Tibin•4d ago

self host zitadel v4 on AKS with ingress, getting error, Instance not found

Ingress object is directly unable to set instance using origin &{zitadel-v4-np-01.mydomain.com https} (ExternalDomain is zitadel-v4-np-01.mydomain.com): ID=QUERY-1kIjX Message=Instance not found. Make sure you got the domain right. Check out https://zitadel.com/docs/apis/introduction#domains

zitadel:
  masterkey: <>
  configmapConfig:
    FirstInstance:
      Skip: true
    ExternalDomain: zitadel-v4-np-01.mydomain.com
    ExternalSecure: true
    Machine:
      Identification:
        Hostname:
          Enabled: true
        Webhook:
          Enabled: false
    TLS:
      Enabled: false
    Database:
      Postgres:
        Host: db-postgresql
        Port: 5432
        Database: zitadel
        MaxOpenConns: 20
        MaxIdleConns: 10
        MaxConnLifetime: 30m
        MaxConnIdleTime: 5m
        User:
          Username: postgres
          SSL:
            Mode: disable
        Admin:
          Username: postgres
          SSL:
            Mode: disable
ingress:
  enabled: true
  className: "webapprouting.kubernetes.azure.com"
  enabled: true
  annotations: 
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/modsecurity-snippet: |
      SecRuleRemoveById 949110
    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
    nginx.ingress.kubernetes.io/configuration-snippet: |
        grpc_set_header Host $host;
        more_clear_input_headers "Host" "X-Forwarded-Host";
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
    nginx.ingress.kubernetes.io/server-snippet: "grpc_buffer_size 8k;"
  tls:
    
hosts:
"zitadel-v4-np-01.mydomain.com"
  secretName: zitadel-v4-np-01-tls
login:
  enabled: false

replicaCount: 1

zitadel:
  masterkey: <>
  configmapConfig:
    FirstInstance:
      Skip: true
    ExternalDomain: zitadel-v4-np-01.mydomain.com
    ExternalSecure: true
    Machine:
      Identification:
        Hostname:
          Enabled: true
        Webhook:
          Enabled: false
    TLS:
      Enabled: false
    Database:
      Postgres:
        Host: db-postgresql
        Port: 5432
        Database: zitadel
        MaxOpenConns: 20
        MaxIdleConns: 10
        MaxConnLifetime: 30m
        MaxConnIdleTime: 5m
        User:
          Username: postgres
          SSL:
            Mode: disable
        Admin:
          Username: postgres
          SSL:
            Mode: disable
ingress:
  enabled: true
  className: "webapprouting.kubernetes.azure.com"
  enabled: true
  annotations: 
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/modsecurity-snippet: |
      SecRuleRemoveById 949110
    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
    nginx.ingress.kubernetes.io/configuration-snippet: |
        grpc_set_header Host $host;
        more_clear_input_headers "Host" "X-Forwarded-Host";
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
    nginx.ingress.kubernetes.io/server-snippet: "grpc_buffer_size 8k;"
  tls:
    
hosts:
"zitadel-v4-np-01.mydomain.com"
  secretName: zitadel-v4-np-01-tls
login:
  enabled: false

replicaCount: 1

zitadel helm value https://discord.com/channels/927474939156643850/1413104911855386654/1413104911855386654

ZITADEL Docs

ZITADEL exposes all features via different gRPC and REST APIs and provides SDKs for popular languages and frameworks.

2 Replies

Ask Inkeep•4d ago

Hi @Tibin, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer I wasn't able to find a direct answer, here are some relevant sources: 1. Troubleshoot ZITADEL (1) : This covers the "Instance not found" error specifically for custom domains and includes NGINX configuration examples with grpc_buffer_size settings similar to your ingress annotations. 2. External ZITADEL Access (2) : Explains how ZITADEL uses the Host header to determine which virtual instance to use and covers reverse proxy configuration requirements. To learn more, see the sources I considered: [1] Troubleshoot ZITADEL [2] External ZITADEL Access Feel free to tag @Ask Inkeep with additional questions.

TibinOP•4d ago

time="2025-09-04T11:16:28Z" level=error msg="unable to set instance" caller="/home/runner/work/zitadel/zitadel/internal/api/http/middleware/instance_interceptor.go:50" error="unable to get instance by host: instanceHost zitadel-v4-np-01.example.com, publicHost : ID=QUERY-1kIjX Message=Errors.IAM.NotFound" externalDomain=zitadel-v4-np-01.example.com origin="https://zitadel-v4-np-01.example.com/"

self host zitadel v4 on AKS with ingress, getting error, Instance not found

Did you find this page helpful?