For setting up a TLS-enabled ZITADEL, you can start using a self-signed certificate.
By setting zitadel.selfSignedCert.enabled to true, the chart generates a self-signed cert for each zitadel pod on startup.
By running the commands below, you deploy a simple, insecure Postgres database to your Kubernetes cluster by using the Bitnami chart.
Also, you deploy a correctly configured ZITADEL.
Warning
You only pseudo-secure the incoming connections to ZITADEL, not to your database. Anybody with network access to the Postgres database can connect to it and read and write data. Use this example only for testing purposes. For deploying a secure Postgres database, see the secure Postgres example.
[!INFO] The example assumes you already have a running Kubernetes cluster with a working ingress controller. If you don't, run a local KinD cluster before executing the following commands.
# Install Postgres
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install --wait db bitnami/postgresql --version 12.10.0 --values https://raw.githubusercontent.com/zitadel/zitadel-charts/main/examples/5-internal-tls/postgres-values.yaml
# Install Zitadel
helm repo add zitadel https://charts.zitadel.com
helm install my-zitadel zitadel/zitadel --values https://raw.githubusercontent.com/zitadel/zitadel-charts/main/examples/5-internal-tls/zitadel-values.yamlWhen Zitadel is ready, open https://internal-tls.127.0.0.1.sslip.io/ui/console?login_hint=zitadel-admin@zitadel.internal-tls.127.0.0.1.sslip.io in your browser and log in with the password Password1!.