Zeebe Error - Self Managed

cherry_yahoo · March 25, 2024, 7:40am

I’m currently facing an issue with my deployment setup using Helm charts for Camunda 8, with Kong serving as the Ingress Controller. Specifically, I have enabled gRPC as the protocol for the Zeebe endpoint. However, I’m encountering an error when attempting to establish a connection to a self-managed cluster using OAuth.

Here’s a brief overview of the setup:

Deployment Method: Helm charts for Camunda 8
Ingress Controller: Kong
Protocol for Zeebe Endpoint: gRPC

The specific error I’m encountering relates to establishing a connection to a self-managed cluster using OAuth. I’ve followed the necessary configuration steps, but I’m still facing challenges in making the connection.

I would greatly appreciate any insights or suggestions on how to troubleshoot and resolve this issue. If anyone has encountered a similar problem or has expertise in this area, your assistance would be invaluable.

Thank you in advance for your help and support.

https://camunda.platform.camundanifi.cherryy.ca/modeler/internal-api/zeebe/check-connection

{
“data”: {
“status”: “UNAVAILABLE”,
“message”: “Failed ALPN negotiation: Unable to find compatible protocol\nChannel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]”
}
}

from desktop modeler i encounter this in logs
Error: 13 INTERNAL: Received RST_STREAM with code 2 triggered by internal client error: Protocol error
at callErrorFromStatus (C:\Users\ChandraSekharMallu\Downloads\camunda-modeler-5.20.0-win-x64\resources\app.asar\node_modules@grpc\grpc-js\build\src\call.js:31:19)
at Object.onReceiveStatus (C:\Users\ChandraSekharMallu\Downloads\camunda-modeler-5.20.0-win-x64\resources\app.asar\node_modules@grpc\grpc-js\build\src\client.js:192:76)
at C:\Users\ChandraSekharMallu\Downloads\camunda-modeler-5.20.0-win-x64\resources\app.asar\node_modules@grpc\grpc-js\build\src\call-interface.js:78:35

cherry_yahoo · March 25, 2024, 8:42pm

Any help here please ??

cpbpm · March 26, 2024, 11:06am

If you could share your intended architecture, it will help where is the bottleneck.

Where is your Self Managed setup running? Is your ZeeBee Gateway running in Standalone or Embedded mode? What link you followed to setup the Camunda 8 cluster?

cherry_yahoo · March 26, 2024, 6:33pm

Thanks for the response ,

Our architecture at high level is

Kong API Gateway/Ingress - > camunda 8

I did install the camunda 8 using helm chart provided here

cpbpm · March 26, 2024, 10:04pm

From the message,"“message”: “Failed ALPN negotiation: Unable to find compatible protocol\nChannel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]”

ALPN Negotiation is failed. This indicates it’s not configured properly.

Zeebe requires an Ingress controller that supports gRPC which is built on top of HTTP/2 transport layer. Therefore, to expose Zeebe-Gateway externally, you need the following:

An Ingress controller that supports gRPC (ingress-nginx controller supports it out of the box).
TLS (HTTPS) via Application-Layer Protocol Negotiation (ALPN) enabled in the Zeebe-Gateway Ingress object.

However, according to the official Kubernetes documentation about Ingress TLS:

There is a gap between TLS features supported by various Ingress controllers. Please refer to documentation on nginx, GCE, or any other platform specific Ingress controller to understand how TLS works in your environment.

Therefore, if you are not using the ingress-nginx controller, ensure you pay attention to TLS configuration of the Ingress controller of your choice. Find more details about the Zeebe Ingress setup in the Kubernetes platforms supported by Camunda."

you have not mentioned where you are running K8 Cluster, either on-prem or hosted setup.