[ISSUE] gatewayAddress Configuration cannot be configured #2595
Assignees
Labels
kind/issue
Unidentified issue, it could be a bug, misconfig, or anything in between
platform/aws
Issues related to AWS
platform/openshift
Issues related to OpenShift
Comments
leiicamundi
added
the
kind/issue
github-actions
bot
added
platform/aws
|
Hi @leiicamundi I have more context now after exploring this issue a little bit. Here is a full working values.yaml: global:
ingress:
annotations:
route.openshift.io/termination: edge
route.openshift.io/destination-ca-certificate-secret: combined-tls-auto
enabled: true
className: openshift-default
host: "combined.hamzatest.com"
tls:
enabled: true
secretName: hamzatls
identity:
auth:
publicIssuerUrl: "https://combined.hamzatest.com/auth/realms/camunda-platform"
operate:
redirectUrl: "https://combined.hamzatest.com/operate"
tasklist:
redirectUrl: "https://combined.hamzatest.com/tasklist"
optimize:
redirectUrl: "https://combined.hamzatest.com/optimize"
webModeler:
redirectUrl: "https://combined.hamzatest.com/modeler"
console:
redirectUrl: "https://combined.hamzatest.com/console"
identity:
contextPath: "/identity"
fullURL: "https://combined.hamzatest.com/identity"
operate:
env:
- name: CAMUNDA_OPERATE_ZEEBE_SECURE
value: "true"
- name: CAMUNDA_OPERATE_ZEEBE_BROKERCONTACTPOINT
value: camunda-zeebe-gateway.hamza.svc.cluster.local:26500
- name: CAMUNDA_OPERATE_ZEEBE_CERTIFICATEPATH
value: /usr/local/operate/config/tls.crt
extraVolumeMounts:
- name: certificate
mountPath: /usr/local/operate/config/tls.crt
subPath: tls.crt
extraVolumes:
- name: certificate
secret:
secretName: zeebe-gateway-tls-auto
items:
- key: tls.crt
path: tls.crt
contextPath: "/operate"
optimize:
contextPath: "/optimize"
tasklist:
env:
- name: CAMUNDA_TASKLIST_ZEEBE_SECURE
value: "true"
- name: CAMUNDA_TASKLIST_ZEEBE_CERTIFICATEPATH
value: /usr/local/tasklist/config/tls.crt
# - name: CAMUNDA_TASKLIST_ZEEBE_BROKERCONTACTPOINT
# value: camunda-zeebe-gateway.hamza.svc.cluster.local:26500
- name: CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS
value: camunda-zeebe-gateway.hamza.svc.cluster.local:26500
extraVolumeMounts:
- name: certificate
mountPath: /usr/local/tasklist/config/tls.crt
subPath: tls.crt
extraVolumes:
- name: certificate
secret:
secretName: zeebe-gateway-tls-auto
items:
- key: tls.crt
path: tls.crt
defaultMode: 420
contextPath: "/tasklist"
console:
contextPath: "/console"
connectors:
enabled: true
inbound:
mode: oauth
contextPath: "/connectors"
env:
- name: ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS
value: "camunda-zeebe-gateway.hamza.svc.cluster.local:26500"
- name: ZEEBE_CLIENT_SECURITY_PLAINTEXT
value: "false"
- name: CAMUNDA_CLIENT_ZEEBE_CACERTIFICATEPATH
value: /usr/local/certificates/tls.crt
extraVolumeMounts:
- name: certificate
mountPath: /usr/local/certificates/tls.crt
subPath: tls.crt
extraVolumes:
- name: certificate
secret:
secretName: zeebe-gateway-tls-auto
items:
- key: tls.crt
path: tls.crt
defaultMode: 420
zeebeGateway:
replicas: 1
contextPath: "/zeebe"
service:
annotations:
service.beta.openshift.io/serving-cert-secret-name: zeebe-gateway-tls-auto
env:
- name: ZEEBE_GATEWAY_SECURITY_ENABLED
value: "true"
- name: ZEEBE_GATEWAY_SECURITY_CERTIFICATECHAINPATH
value: /usr/local/zeebe/config/tls.crt
- name: ZEEBE_GATEWAY_SECURITY_PRIVATEKEYPATH
value: /usr/local/zeebe/config/tls.key
- name: ZEEBE_GATEWAY_CLUSTER_SECURITY_CERTIFICATECHAINPATH
value: /usr/local/zeebe/config/tls.crt
- name: ZEEBE_GATEWAY_CLUSTER_SECURITY_PRIVATEKEYPATH
value: /usr/local/zeebe/config/tls.key
extraVolumeMounts:
- name: certificate
mountPath: /usr/local/zeebe/config/tls.crt
subPath: tls.crt
- name: key
mountPath: /usr/local/zeebe/config/tls.key
subPath: tls.key
extraVolumes:
- name: certificate
secret:
secretName: zeebe-gateway-tls-auto
items:
- key: tls.crt
path: tls.crt
defaultMode: 420
- name: key
secret:
secretName: zeebe-gateway-tls-auto
items:
- key: tls.key
path: tls.key
defaultMode: 420
# contextPath: ""
ingress:
grpc:
enabled: true
className: openshift-default
host: "zeebe-combined.hamzatest.com"
tls:
enabled: true
secretName: hamzatls
zeebe:
clusterSize: 1
partitionCount: 1
replicationFactor: 1
webModeler:
enabled: true
contextPath: "/modeler"
image:
pullSecrets:
- name: registry-camunda-cloud
restapi:
mail:
fromAddress: "[email protected]"
postgresql:
enabled: true
|
|
The other option would be to modify the gateway address through the values.yaml but I don't see much value in that when you are already able to modify the other components correctly to connect to zeebe gateway |
|
Hi @hamza-m-masood,
Thank you, this fixed the error. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue:
In the current configuration of the Camunda Platform Helm Chart for version 8.7 (Core), the
gatewayAddressvalue is hardcoded in the ConfigMap templates:camunda-platform-helm/charts/camunda-platform-alpha/templates/core/configmap.yaml
Line 274 in 18a8314
camunda-platform-helm/charts/camunda-platform-alpha/templates/core/configmap.yaml
Line 366 in 18a8314
For comparison, in version 8.6, similar hardcoded values exist in the following components' ConfigMaps:
camunda-platform-helm/charts/camunda-platform-8.6/templates/operate/configmap.yaml
Line 117 in 18a8314
camunda-platform-helm/charts/camunda-platform-8.6/templates/tasklist/configmap.yaml
Line 135 in 18a8314
This hardcoding makes the configuration incompatible with the documented OpenShift deployment procedure:
SANvalues like<service>.<namespace>.svc.cluster.localand not the short service name (e.g.,<service>).SAN.To resolve this, the
gatewayAddressvalue needs to be configurable, allowing compatibility with OpenShift’s TLS routing.Related to P1 #2595
Actual behavior:
gatewayAddressis hardcoded and does not support the configuration of a custom address.Expected behavior:
gatewayAddressshould be configurable in the Helm values file, allowing users to specify the appropriate FQDN (e.g.,<service>.<namespace>.svc.cluster.local).How to reproduce:
gatewayAddress.Logs:
Environment:
The text was updated successfully, but these errors were encountered: