Zitadel/manifests/deployment.yaml

# TODO
#
# Update var envs
# Create necessary secrets
# Explore volume organisation
# Test multiple replicas configuration

apiVersion: apps/v1
kind: Deployment
metadata:
    name: zitadel
    namespace: zitadel
spec:
    replicas: 1
    selector:
        matchLabels:
            app: zitadel
    template:
        metadata:
            labels:
                app: zitadel
        spec:
            hostname: zitadel
            subdomain: zitadel
            containers:
              - name: zitadel
                image: ghcr.io/zitadel/zitadel:v2.51.3
                command: ["/app/zitadel", "start-from-init", "--config", "/tmp/config.yaml", "--steps", "/tmp/first-step.yaml", "--masterkey", "'MasterkeyNeedsToHave32Characte'", "--tlsMode", "external"]
                ports:
                  - containerPort: 8080
                env:
                  - name: ZITADEL_DATABASE_POSTGRES_HOST
                    value: "zitadel-db-rw.zitadel.svc.cluster.local"
                  - name: ZITADEL_DATABASE_POSTGRES_PORT
                    value: "5432"
                  - name: ZITADEL_DATABASE_POSTGRES_DATABASE
                    value: "zitadel"
                  - name: ZITADEL_DATABASE_POSTGRES_USER_USERNAME
                    valueFrom:
                      secretKeyRef:
                        name: zitadel-db-user
                        key: username
                  - name: ZITADEL_DATABASE_POSTGRES_USER_PASSWORD
                    valueFrom:
                      secretKeyRef:
                        name: zitadel-db-user
                        key: password
                  - name: ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE
                    value: "disable"
                  - name: ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME
                    valueFrom:
                      secretKeyRef:
                        name: zitadel-db-superuser
                        key: username
                  - name: ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD
                    valueFrom:
                      secretKeyRef:
                        name: zitadel-db-superuser
                        key: password
                  - name: ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE # Note : Does not need to be secure, as everything is internal to the cluster
                    value: "disable"
                  - name: ZITADEL_EXTERNALSECURE
                    value: "true"
                  - name: ZITADEL_EXTERNALDOMAIN
                    value: "zitadel.beta.halia.dev"
                volumeMounts:
                  - mountPath: "/tmp/config.yaml"
                    name: zitadel-config
                    subPath: config.yaml
                  - mountPath: "/tmp/first-step.yaml"
                    name: zitadel-config
                    subPath: first-step.yaml
            volumes:
              - name: zitadel-config
                configMap:
                  name: zitadel-config