New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for more databases #3598
Comments
I like to hear your thoughts on this @adlerhurst |
A question first: will we support them? To not break the configuration files structure for v2 we have to add a database type, this must be done before the release. |
Added task for database type: #3600 |
I did some research around the offerings from the hyperscalers. It turns out that >80% of them has some form of pure Postgresql offering. Based on this I think we should allow and test for plain Postgresql as well besides cockroachDB. What I currently would ignore are their proprietary offerings e.g CosmosDB, Amazon RDS, Google Spanner. Even though some of them provide Postgresql as dialect |
We are interested in using zitadel and being able to use postgres is the largest hurdle for adoption on our side. |
We are currently valuating to support plain postgresql besides cockroachDB. This because multiple customers are interested in using the managed postgresql offerings. I think we should be able to given an update to this in the next 2-4 weeks. |
Nice! Let me know if you need beta testers, willing to give you good feedback since I want to implement our integration with v2 as soon as possible 😀 |
Support for mysql was requested here: #3600 (comment) |
@hifabienne Considering you set priority to low, I'm guessing this this statement from two months ago is no longer applicable ?
Thanks |
At the moment we are doing the finishing touches for Postgres which should be ready really soon to be released. After this we will consider what additional databases might make sense. |
Oh, very nice, thanks ! |
What DB are you interested in? |
Postgres is fine, I'll try it as soon as it's released. I also use MongoDB but I'm guessing that's irrelevant, as I've never seen an app that supports both SQL and NoSQL databases. |
We have just released postgresql support of ZITADEL. If you want to check it out you can find the release notes here: https://github.com/zitadel/zitadel/releases/tag/v2.3.0 If you have any feedback we are happy to answer :-) |
Since PostgreSQL support of Zitadel is limited to the latest major version, I cannot use it, therefore I look forward to MySQL support. Thanks |
I think it will be a while until we support mysql. Can you shine some light why it is a problem to use Postgresql 14? |
question was answered here: https://discord.com/channels/927474939156643850/1014503578439794688/1015302346449883176 |
I'm not the ones, but give feedback :-) Also wanted to switch to Postgres after seeing Cockroach RAM usage. In Keycloak the app is the memory hog, in Zitadel it's Cockroach. This works:
... and this doesn't work:
postgres is the container name of Postgres. |
hi @helmut72 Thanks for your feedback. We are currently working on ram usage of crdb. I think there is some configuration missing. If you use postgres you have to set all the fields for the connection. The defaults of zitadel are only configured for cockroachdb: here is an example for disabled ssl on postgres: ZITADEL_DATABASE_POSTGRES_HOST=postgres
ZITADEL_DATABASE_POSTGRES_PORT=5432
ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=password
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable # is missing in your comment above if you init the database with zitadel you have to set the admin user additionally: ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=root
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=root
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable If this doesn't help It would be great if you can share the logs of zitadel |
@adlerhurst
I hope Postgres doesn't take this much RAM too... ;) Nevertheless I prefer Postgres for my home setup. |
Update. Now it works. First I've pulled latest
Then I've also set the Postgres admin variables:
But even then it doesn't worked:
Look at the database name. Same as Postgres user variable. But I have set a different db name. My examples here are other names for security reason. Then I have tried with All at all it would be cool if the ENV parser use default values if any option is unset. I have this experience from other projects.
Can answer my own question. Postgres use 38MB. For now. That's great. :) |
@adlerhurst @fforootd Should we close this issue for now? We have added Postgres and I think for now we do not have the intention to add any other? Or how do you see it? |
I could use yugabytedb support. Based on postgresql, so should be 'relatively easy'. |
Why not. Although, I think MySQL is the most urgent one, as it's the most-used database. |
So maybe use an ORM like sqlboiler? But that is only a shot as I am not familiar with the code. Just interested on your opinion on this. |
SQLite support would be great for compact setups on the edge, but also for testing locally. Together with solutions like LiteFS SQLite is a great alternative for the "regular" databases. |
I don't know if anyone need this, but I was able to run Zitadel with Postgres using this docker-compose.yaml:
|
If anyone came here in search of why it complains to initialize with |
I'd like to also leave a mark here as I stumbled across this issue and have a different viewpoint onto the problem as well. Our company operates within the Financial and Insurance Sector. This sectors comes with some limitations that do limit a persons choice of a database drastically (and is probably the reason why you cleverly packaged it into Enterprise 🙈 ).
