Hello Camunda,
We are using ingress-nginx in a GKE cluster. We used the following camunda-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: camunda-ingress
spec:
tls:
- hosts:
- dev-camunda.abcdefg.dev
secretName: tls-secret
ingressClassName: nginx
rules:
- host: dev-camunda.abcdefg.dev
http:
paths:
- path: /operate
pathType: Prefix
backend:
# This assumes http-svc exists and routes to healthy endpoints
service:
name: camunda-operate
port:
number: 80
- path: /tasklist
pathType: Prefix
backend:
# This assumes http-svc exists and routes to healthy endpoints
service:
name: camunda-tasklist
port:
number: 80
- path: /optimize
pathType: Prefix
backend:
# This assumes http-svc exists and routes to healthy endpoints
service:
name: camunda-optimize
port:
number: 80
# - path: /auth
# pathType: Prefix
# backend:
# # This assumes http-svc exists and routes to healthy endpoints
# service:
# name: camunda-keycloak
# port:
# number: 80
As you can see, the /auth
endpoint is commented out. The reason for that is because if we include that in our ingress we get the following error
Error: INSTALLATION FAILED: 1 error occurred:
* admission webhook "validate.nginx.ingress.kubernetes.io" denied the request:
-------------------------------------------------------------------------------
Error: exit status 1
2024/11/13 04:12:09 [emerg] 2469#2469: duplicate location "/auth/" in /tmp/nginx/nginx-cfg90617931:1382
nginx: [emerg] duplicate location "/auth/" in /tmp/nginx/nginx-cfg90617931:1382
nginx: configuration file /tmp/nginx/nginx-cfg90617931 test failed
-------------------------------------------------------------------------------
However, now that we don’t add the ingress for /auth
using https
, we are unable to enable TLS that terminates at the nginx-controller. And because keycloak requires https
we cannot proceed.
What might we be missing? Any insight would be appreciated. Here is the camunda-values.yaml
we used. I presume we don’t need SSL for zeebe-dev-camunda.abcdefg.dev
global:
identity:
auth:
publicIssuerUrl: "https://dev-camunda.abcdefg.dev/auth/realms/camunda-platform"
operate:
redirectUrl: "https://dev-camunda.abcdefg.dev/operate"
tasklist:
redirectUrl: "https://dev-camunda.abcdefg.dev/tasklist"
optimize:
redirectUrl: "https://dev-camunda.abcdefg.dev/optimize"
ingress:
enabled: true
className: nginx
host: "dev-camunda.abcdefg.dev"
operate:
contextPath: "/operate"
tasklist:
contextPath: "/tasklist"
optimize:
contextPath: "/optimize"
zeebeGateway:
ingress:
enabled: true
className: nginx
host: "zeebe-dev-camunda.abcdefg.dev"