some-dontS
ZITADELβ€’3mo agoβ€’
8 replies
some-dont

[Bug] Zitadel Chart - v2 login 'wait-for-zitadel' fails with service mesh (linkerd) K8S

The wait-for-zitadel init container in the login deployment fails when running with Linkerd (probably Istio too). Problem: Zitadel v4 serves HTTP/2 on port 8080. The init container uses wait4x/wait4x:3.5 which only speaks HTTP/1.1. When it tries to check /debug/ready, it dies with:

Error: net/http: HTTP/1.x transport connection broken: 
malformed HTTP response "\x00\x00\x12\x04..."


That's the HTTP/2 connection preface. wait4x doesn't know what to do with it. Result: Login pods stuck at Init:2/3 forever. Main Zitadel works fine, just can't start login. Workaround: I'm using a Kustomize patch to replace the init container with curl that supports HTTP/2:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: zitadel-login
  namespace: my-namespace
spec:
  template:
    spec:
      initContainers:
        - name: wait-for-zitadel
          image: curlimages/curl:8.10.1
          command:
            - sh
            - -c
            - |
              until curl -f -s --http2-prior-knowledge --max-time 5 http://zitadel:8080/debug/ready > /dev/null 2>&1; do
                sleep 5
              done


The --http2-prior-knowledge flag makes curl use HTTP/2 from the start. Location: charts/zitadel/templates/deployment_login.yaml line 82ish Anyone else hitting this or just me? Should I open a GitHub issue?
Was this page helpful?