From 86b118a4b80f52529e1d835cdefacc2359b8155c Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Thu, 11 Jan 2024 11:00:00 +0100 Subject: [PATCH] docs(self-hosted): direct to the tested k8s example (#7201) docs(self-hosted): direct to the tested example --- docs/docs/self-hosting/deploy/kubernetes.mdx | 89 +------------------- 1 file changed, 2 insertions(+), 87 deletions(-) diff --git a/docs/docs/self-hosting/deploy/kubernetes.mdx b/docs/docs/self-hosting/deploy/kubernetes.mdx index c7879e1bb4..a3814e4f4d 100644 --- a/docs/docs/self-hosting/deploy/kubernetes.mdx +++ b/docs/docs/self-hosting/deploy/kubernetes.mdx @@ -3,91 +3,6 @@ title: Set up ZITADEL on Kubernetes sidebar_label: Kubernetes --- -import Disclaimer from './_disclaimer.mdx' -import DefaultUser from './_defaultuser.mdx' -import Next from './_next.mdx' -import NoteInstanceNotFound from './troubleshooting/_note_instance_not_found.mdx'; +For getting started with an easily testable insecure setup with Postgres, follow the [Insecure Postgres Example](https://github.com/zitadel/zitadel-charts/tree/main/examples/1-postgres-insecure). - -Installation and configuration details are described in the [open source ZITADEL charts repo](https://github.com/zitadel/zitadel-charts). -By default, the chart installs a secure and highly available ZITADEL instance. -For running an easily testable, insecure, non-HA ZITADEL instance, run the following commands. - - -## Add the Helm Repositories for CockroachDB and ZITADEL - -```bash -helm repo add cockroachdb https://charts.cockroachdb.com/ -helm repo add zitadel https://charts.zitadel.com -``` - -After you have your repositories added, -you can setup ZITADEL and either -- initialize an [IAM owner who is a human user](#setup-zitadel-and-a-human-admin) or -- initialize an [IAM owner who is a service account](#setup-zitadel-and-a-service-account-admin) - -## Setup ZITADEL and a Human Admin - -```bash -# Install CockroachDB -helm install crdb cockroachdb/cockroachdb \ - --set fullnameOverride=crdb \ - --set conf.single-node=true \ - --set statefulset.replicas=1 - -# Install ZITADEL -helm install my-zitadel zitadel/zitadel \ - --set zitadel.masterkey="MasterkeyNeedsToHave32Characters" \ - --set zitadel.configmapConfig.ExternalSecure=false \ - --set zitadel.configmapConfig.TLS.Enabled=false \ - --set zitadel.secretConfig.Database.cockroach.User.Password="a-zitadel-db-user-password" \ - --set replicaCount=1 - -# Make ZITADEL locally accessible -kubectl port-forward svc/my-zitadel 8080 -``` - - - - - -## Setup ZITADEL and a Service Account Admin - -With this setup, you don't create a human user that has the IAM_OWNER role. -Instead, you create a service account that has the IAM_OWNER role. -ZITADEL will also create a key for your, with which you can authenticate to the ZITADEL API. -For example, you can install ZITADEL and seemlessly provision ZITADEL resources after installation using [Terraform](/docs/guides/manage/terraform/basics.md). - -:::caution -With this setup you only get a key for a service account. Logging in at ZITADEL using the login screen is not possible until you create a user with the ZITADEL API. -::: - -```bash -# Install CockroachDB -helm install crdb cockroachdb/cockroachdb \ - --set fullnameOverride=crdb \ - --set conf.single-node=true \ - --set statefulset.replicas=1 - -# Install ZITADEL -helm install my-zitadel zitadel/zitadel \ - --set zitadel.masterkey="MasterkeyNeedsToHave32Characters" \ - --set zitadel.configmapConfig.ExternalSecure=false \ - --set zitadel.configmapConfig.TLS.Enabled=false \ - --set zitadel.secretConfig.Database.cockroach.User.Password="a-zitadel-db-user-password" \ - --set replicaCount=1 \ - --set zitadel.configmapConfig.FirstInstance.Org.Machine.Machine.Username="zitadel-admin-sa" \ - --set zitadel.configmapConfig.FirstInstance.Org.Machine.Machine.Name="Admin" \ - --set zitadel.configmapConfig.FirstInstance.Org.Machine.MachineKey.Type=1 - -# Make ZITADEL locally accessible -kubectl port-forward svc/my-zitadel 8080 -``` - -When Helm is done, you can print your service account key from a Kubernetes secret: -```bash -kubectl get secret zitadel-admin-sa -o jsonpath='{ .data.zitadel-admin-sa\.json }' | base64 --decode -``` - - - +For more information and configuration examples, go to the [ZITADEL charts repo](https://github.com/zitadel/zitadel-charts).