Skip to main content

Set up ZITADEL on Knative

Install Knative​

Follow the Knative quickstart guide to get a local kind/minikube environment with Knative capabilities.

For example, to install Knative on a kind cluster, run kn quickstart kind.

Run PostgreSQL​

If you are following the Knative Tutorial, you can deploy Postgres as a StatefulSet for the tutorials Bookstore sample app. For example:

git clone https://github.com/knative/docs.git
kubectl apply -f docs/code-samples/eventing/bookstore-sample-app/solution/db-service/

Start Zitadel as a Knative Service​

kn service create zitadel \
--image ghcr.io/zitadel/zitadel:latest \
--port 8080 \
--env ZITADEL_EXTERNALDOMAIN=zitadel.default.127.0.0.1.sslip.io \
--env ZITADEL_EXTERNALSECURE=false \
--env ZITADEL_EXTERNALPORT=80 \
--env ZITADEL_TLS_ENABLED=false \
--env ZITADEL_DATABASE_POSTGRES_HOST=postgresql \
--env ZITADEL_DATABASE_POSTGRES_PORT=5432 \
--env ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel \
--env ZITADEL_DATABASE_POSTGRES_USER_USERNAME=myzitadeluser \
--env ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=myzitadelpassword \
--env ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable \
--env ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=myuser \
--env ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=mypassword \
--env ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable \
--env ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED=false \
--env ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_MFAINITSKIPLIFETIME="0s" \
--arg "start-from-init" --arg "--masterkey=MasterkeyNeedsToHave32Characters"

Access ZITADEL​

Get the ZITADEL URL​

kn services list

NAME      URL                                         LATEST          AGE   CONDITIONS   READY   REASON
zitadel   http://zitadel.default.127.0.0.1.sslip.io   zitadel-00001   10m   3 OK / 3     True

Open your browser at http://zitadel.default.127.0.0.1.sslip.io/ui/console?login_hint=zitadel-admin@zitadel.zitadel.default.127.0.0.1.sslip.io and use the initial password Password1!

note

This guide is based on a local setup. If you encounter an error "Instance Not Found" please read the following section: Instance not found

What's next​

For running a production grade ZITADEL instance in your environment, go on with the configure ZITADEL section.

caution

The ZITADEL management console requires end-to-end HTTP/2 support

Disclaimer​

This guide is for development / demonstration purpose only and does NOT reflect a production setup.

Things such as TLS termination and email verification will not be available unless you

  • Use an API gateway with valid certificates in front of the service
  • Configure an appropriate email server