update docs and comments about zitadel and restores and backups

README.md

@@ -28,7 +28,7 @@
 - Specializes in using Bitwarden (though not required) to store sensitive values both locally and on your cluster
 - Manages all your authentication needs centrally using Zitadel and Vouch 💪
 - Supports initialization on a [range of common self-hosted apps](https://small-hack.github.io/smol-k8s-lab/k8s_apps/argocd/) 📱
-  - featured initialized apps such as [Nextcloud](https://small-hack.github.io/smol-k8s-lab/k8s_apps/nextcloud/), [Matrix](https://small-hack.github.io/smol-k8s-lab/k8s_apps/matrix/), and [Home Assistant](https://small-hack.github.io/smol-k8s-lab/k8s_apps/home_assistant/) include backups and restores
+  - featured initialized apps such as [Zitadel], [Nextcloud](https://small-hack.github.io/smol-k8s-lab/k8s_apps/nextcloud/), [Matrix](https://small-hack.github.io/smol-k8s-lab/k8s_apps/matrix/), and [Home Assistant](https://small-hack.github.io/smol-k8s-lab/k8s_apps/home_assistant/) include backups and restores
 - Lots o' [docs](https://small-hack.github.io/smol-k8s-lab)
 
 -----------------------------

docs/index.md

@@ -8,18 +8,27 @@ Leverage Argo CD and slim Kubernetes distributions, like K3s, to create producti
 
 `smol-k8s-lab`'s declarative workflow, CLI, and TUI enable rapid iteration in production-like environments with minimal costs for failure. This makes it ideal for proof-of-concepts, prototyping, and benchmarking Kubernetes applications and distributions. It's also great for home labs, with some common FOSS apps such as Home Assistant, Nextcloud, Matrix, and more!
 
-By default, it deploys [Argo CD] + [Argo CD Appset Secret Plugin] which enables Argo CD to securely manage your lab via files in open source Git repos.  Additionally, a customized dark-theme is provided for Argo CD's incredibly useful web-interface.
+By default, `smol-k8s-lab` deploys [Argo CD] + [Argo CD Appset Secret Plugin] which enables Argo CD to securely manage your lab via files in [open source Git repos](https://github.com/small-hack/argocd-apps). Additionally, a customized nord-like dark-theme is provided for Argo CD's incredibly useful web-interface.
 
-`smol-k8s-lab` can also optionally make heavy use of Bitwarden to store any passwords, tokens, and secrets so you can use them immediately.
 
-Consider viewing our very long walk through if you like video walk-throughs:
+Consider viewing our very long walk through if you like video walk-throughs (which is a little out of date, but we intend to update it as soon as possible to include new features):
 
 <p align="center">
 <iframe width="720" height="480" src="https://www.youtube.com/embed/UdOQM9n5hyU?si=5dDCf2J2Oczhdej3" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
 </p>
 
 Here's the [same video with captions](https://youtu.be/2E9DVJpv440?feature=shared).
 
+### Features
+
+- Deploys [Argo CD](https://github.com/argoproj/argo-cd) by default, so you can manage your entire lab using files in [open source git repos](https://github.com/small-hack/argocd-apps)
+  - Argo CD ships with a dashboard with a custom theme 💙
+- Specializes in using Bitwarden (though not required) to store sensitive values both in your Bitwwarden vault, and on your cluster as Secrets.
+- Manages all your authentication needs centrally using [Zitadel] and [Vouch] 💪
+- Supports initialization on a [range of common self-hosted apps](https://small-hack.github.io/smol-k8s-lab/k8s_apps/argocd/) 📱
+  - featured initialized apps such as [Zitadel], [Nextcloud](https://small-hack.github.io/smol-k8s-lab/k8s_apps/nextcloud/), [Matrix](https://small-hack.github.io/smol-k8s-lab/k8s_apps/matrix/), and [Home Assistant](https://small-hack.github.io/smol-k8s-lab/k8s_apps/home_assistant/) include [b]backups and restores[/b]!
+- Lots o' [docs](https://small-hack.github.io/smol-k8s-lab)
+
 ## Getting Started
 
 Please see our [Getting Started guide](https://small-hack.github.io/smol-k8s-lab/installation).

docs/k8s_apps/zitadel.md

@@ -61,7 +61,7 @@ apps:
 
 ## Backups
 
-Backups are a new feature in `v5.0.0` that enable backing up your postgres cluster and PVCs via restic to a configurable remote S3 bucket. If you have `init.enabled` set to `true` and you're using our pre-configured `argo.repo`, we support both instant backups, and scheduled backups.
+Backups are a new feature in `v5.0.0` that enable backing up your postgres cluster and PVCs via restic to a configurable remote S3 bucket. Backups require `init.enabled` set to `true` and you must ensure you're using our pre-configured `argo.repo`. We support both instant backups, and scheduled backups.
 
