apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: mareshq-sso namespace: argocd annotations: argocd.argoproj.io/sync-wave: "50" finalizers: - resources-finalizer.argocd.argoproj.io spec: project: hq syncPolicy: automated: prune: true selfHeal: true destination: server: "https://kubernetes.default.svc" namespace: hq-sso source: chart: zitadel repoURL: https://charts.zitadel.com targetRevision: 8.5.0 helm: releaseName: zitadel valuesObject: ingress: enabled: true className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-dns-production cert-manager.io/issue-temporary-certificate: "true" hosts: - host: sso.mareshq.com paths: - path: / pathType: Prefix tls: - secretName: sso-mareshq-com-tls hosts: - sso.mareshq.com replicaCount: 2 pdb: enabled: true minAvailable: 1 initJob: # Once ZITADEL is installed, the initJob can be disabled. enabled: true annotations: argocd.argoproj.io/sync-wave: "14" setupJob: annotations: argocd.argoproj.io/sync-wave: "15" # Deployment annotations annotations: argocd.argoproj.io/sync-wave: "20" configMap: annotations: argocd.argoproj.io/sync-wave: "0" masterkeyAnnotations: argocd.argoproj.io/sync-wave: "0" serviceAccount: create: true annotations: argocd.argoproj.io/sync-wave: "-1" zitadel: # openssl rand -hex 16 (32 characters = 32 bytes) masterkey: 97e7e7f84450f135b28821d5aa49c017 configmapConfig: Log: Level: debug Formatter: Format: json DefaultInstance: LoginPolicy: DefaultRedirectURI: https://sso.mareshq.com/ui/console DomainPolicy: SMTPSenderAddressMatchesInstanceDomain: false ExternalPort: 443 ExternalSecure: true ExternalDomain: sso.mareshq.com TLS: Enabled: false Database: postgres: Host: postgres-rw.postgres.svc Port: 5432 Database: zitadel MaxOpenConns: 20 MaxIdleConns: 10 MaxConnLifetime: 30m MaxConnIdleTime: 5m User: Username: zitadel_user Password: atz3xjt6tfb_ecv*KBW SSL: Mode: disable Admin: Username: postgres Password: postgres SSL: Mode: disable