-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ISSUE] gatewayAddress Configuration cannot be configured #2595
Comments
Hi @leiicamundi I have more context now after exploring this issue a little bit. Here is a full working values.yaml: global:
ingress:
annotations:
route.openshift.io/termination: edge
route.openshift.io/destination-ca-certificate-secret: combined-tls-auto
enabled: true
className: openshift-default
host: "combined.hamzatest.com"
tls:
enabled: true
secretName: hamzatls
identity:
auth:
publicIssuerUrl: "https://combined.hamzatest.com/auth/realms/camunda-platform"
operate:
redirectUrl: "https://combined.hamzatest.com/operate"
tasklist:
redirectUrl: "https://combined.hamzatest.com/tasklist"
optimize:
redirectUrl: "https://combined.hamzatest.com/optimize"
webModeler:
redirectUrl: "https://combined.hamzatest.com/modeler"
console:
redirectUrl: "https://combined.hamzatest.com/console"
identity:
contextPath: "/identity"
fullURL: "https://combined.hamzatest.com/identity"
operate:
env:
- name: CAMUNDA_OPERATE_ZEEBE_SECURE
value: "true"
- name: CAMUNDA_OPERATE_ZEEBE_BROKERCONTACTPOINT
value: camunda-zeebe-gateway.hamza.svc.cluster.local:26500
- name: CAMUNDA_OPERATE_ZEEBE_CERTIFICATEPATH
value: /usr/local/operate/config/tls.crt
extraVolumeMounts:
- name: certificate
mountPath: /usr/local/operate/config/tls.crt
subPath: tls.crt
extraVolumes:
- name: certificate
secret:
secretName: zeebe-gateway-tls-auto
items:
- key: tls.crt
path: tls.crt
contextPath: "/operate"
optimize:
contextPath: "/optimize"
tasklist:
env:
- name: CAMUNDA_TASKLIST_ZEEBE_SECURE
value: "true"
- name: CAMUNDA_TASKLIST_ZEEBE_CERTIFICATEPATH
value: /usr/local/tasklist/config/tls.crt
# - name: CAMUNDA_TASKLIST_ZEEBE_BROKERCONTACTPOINT
# value: camunda-zeebe-gateway.hamza.svc.cluster.local:26500
- name: CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS
value: camunda-zeebe-gateway.hamza.svc.cluster.local:26500
extraVolumeMounts:
- name: certificate
mountPath: /usr/local/tasklist/config/tls.crt
subPath: tls.crt
extraVolumes:
- name: certificate
secret:
secretName: zeebe-gateway-tls-auto
items:
- key: tls.crt
path: tls.crt
defaultMode: 420
contextPath: "/tasklist"
console:
contextPath: "/console"
connectors:
enabled: true
inbound:
mode: oauth
contextPath: "/connectors"
env:
- name: ZEEBE_CLIENT_BROKER_GATEWAY-ADDRESS
value: "camunda-zeebe-gateway.hamza.svc.cluster.local:26500"
- name: ZEEBE_CLIENT_SECURITY_PLAINTEXT
value: "false"
- name: CAMUNDA_CLIENT_ZEEBE_CACERTIFICATEPATH
value: /usr/local/certificates/tls.crt
extraVolumeMounts:
- name: certificate
mountPath: /usr/local/certificates/tls.crt
subPath: tls.crt
extraVolumes:
- name: certificate
secret:
secretName: zeebe-gateway-tls-auto
items:
- key: tls.crt
path: tls.crt
defaultMode: 420
zeebeGateway:
replicas: 1
contextPath: "/zeebe"
service:
annotations:
service.beta.openshift.io/serving-cert-secret-name: zeebe-gateway-tls-auto
env:
- name: ZEEBE_GATEWAY_SECURITY_ENABLED
value: "true"
- name: ZEEBE_GATEWAY_SECURITY_CERTIFICATECHAINPATH
value: /usr/local/zeebe/config/tls.crt
- name: ZEEBE_GATEWAY_SECURITY_PRIVATEKEYPATH
value: /usr/local/zeebe/config/tls.key
- name: ZEEBE_GATEWAY_CLUSTER_SECURITY_CERTIFICATECHAINPATH
value: /usr/local/zeebe/config/tls.crt
- name: ZEEBE_GATEWAY_CLUSTER_SECURITY_PRIVATEKEYPATH
value: /usr/local/zeebe/config/tls.key
extraVolumeMounts:
- name: certificate
mountPath: /usr/local/zeebe/config/tls.crt
subPath: tls.crt
- name: key
mountPath: /usr/local/zeebe/config/tls.key
subPath: tls.key
extraVolumes:
- name: certificate
secret:
secretName: zeebe-gateway-tls-auto
items:
- key: tls.crt
path: tls.crt
defaultMode: 420
- name: key
secret:
secretName: zeebe-gateway-tls-auto
items:
- key: tls.key
path: tls.key
defaultMode: 420
# contextPath: ""
ingress:
grpc:
enabled: true
className: openshift-default
host: "zeebe-combined.hamzatest.com"
tls:
enabled: true
secretName: hamzatls
zeebe:
clusterSize: 1
partitionCount: 1
replicationFactor: 1
webModeler:
enabled: true
contextPath: "/modeler"
image:
pullSecrets:
- name: registry-camunda-cloud
restapi:
mail:
fromAddress: "[email protected]"
postgresql:
enabled: true
|
The other option would be to modify the gateway address through the values.yaml but I don't see much value in that when you are already able to modify the other components correctly to connect to zeebe gateway |
Hi @hamza-m-masood,
Thank you, this fixed the error. |
Describe the issue:
In the current configuration of the Camunda Platform Helm Chart for version 8.7 (Core), the
gatewayAddress
value is hardcoded in the ConfigMap templates:camunda-platform-helm/charts/camunda-platform-alpha/templates/core/configmap.yaml
Line 274 in 18a8314
camunda-platform-helm/charts/camunda-platform-alpha/templates/core/configmap.yaml
Line 366 in 18a8314
For comparison, in version 8.6, similar hardcoded values exist in the following components' ConfigMaps:
camunda-platform-helm/charts/camunda-platform-8.6/templates/operate/configmap.yaml
Line 117 in 18a8314
camunda-platform-helm/charts/camunda-platform-8.6/templates/tasklist/configmap.yaml
Line 135 in 18a8314
This hardcoding makes the configuration incompatible with the documented OpenShift deployment procedure:
SAN
values like<service>.<namespace>.svc.cluster.local
and not the short service name (e.g.,<service>
).SAN
.To resolve this, the
gatewayAddress
value needs to be configurable, allowing compatibility with OpenShift’s TLS routing.Related to P1 #2595
Actual behavior:
gatewayAddress
is hardcoded and does not support the configuration of a custom address.Expected behavior:
gatewayAddress
should be configurable in the Helm values file, allowing users to specify the appropriate FQDN (e.g.,<service>.<namespace>.svc.cluster.local
).How to reproduce:
gatewayAddress
.Logs:
Environment:
The text was updated successfully, but these errors were encountered: