vhdirk•5mo ago

K8s (with traefik) error 400 or 500

Hi! I've just installed zitadel in my homelab, which is a k3s cluster using traefik for ingress. I used the helm chart. After some issues with the init and setup jobs, I finally got to the point where I can login with the initial user. After the first login, I am asked to change the password. That seems to succeed. This is where I'm stuck: I get an empty page with a notification stating: Http response at 400 or 500 level, http status code: 0 . Any ideas where I could start to figure this out?

1 Reply

vhdirkOP•5mo ago

My config is:

    ingress:
      enabled: true
      hosts:
        - host: auth.mydomain.org
          paths:
            - path: /
              pathType: Prefix
      annotations:
        ingress.kubernetes.io/affinity: cookie
        ingress.kubernetes.io/force-ssl-redirect: "true"
        ingress.kubernetes.io/ssl-redirect: "true"
        cert-manager.io/cluster-issuer: letsencrypt-dynu
        traefik.frontend.passHostHeader: "true"
        traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
      className: traefik
      tls:
        - hosts:
            - auth.mydomain.org
          secretName: mydomain-org

    # initjob:
    #   command: zitadel

    env:
      - name: ZITADEL_DATABASE_POSTGRES_HOST
       ... db connection env vars

    zitadel:
      masterkeySecretName: zitadel-masterkey
      configmapConfig:
        ExternalSecure: false
        ExternalDomain: auth.mydomain.org
        FirstInstance:
          Org:
            Human:
              Username: 'admin'
              Password: 'Admin123!'
        TLS:
          Enabled: false
        Database:
          Postgres:
            Database: zitadel
            MaxOpenConns: 20
            MaxIdleConns: 10
            MaxConnLifetime: 30m
            MaxConnIdleTime: 5m
            User:
              SSL:
                Mode: disable
            Admin:
              SSL:
                Mode: disable

    ingress:
      enabled: true
      hosts:
        - host: auth.mydomain.org
          paths:
            - path: /
              pathType: Prefix
      annotations:
        ingress.kubernetes.io/affinity: cookie
        ingress.kubernetes.io/force-ssl-redirect: "true"
        ingress.kubernetes.io/ssl-redirect: "true"
        cert-manager.io/cluster-issuer: letsencrypt-dynu
        traefik.frontend.passHostHeader: "true"
        traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
      className: traefik
      tls:
        - hosts:
            - auth.mydomain.org
          secretName: mydomain-org

    # initjob:
    #   command: zitadel

    env:
      - name: ZITADEL_DATABASE_POSTGRES_HOST
       ... db connection env vars

    zitadel:
      masterkeySecretName: zitadel-masterkey
      configmapConfig:
        ExternalSecure: false
        ExternalDomain: auth.mydomain.org
        FirstInstance:
          Org:
            Human:
              Username: 'admin'
              Password: 'Admin123!'
        TLS:
          Enabled: false
        Database:
          Postgres:
            Database: zitadel
            MaxOpenConns: 20
            MaxIdleConns: 10
            MaxConnLifetime: 30m
            MaxConnIdleTime: 5m
            User:
              SSL:
                Mode: disable
            Admin:
              SSL:
                Mode: disable

I figured it out: I had to set ExternalSecure to true. Obviously

K8s (with traefik) error 400 or 500

Did you find this page helpful?