Add zitadel deployment

2025-08-13 22:39:06 +02:00 · 2024-03-15 21:37:43 +01:00
parent 2e233abfd6
commit befd578bf9
9 changed files with 81 additions and 41 deletions
--- a/deployment/zitadel/certs-job.yaml
+++ b/deployment/zitadel/certs-job.yaml
--- a/deployment/zitadel/ingressRoute.yaml
+++ b/deployment/zitadel/ingressRoute.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: zitadel-server
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`heritage.varghacsongor.hu`) && Path(`/login`)
+      services:
+        - name: zitadel
+  tls: {}
--- a/deployment/zitadel/kustomization.yaml
+++ b/deployment/zitadel/kustomization.yaml
@@ -0,0 +1,22 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: generations-heritage
+
+resources:
+  - ./certs-job.yaml
+  - ./secrets.yaml
+
+helmCharts:
+  - name: postgres
+    repo: https://charts.bitnami.com/bitnami
+    releaseName: postgresql 
+    version: 14.3.3
+    valuesFile: ./zitadel/postgres-values.yaml
+  - name: zitadel
+    repo: https://charts.zitadel.com
+    releaseName: zitadel
+    version: 7.10.0
+    valuesFile: ./values.yaml
+
+patchesStrategicMerge:
+- ./ingressRoute.yaml
--- a/deployment/zitadel/postgres-values.yaml
+++ b/deployment/zitadel/postgres-values.yaml
@@ -0,0 +1,9 @@
+volumePermissions:
+  enabled: true
+tls:
+  enabled: true
+  certificatesSecret: postgres-cert
+  certFilename: "tls.crt"
+  certKeyFilename: "tls.key"
+auth:
+  existingSecret: postgres-auth
--- a/deployment/zitadel/secrets.yaml
+++ b/deployment/zitadel/secrets.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: zitadel-masterkey
+  labels:
+    secret-generator.cs.sap.com/enabled: "true"
+stringData: 
+  masterkey: "%generate"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres-auth
+  labels:
+    secret-generator.cs.sap.com/enabled: "true"
+stringData:
+  postgres-password: "%generate"
+  user-password: "%generate"
--- a/deployment/zitadel/values.yaml
+++ b/deployment/zitadel/values.yaml
@@ -1,8 +1,8 @@
 zitadel:
-  masterkey: x123456789012345678901234567891y
+  masterkeySecretName: zitadel-masterkey
  configmapConfig:
    ExternalSecure: false
-    ExternalDomain: 127.0.0.1.sslip.io
+    ExternalDomain: heritage.varghacsongor.hu
    TLS:
      Enabled: false
    Database:
@@ -22,14 +22,20 @@ zitadel:
          Username: postgres
          SSL:
            Mode: verify-full
-  secretConfig:
-    Database:
-      Postgres:
-        User:
-          Password: xyz
-        Admin:
-          Password: abc

  dbSslCaCrtSecret: postgres-cert
  dbSslAdminCrtSecret: postgres-cert
-  dbSslUserCrtSecret: zitadel-cert
+  dbSslUserCrtSecret: zitadel-cert
+
+env:
+  - name: ZITADEL_DATABASE_POSTGRES_USER_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: postgres-auth
+        key: user-password
+
+  - name: ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: postgres-auth
+        key: postgres-password