add Zitadel

2024-11-21 15:30:19 +00:00 · 2023-11-03 13:24:50 +00:00 · 2023-11-03 13:24:50 +00:00 · e7dcebcbb8
commit e7dcebcbb8
parent ab2c897085
4 changed files with 123 additions and 0 deletions
--- a/Zitadel/docker-compose.yaml
+++ b/Zitadel/docker-compose.yaml
@ -0,0 +1,81 @@
+version: "3.8"
+
+services:
+  zitadel:
+    restart: "always"
+    networks:
+      - "zitadel"
+      - "proxy"
+    image: "ghcr.io/zitadel/zitadel:stable"
+    # ZITADEL_MASTERKEY: 'SAcD5TY0QPp89ip28bZPfEA5WDxqmobx' # run tr -dc A-Za-z0-9 </dev/urandom | head -c 32
+    command: 'start-from-init --config /example-zitadel-config.yaml --config /example-zitadel-secrets.yaml --steps /example-zitadel-init-steps.yaml --masterkey "SAcD5TY0QPp89ip28bZPfEA5WDxqmobx" --tlsMode external'
+    depends_on:
+      certs:
+        condition: "service_completed_successfully"
+    environment:
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME: Admin1!@zitadel.jimsgarage.co.uk
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: Password1!
+    ports:
+      - "8080:8080"
+    volumes:
+      - "./example-zitadel-config.yaml:/example-zitadel-config.yaml:ro"
+      - "./example-zitadel-secrets.yaml:/example-zitadel-secrets.yaml:ro"
+      - "./example-zitadel-init-steps.yaml:/example-zitadel-init-steps.yaml:ro"
+      - "zitadel-certs:/crdb-certs:ro"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.zitadel.entrypoints=http"
+      - "traefik.http.routers.zitadel.rule=Host(`zitadel.jimsgarage.co.uk`)"
+      - "traefik.http.middlewares.zitadel-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.zitadel.middlewares=zitadel-https-redirect"
+      - "traefik.http.routers.zitadel-secure.entrypoints=https"
+      - "traefik.http.routers.zitadel-secure.rule=Host(`zitadel.jimsgarage.co.uk`)"
+      - "traefik.http.routers.zitadel-secure.tls=true"
+      - "traefik.http.routers.zitadel-secure.service=zitadel"
+      - "traefik.http.services.zitadel.loadbalancer.server.scheme=h2c"
+      - "traefik.http.services.zitadel.loadbalancer.passHostHeader=true"
+      - "traefik.http.services.zitadel.loadbalancer.server.port=8080"
+      - "traefik.docker.network=proxy"
+
+  certs:
+    image: "cockroachdb/cockroach:latest"
+    entrypoint: ["/bin/bash", "-c"]
+    command:
+      [
+        "cp /certs/* /zitadel-certs/ && cockroach cert create-client --overwrite --certs-dir /zitadel-certs/ --ca-key /zitadel-certs/ca.key zitadel_user && chown 1000:1000 /zitadel-certs/*",
+      ]
+    volumes:
+      - "certs:/certs:ro"
+      - "zitadel-certs:/zitadel-certs:rw"
+    depends_on:
+      my-cockroach-db:
+        condition: "service_healthy"
+
+  my-cockroach-db:
+    restart: "always"
+    networks:
+      - "zitadel"
+    image: "cockroachdb/cockroach:latest"
+    command: "start-single-node --advertise-addr my-cockroach-db"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health?ready=1"]
+      interval: "10s"
+      timeout: "30s"
+      retries: 5
+      start_period: "20s"
+    ports:
+      - "9090:8080"
+      - "26257:26257"
+    volumes:
+      - "certs:/cockroach/certs:rw"
+      - "data:/cockroach/cockroach-data:rw"
+
+networks:
+  zitadel:
+  proxy:
+    external: true
+
+volumes:
+  certs:
+  zitadel-certs:
+  data:
--- a/Zitadel/example-zitadel-config.yaml
+++ b/Zitadel/example-zitadel-config.yaml
@ -0,0 +1,25 @@
+# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
+Log:
+  Level: 'info'
+
+# Make ZITADEL accessible over HTTP, not HTTPS
+ExternalSecure: true
+ExternalDomain: zitadel.jimsgarage.co.uk # change this to your domain
+ExternalPort: 443
+
+# If not using the docker compose example, adjust these values for connecting ZITADEL to your CockroachDB
+Database:
+  cockroach:
+    Host: 'my-cockroach-db'
+    User:
+      SSL:
+        Mode: 'verify-full'
+        RootCert: "/crdb-certs/ca.crt"
+        Cert: "/crdb-certs/client.zitadel_user.crt"
+        Key: "/crdb-certs/client.zitadel_user.key"
+    Admin:
+      SSL:
+        Mode: 'verify-full'
+        RootCert: "/crdb-certs/ca.crt"
+        Cert: "/crdb-certs/client.root.crt"
+        Key: "/crdb-certs/client.root.key"
--- a/Zitadel/example-zitadel-init-steps.yaml
+++ b/Zitadel/example-zitadel-init-steps.yaml
@ -0,0 +1,7 @@
+# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/setup/steps.yaml
+FirstInstance:
+  Org:
+    Human:
+      # use the loginname root@zitadel.localhost
+      Username: 'root'
+      Password: 'RootPassword1!'
--- a/Zitadel/example-zitadel-secrets.yaml
+++ b/Zitadel/example-zitadel-secrets.yaml
@ -0,0 +1,10 @@
+# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
+
+# If not using the docker compose example, adjust these values for connecting ZITADEL to your CockroachDB
+Database:
+  cockroach:
+    User:
+      # If the user doesn't exist already, it is created
+      Username: 'zitadel_user'
+    Admin:
+      Username: 'root'