 When running a zitadel backup, we will initiate a [Cloud Native Postgresql backup](https://cloudnative-pg.io/documentation/1.23/backup/#on-demand-backups) to your local seaweedfs cluster that we setup for you, and then wait until the last wal archive associated with that backup is complete. After that, we start a k8up backup job to backup all of your important PVCs to your configured s3 bucket.
 
@@ -97,7 +97,9 @@ apps:
 
 ## Restores
 
-Restores are a new feature in `v5.0.0` that enable restoring your cluster via restic from a configurable remote S3 bucket. If you have `init.enabled` set to `true` and you're using our pre-configured `argo.repo`, we support restoring both your postgres cluster and PVCs. A restore is a kind of initialization process, so it lives under the `init` section of the config for your application, in this case, zitadel. Here's an example:
+Restores are a new feature in `v5.0.0` that enable restoring your cluster via restic from a configurable remote S3 bucket. This feature was finally tested with Zitadel in `v5.6.0`. If you have `init.enabled` set to `true` and you're using our pre-configured `argo.repo`, we support restoring both your Postgresql cluster and Persistent Volume Claims.
+
+A restore is a kind of initialization process, so it lives under the `init` section of the config for your application, in this case, Zitadel. Here's an example you could use in your `~/.config/smol-k8s-lab/config.yaml`:
 
 ```yaml
 apps:
@@ -126,6 +128,8 @@ The restore process will put your secrets into place, then restore your seaweedf
 
 ## Example config
 
+Here's a full working config for zitadel. (If this isn't working, please submit an issue on our GitHub!)
+
 ```yaml
 apps:
   zitadel:
@@ -138,7 +142,8 @@ apps:
         - a human admin user (including an autogenerated password)
         - a project with a name of your chosing
         - 2 OIDC applications for Argo CD and Vouch
-        - 2 Argo CD groups (admins and users), 1 vouch groups
+        - 2 Argo CD groups (admins and users)
+        - 1 vouch groups
         - groupsClaim action to enforce group roles on authentication
         - updates your appset_secret_plugin secret and refreshes the pod
 
@@ -182,8 +187,12 @@ apps:
       # before it actually is, due to the wal archive it lists as it's end not
       # being in the backup yet
       postgres_schedule: 0 0 0 * * *
+      # these are for pushing backups of your local s3 storage to a remote s3 bucket, which
+      # is separate from your postgresql backups, so that postgresql can backup wal archives
+      # every 5 minutes with speed and then for and then for cost optimization, only backup
+      # all achives gathered during the day to the remote s3 store AFTER the nightly
+      # postgresql backups.
       s3:
-        # these are for pushing remote backups of your local s3 storage, for speed and cost optimization
         endpoint: s3.eu-central-003.backblazeb2.com
         bucket: my-zitadel-backup-bucket
         region: eu-central-003
@@ -213,7 +222,6 @@ apps:
       # git repo to install the Argo CD app from
       repo: https://github.com/small-hack/argocd-apps
       # path in the argo repo to point to. Trailing slash very important!
-      # if you want to use cockroachdb, change to zitadel/zitadel_and_cockroachdb
       path: zitadel/app_of_apps/
       # either the branch or tag to point at in the argo repo above
       revision: main

smol_k8s_lab/k8s_apps/identity_provider/zitadel_api.py

@@ -58,8 +58,8 @@ def check_api_health(self,) -> True:
         """
         res = None
         while True:
-            log.debug("checking if api is up by querying the healthz endpoint"
-                      f" by querying {self.api_url} using verify={self.verify}")
+            log.debug("checking if api is up by querying the healthz endpoint,"
+                      f" {self.api_url}, using verify={self.verify}")
 
             try:
                 res = request("GET", f"{self.api_url}healthz", verify=self.verify)