From 7755d7159916b28bddbb3fbbaf642e1ec8925941 Mon Sep 17 00:00:00 2001
From: Tanguy Herbron <tanguy.herbron@outlook.com>
Date: Sun, 22 Dec 2024 11:53:55 +0100
Subject: [PATCH] WIP: Manifest update

---
 docker-compose.yml           |  2 +-
 ingress.yaml                 | 26 ++++++++++++++++++++++++++
 manifests/configmap.yaml     | 22 ++++++++++++++++++++++
 manifests/deployment.yaml    | 19 +++++++++++++++----
 manifests/ingress.yaml       | 32 ++++++++++++++------------------
 manifests/kustomization.yaml |  2 ++
 6 files changed, 80 insertions(+), 23 deletions(-)
 create mode 100644 ingress.yaml
 create mode 100644 manifests/configmap.yaml

diff --git a/docker-compose.yml b/docker-compose.yml
index cc51159..125f775 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,7 +5,7 @@ services:
     restart: 'always'
     networks:
       - 'zitadel'
-    image: 'ghcr.io/zitadel/zitadel:latest'
+    image: 'ghcr.io/zitadel/zitadel:v2.51.3'
     command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled'
     environment:
       - 'ZITADEL_DATABASE_POSTGRES_HOST=db'
diff --git a/ingress.yaml b/ingress.yaml
new file mode 100644
index 0000000..c9234a6
--- /dev/null
+++ b/ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-server
+  namespace: argocd
+  annotations:
+      kubernetes.io/ingress.class: "traefik-inter"
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`argo.beta.entos`)
+      priority: 10
+      services:
+        - name: argocd-server
+          port: 80
+    - kind: Rule
+      match: Host(`argo.beta.entos`) && Headers(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: argocd-server
+          port: 80
+          scheme: h2c
+  tls:
+    certResolver: default
diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml
new file mode 100644
index 0000000..6bed2b9
--- /dev/null
+++ b/manifests/configmap.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: zitadel-config
+  namespace: zitadel
+data:
+  first-step.yaml: |
+    FirstInstance:
+      InstanceName: ZITADEL
+      Org:
+        Name: 'Halis'
+        Human:
+          # use the loginname root@zitadel.localhost
+          Username: 'admin'
+          Password: 'RootPassword1!'
+          Email:
+            Address: 'admin@zitadel.beta.halia.dev'
+            Verified: true
+  config.yaml: |
+    ExternalDomain: zitadel.beta.halia.dev
+    ExternalSecure: true
+    ExternalPort: 443
diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml
index ec903d6..f958e7e 100644
--- a/manifests/deployment.yaml
+++ b/manifests/deployment.yaml
@@ -24,8 +24,8 @@ spec:
             subdomain: zitadel
             containers:
               - name: zitadel
-                image: ghcr.io/zitadel/zitadel:v2.50.0-rc.2
-                command: ["/app/zitadel", "start-from-init", "--masterkey", "'MasterkeyNeedsToHave32Characte'", "--tlsMode", "external"]
+                image: ghcr.io/zitadel/zitadel:v2.51.3
+                command: ["/app/zitadel", "start-from-init", "--config", "/tmp/config.yaml", "--steps", "/tmp/first-step.yaml", "--masterkey", "'MasterkeyNeedsToHave32Characte'", "--tlsMode", "external"]
                 ports:
                   - containerPort: 8080
                 env:
@@ -60,6 +60,17 @@ spec:
                   - name: ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE # Note : Does not need to be secure, as everything is internal to the cluster
                     value: "disable"
                   - name: ZITADEL_EXTERNALSECURE
-                    value: "false"
+                    value: "true"
                   - name: ZITADEL_EXTERNALDOMAIN
-                    value: "https://zitadel.beta.halia.dev"
+                    value: "zitadel.beta.halia.dev"
+                volumeMounts:
+                  - mountPath: "/tmp/config.yaml"
+                    name: zitadel-config
+                    subPath: config.yaml
+                  - mountPath: "/tmp/first-step.yaml"
+                    name: zitadel-config
+                    subPath: first-step.yaml
+            volumes:
+              - name: zitadel-config
+                configMap:
+                  name: zitadel-config
diff --git a/manifests/ingress.yaml b/manifests/ingress.yaml
index d59867a..16b993e 100644
--- a/manifests/ingress.yaml
+++ b/manifests/ingress.yaml
@@ -1,23 +1,19 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
 metadata:
     name: zitadel-ingress
     namespace: zitadel
     annotations:
-        kubernetes.io/ingress.class: "traefik"
+      kubernetes.io/ingress.class: "traefik"
+      traefik.ingress.kubernetes.io/preserve-host-header: "true"
 spec:
-    tls:
-      - secretName: zitadel-beta-tls
-        hosts:
-            - zitadel.beta.halia.dev
-    rules:
-      - host: zitadel.beta.halia.dev
-        http:
-            paths:
-              - path: /
-                pathType: Prefix
-                backend:
-                    service:
-                        name: zitadel-svc
-                        port:
-                            number: 80
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`zitadel.beta.halia.dev`)
+      services:
+        - name: zitadel-svc
+          namespace: zitadel
+          port: 80
+          passHostHeader: true
diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml
index ac002a9..f6fe158 100644
--- a/manifests/kustomization.yaml
+++ b/manifests/kustomization.yaml
@@ -8,4 +8,6 @@ resources:
   - service.yaml
   - ingress.yaml
   - database.yaml
+  - configmap.yaml
   - deployment.yaml
+