docs: fix tls description and limitations (#3884)

* docs: fix tls description and limitations

* cleanup doku

* fixed knative link

* added loadbalancing link as example

* relative links

docs/docs/guides/installation/run/defaultuser.mdx

@@ -0,0 +1,4 @@
+Open your favorite internet browser and navigate to [http://localhost:8080/ui/console](http://localhost:8080/ui/console).
+This is the default IAM admin users login:
+- **username**: *zitadel-admin@<span></span>zitadel.localhost*
+- **password**: *Password1!*

docs/docs/guides/installation/run/knative.mdx

@@ -1,10 +1,7 @@
-## Disclaimer
-This guide is for development / demonstration purpose only and does NOT reflect a production setup.
-
 ## New Knative environment
 ### Download and run Knative quickstart
 
-Follow the Knative quickstart guide to get a local kind/minikube environment with Knative capabilities.
+Follow the [Knative quickstart guide](https://knative.dev/docs/getting-started/quickstart-install/) to get a local kind/minikube environment with Knative capabilities.
 
 It is basically 4 commands on Mac:
 
@@ -24,10 +21,6 @@ kn quickstart kind
 That will get you a ready to go knative/kubernetes environment.
 
 
-See Knative documentation here: 
-https://knative.dev/docs/install/quickstart-install/
-
-
 ## Database
 start a single-node cockroachdb as statefulset
 
@@ -35,14 +28,6 @@ start a single-node cockroachdb as statefulset
 kubectl apply -f https://raw.githubusercontent.com/zitadel/zitadel/v2-alpha/deploy/knative/cockroachdb-statefulset-single-node.yaml
 ```
 
-## Secret for TLS termination
-create a secret with your certificates for TLS termination
-
-```bash
-#describe happy path 
-kubectl apply secret -f certs.yaml
-```
-
 
 ## Start ZITADEL with Knative 
 ```bash
@@ -58,9 +43,7 @@ kn service create zitadel \
 --env ZITADEL_TLS_ENABLED=false \
 --env ZITADEL_EXTERNALDOMAIN=zitadel.default.127.0.0.1.sslip.io \
 --env ZITADEL_S3DEFAULTINSTANCE_CUSTOMDOMAIN=zitadel.default.127.0.0.1.sslip.io \
---arg "admin" --arg "start-from-init" --arg "--masterkey" --arg "MasterkeyNeedsToHave32Characters" \
---mount /tls.secret=secret:certs/tls.secret \
---mount /tls.key=secret:certs/tls.key
+--arg "start-from-init" --arg "--masterkey" --arg "MasterkeyNeedsToHave32Characters" 
 ```
 
 or use the knative service yaml
@@ -83,6 +66,6 @@ http://zitadel.default.127.0.0.1.sslip.io/ui/console
 
 If you didn't configure something else, this is the default IAM admin users login:
 
-* username: zitadel-admin@zitadel.zitadel.default.127.0.0.1.sslip.io
+* username: zitadel-admin@<span></span>zitadel.zitadel.default.127.0.0.1.sslip.io
 * password: Password1!
 

docs/docs/guides/installation/run/nextselfhosted.mdx

@@ -1,7 +1,3 @@
-Open your favorite internet browser and navigate to [http://localhost:8080/ui/console](http://localhost:8080/ui/console).
-This is the default IAM admin users login:
-- **username**: *zitadel-admin@<span></span>zitadel.localhost*
-- **password**: *Password1!*
 
 ## What's next
 

docs/docs/guides/installation/run/run.mdx

@@ -11,6 +11,7 @@ import Compose from './compose.mdx'
 import Helm from './helm.mdx'
 import Knative from './knative.mdx'
 import NextSelfHosted from './nextselfhosted.mdx'
+import DefaultUser from './defaultuser.mdx'
 
 # Run ZITADEL
 
@@ -18,6 +19,16 @@ Choose your platform and run ZITADEL with the most minimal configuration possibl
 For an easy self-hosted production setup, we recommend running ZITADEL on [Kubernetes](https://kubernetes.io/docs/home/), using our official [Helm](https://helm.sh/docs/) chart.
 By default, it runs a highly available ZITADEL instance along with a secure and highly available [CockroachDB](https://www.cockroachlabs.com/docs/stable/) instance.
 
+## Disclaimer
+This guide is for development / demonstration purpose only and does NOT reflect a production setup.
+
+Things such as TLS termination and email verification will not be available unless you 
+
+- use an API gateway with valid certificates in front of the service
+- configure an appropriate email server
+
+see loadbalancing example [here](/docs/guides/installation/loadbalancing-example)
+
 <!-- TODO: Destroy -->
 
 <Tabs
@@ -37,21 +48,26 @@ By default, it runs a highly available ZITADEL instance along with a secure and
     </TabItem>
     <TabItem value="linux">
         <Linux/>
+        <DefaultUser/>
         <NextSelfHosted/>
     </TabItem>
     <TabItem value="macos">
         <MacOS/>
+        <DefaultUser/>
         <NextSelfHosted/>
     </TabItem>
     <TabItem value="compose">
         <Compose/>
+        <DefaultUser/>
         <NextSelfHosted/>
     </TabItem>
     <TabItem value="k8s">
         <Helm/>
+        <DefaultUser/>
         <NextSelfHosted/>
     </TabItem>
     <TabItem value="knative">
         <Knative/>
+        <NextSelfHosted/>
     </TabItem>
 </Tabs>