diff --git a/k8s/apps/minio/externalsecret.yaml b/k8s/argocdapps/minio/externalsecret.yaml similarity index 100% rename from k8s/apps/minio/externalsecret.yaml rename to k8s/argocdapps/minio/externalsecret.yaml diff --git a/k8s/apps/minio/helm.yaml b/k8s/argocdapps/minio/helm.yaml similarity index 100% rename from k8s/apps/minio/helm.yaml rename to k8s/argocdapps/minio/helm.yaml diff --git a/k8s/apps/minio/image-policy.yaml b/k8s/argocdapps/minio/image-policy.yaml similarity index 100% rename from k8s/apps/minio/image-policy.yaml rename to k8s/argocdapps/minio/image-policy.yaml diff --git a/k8s/apps/minio/kustomization.yaml b/k8s/argocdapps/minio/kustomization.yaml similarity index 100% rename from k8s/apps/minio/kustomization.yaml rename to k8s/argocdapps/minio/kustomization.yaml diff --git a/k8s/argocdapps/zitadel/app.json5 b/k8s/argocdapps/zitadel/app.json5 new file mode 100644 index 000000000..4c40ec135 --- /dev/null +++ b/k8s/argocdapps/zitadel/app.json5 @@ -0,0 +1,4 @@ +{ + name: "zitadel", + namespace: "zitadel", +} diff --git a/k8s/argocdapps/zitadel/configmap.jsonnet b/k8s/argocdapps/zitadel/configmap.jsonnet new file mode 100644 index 000000000..95896117b --- /dev/null +++ b/k8s/argocdapps/zitadel/configmap.jsonnet @@ -0,0 +1,12 @@ +{ + apiVersion: 'v1', + kind: 'ConfigMap', + metadata: { + name: (import 'app.json5').name + '-config', + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + data: { + 'config.yaml': (importstr './config/config.yaml'), + }, +} diff --git a/k8s/argocdapps/zitadel/external-secret.jsonnet b/k8s/argocdapps/zitadel/external-secret.jsonnet new file mode 100644 index 000000000..255ede4ba --- /dev/null +++ b/k8s/argocdapps/zitadel/external-secret.jsonnet @@ -0,0 +1,64 @@ +{ + apiVersion: 'external-secrets.io/v1beta1', + kind: 'ExternalSecret', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + secretStoreRef: { + name: 'onepassword', + kind: 'ClusterSecretStore', + }, + refreshInterval: '1m', + target: { + name: $.metadata.name, + template: { + engineVersion: 'v2', + type: 'Opaque', + templateFrom: [ + { + target: 'Data', + configMap: { + name: (import 'configmap.jsonnet').metadata.name, + items: [ + { + key: 'config.yaml', + templateAs: 'Values', + }, + ], + }, + }, + ], + data: { + masterkey: '{{ .masterkey }}', + postgres: '{{ .postgresdbpassword }}', + }, + }, + }, + data: [ + { + secretKey: 'masterkey', + remoteRef: { + key: 'zitadel', + property: 'masterkey', + }, + }, + { + secretKey: 'postgresdbpassword', + remoteRef: { + key: 'postgres_passwords', + property: 'postgres', + }, + }, + { + secretKey: 'zitadeldbpassword', + remoteRef: { + key: 'postgres_passwords', + property: 'zitadel', + }, + }, + ], + }, +} diff --git a/k8s/argocdapps/zitadel/externalsecret.yaml b/k8s/argocdapps/zitadel/externalsecret.yaml deleted file mode 100644 index 4e61df489..000000000 --- a/k8s/argocdapps/zitadel/externalsecret.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: zitadel -spec: - secretStoreRef: - name: onepassword - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: zitadel - template: - engineVersion: v2 - type: Opaque - templateFrom: - - target: Data - configMap: - name: zitadel-config - items: - - key: config.yaml - templateAs: Values - data: - masterkey: "{{ .masterkey }}" - postgres: "{{ .postgresdbpassword }}" - data: - - secretKey: masterkey - remoteRef: - key: zitadel - property: masterkey - - secretKey: postgresdbpassword - remoteRef: - key: postgres_passwords - property: postgres - - secretKey: zitadeldbpassword - remoteRef: - key: postgres_passwords - property: zitadel diff --git a/k8s/argocdapps/zitadel/helm.jsonnet b/k8s/argocdapps/zitadel/helm.jsonnet new file mode 100644 index 000000000..70a993ea7 --- /dev/null +++ b/k8s/argocdapps/zitadel/helm.jsonnet @@ -0,0 +1,9 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + + chart: 'zitadel', + repoURL: 'https://charts.zitadel.com', + targetRevision: '8.5.0', + values: (importstr 'values.yaml'), +} diff --git a/k8s/argocdapps/zitadel/helm.yaml b/k8s/argocdapps/zitadel/helm.yaml deleted file mode 100644 index 5629e275a..000000000 --- a/k8s/argocdapps/zitadel/helm.