diff --git a/docs/self-managed/operational-guides/troubleshooting/troubleshooting.md b/docs/self-managed/operational-guides/troubleshooting/troubleshooting.md index 1ce88c46cc..9d69932bae 100644 --- a/docs/self-managed/operational-guides/troubleshooting/troubleshooting.md +++ b/docs/self-managed/operational-guides/troubleshooting/troubleshooting.md @@ -47,9 +47,9 @@ Therefore, if you are not using the [ingress-nginx controller](https://github.co ## Identity `contextPath` -Camunda 8 Self-Managed can be accessed externally via different methods. One such method is the [combined Ingress setup](self-managed/setup/guides/ingress-setup.md#combined-ingress-setup). In that configuration, Camunda Identity is accessed using a specific path, configured by setting the `contextPath` variable, for example `https://camunda.example.com/identity`. +Camunda 8 Self-Managed can be accessed externally via the [combined Ingress setup](self-managed/setup/guides/ingress-setup.md#combined-ingress-setup). In that configuration, Camunda Identity is accessed using a specific path, configured by setting the `contextPath` variable, for example `https://camunda.example.com/identity`. -For security reasons, Camunda Identity requires secure access (HTTPS) when a `contextPath` is configured. If you want to use Camunda Identity with HTTP, use a [separate Ingress setup](self-managed/setup/guides/ingress-setup.md#separated-ingress-setup) (applications such as Operate, Optimize, etc, can still be accessed in a combined setup). +For security reasons, Camunda Identity requires secure access (HTTPS) when a `contextPath` is configured. :::note Due to limitations, the Identity `contextPath` approach is unavailable when using a browser in Incognito mode. diff --git a/docs/self-managed/setup/deploy/local/local-kubernetes-cluster.md b/docs/self-managed/setup/deploy/local/local-kubernetes-cluster.md index 12c17d7da6..e0df6b6cf0 100644 --- a/docs/self-managed/setup/deploy/local/local-kubernetes-cluster.md +++ b/docs/self-managed/setup/deploy/local/local-kubernetes-cluster.md @@ -109,9 +109,7 @@ To get a full list of the deployed Camunda components and their network properti -Camunda 8 Self-Managed has multiple web applications and gRPC services. Both can be accessed using Kubernetes Ingress. - -In this example, we will use a combined Ingress configuration. For more information, refer to [combined and separated Ingress setup](/self-managed/setup/guides/ingress-setup.md). +Camunda 8 Self-Managed has multiple web applications and gRPC services. Both can be accessed using Kubernetes Ingress. For more information, refer to the [Ingress setup guide](/self-managed/setup/guides/ingress-setup.md). ## Prerequisites diff --git a/docs/self-managed/setup/guides/ingress-setup.md b/docs/self-managed/setup/guides/ingress-setup.md index 1292157fb9..37a744347c 100644 --- a/docs/self-managed/setup/guides/ingress-setup.md +++ b/docs/self-managed/setup/guides/ingress-setup.md @@ -1,22 +1,17 @@ --- id: ingress-setup -title: "Combined and separated Ingress setup" -description: "Camunda 8 Self-Managed combined and separated Ingress setup" +title: "Ingress setup" +description: "Camunda 8 Self-Managed Ingress setup and example configuration." --- import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; :::caution -The separated Ingress configuration has been deprecated in version 8.6. To ensure a smooth upgrade experience for new installations, we recommend using the **combined Ingress setup**. +The separated Ingress configuration has been removed in Camunda version 8.7. This guide refers to only the **combined Ingress setup**. ::: -Camunda 8 Self-Managed has multiple web applications and gRPC services. Both can be accessed externally using Ingress. There are two ways to do this: - -1. **Combined setup:** In this setup, there are two Ingress objects: one Ingress object for all Camunda 8 web applications using a single domain. Each application has a sub-path e.g. `camunda.example.com/operate`, and `camunda.example.com/optimize` and another Ingress which uses gRPC protocol for Zeebe Gateway e.g. `zeebe.camunda.example.com`. -2. **Separated setup:** In this setup, each component has its own Ingress/host e.g. `operate.camunda.example.com`, `optimize.camunda.example.com`, `zeebe.camunda.example.com`, etc. - -There are no significant differences between the two setups. Rather, they both offer flexibility for different workflows. +Camunda 8 Self-Managed has multiple web applications and gRPC services. Both can be accessed externally using Ingress with a **combined setup.