Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] Using external keycloak #2435

Open
jlett1990 opened this issue Oct 6, 2024 · 4 comments
Open

[ISSUE] Using external keycloak #2435

jlett1990 opened this issue Oct 6, 2024 · 4 comments
Labels
kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between

Comments

@jlett1990
Copy link

jlett1990 commented Oct 6, 2024
edited
Loading

Describe the issue:

Can't get external Keycloak to work with existing values.

Actual behavior:

Identity can't connect to keycloak.

Expected behavior:

Using the global identity.keycloak section would configure keycloak.

How to reproduce:

  global:
    identity:
      auth:
        # Disable the Identity authentication for local development
        # it will fall back to basic-auth: demo/demo as default user
        enabled: false
      keycloak:
        url:
          protocol: http
          host: keycloak-linux
          port: 8080
        realm: "camunda-platform"
        auth:
          adminUser: test
          existingSecret: keycloak-password
          existingSecretKey: password

I believe this section of the identity deployment.yaml should be updated, I don't actually see these in the values.yaml. Sorry if I'm mistaken.

            - name: KEYCLOAK_URL
              value: {{ include "identity.keycloak.url" . | quote }}
            - name: KEYCLOAK_SETUP_USER
              value: {{ include "identity.keycloak.authAdminUser" . | quote }}
            - name: KEYCLOAK_SETUP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "identity.keycloak.authExistingSecret" . }}
                  key: {{ include "identity.keycloak.authExistingSecretKey" . }}

Logs:

Environment:

Please note: Without the following info, it's hard to resolve the issue and probably it will be closed.

  • Platform: Docker Desktop]
  • Helm CLI version: v3.15.3
  • Chart version: Latest
  • Values file: Below

camunda-platform:
  global:
    identity:
      auth:
        # Disable the Identity authentication for local development
        # it will fall back to basic-auth: demo/demo as default user
        enabled: false
      keycloak:
        url:
          protocol: http
          host: mcm-keycloak-linux
          port: 8080
        realm: "camunda-platform"
        auth:
          adminUser: test
          existingSecret: keycloak-password
          existingSecretKey: password

    ingress:
      enabled: true
      className: nginx
      host: "camunda.local"

  # Disable identity as part of the Camunda core
  identity:
    enabled: true
    firstUser:
      enabled: true
      username: test
      password: test

  # Disable keycloak
  identityKeycloak:
    enabled: false

  optimize:
    enabled: false

  operate:
    contextPath: "/operate"
  tasklist:
    contextPath: "/tasklist"

  # Reduce for Zeebe and Gateway the configured replicas and with that the required resources
  # to get it running locally
  zeebe:

    connectors:
      inbound:
        enabled: true
      outbound:
        enabled: true
    clusterSize: 1
    partitionCount: 1
    replicationFactor: 1
    pvcSize: 10Gi

  zeebeGateway:
    ingress:
      enabled: true
      className: nginx
      host: "zeebe.camunda.local"
    replicas: 1

    inbound:
      mode: disabled

  elasticsearch:
    master:
      replicaCount: 1
      # Request smaller persistent volumes.
      persistence:
        size: 15Gi
@jlett1990 jlett1990 added the kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between label Oct 6, 2024
@aabouzaid
Copy link
Member

@jlett1990 Did you follow the official guide for using external Keycloak?
https://docs.camunda.io/docs/8.5/self-managed/setup/guides/using-existing-keycloak/

Also, according to the values you provide, if you use the Camunda chart directly, there is no need to use camunda-platform key:

camunda-platform:
  global:
    identity:
      auth:

It should be:

global:
  identity:
    auth:

One more thing, please provide the info about Chart version.

@ggrames
Copy link

ggrames commented Oct 17, 2024

Hi, i have seen this problem also in my configuration:
These two lines
name: {{ include "identity.keycloak.authExistingSecret" . }}
key: {{ include "identity.keycloak.authExistingSecretKey" . }}
are accessing a value from the values.xml which are not existing.
So in my opinion there is missing a dot "." between auth and ExistingSecret
it should be:
name: {{ include "identity.keycloak.auth.ExistingSecret" . }}
key: {{ include "identity.keycloak.auth.ExistingSecretKey" . }}

my Chart version is: --version=11.0.1

@aabouzaid
Copy link
Member

@ggrames This {{ include "identity.keycloak.authExistingSecret" . }} is a Named Templates not a value.

It's defined in the helper file.

@ggrames
Copy link

ggrames commented Oct 23, 2024

@aabouzaid
Ok, thanks for the clarification, i will check this out.
BR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aabouzaid @ggrames @jlett1990