131 lines
4.5 KiB
YAML
131 lines
4.5 KiB
YAML
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: zitadel
|
|
namespace: zitadel
|
|
spec:
|
|
postRenderers:
|
|
- kustomize:
|
|
patches:
|
|
- target:
|
|
group: apps
|
|
version: v1
|
|
kind: Deployment
|
|
name: zitadel-idp-contour
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-zitadel-vault-config.yaml
|
|
value: |-
|
|
{{- with secret "secrets/data/zitadel/postgresql" -}}
|
|
Database:
|
|
postgres:
|
|
User:
|
|
Password: |-
|
|
{{ index .Data.data "password" }}
|
|
Admin:
|
|
Password: |-
|
|
{{ index .Data.data "adminPassword" }}
|
|
FirstInstance:
|
|
Org:
|
|
Human:
|
|
Password: |-
|
|
{{ index .Data.data "humanPassword" }}
|
|
{{- end -}}
|
|
- target:
|
|
group: batch
|
|
version: v1
|
|
kind: Job
|
|
name: zitadel-idp-contour-init
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-zitadel-vault-config.yaml
|
|
value: |-
|
|
{{- with secret "secrets/data/zitadel/postgresql" -}}
|
|
Database:
|
|
postgres:
|
|
User:
|
|
Password: |-
|
|
{{ index .Data.data "password" }}
|
|
Admin:
|
|
Password: |-
|
|
{{ index .Data.data "adminPassword" }}
|
|
FirstInstance:
|
|
Org:
|
|
Human:
|
|
Password: |-
|
|
{{ index .Data.data "humanPassword" }}
|
|
{{- end -}}
|
|
- target:
|
|
group: batch
|
|
version: v1
|
|
kind: Job
|
|
name: zitadel-idp-contour-setup
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-zitadel-vault-config.yaml
|
|
value: |-
|
|
{{- with secret "secrets/data/zitadel/postgresql" -}}
|
|
Database:
|
|
postgres:
|
|
User:
|
|
Password: |-
|
|
{{ index .Data.data "password" }}
|
|
Admin:
|
|
Password: |-
|
|
{{ index .Data.data "adminPassword" }}
|
|
FirstInstance:
|
|
Org:
|
|
Human:
|
|
Password: |-
|
|
{{ index .Data.data "humanPassword" }}
|
|
{{- end -}}
|
|
values:
|
|
zitadel:
|
|
configmapConfig:
|
|
ExternalDomain: zitadel.brusnika.onprem.sarex.io
|
|
ExternalSecure: true
|
|
debug:
|
|
enabled: false
|
|
postgresqlSecret:
|
|
vault:
|
|
enabled: true
|
|
role: zitadel
|
|
authPath: auth/kubernetes
|
|
secretPath: secrets/data/zitadel/postgresql
|
|
secretKey: password
|
|
kvVersion: 2
|
|
fileName: zitadel-vault-config.yaml
|
|
serviceAccount:
|
|
create: true
|
|
name: zitadel
|
|
replicaCount: 1
|
|
pdb:
|
|
enabled: false
|
|
env:
|
|
- name: ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED
|
|
value: "false"
|
|
- name: ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_VERIFIERS
|
|
value: "bcrypt,pbkdf2"
|
|
- name: ZITADEL_MACHINE_IDENTIFICATION_HOSTNAME_ENABLED
|
|
value: "true"
|
|
- name: ZITADEL_DATABASE_POSTGRES_HOST
|
|
value: "192.168.10.8"
|
|
- name: ZITADEL_DATABASE_POSTGRES_PORT
|
|
value: "5432"
|
|
- name: ZITADEL_DATABASE_POSTGRES_USER_USERNAME
|
|
value: "zitadel"
|
|
- name: ZITADEL_DATABASE_POSTGRES_ADMIN_EXISTINGDATABASE
|
|
value: "zitadel"
|
|
- name: ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME
|
|
value: "zitadel"
|
|
- name: ZITADEL_DATABASE_POSTGRES_DATABASE
|
|
value: "zitadel"
|
|
- name: ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE
|
|
value: "disable"
|
|
- name: ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE
|
|
value: "disable"
|
|
- name: ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_USERNAME
|
|
value: "zitadel-admin"
|
|
- name: ZITADEL_DEFAULTINSTANCE_ORG_NAME
|
|
value: "Sarex"
|