Step 3: Verify your installation
Once the installer completes, verify that the Ziti components and support services are running correctly before proceeding.
Verify deployment health
Use kubectl to confirm all pods in the ziti and support namespaces are healthy.
Check the Ziti namespace:
kubectl get pods -n ziti
Check the support namespace (if the support stack was installed):
kubectl get pods -n support
All pods should show a Running status with all containers ready (e.g., 1/1 or 2/2 in the READY column). If any
pods show CrashLoopBackOff, Error, or Pending, see Troubleshooting for
diagnostic steps.
Verify that LoadBalancer services have been assigned external addresses:
kubectl get services -A
A new helper command for verifying deployment health is in development and will be referenced here once available.
Access the Ziti Admin Console (ZAC)
The Ziti Admin Console (ZAC) is a web-based UI that ships with the controller and deploys alongside it. Use it to manage your Ziti network, including identities, services, and policies.
-
Console URL: Navigate to
https://<your-controller-advertise-address>/zacin your browser. The port is part of the advertise address you configured during installation—don't append a separate port number. -
Initial credentials: The installer generates administrator credentials during the initial run and prints them to the terminal output. These credentials are also stored in the Kubernetes secrets manager. To retrieve them later:
kubectl get secrets -n ziti -
Certificate warning: The installation uses a self-signed CA, so your browser will display a security warning on first access. You can proceed past the warning or import the Ziti root CA into your browser's trust store.
Verify support tool access
If you installed the Ziti network resources for support tools during setup, confirm they were created successfully.
In ZAC, navigate to the services list to verify that Ziti services and policies have been created for Grafana, Kibana, and RabbitMQ.
If the Ziti edge tunnel was installed as a host identity, verify it is running:
kubectl get pods -n support -l app=ziti-edge-tunnel
Access to the support tools (Grafana, Kibana, RabbitMQ) is not exposed externally by default. The recommended access method is through a Ziti connection using the edge tunnel. Additional documentation on exposing and accessing these services is coming soon.
Troubleshoot common issues
| Symptom | Resolution |
|---|---|
Pods stuck in Pending | Check node resources with kubectl describe node and verify sufficient CPU/memory |
| LoadBalancer has no external IP | Verify your cluster supports LoadBalancer services or check cloud provider config |
| Cannot reach ZAC in browser | Confirm DNS is resolving to the correct LoadBalancer address and the advertise port is accessible |
| Certificate errors in browser | Expected with self-signed CA—proceed past the warning or import the root CA |
For more detailed troubleshooting, see the troubleshooting guide.