Keycloak does not working with camunda

Dears,
I try to integrate our Keycloak with Camunda through k8s, So I follow these steps ( Connect to an existing Keycloak instance | Camunda Platform 8 Docs) But still keycloak doesn’t work, Is there miss steps or something wrong?
This is deployment-backend.yaml :

This is deployment-backend.yaml :

apiVersion: apps/v1
kind: Deployment
metadata:
  name: dev-camunda-backend
  namespace: camunda
spec:
  selector:
    matchLabels:
      app: dev-camunda-backend
  replicas: 1

  template:
    metadata:
      labels:
        app: dev-camunda-backend
    spec:
      containers:
        - name: dev-camunda-backend
          image: "camunda/camunda-bpm-platform:tomcat-7.19.0-SNAPSHOT"
          securityContext:
            runAsUser: 0
          imagePullPolicy: Always
          resources:
            limits:
              memory: "2Gi"
              cpu: "2"
            requests:
              memory: "1.5Gi"
              cpu: "1"

          env:
            - name: IDENTITY_CLIENT_ID
              value: camunda-backend
            - name: IDENTITY_CLIENT_SECRET
              value: 28dc13ac-ac78-4173-8ce8-6ce01514e736
            - name: IDENTITY_AUTH_PROVIDER_BACKEND_URL
              value: https://kaycloak-server/auth/realms/dev
            - name: IDENTITY_AUTH_PROVIDER_ISSUER_URL
              value: https://kaycloak-server/auth/realms/dev
            - name: IDENTITY_LOG_LEVEL
              value: DEBUG
            - name: IDENTITY_URL
              value: https://kaycloak-server/auth
            - name: KEYCLOAK_REALM
              value: dev
            - name: KEYCLOAK_URL
              value: https://kaycloak-server/auth
            - name: KEYCLOAK_INIT_TASKLIST_ROOT_URL
              value: https://kaycloak-server/auth
            - name: KEYCLOAK_INIT_TASKLIST_SECRET
              value: 28dc13ac-ac78-4173-8ce8-6ce01514e736

          ports:
            - name: http-port
              containerPort: 8080
          volumeMounts:
            - name: attachments
              mountPath: "/home/springboot/app/attachments/partners/logo"
      volumes:
        - name: attachments
          persistentVolumeClaim:
            claimName: dev-pvc-external
      imagePullSecrets:
        - name: nexus-images

In the keycloak side :

image1891×948 57.6 KB

image1723×913 52.8 KB

Hello @kayaly.dis ,

case deployment-backend.yaml refers to a Camunda 7 image. This image cannot be integrated with Keycloak out of the box.

If you want to use Camunda 7 with keycloak, please find a plugin for this here:

If you want to use Camunda 8 with keycloak, I would recommend you start with the docs you linked and use Camunda 8 Helm charts.

Jonathan

Thanks, Jonathan.

I am wondering, Is there a way to integrate with existing Keycloak and camunda 7 via docker images instead of using Camunda spring boot (The distribution in the link you sent)?

Also, If we decide to use Camunda 8, Should we use the helm chart? Or we can use a docker file, To be honest, we think the helm chart is so complex and we try to avoid using it.

Hello @kayaly.dis ,

if you want to install the plugin on Tomcat, you can follow this guide:

The usage of a Helm chart for Camunda 8 is highly recommended as the platform contains some complexity.
So I would say it is exactly the other way round:
Use Helm charts as they hide complexity and let you focus on configuring the relevant stuff.

Jonathan

I have two more questions:

• regarding camunda 8, Does only support QraphQL for task services?

• As I said before, We just need to Camunda platform and Identity, So what are the exact values in the helm chart that need to focus on it? And what can we skip and disable?

Hello @kayaly.dis ,

1. yes
2. Identity is part of Camunda Platform 8. It also contains Zeebe (the process engine), Tasklist, Operate and Optimize. Here, you will find a good overview over what Camunda 8 consists of: Camunda Platform 8 Helm deployment | Camunda Platform 8 Docs

Jonathan