Add Zitadel to brusnika prod
This commit is contained in:
parent
2285c1a467
commit
996bac6a9c
@ -6,6 +6,7 @@ resources:
|
||||
- ../../../infrastructure/istio-gateway
|
||||
- ../../../infrastructure/istio-config
|
||||
- ../../../infrastructure/vault
|
||||
- ../../../infrastructure/zitadel
|
||||
- ./vault-ingress.yaml
|
||||
patches:
|
||||
- path: ./patches/istio-gateway.yaml
|
||||
@ -29,3 +30,10 @@ patches:
|
||||
kind: HelmRelease
|
||||
name: vault
|
||||
namespace: vault
|
||||
- path: ./patches/zitadel.yaml
|
||||
target:
|
||||
group: helm.toolkit.fluxcd.io
|
||||
version: v2
|
||||
kind: HelmRelease
|
||||
name: zitadel
|
||||
namespace: zitadel
|
||||
|
||||
@ -120,6 +120,13 @@ spec:
|
||||
issuerRef:
|
||||
name: letsencrypt
|
||||
kind: ClusterIssuer
|
||||
zitadel-tls:
|
||||
namespace: ingress-nginx
|
||||
dnsNames:
|
||||
- zitadel.brusnika.onprem.sarex.io
|
||||
issuerRef:
|
||||
name: letsencrypt
|
||||
kind: ClusterIssuer
|
||||
istio:
|
||||
envoyFilters: {}
|
||||
authorizationPolicies: {}
|
||||
@ -285,6 +292,16 @@ spec:
|
||||
- vault.prod.brusnika.sarex.lonsdaleites.ru
|
||||
tls:
|
||||
credentialName: vault-prod-tls
|
||||
zitadel:
|
||||
name: zitadel-gw
|
||||
namespace: ingress-nginx
|
||||
selector:
|
||||
istio: ingressgateway
|
||||
servers:
|
||||
- hosts:
|
||||
- zitadel.brusnika.onprem.sarex.io
|
||||
tls:
|
||||
credentialName: zitadel-tls
|
||||
rabbitmq:
|
||||
name: rabbitmq-gw
|
||||
namespace: ingress-nginx
|
||||
@ -586,6 +603,24 @@ spec:
|
||||
prefix: /
|
||||
service: vault-vault-contour.vault.svc.cluster.local
|
||||
port: 8200
|
||||
zitadel-vs:
|
||||
namespace: zitadel
|
||||
hosts:
|
||||
- zitadel.brusnika.onprem.sarex.io
|
||||
gateways:
|
||||
- ingress-nginx/zitadel-gw
|
||||
routes:
|
||||
- match:
|
||||
- port: 80
|
||||
uri:
|
||||
prefix: /
|
||||
redirect:
|
||||
scheme: https
|
||||
redirectCode: 308
|
||||
- path:
|
||||
prefix: /
|
||||
service: zitadel-idp-contour.zitadel.svc.cluster.local
|
||||
port: 8080
|
||||
rabbitmq-vs:
|
||||
namespace: workflow
|
||||
hosts:
|
||||
|
||||
130
clusters/brusnika-prod/infrastructure/patches/zitadel.yaml
Normal file
130
clusters/brusnika-prod/infrastructure/patches/zitadel.yaml
Normal file
@ -0,0 +1,130 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: zitadel
|
||||
namespace: zitadel
|
||||
spec:
|
||||
postRenderers:
|
||||
- kustomize:
|
||||
patches:
|
||||
- target:
|
||||
group: apps
|
||||
version: v1
|
||||
kind: Deployment
|
||||
name: zitadel-idp-contour
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-zitadel-vault-config.yaml
|
||||
value: |-
|
||||
{{- with secret "secrets/data/zitadel/postgresql" -}}
|
||||
Database:
|
||||
postgres:
|
||||
User:
|
||||
Password: |-
|
||||
{{ index .Data.data "password" }}
|
||||
Admin:
|
||||
Password: |-
|
||||
{{ index .Data.data "adminPassword" }}
|
||||
FirstInstance:
|
||||
Org:
|
||||
Human:
|
||||
Password: |-
|
||||
{{ index .Data.data "humanPassword" }}
|
||||
{{- end -}}
