Hi there,
I’ve been following the excellent example outlined in this blog post and have progressed to the “What’s Next?” section to carry out “Add Identity and Optimize, configure the ingress, and test the authentication with zbctl”.
Unfortunately, I encountered an issue during the last step when calling zbctl status
:
$ zbctl status --certPath cert-zeebe.pem --address zeebe.camunda.local:443 --authzUrl https://camunda.local/auth/realms/camunda-platform --clientId [Client ID] --clientSecret [Client Secret]
returns =>
Error: rpc error: code = Canceled desc = failed to apply token: failed to obtain access token: oauth2: "RESTEASY003650: No resource method found for POST, return 405 with Allow header"
Here’s a shorter description of what’s been done if you would like to reconstruct the error …
Setup KIND cluster
kind create cluster --name camunda-cluster --config kind.config
Install NGINX ingress
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
Create certificates
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 --nodes -addext 'subjectAltName=DNS:camunda.local'
openssl req -x509 -newkey rsa:4096 -keyout key-zeebe.pem -out cert-zeebe.pem -sha256 -days 365 --nodes -addext 'subjectAltName=DNS:zeebe.camunda.local'
Create secrets
kubectl create secret tls tls-secret --cert=cert.pem --key=key.pem
kubectl create secret tls tls-secret-zeebe --cert=cert-zeebe.pem --key=key-zeebe.pem
Check pod status
k9s
Install Camunda
helm install camunda-platform camunda/camunda-platform -f helm-identity-values.yaml
Check Camunda Identity
https://camunda.local/identity
Log in using the demo/demo credentials.
Lookup API Client
Use zeebe
client id and its corresponding client secret.
Check Camunda Zeebe status
zbctl status --certPath cert-zeebe.pem --address zeebe.camunda.local:443 --authzUrl https://camunda.local/auth/realms/camunda-platform --clientId [Client ID] --clientSecret [Client Secret]
helm-identity-values.yaml:
global:
ingress:
enabled: true
className: nginx
host: "camunda.local"
tls:
enabled: true
secretName: "tls-secret"
identity:
auth:
publicIssuerUrl: "https://camunda.local/auth/realms/camunda-platform"
operate:
redirectUrl: "https://camunda.local/operate"
tasklist:
redirectUrl: "https://camunda.local/tasklist"
identity:
contextPath: "/identity"
fullURL: "https://camunda.local/identity"
# Disable Optimize
optimize:
enabled: false
operate:
contextPath: "/operate"
tasklist:
contextPath: "/tasklist"
# Reduce resource usage for Zeebe and Zeebe-Gateway
zeebe:
clusterSize: 1
partitionCount: 1
replicationFactor: 1
pvcSize: 10Gi
resources: {}
initResources: {}
zeebe-gateway:
replicas: 1
ingress:
enabled: true
className: nginx
host: "zeebe.camunda.local"
tls:
enabled: true
secretName: "tls-secret-zeebe"
# Enable Outbound Connectors only
connectors:
enabled: true
inbound:
mode: "disabled"
# Configure Elasticsearch to make it running for local development
elasticsearch:
resources: {}
initResources: {}
replicas: 1
minimumMasterNodes: 1
# Allow no backup for single node setups
clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"
# Request smaller persistent volumes.
volumeClaimTemplate:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "standard"
resources:
requests:
storage: 15Gi
kind.config:
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
- containerPort: 26500
hostPort: 26500