Now, certainly there are services where you get Cockroach as a Service, but also this generally FIS customers do not really like, especially when the companies have 🇺🇸 -background (🇨🇭 bancs and 🇺🇸 have a special relation). In the end, we are nearly forced, pushed / deeply motivated to take Azure-hosted databases as FIS customers trust Microsoft just more than any other startup/company that cooks their own soup. This mindset, that large customers (and large customers bring large money) bring their own database (Cosmos, MySQL, Maria, Postgres or whatever Microsoft hosts) should be also kept in mind when evaluating this issue 🤔 Sadly, that is also why most of them and us can and won't use Zitadel Cloud. They want it in their own Azure Tenant. Visionary thought: Given that you are 🇨🇭 based and maybe one day want to bark up the FIS sector as well (just dreaming) you would kind of start to fall into the Landing Zone Concept like we do and there, it would be (so I assume) highly encourage that you use one Microsoft DB's 🚀 |
That's a closed-mindedness issue, i.e. invalid from my point of view. |
Thank you for this insightful write up 🙏. Allow me a question, would it not be sufficient for most to run zitadel inside their azure tenant and use one of the managed Postgres offerings from azure? Or do these customers want a managed zitadel in their own tenant? Because this is what we see people doing instead of using our cloud service. (Postgres works in the OSS version already, just yesterday I deployed a zitadel with Google cloud SQL) As a side note CRDB soon will offer Azure as well, but I do not know the details 😅. |
I am not sure I am getting this. What is closed-minded? |
Wanting to only use Azure/AWS/GCP or SaaS, disliking self-hosting. |
🤝
We see both. We have one customer asking for a fully managed service (where we actually struggle to find a good service-level agreement kind of because Privileged and Conditional Access to now their tenant). But we also have one customer that wants our solution deployed over a LZ but then manages it mostly themselves. We are also still finding our way through Microsoft and their LZ/Marketplace visions and papers but in the end the customers really just care about: Where is the data, who sees/processes it when and for how long and are they in charge of all the encryption keys or not.
Yeah, like us.
I am right now running terraform code to provision an Azure Flexible PSQL to do exactly that 🚀
This would be very interesting if they allow customer-managed encryption keys 🤔 @KaKi87 We do not want that, our customers want that. And they are regulated by authorities and the law so you get edged into a 🗳️ in these situations. Of course you can self-host but then you have to answer every audit why exactly you chose GPG as your favourite key and who exactly can access the key you made on your local machine, when did you rotate it last (show the evidence you did) etc. etc. etc. Update: You can have a look at this document from an expert in 🇨🇭 about that Does a cloud solution meet the requirements of a Swiss bank? to get an impression of the situation. |
I know, but you should be convincing them to open themselves to what the rest of the world can offer, despite the additional efforts required, and eventually help them doing these. Otherwise, we'll never stop GAFAM from ruling us. |
Yeah there will always be a need for regulated customers to take more control over their infra and data. We had the idea once that we could deploy zitadel into customers infra through our customer portal (so basically we deploy to your tenant and provision all the things we need). However we postponed that since it not an easy task to achieve. This is why we currently think having postgres and good support for k8s/knative is a great approach. |
Sure! I just left my thoughts as notes in case you revisit the issue one day 🚀 And since it works since yesterday with AKS Flex PSQL we can cover most of the audited world ourselves already 💪 |
Short addition here @fforootd: We are one of those customers and currently cannot switch to Zitadel because of the missing MySQL support. I'd love to, but our existing infrastructure is all MySQL, including backups, security agreements, SLAs, legal stuff, management/escalation agreements and so on. Our team is too small/busy to get into longer conversations with the legal department/compliance department/etc why we can't use existing resources, who will maintain Postgres in case of disaster, etc.. The hurdles to take might be out of control of the dev department and sometimes there is a lot of enterprise overhead in bigger structures. As I'd assume supporting MySQL should be just about adding some existing driver, I'd be really happy to see this feature and start switching over to Zitadel. |
Any news on MySQL/TiDB support? |
At the moment we do not have any news regarding support of mysql or any other databases. |
Maybe im missing something but why not to use some ORM? |
We are a big enterprise company with several sister companies and only uses MYSQL, any plans on supporting this anytime soon as it is the only reason preventing us from using your solution? |
That doesn't make any sense. It's like saying "we only use SOAP APIs powered by Java running on Ubuntu Server" : sure it's common but still a ridiculous meaningless limitation. 🤷 |
I think that cloud spanner would also be a good choice. We are currently using spanner to store permission on a global scale. Spanner should behave quite similar to Cockroach so maybe porting isn't that hard compared to other types of databases. Thanks |
Nice to hear from you. At the moment we have not planned mysql compatibility but I would encourage you to use a postgres/cockroachdb since we have a lot of experience with these storage layers. The main reason to (not yet) support other storage layers is that we currently lack the engineering capacity to do this in a high quality 😁 I hope you understand this. |
@adlerhurst and I where playing around with the postgres driver of spanner in the past but never finished it 😁 But certainly a postgres spanner optimization would be an interesting thing. |
Based on a discussion on [hackernews] (https://news.ycombinator.com/item?id=31266460)it might make sense for us to support multiple storages.
Even though CockroachDB will be the primary one
Acceptance criteria
The text was updated successfully, but these errors were encountered: