDING value: "true" - name: KEYCLOAK_FRONTEND_URL value: "https://keycloak.example.com" env: - name: IDENTITY_URL value: "https://identity.example.com" tasklist: service: type: NodePort optimize: image: tag: 3.9.1 service: type: NodePort zeebe-gateway: service: type: NodePort global: # image: # tag: 8.0.6 identity: auth: publicIssuerUrl: "https://keycloak.example.com/auth/realms/camunda-platform" operate: redirectUrl: "https://operate.example.com" tasklist: redirectUrl: "https://tasklist.example.com" optimize: redirectUrl: "https://optimize.example.com"