|
||||
- target:
|
||||
group: batch
|
||||
version: v1
|
||||
kind: Job
|
||||
name: zitadel-idp-contour-init
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-zitadel-vault-config.yaml
|
||||
value: |-
|
||||
{{- with secret "secrets/data/zitadel/postgresql" -}}
|
||||
Database:
|
||||
postgres:
|
||||
User:
|
||||
Password: |-
|
||||
{{ index .Data.data "password" }}
|
||||
Admin:
|
||||
Password: |-
|
||||
{{ index .Data.data "adminPassword" }}
|
||||
FirstInstance:
|
||||
Org:
|
||||
Human:
|
||||
Password: |-
|
||||
{{ index .Data.data "humanPassword" }}
|
||||
{{- end -}}
|
||||
- target:
|
||||
group: batch
|
||||
version: v1
|
||||
kind: Job
|
||||
name: zitadel-idp-contour-setup
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/template/metadata/annotations/vault.hashicorp.com~1agent-inject-template-zitadel-vault-config.yaml
|
||||
value: |-
|
||||
{{- with secret "secrets/data/zitadel/postgresql" -}}
|
||||
Database:
|
||||
postgres:
|
||||
User:
|
||||
Password: |-
|
||||
{{ index .Data.data "password" }}
|
||||
Admin:
|
||||
Password: |-
|
||||
{{ index .Data.data "adminPassword" }}
|
||||
FirstInstance:
|
||||
Org:
|
||||
Human:
|
||||
Password: |-
|
||||
{{ index .Data.data "humanPassword" }}
|
||||
{{- end -}}
|
||||
values:
|
||||
zitadel:
|
||||
configmapConfig:
|
||||
ExternalDomain: zitadel.brusnika.onprem.sarex.io
|
||||
ExternalSecure: true
|
||||
debug:
|
||||
enabled: false
|
||||
postgresqlSecret:
|
||||
vault:
|
||||
enabled: true
|
||||
role: zitadel
|
||||
authPath: auth/kubernetes
|
||||
secretPath: secrets/data/zitadel/postgresql
|
||||
secretKey: password
|
||||
kvVersion: 2
|
||||
fileName: zitadel-vault-config.yaml
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: zitadel
|
||||
replicaCount: 1
|
||||
pdb:
|
||||
enabled: false
|
||||
env:
|
||||
- name: ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED
|
||||
value: "false"
|
||||
- name: ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_VERIFIERS
|
||||
value: "bcrypt,pbkdf2"
|
||||
- name: ZITADEL_MACHINE_IDENTIFICATION_HOSTNAME_ENABLED
|
||||
value: "true"
|
||||
- name: ZITADEL_DATABASE_POSTGRES_HOST
|
||||
value: "192.168.2.45"
|
||||
- name: ZITADEL_DATABASE_POSTGRES_PORT
|
||||
value: "5432"
|
||||
- name: ZITADEL_DATABASE_POSTGRES_USER_USERNAME
|
||||
value: "zitadel"
|
||||
- name: ZITADEL_DATABASE_POSTGRES_ADMIN_EXISTINGDATABASE
|
||||
value: "zitadel"
|
||||
- name: ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME
|
||||
value: "zitadel"
|
||||
- name: ZITADEL_DATABASE_POSTGRES_DATABASE
|
||||
value: "zitadel"
|
||||
- name: ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE
|
||||
value: "disable"
|
||||
- name: ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE
|
||||
value: "disable"
|
||||
- name: ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_USERNAME
|
||||
value: "zitadel-admin"
|
||||
- name: ZITADEL_DEFAULTINSTANCE_ORG_NAME
|
||||
value: "Sarex"
|
||||
Loading…
Reference in New Issue
Block a user