WIP: Manifest update
This commit is contained in:
parent
e05a913430
commit
7755d71599
@ -5,7 +5,7 @@ services:
|
|||||||
restart: 'always'
|
restart: 'always'
|
||||||
networks:
|
networks:
|
||||||
- 'zitadel'
|
- 'zitadel'
|
||||||
image: 'ghcr.io/zitadel/zitadel:latest'
|
image: 'ghcr.io/zitadel/zitadel:v2.51.3'
|
||||||
command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled'
|
command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled'
|
||||||
environment:
|
environment:
|
||||||
- 'ZITADEL_DATABASE_POSTGRES_HOST=db'
|
- 'ZITADEL_DATABASE_POSTGRES_HOST=db'
|
||||||
|
|||||||
26
ingress.yaml
Normal file
26
ingress.yaml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: argocd-server
|
||||||
|
namespace: argocd
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: "traefik-inter"
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- websecure
|
||||||
|
routes:
|
||||||
|
- kind: Rule
|
||||||
|
match: Host(`argo.beta.entos`)
|
||||||
|
priority: 10
|
||||||
|
services:
|
||||||
|
- name: argocd-server
|
||||||
|
port: 80
|
||||||
|
- kind: Rule
|
||||||
|
match: Host(`argo.beta.entos`) && Headers(`Content-Type`, `application/grpc`)
|
||||||
|
priority: 11
|
||||||
|
services:
|
||||||
|
- name: argocd-server
|
||||||
|
port: 80
|
||||||
|
scheme: h2c
|
||||||
|
tls:
|
||||||
|
certResolver: default
|
||||||
22
manifests/configmap.yaml
Normal file
22
manifests/configmap.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: zitadel-config
|
||||||
|
namespace: zitadel
|
||||||
|
data:
|
||||||
|
first-step.yaml: |
|
||||||
|
FirstInstance:
|
||||||
|
InstanceName: ZITADEL
|
||||||
|
Org:
|
||||||
|
Name: 'Halis'
|
||||||
|
Human:
|
||||||
|
# use the loginname root@zitadel.localhost
|
||||||
|
Username: 'admin'
|
||||||
|
Password: 'RootPassword1!'
|
||||||
|
Email:
|
||||||
|
Address: 'admin@zitadel.beta.halia.dev'
|
||||||
|
Verified: true
|
||||||
|
config.yaml: |
|
||||||
|
ExternalDomain: zitadel.beta.halia.dev
|
||||||
|
ExternalSecure: true
|
||||||
|
ExternalPort: 443
|
||||||
@ -24,8 +24,8 @@ spec:
|
|||||||
subdomain: zitadel
|
subdomain: zitadel
|
||||||
containers:
|
containers:
|
||||||
- name: zitadel
|
- name: zitadel
|
||||||
image: ghcr.io/zitadel/zitadel:v2.50.0-rc.2
|
image: ghcr.io/zitadel/zitadel:v2.51.3
|
||||||
command: ["/app/zitadel", "start-from-init", "--masterkey", "'MasterkeyNeedsToHave32Characte'", "--tlsMode", "external"]
|
command: ["/app/zitadel", "start-from-init", "--config", "/tmp/config.yaml", "--steps", "/tmp/first-step.yaml", "--masterkey", "'MasterkeyNeedsToHave32Characte'", "--tlsMode", "external"]
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8080
|
- containerPort: 8080
|
||||||
env:
|
env:
|
||||||
@ -60,6 +60,17 @@ spec:
|
|||||||
- name: ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE # Note : Does not need to be secure, as everything is internal to the cluster
|
- name: ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE # Note : Does not need to be secure, as everything is internal to the cluster
|
||||||
value: "disable"
|
value: "disable"
|
||||||
- name: ZITADEL_EXTERNALSECURE
|
- name: ZITADEL_EXTERNALSECURE
|
||||||
value: "false"
|
value: "true"
|
||||||
- name: ZITADEL_EXTERNALDOMAIN
|
- name: ZITADEL_EXTERNALDOMAIN
|
||||||
value: "https://zitadel.beta.halia.dev"
|
value: "zitadel.beta.halia.dev"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: "/tmp/config.yaml"
|
||||||
|
name: zitadel-config
|
||||||
|
subPath: config.yaml
|
||||||
|
- mountPath: "/tmp/first-step.yaml"
|
||||||
|
name: zitadel-config
|
||||||
|
subPath: first-step.yaml
|
||||||
|
volumes:
|
||||||
|
- name: zitadel-config
|
||||||
|
configMap:
|
||||||
|
name: zitadel-config
|
||||||
|
|||||||
@ -1,23 +1,19 @@
|
|||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: Ingress
|
kind: IngressRoute
|
||||||
metadata:
|
metadata:
|
||||||
name: zitadel-ingress
|
name: zitadel-ingress
|
||||||
namespace: zitadel
|
namespace: zitadel
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "traefik"
|
kubernetes.io/ingress.class: "traefik"
|
||||||
|
traefik.ingress.kubernetes.io/preserve-host-header: "true"
|
||||||
spec:
|
spec:
|
||||||
tls:
|
entryPoints:
|
||||||
- secretName: zitadel-beta-tls
|
- websecure
|
||||||
hosts:
|
routes:
|
||||||
- zitadel.beta.halia.dev
|
- kind: Rule
|
||||||
rules:
|
match: Host(`zitadel.beta.halia.dev`)
|
||||||
- host: zitadel.beta.halia.dev
|
services:
|
||||||
http:
|
- name: zitadel-svc
|
||||||
paths:
|
namespace: zitadel
|
||||||
- path: /
|
port: 80
|
||||||
pathType: Prefix
|
passHostHeader: true
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: zitadel-svc
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
|
|||||||
@ -8,4 +8,6 @@ resources:
|
|||||||
- service.yaml
|
- service.yaml
|
||||||
- ingress.yaml
|
- ingress.yaml
|
||||||
- database.yaml
|
- database.yaml
|
||||||
|
- configmap.yaml
|
||||||
- deployment.yaml
|
- deployment.yaml
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user