Add zitadel deployment

.github/workflows/auth-service-cd.yml

@@ -48,18 +48,3 @@ jobs:
             push: true
             context: "{{defaultContext}}:auth-service"
             tags: vcscsvcscs/gheritage-auth-service:${{steps.create_image_tag.outputs.result}}
-            
-    deployment:
-      name: Deploy to Kubernetes
-      if: github.ref == 'refs/heads/main'
-      runs-on: ubuntu-latest
-      needs: docker
-      steps:
-        - name: Checkout
-          uses: actions/checkout@v4
-        - name: Deploy to Kubernetes
-          uses: actions-hub/kubectl@master
-          env:
-            KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
-          with:
-            args: apply -k deployment/auth-service/ 

.github/workflows/backend-cd.yml

@@ -48,18 +48,3 @@ jobs:
             push: true
             context: "{{defaultContext}}:backend"
             tags: vcscsvcscs/gheritage-backend-service:${{steps.create_image_tag.outputs.result}}
-            
-    deployment:
-      name: Deploy to Kubernetes
-      if: github.ref == 'refs/heads/main'
-      runs-on: ubuntu-latest
-      needs: docker
-      steps:
-        - name: Checkout
-          uses: actions/checkout@v4
-        - name: Deploy to Kubernetes
-          uses: actions-hub/kubectl@master
-          env:
-            KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
-          with:
-            args: apply -k deployment/backend/ 

.github/workflows/deploy_zitadel.yml

@@ -1,4 +1,4 @@
-name: Deploy
+  name: Deploy Zitadel to Kubernetes
 on: 
   push:
 #    branches:
@@ -9,6 +9,7 @@ on:
 
 jobs:
   deployment:
+    name: Deploy Zitadel to Kubernetes
     runs-on: 'ubuntu-latest'
     steps:
     - uses: actions/checkout@v4

deployment/zitadel/ingressRoute.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: zitadel-server
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`heritage.varghacsongor.hu`) && Path(`/login`)
+      services:
+        - name: zitadel
+  tls: {}

deployment/zitadel/kustomization.yaml

@@ -0,0 +1,22 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: generations-heritage
+
+resources:
+  - ./certs-job.yaml
+  - ./secrets.yaml
+
+helmCharts:
+  - name: postgres
+    repo: https://charts.bitnami.com/bitnami
+    releaseName: postgresql 
+    version: 14.3.3
+    valuesFile: ./zitadel/postgres-values.yaml
+  - name: zitadel
+    repo: https://charts.zitadel.com
+    releaseName: zitadel
+    version: 7.10.0
+    valuesFile: ./values.yaml
+
+patchesStrategicMerge:
+- ./ingressRoute.yaml

deployment/zitadel/postgres-values.yaml

@@ -0,0 +1,9 @@
+volumePermissions:
+  enabled: true
+tls:
+  enabled: true
+  certificatesSecret: postgres-cert
+  certFilename: "tls.crt"
+  certKeyFilename: "tls.key"
+auth:
+  existingSecret: postgres-auth

deployment/zitadel/secrets.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: zitadel-masterkey
+  labels:
+    secret-generator.cs.sap.com/enabled: "true"
+stringData: 
+  masterkey: "%generate"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres-auth
+  labels:
+    secret-generator.cs.sap.com/enabled: "true"
+stringData:
+  postgres-password: "%generate"
+  user-password: "%generate"

deployment/zitadel/values.yaml

@@ -1,8 +1,8 @@
 zitadel:
-  masterkey: x123456789012345678901234567891y
+  masterkeySecretName: zitadel-masterkey
   configmapConfig:
     ExternalSecure: false
-    ExternalDomain: 127.0.0.1.sslip.io
+    ExternalDomain: heritage.varghacsongor.hu
     TLS:
       Enabled: false
     Database:
@@ -22,14 +22,20 @@ zitadel:
           Username: postgres
           SSL:
             Mode: verify-full
-  secretConfig:
-    Database:
-      Postgres:
-        User:
-          Password: xyz
-        Admin:
-          Password: abc
 
   dbSslCaCrtSecret: postgres-cert
   dbSslAdminCrtSecret: postgres-cert
-  dbSslUserCrtSecret: zitadel-cert
+  dbSslUserCrtSecret: zitadel-cert
+
+env:
+  - name: ZITADEL_DATABASE_POSTGRES_USER_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: postgres-auth
+        key: user-password
+
+  - name: ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: postgres-auth
+        key: postgres-password