---
name: zitadel
namespace: zitadel
serviceAccountName: zitadel
externalSecrets:
  secretStoreName: zitadel
  vaultRole: zitadel
  secretPaths:
    - name: zitadel
      secrets:
      - secretKey: masterkey
        key: zitadel
        property: masterkey
      - secretKey: config-yaml
        key: zitadel
        property: config-yaml

zitadel:
  # https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
  configmapConfig:
    ExternalSecure: false
    TLS:
      Enabled: false
    Database:
      cockroach:
        Host: "crdb-public"
        User:
          SSL:
            Mode: "verify-full"
        Admin:
          SSL:
            Mode: "verify-full"

    Machine:
      Identification:
        Hostname:
          Enabled: true
        Webhook:
          Enabled: false

  masterkeySecretName: "zitadel"

serviceAccount:
  create: false
  annotations: {}
  name: "zitadel"

initJob:
  # Once ZITADEL is installed, the initJob can be disabled.
  enabled: true
  annotations:
    helm.sh/hook: pre-install,pre-upgrade
    helm.sh/hook-delete-policy: before-hook-creation
    helm.sh/hook-weight: "1"
  resources: {}
  activeDeadlineSeconds: 300
  extraContainers: []
  podAnnotations: {}