apiVersion: apps/v1 kind: Deployment metadata: name: zitadel namespace: zitadel spec: replicas: 1 selector: matchLabels: app: zitadel template: metadata: labels: app: zitadel spec: hostname: zitadel subdomain: zitadel containers: - name: zitadel image: ghcr.io/zitadel/zitadel:v2.71.1 command: [ "/app/zitadel", "start-from-init", "--config", "/tmp/config.yaml", "--steps", "/tmp/first-step.yaml", "--masterkeyFromEnv", "--tlsMode", "external" ] ports: - containerPort: 8080 env: - name: ZITADEL_DATABASE_POSTGRES_HOST value: "zitadel-db-rw.zitadel.svc.cluster.local" - name: ZITADEL_DATABASE_POSTGRES_PORT value: "5432" - name: ZITADEL_DATABASE_POSTGRES_DATABASE value: "zitadel" - name: ZITADEL_DATABASE_POSTGRES_USER_USERNAME valueFrom: secretKeyRef: name: zitadel-db-user key: username - name: ZITADEL_DATABASE_POSTGRES_USER_PASSWORD valueFrom: secretKeyRef: name: zitadel-db-user key: password - name: ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE value: "disable" - name: ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME valueFrom: secretKeyRef: name: zitadel-db-superuser key: username - name: ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD valueFrom: secretKeyRef: name: zitadel-db-superuser key: password - name: ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE # Note : Does not need to be secure, as everything is internal to the cluster value: "disable" - name: ZITADEL_EXTERNALSECURE value: "true" - name: ZITADEL_EXTERNALDOMAIN value: "zitadel.halis.io" - name: ZITADEL_MASTERKEY valueFrom: secretKeyRef: name: zitadel-masterkey key: masterkey - name: ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST value: "12" volumeMounts: - mountPath: "/tmp/config.yaml" name: zitadel-config subPath: config.yaml - mountPath: "/tmp/first-step.yaml" name: zitadel-secret-config subPath: first-step.yaml volumes: - name: zitadel-config configMap: name: zitadel-config - name: zitadel-secret-config secret: secretName: zitadel-secret-config