From befd578bf9e9532e66f067866d221363ce55afc8 Mon Sep 17 00:00:00 2001 From: Vargha Csongor Date: Fri, 15 Mar 2024 21:37:43 +0100 Subject: [PATCH] Add zitadel deployment --- .github/workflows/auth-service-cd.yml | 15 ----------- .github/workflows/backend-cd.yml | 15 ----------- .github/workflows/deploy_zitadel.yml | 3 ++- deployment/{ => zitadel}/certs-job.yaml | 0 deployment/zitadel/ingressRoute.yaml | 14 ++++++++++ deployment/zitadel/kustomization.yaml | 22 ++++++++++++++++ deployment/zitadel/postgres-values.yaml | 9 +++++++ deployment/zitadel/secrets.yaml | 18 +++++++++++++ .../values.yaml} | 26 ++++++++++++------- 9 files changed, 81 insertions(+), 41 deletions(-) rename deployment/{ => zitadel}/certs-job.yaml (100%) create mode 100644 deployment/zitadel/ingressRoute.yaml create mode 100644 deployment/zitadel/kustomization.yaml create mode 100644 deployment/zitadel/postgres-values.yaml create mode 100644 deployment/zitadel/secrets.yaml rename deployment/{zitadel_values.yaml => zitadel/values.yaml} (56%) diff --git a/.github/workflows/auth-service-cd.yml b/.github/workflows/auth-service-cd.yml index 387fdb3..145b121 100644 --- a/.github/workflows/auth-service-cd.yml +++ b/.github/workflows/auth-service-cd.yml @@ -48,18 +48,3 @@ jobs: push: true context: "{{defaultContext}}:auth-service" tags: vcscsvcscs/gheritage-auth-service:${{steps.create_image_tag.outputs.result}} - - deployment: - name: Deploy to Kubernetes - if: github.ref == 'refs/heads/main' - runs-on: ubuntu-latest - needs: docker - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Deploy to Kubernetes - uses: actions-hub/kubectl@master - env: - KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} - with: - args: apply -k deployment/auth-service/ \ No newline at end of file diff --git a/.github/workflows/backend-cd.yml b/.github/workflows/backend-cd.yml index 072ad79..32f3767 100644 --- a/.github/workflows/backend-cd.yml +++ b/.github/workflows/backend-cd.yml @@ -48,18 +48,3 @@ jobs: push: true context: "{{defaultContext}}:backend" tags: vcscsvcscs/gheritage-backend-service:${{steps.create_image_tag.outputs.result}} - - deployment: - name: Deploy to Kubernetes - if: github.ref == 'refs/heads/main' - runs-on: ubuntu-latest - needs: docker - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Deploy to Kubernetes - uses: actions-hub/kubectl@master - env: - KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} - with: - args: apply -k deployment/backend/ \ No newline at end of file diff --git a/.github/workflows/deploy_zitadel.yml b/.github/workflows/deploy_zitadel.yml index 9344121..0fac1fc 100644 --- a/.github/workflows/deploy_zitadel.yml +++ b/.github/workflows/deploy_zitadel.yml @@ -1,4 +1,4 @@ -name: Deploy + name: Deploy Zitadel to Kubernetes on: push: # branches: @@ -9,6 +9,7 @@ on: jobs: deployment: + name: Deploy Zitadel to Kubernetes runs-on: 'ubuntu-latest' steps: - uses: actions/checkout@v4 diff --git a/deployment/certs-job.yaml b/deployment/zitadel/certs-job.yaml similarity index 100% rename from deployment/certs-job.yaml rename to deployment/zitadel/certs-job.yaml diff --git a/deployment/zitadel/ingressRoute.yaml b/deployment/zitadel/ingressRoute.yaml new file mode 100644 index 0000000..8303faa --- /dev/null +++ b/deployment/zitadel/ingressRoute.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: zitadel-server +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`heritage.varghacsongor.hu`) && Path(`/login`) + services: + - name: zitadel + tls: {} \ No newline at end of file diff --git a/deployment/zitadel/kustomization.yaml b/deployment/zitadel/kustomization.yaml new file mode 100644 index 0000000..7f2a2a2 --- /dev/null +++ b/deployment/zitadel/kustomization.yaml @@ -0,0 +1,22 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: generations-heritage + +resources: + - ./certs-job.yaml + - ./secrets.yaml + +helmCharts: + - name: postgres + repo: https://charts.bitnami.com/bitnami + releaseName: postgresql + version: 14.3.3 + valuesFile: ./zitadel/postgres-values.yaml + - name: zitadel + repo: https://charts.zitadel.com + releaseName: zitadel + version: 7.10.0 + valuesFile: ./values.yaml + +patchesStrategicMerge: +- ./ingressRoute.yaml diff --git a/deployment/zitadel/postgres-values.yaml b/deployment/zitadel/postgres-values.yaml new file mode 100644 index 0000000..c74436a --- /dev/null +++ b/deployment/zitadel/postgres-values.yaml @@ -0,0 +1,9 @@ +volumePermissions: + enabled: true +tls: + enabled: true + certificatesSecret: postgres-cert + certFilename: "tls.crt" + certKeyFilename: "tls.key" +auth: + existingSecret: postgres-auth diff --git a/deployment/zitadel/secrets.yaml b/deployment/zitadel/secrets.yaml new file mode 100644 index 0000000..9554537 --- /dev/null +++ b/deployment/zitadel/secrets.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: zitadel-masterkey + labels: + secret-generator.cs.sap.com/enabled: "true" +stringData: + masterkey: "%generate" +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgres-auth + labels: + secret-generator.cs.sap.com/enabled: "true" +stringData: + postgres-password: "%generate" + user-password: "%generate" \ No newline at end of file diff --git a/deployment/zitadel_values.yaml b/deployment/zitadel/values.yaml similarity index 56% rename from deployment/zitadel_values.yaml rename to deployment/zitadel/values.yaml index 0fb4b1d..147bf22 100644 --- a/deployment/zitadel_values.yaml +++ b/deployment/zitadel/values.yaml @@ -1,8 +1,8 @@ zitadel: - masterkey: x123456789012345678901234567891y + masterkeySecretName: zitadel-masterkey configmapConfig: ExternalSecure: false - ExternalDomain: 127.0.0.1.sslip.io + ExternalDomain: heritage.varghacsongor.hu TLS: Enabled: false Database: @@ -22,14 +22,20 @@ zitadel: Username: postgres SSL: Mode: verify-full - secretConfig: - Database: - Postgres: - User: - Password: xyz - Admin: - Password: abc dbSslCaCrtSecret: postgres-cert dbSslAdminCrtSecret: postgres-cert - dbSslUserCrtSecret: zitadel-cert \ No newline at end of file + dbSslUserCrtSecret: zitadel-cert + +env: + - name: ZITADEL_DATABASE_POSTGRES_USER_PASSWORD + valueFrom: + secretKeyRef: + name: postgres-auth + key: user-password + + - name: ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: postgres-auth + key: postgres-password \ No newline at end of file