Split Zitadel Vault passwords

clusters/brusnika-stage/infrastructure/patches/zitadel.yaml

@@ -4,6 +4,81 @@ metadata:
   name: zitadel
   namespace: zitadel
 spec:
+  postRenderers:
+    - kustomize:
+        patches:
+          - target:
+              group: apps
+              version: v1
+              kind: Deployment
+              name: zitadel-idp-contour
+            patch: |-
+              - op: replace
+                path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-zitadel-vault-config.yaml
+                value: |-
+                  {{- with secret "secrets/data/zitadel/postgresql" -}}
+                  Database:
+                    postgres:
+                      User:
+                        Password: |-
+                          {{ index .Data.data "password" }}
+                      Admin:
+                        Password: |-
+                          {{ index .Data.data "adminPassword" }}
+                  FirstInstance:
+                    Org:
+                      Human:
+                        Password: |-
+                          {{ index .Data.data "humanPassword" }}
+                  {{- end -}}
+          - target:
+              group: batch
+              version: v1
+              kind: Job
+              name: zitadel-idp-contour-init
+            patch: |-
+              - op: replace
+                path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-zitadel-vault-config.yaml
+                value: |-
+                  {{- with secret "secrets/data/zitadel/postgresql" -}}
+                  Database:
+                    postgres:
+                      User:
+                        Password: |-
+                          {{ index .Data.data "password" }}
+                      Admin:
+                        Password: |-
+                          {{ index .Data.data "adminPassword" }}
+                  FirstInstance:
+                    Org:
+                      Human:
+                        Password: |-
+                          {{ index .Data.data "humanPassword" }}
+                  {{- end -}}
+          - target:
+              group: batch
+              version: v1
+              kind: Job
+              name: zitadel-idp-contour-setup
+            patch: |-
+              - op: replace
+                path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-zitadel-vault-config.yaml
+                value: |-
+                  {{- with secret "secrets/data/zitadel/postgresql" -}}
+                  Database:
+                    postgres:
+                      User:
+                        Password: |-
+                          {{ index .Data.data "password" }}
+                      Admin:
+                        Password: |-
+                          {{ index .Data.data "adminPassword" }}
+                  FirstInstance:
+                    Org:
+                      Human:
+                        Password: |-
+                          {{ index .Data.data "humanPassword" }}
+                  {{- end -}}
   values:
     zitadel:
       configmapConfig: