By running the commands below, you deploy a TLS and password authentication secured Cockroach database to your Kubernetes cluster by using the Cockroach official chart.
Also, you deploy a correctly configured ZITADEL.
The cockroach chart is configured to create a CA certificate and a client certificate and key for the root DB user.
However, you also want to secure the runtime connections between ZITADEL and Cockroach for the zitadel user.
Therefore, you create a Kubernetes job that creates a client certificate and key for the zitadel DB user by executing the cockroach cert command.
# Install Cockroach
helm repo add cockroachdb https://charts.cockroachdb.com/
helm install db cockroachdb/cockroachdb --version 11.2.1 --values https://raw.githubusercontent.com/zitadel/zitadel-charts/main/examples/4-cockroach-secure/cockroach-values.yaml
# Generate a TLS certificate for the zitadel DB user
kubectl apply -f https://raw.githubusercontent.com/zitadel/zitadel-charts/main/examples/4-cockroach-secure/zitadel-cert-job.yaml
kubectl wait --for=condition=complete job/create-zitadel-cert
# Install ZITADEL
helm repo add zitadel https://charts.zitadel.com
helm install my-zitadel zitadel/zitadel --values https://raw.githubusercontent.com/zitadel/zitadel-charts/main/examples/4-cockroach-secure/zitadel-values.yamlWhen ZITADEL is ready, you can access the GUI via port-forwarding:
kubectl port-forward svc/my-zitadel 8080Now, open http://127.0.0.1.sslip.io:8080 in your browser and log in with the following credentials:
Username: zitadel-admin@zitadel.127.0.0.1.sslip.io Password: Password1!