Operate and tasklist not able to connect to Zeebe Partitions

Hello. I’m trying to install camunda-platform with keycloak authentication enabled.
The tasklist and operate do not start with an error

Error occurred when requesting partition ids from Zeebe client: null.

Perhaps I have incorrectly configured the Auth block in values?

## @extra global.identity.auth configuration, to configure identity authentication setup
    auth:
      ## @param global.identity.auth.enabled if true, enables the identity authentication otherwise basic-auth will be used on all services.
      enabled: true

      ## @param global.identity.auth.issuer defines the issuer name, which is used by the services to validate the JWT tokens.
      issuer: "https://camunda.tltsu.ru/auth/realms/camunda-platform"
      ## @param global.identity.auth.issuerBackendUrl defines the issuer backend URL, which is used by the services to validate the JWT tokens in a container to container context.
      issuerBackendUrl: "https://camunda.tltsu.ru/auth/realms/camunda-platform"
      ## @param global.identity.auth.tokenUrl defines the token URL, which is used by the services to request JWT tokens.
      ## tokenUrl: "http://camunda-keycloak:80/auth/realms/camunda-platform"
      tokenUrl: "https://camunda.tltsu.ru/auth/realms/camunda-platform"
      ## @param global.identity.auth.jwksUrl defines the JWKS URL, which is used by the services to validate the JWT tokens.
      jwksUrl: "https://camunda.tltsu.ru/auth/realms/camunda-platform/protocol/openid-connect/certs"
      ## @param global.identity.auth.type defines the type of authentication which should be used. Defaults to Keycloak
      type: "KEYCLOAK"

      #  defines the token issuer (Keycloak) URL, where the services can request JWT tokens.
      # Should be publicly accessible, per default we assume a port-forward to Keycloak (18080) is created before login.
      ## @param global.identity.auth.publicIssuerUrl Can be overwritten if ingress is in use and an external IP is available.
      ## publicIssuerUrl: "http://localhost:18080/auth/realms/camunda-platform"
      publicIssuerUrl: "https://camunda.tltsu.ru/auth/realms/camunda-platform"

      ## @extra global.identity.auth.connectors configuration to configure Connectors authentication specifics on global level, which can be accessed by other sub-charts
      connectors:
        ## @param global.identity.auth.connectors.existingSecret can be used to use an own existing secret. If not set a random secret is generated.
        # The existing secret should contain an `connectors-secret` field, which will be used as secret for the identity-Connectors communication.
        existingSecret: ""

Authorization works on optimize. The only difference I see is in the container variable

CAMUNDA_*_IDENTITY_REDIRECT_ROOT_URL.

Where is it set? On operate it is equal to the root domain, on optimize it is put down /optimize.

operate:
        ## @param global.identity.auth.operate.clientId defines the client id, which is used by Operate in authentication flows.
        clientId: operate
        ## @param global.identity.auth.operate.audience defines the audience, which is used by Operate.
        audience: operate-api
        ## @param global.identity.auth.operate.existingSecret can be used to reference an existing secret. If not set, a random secret is generated.
        # The existing secret should contain an `operate-secret` field, which will be used as secret for the identity-Operate communication.
        existingSecret:
        ## @param global.identity.auth.operate.redirectUrl defines the redirect URL, which is used by Keycloak to access Operate.
        # Should be publicly accessible, the default value works if a port-forward to Operate is created to 8081.
        # Can be overwritten if ingress is in use and an external IP is available.
        #redirectUrl: "http://localhost:8081"
        redirectUrl: "https://camunda.tltsu.ru/operate"

Hi @MalovGI, welcome to the forums! Can you share the full error message? Can you also share your full values.yaml file (with secrets and sensitive values masked or redacted!)?

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.