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: zitadel -spec: - url: https://charts.zitadel.com ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: zitadel -spec: - chart: - spec: - chart: zitadel - version: 8.5.0 - values: - zitadel: - configmapConfig: - ExternalDomain: auth.walnuts.dev - TLS: - Enabled: false - ExternalPort: 443 - ExternalSecure: true - masterkeySecretName: "zitadel" - configSecretName: zitadel - configSecretKey: "config.yaml" - replicaCount: 2 - ingress: - enabled: true - className: "nginx" - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "0" - hosts: - - host: auth.walnuts.dev - paths: - - path: / - pathType: Prefix - env: - # - name: ZITADEL_LOG_LEVEL - # value: "debug" - metrics: - enabled: true - serviceMonitor: - enabled: true - resources: - requests: - memory: 128Mi - limits: - memory: 512Mi - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - preference: - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - weight: 10 - preference: - matchExpressions: - - key: kubernetes.io/hostname - operator: NotIn - values: - - donut - image: - tag: v2.64.1 # {"$imagepolicy": "zitadel:zitadel:tag"} diff --git a/k8s/argocdapps/zitadel/image-policy.yaml b/k8s/argocdapps/zitadel/image-policy.yaml deleted file mode 100644 index 8e1ef6d19..000000000 --- a/k8s/argocdapps/zitadel/image-policy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: zitadel -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/zitadel - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/zitadel - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: zitadel -spec: - image: ghcr.io/zitadel/zitadel - interval: 2m0s ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: zitadel -spec: - imageRepositoryRef: - name: zitadel - policy: - semver: - range: ">=0.0.0" diff --git a/k8s/argocdapps/zitadel/kustomization.yaml b/k8s/argocdapps/zitadel/kustomization.yaml deleted file mode 100644 index 77acf8a2f..000000000 --- a/k8s/argocdapps/zitadel/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: zitadel -resources: -- externalsecret.yaml -- helm.yaml -- image-policy.yaml -components: -- ../../components/helm -configMapGenerator: -- name: zitadel-config - files: - - config.yaml -generatorOptions: - disableNameSuffixHash: true diff --git a/k8s/argocdapps/zitadel/values.yaml b/k8s/argocdapps/zitadel/values.yaml new file mode 100644 index 000000000..a7f683bc3 --- /dev/null +++ b/k8s/argocdapps/zitadel/values.yaml @@ -0,0 +1,52 @@ +zitadel: + configmapConfig: + ExternalDomain: auth.walnuts.dev + TLS: + Enabled: false + ExternalPort: 443 + ExternalSecure: true + masterkeySecretName: "zitadel" + configSecretName: zitadel + configSecretKey: "config.yaml" +replicaCount: 2 +ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "0" + hosts: + - host: auth.walnuts.dev + paths: + - path: / + pathType: Prefix +env: +# - name: ZITADEL_LOG_LEVEL +# value: "debug" +metrics: + enabled: true + serviceMonitor: + enabled: true +resources: + requests: + memory: 128Mi + limits: + memory: 512Mi +affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - weight: 10 + preference: + matchExpressions: + - key: kubernetes.io/hostname + operator: NotIn + values: + - donut +# image: +# tag: v2.64.1 # {"$imagepolicy": "zitadel:zitadel:tag"}