-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Installation stuck at PodInitializing #56
Comments
@shishkin, can you share the events output from |
Thanks for the hint @eliobischof. The init pod is not able to mount SSL certificate secrets for the DB:
I don't think they're mentioned in the guide. I'm installing the charts with Terraform Helm provider instead of Helm CLI. The values I provide are: For CRDB: {
fullnameOverride: "crdb",
conf: {
"single-node": true,
},
statefulset: {
replicas: 1,
},
tls: {
enabled: false,
},
} For Zitadel: {
replicaCount: 1,
zitadel: {
masterkey: "...",
configmapConfig: {
ExternalSecure: false,
TLS: {
Enabled: false,
},
},
},
ingress: {
enabled: true,
hosts: [
{
host: "...",
paths: [
{
path: "/",
pathType: "Prefix",
},
],
},
],
},
} |
Sorry, I forgot this one. Do you still have the issue? |
@eliobischof I got stuck with it and wasn't able to make progress. I would appreciate a hint which minimal set of values is mandatory to get Zitadel running. |
The cockroach chart should have created certificate secrets. Apparently, they are not called crdb-ca-secret and crdb-client-secret, as the zitadel pods try to mount them. You can configure the cert secrets names as references in the zitadel charts values.yaml https://github.com/zitadel/zitadel-charts/blob/main/charts/zitadel/values.yaml#L59. |
@shishkin Did elios proposal work for you? |
I tried to deploy it again still with no success.
After setting CRDB's chart value
Still zitadel init fails:
|
Sorry @shishkin, I was in vacation. Can you show me the log output of the init-jobs container, please? |
This is the log from the last run:
Seems like zitadel is not using the credentials that CRDB created. |
Maybe you could provide a tested and working example because the one in the docs doesn't seem to work? |
@shishkin CockroachDB is not embedded in the ZITADEL chart anymore. So, passing crdb values doesn't have any effect anymore. We fixed that in the docs. How did you deploy CockroachDB, and how do you pass the credentials to ZITADEL? |
@eliobischof yes, "an example for a fast PoC" captures it perfectly. Looking forward to that. |
Note that the documentation at https://zitadel.com/docs/self-hosting/deploy/kubernetes#setup-zitadel-and-a-human-admin is outdated. I encountered the exact problem in this thread |
For those who may step into this pit again, the issue of
is probably caused by race condition. WAIT for a while till "crdb-client-secret" is eventually usable. Then you may still see an authentication failure. Somehow the zitadel-init job fails to create a user "zitadel" with a password with inspirations from #25. Manually creating the user zitadel with a password worked for me. @shishkin It is very interesting that line 65 from the result of As a user than a contributor, my exploration ends here. But, hopefully this comment gives you some pointers to fix related issues. |
A working helmfile definition is: repositories:
- name: cockroachdb
url: https://charts.cockroachdb.com/
- name: zitadel
url: https://charts.zitadel.com
releases:
- name: cockroachdb
chart: cockroachdb/cockroachdb
set:
- name: fullnameOverride
value: crdb
- name: single-node
value: true
- name: statefulset.replicas
value: 1
- name: init.provisioning.enabled
value: true
values:
- init.provisioning.users[0]:
name: zitadel
password: password
options: [LOGIN]
- name: zitadel
needs: [cockroachdb]
chart: zitadel/zitadel
atomic: true
set:
- name: zitadel.masterkey
value: "MasterkeyNeedsToHave32Characters" # 32 chars
- name: zitadel.configmapConfig.ExternalSecure
value: false
- name: zitadel.configmapConfig.TLS.Enabled
value: false
- name: zitadel.configmapConfig.Database.cockroach.Host
value: crdb-public.default
- name: zitadel.secretConfig.Database.cockroach.User.Password
value: "password"
- name: replicaCount
value: 1 |
Thanks @Congee, I will try your example. |
I've tried that, but still get an error from zitadel initializer pod:
|
I've installed the chart as described in the guide but it is stuck at PodInitializing:
I had a successful test with docker-compose setup, but now with K8s charts have no idea what is going wrong.
The text was updated successfully, but these errors were encountered: