alexdess_
alexdess_3mo ago

Kubernetes configuration to DBaaS

Hello everyone, I'm trying to install ZITADEL in my Kubernetes cluster and connect it to an existing DBaaS (PostgreSQL). I'm hitting a fatal error during startup: level=fatal msg="at least ssl root cert has to be set" caller="/home/runner/work/zitadel/zitadel/internal/database/postgres/pg.go:192" cert set=false key set=false rootCert set=false I've attempted to configure the SSL root certificate by setting this environment variable in my deployment: YAML - name: ZITADEL_DATABASE_POSTGRES_USER_SSL_ROOTCERT value: /certs/root.crt I've also made sure the root.crt file is mounted into the /certs directory within the ZITADEL pod. Has anyone encountered this or have advice on how to correctly provide the SSL root certificate to ZITADEL in Kubernetes? Any pointers would be greatly appreciated! Thanks!
6 Replies
Rajat
Rajat3mo ago
hi @alexdess_ thanks for your question, since its a DB issue, I will tag @adlerhurst and he can take a look.
adlerhurst
adlerhurst3mo ago
Let me tag @Elio because this looks like a kubernetes error to me. What version of zitadel are you using?
alexdess_
alexdess_OP3mo ago
Hello, I'm using version 3.3.0. It was a misconfiguration on my side. After I had some issues that I was able to fix using ZITADEL_DATABASE_POSTGRES_ADMIN_EXISTINGDATABASE environment variable. Thanks a lot for your response. I still have one issue to resolve before going into production, see GitHub issue #branding
GitHub
[Bug]: Updating branding even as admin results in a 401 error · Is...
Preflight Checklist I could not find a solution in the documentation, the existing issues or discussions I have joined the ZITADEL chat Environment Self-hosted Version v2.63.4 Database PostgreSQL D...
alexdess_
alexdess_OP3mo ago
When I add the logo, I have the following error D=AUTH-DZG21 Message=Errors.OriginNotAllowed @Elio Could this be a Kubernetes issue? My setup involves Exoscale SKS with Nginx as a reverse proxy. Just to clarify, all other functionalities are working correctly. Also, ZITADEL_EXTERNALSECURE is set to true.
No description
alexdess_
alexdess_OP3mo ago
I also get this error message upstream. I have the impression from my research that this is due to the http header that I should add to the cluster Content-Security-Policy: img-src 'self' data. Unfortunately this doesn't seem to be allowed. Is it possible to add this image in another way? curl or directly in the db (‘styling2’ table or other) ?
No description
adlerhurst
adlerhurst4w ago
Hi @alexdess_ I will raise this internally, thanks for your patience.

Did you find this page helpful?