Hi, I deployed camunda 8 on self-managed k8s with values like below:
global:
ingress:
enabled: false
identity:
keycloak:
internal: true
url:
protocol: "http"
host: "keycloak.security.svc.cluster.local"
port: "80"
# defines the endpoint of Keycloak which varies between Keycloak versions.
## @param global.identity.keycloak.contextPath In Keycloak v16.x.x it's hard-coded as '/auth', but in v19.x.x it's '/'.
contextPath: "/"
## @param global.identity.keycloak.realm defines Keycloak realm path used for Camunda.
realm: "/realms/itps"
## @param global.identity.keycloak.auth same as "identity.keycloak.auth" but it's used for existing Keycloak.
auth:
adminUser: user
existingSecret: "keycloak" # 不在同一个命名空间能否支持?
existingSecretKey: "admin-password"
auth:
publicIssuerUrl: "https://keycloak.itps.xxx.com/realms/itps"
operate:
redirectUrl: "https://camunda.itps.xxx.com/operate"
tasklist:
redirectUrl: "https://camunda.itps.xxx.com/tasklist"
optimize:
redirectUrl: "https://camunda.itps.xxx.com/optimize"
identity:
contextPath: "/identity"
keycloak:
enabled: false
env:
- name: IDENTITY_LOG_LEVEL
value: "DEBUG"
- name: KEYCLOAK_REALM
value: "itps"
- name: IDENTITY_CLIENT_SECRET
value: "nqQjKlcp4d9Z0igQStsdoLwDOCQO9AuL"
- name: IDENTITY_URL
value: "https://camunda.itps.xxx.com"
- name: IDENTITY_BASE_PATH
value: "/identity"
operate:
contextPath: "/operate"
tasklist:
contextPath: "/tasklist"
optimize:
contextPath: "/optimize"
service was exposed using istio’s virtualservice instead of ingress.
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: zeebe-vs
spec:
hosts:
- "camunda.itps.xxx.com"
gateways:
- istio-system/default-gateway
http:
- match:
- uri:
exact: "/"
route:
- destination:
port:
number: 26500
host: camunda-platform-zeebe-gateway
- match:
- uri:
prefix: "/identity"
route:
- destination:
port:
number: 80
host: camunda-platform-identity
- match:
- uri:
prefix: "/operate"
route:
- destination:
port:
number: 80
host: camunda-platform-operate
- match:
- uri:
prefix: "/optimize"
route:
- destination:
port:
number: 80
host: camunda-platform-optimize
- match:
- uri:
prefix: "/tasklist"
route:
- destination:
port:
number: 80
host: camunda-platform-tasklist
I can access operate, but when trying to access identity, it redirect me to
https://camunda.itps.xxx.com/auth/login
why is this happen ?