136 lines
3.4 KiB
YAML
136 lines
3.4 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: mareshq-sso
|
|
namespace: argocd
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "50"
|
|
finalizers:
|
|
- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
project: hq
|
|
syncPolicy:
|
|
automated:
|
|
prune: true
|
|
selfHeal: true
|
|
destination:
|
|
server: "https://kubernetes.default.svc"
|
|
namespace: hq-sso
|
|
source:
|
|
chart: zitadel
|
|
repoURL: https://charts.zitadel.com
|
|
targetRevision: 8.5.0
|
|
helm:
|
|
releaseName: zitadel
|
|
valuesObject:
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-dns-production
|
|
cert-manager.io/issue-temporary-certificate: "true"
|
|
hosts:
|
|
- host: sso.mareshq.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: sso-mareshq-com-tls
|
|
hosts:
|
|
- sso.mareshq.com
|
|
|
|
replicaCount: 2
|
|
|
|
pdb:
|
|
enabled: true
|
|
minAvailable: 1
|
|
|
|
initJob:
|
|
# Once ZITADEL is installed, the initJob can be disabled.
|
|
enabled: true
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "14"
|
|
resources:
|
|
limits:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
requests:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
|
|
setupJob:
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "15"
|
|
resources:
|
|
limits:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
requests:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
|
|
# Deployment annotations
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "20"
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
|
|
configMap:
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "0"
|
|
|
|
masterkeyAnnotations:
|
|
argocd.argoproj.io/sync-wave: "0"
|
|
|
|
serviceAccount:
|
|
create: true
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "-1"
|
|
|
|
zitadel:
|
|
# openssl rand -hex 16 (32 characters = 32 bytes)
|
|
masterkey: 97e7e7f84450f135b28821d5aa49c017
|
|
configmapConfig:
|
|
Log:
|
|
Level: debug
|
|
Formatter:
|
|
Format: json
|
|
|
|
DefaultInstance:
|
|
LoginPolicy:
|
|
DefaultRedirectURI: https://sso.mareshq.com/ui/console
|
|
|
|
DomainPolicy:
|
|
SMTPSenderAddressMatchesInstanceDomain: false
|
|
|
|
ExternalPort: 443
|
|
ExternalSecure: true
|
|
ExternalDomain: sso.mareshq.com
|
|
TLS:
|
|
Enabled: false
|
|
|
|
Database:
|
|
postgres:
|
|
Host: postgres-rw.postgres.svc
|
|
Port: 5432
|
|
Database: zitadel
|
|
MaxOpenConns: 20
|
|
MaxIdleConns: 10
|
|
MaxConnLifetime: 30m
|
|
MaxConnIdleTime: 5m
|
|
User:
|
|
Username: zitadel_user
|
|
Password: atz3xjt6tfb_ecv*KBW
|
|
SSL:
|
|
Mode: disable
|
|
Admin:
|
|
Username: postgres
|
|
Password: postgres
|
|
SSL:
|
|
Mode: disable
|