Due to a shortage in private IP address (10.x.x.x), I had to configure our EKS node to utilize from another CIDR (100.x.x.x).
When deploying Camunda, Identity cannot connect to Keycloak and the following error occurred:
Failure #1. Unable to connect to Keycloak.
From keycloak documentation https://www.keycloak.org/docs/16.1/server_admin/#_ssl_modes, it says
external requests:: Users can interact with Keycloak without SSL so long as they stick to private IP addresses such as localhost, 127.0.0.1, 10.x.x.x, 192.168.x.x, and 172.16.x.x. If you try to access Keycloak without SSL from a non-private IP address, you will get an error.
From Camunda documentation, there’s a workaround which “require ssl” can be disabled
However this is not recommended for non-dev environment. As far as I know, HTTPS is configured in our environment so that should do the trick but it didn’t. What is the solution for this problem?
Environment:
- Platform: AWS
- Chart version: 8.1.5
- Values file:
operate:
service:
type: NodePort
identity:
service:
type: NodePort
keycloak:
service:
type: NodePort
extraEnvVars:
- name: KEYCLOAK_PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_FRONTEND_URL
value: "https://keycloak.example.com"
env:
- name: IDENTITY_URL
value: "https://identity.example.com"
tasklist:
service:
type: NodePort
optimize:
image:
tag: 3.9.1
service:
type: NodePort
zeebe-gateway:
service:
type: NodePort
global:
# image:
# tag: 8.0.6
identity:
auth:
publicIssuerUrl: "https://keycloak.example.com/auth/realms/camunda-platform"
operate:
redirectUrl: "https://operate.example.com"
tasklist:
redirectUrl: "https://tasklist.example.com"
optimize:
redirectUrl: "https://optimize.example.com"