** In this configuration, there are two Ingress objects: one Ingress object for all Camunda 8 web applications using a single domain. Each application has a sub-path e.g. `camunda.example.com/operate`, and `camunda.example.com/optimize` and another Ingress which uses gRPC protocol for Zeebe Gateway e.g. `zeebe.camunda.example.com`. :::note Camunda 8 Helm chart doesn't manage or deploy Ingress controllers, it only deploys Ingress resources. Hence, this Ingress setup will not work without an Ingress controller running in your cluster. @@ -29,15 +24,6 @@ Camunda 8 Helm chart doesn't manage or deploy Ingress controllers, it only deplo ## Configuration - - - - In this setup, a single Ingress/domain is used to access Camunda 8 web applications, and another for Zeebe Gateway. By default, all web applications use `/` as a base, so we just need to set the context path, Ingress configuration, and authentication redirect URLs. ![Camunda 8 Self-Managed Architecture Diagram - Combined Ingress](../../assets/camunda-platform-8-self-managed-architecture-diagram-combined-ingress.png) @@ -124,124 +110,6 @@ Once deployed, you can access the Camunda 8 components on: - **Keycloak authentication:** `https://camunda.example.com/auth` - **Zeebe Gateway:** `grpc://zeebe.camunda.example.com` - - - - -In this configuration, every Camunda 8 component is assigned its own Ingress and Domain. The use of a context path is unnecessary because the default base path `/` is used for each Ingress/Domain. In this setup, you only need to provide the Ingress settings and specify the Identity authentication redirect URLs. - -![Camunda 8 Self-Managed Architecture Diagram - Separated Ingress](../../assets/camunda-platform-8-self-managed-architecture-diagram-separated-ingress.png) - -```yaml -# Chart values for the Camunda 8 Helm chart in combined Ingress setup. - -# This file deliberately contains only the values that differ from the defaults. -# For changes and documentation, use your favorite diff tool to compare it with: -# https://artifacthub.io/packages/helm/camunda/camunda-platform - -# IMPORTANT: Make sure to change "camunda.example.com" to your domain. - -global: - identity: - auth: - publicIssuerUrl: "https://keycloak.camunda.example.com/auth/realms/camunda-platform" - operate: - redirectUrl: "https://operate.camunda.example.com" - tasklist: - redirectUrl: "https://tasklist.camunda.example.com" - optimize: - redirectUrl: "https://optimize.camunda.example.com" - webModeler: - redirectUrl: "https://modeler.camunda.example.com" - console: - redirectUrl: "https://console.camunda.example.com" - connectors: - redirectUrl: "https://connectors.camunda.example.com" - -identity: - ingress: - enabled: true - className: nginx - host: "identity.camunda.example.com" - fullURL: "https://identity.camunda.example.com" - -identityKeycloak: - ingress: - enabled: true - ingressClassName: nginx - hostname: "keycloak.camunda.example.com" - -operate: - ingress: - enabled: true - className: nginx - host: "operate.camunda.example.com" - -optimize: - ingress: - enabled: true - className: nginx - host: "optimize.camunda.example.com" - -tasklist: - ingress: - enabled: true - className: nginx - host: "tasklist.camunda.example.com" - -zeebeGateway: - ingress: - rest: - enabled: true - className: nginx - host: "zeebe.camunda.example.com" - grpc: - enabled: true - className: nginx - host: "zeebe-grpc.camunda.example.com" - -webModeler: - ingress: - enabled: true - className: nginx - webapp: - host: "modeler.camunda.example.com" - websockets: - host: "modeler-ws.camunda.example.com" - -console: - ingress: - enabled: true - className: nginx - host: "console.camunda.example.com" - -connectors: - ingress: - enabled: true - className: nginx - host: "connectors.camunda.example.com" -``` - -:::note Web Modeler -The configuration above only contains the Ingress-related values under `webModeler`. Review the additional [installation instructions and configuration hints](/self-managed/setup/install.md#installing-web-modeler). -::: - -Incorporate the custom values mentioned in the example above into the value file you're using to deploy Camunda as outlined in [deploying Camunda 8](/self-managed/setup/install.md): - -```shell -helm install demo camunda/camunda-platform -f values-separated-ingress.yaml -``` - -Once deployed, you can access the Camunda 8 components on: - -- **Applications:** `https://[identity|operate|optimize|tasklist|modeler|console|zeebe].camunda.example.com` -- **Keycloak authentication:** `https://keycloak.camunda.example.com` -- **Zeebe Gateway:** `grpc://zeebe-grpc.camunda.example.com` - - - - - ## Ingress controllers Ingress resources require the cluster to have an [Ingress Controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) running. There are many options for configuring your Ingress Controller. If you are using a cloud provider such as AWS or GCP, follow their Ingress setup guides if an Ingress Controller is not already pre-installed. Ingress configuration for AWS EKS can be found in [install Camunda 8 on an EKS cluster](/self-managed/setup/deploy/amazon/amazon-eks/eks-helm.md). diff --git a/docs/self-managed/setup/install.md b/docs/self-managed/setup/install.md index 42cfc4b19d..3e14f6b468 100644 --- a/docs/self-managed/setup/install.md +++ b/docs/self-managed/setup/install.md @@ -220,7 +220,7 @@ helm install camunda camunda/camunda-platform --version 8.1 \ By default, Camunda services deployed in a cluster are not accessible from outside the cluster. However, you can choose from several methods to connect to these services: - **Port forwarding:** This method allows you to direct traffic from your local machine to the cluster, making it possible to access Camunda services directly. For detailed instructions, refer to [accessing components without Ingress](/self-managed/setup/guides/accessing-components-without-ingress.md). -- **Ingress configuration:** You can set up the NGINX Ingress controller to manage external service access. This can be done by combining components Ingress in a single domain or configuring separate Ingress for each component. For detailed instructions, refer to [combined and separated Ingress setup](/self-managed/setup/guides/ingress-setup.md). +- **Ingress configuration:** You can set up the NGINX Ingress controller to manage external service access. For detailed instructions, refer to the [Ingress setup guide](/self-managed/setup/guides/ingress-setup.md). - **EKS cluster installation:** For those deploying Camunda 8 on an Amazon EKS cluster, refer to [installing Camunda 8 on an EKS cluster](/self-managed/setup/deploy/amazon/amazon-eks/eks-helm.md). ## Configure license key @@ -394,7 +394,7 @@ console: For more details, check [Console Helm values](https://artifacthub.io/packages/helm/camunda/camunda-platform#console-parameters). :::note -Console Self-Managed requires the Identity component to authenticate. Camunda Helm Chart installs Identity by default. When logging in to Console when using port-forward, port-forward Keycloak service `kubectl port-forward svc/-keycloak 18080:80` or configure Identity with Ingress as described in [combined and separated Ingress setup](/self-managed/setup/guides/ingress-setup.md). +Console Self-Managed requires the Identity component to authenticate. Camunda Helm Chart installs Identity by default. When logging in to Console when using port-forward, port-forward Keycloak service `kubectl port-forward svc/-keycloak 18080:80` or configure Identity with Ingress as described in the [Ingress setup guide](/self-managed/setup/guides/ingress-setup.md). :::