Is anyone face this issue during install zitadel via helm chart?

Original message was deleted

FFO•9/30/22, 2:04 PM

Hi there, let me quickly check this

FFO•9/30/22, 2:06 PM

Ok so you need to set TLS to false

E.g. --set zitadel.configmapConfig.TLS.Enabled=false--set zitadel.configmapConfig.TLS.Enabled=false

FFO•9/30/22, 2:06 PM

Otherwise ZITADEL tries to load TLS keys while starting

FFO•9/30/22, 2:11 PM

yes that makes sense

FFO•9/30/22, 2:12 PM

ZITADEL by default does listen only to localhost:8080

FFO•9/30/22, 2:13 PM

If you want zitadel to listen to other names you need to tell it this.

https://docs.zitadel.com/docs/guides/manage/self-hosted/custom-domain

Custom Domain | ZITADEL Docs

This guide assumes you are already familiar with configuring ZITADEL.

FFO•10/1/22, 6:41 AM

Well zitadel needs to have the Hostname

otherwise it would not be feasible to run multiple instances in parallel

FFO•10/1/22, 6:42 AM

We are open for ux changes in that regard

We did discuss if zitadel should accept all Hostnamen per default but this brings other challenges (like from what domain should it send mails, and more)

FFO•10/2/22, 3:46 PM

On what platform are you trying to deploy? Docker compose?

FFO•10/2/22, 3:46 PM

Because in that case the docker-compose.yml already takes care of the cert to connect to the CRDB

FFO•10/2/22, 3:47 PM

FFO•10/2/22, 3:49 PM

I think you don’t need to supply the certs if you deploy the whole chart directly

FFO•10/2/22, 3:51 PM

Hm Strange we automated test the chart

FFO•10/2/22, 3:52 PM

@Elio this one is for you

FFO•10/2/22, 3:53 PM

I can look into this later as soon as I am on a pc

FFO•10/2/22, 3:55 PM

FFO•10/2/22, 4:46 PM

Ahh I see

FFO•10/2/22, 4:47 PM

that has nothing to do with the database. Instead it is the way zitadel should start

https://docs.zitadel.com/docs/guides/manage/self-hosted/tls_modes

TLS Modes | ZITADEL Docs

To allow ZITADEL to be run on any kind of infrastrucute it allows to configure on how tho handle TLS connections.

FFO•10/2/22, 4:49 PM

The TLS mode defines if ZITADEL should be connected from the outside world with TLS, With TLS terminated at a proxy or without TLS eniterly

FFO•10/2/22, 4:49 PM

This has nothing to do with the connection being made to the database with TLS

FFO•10/2/22, 4:50 PM

So in your case if you run a proxy in front you should use tls-mode external which disables the need for TLS certificates in ZITADEL