zitadel · Lite5h4dow · Sep 26, 2024 · Sep 26, 2024 · Sep 26, 2024 · Sep 26, 2024
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -25,8 +25,13 @@ jobs:
         git config user.name "$GITHUB_ACTOR"
         git config user.email "[email protected]"
 
-    - id: 'add-cockroachdb-repo'
-      run: 'helm repo add cockroachdb https://charts.cockroachdb.com/'
+    - id: 'prepare'
+      run: |
+        helm repo add bitnami https://charts.bitnami.com/bitnami
+        helm repo add cockroachdb https://charts.cockroachdb.com/
+        cat ./charts/zitadel/values.yaml >> charts/zitadel-umbrella/values.yaml
+        sed -n -e '/Common.*zitadel-umbrella/,$p' ./charts/zitadel/Chart.yaml >> charts/zitadel-umbrella/Chart.yaml
+        helm dependency build charts/zitadel-umbrella
 
     - id: 'release'
       uses: 'helm/[email protected]'

diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 .idea
+/*.tgz
diff --git a/README.md b/README.md
@@ -138,7 +138,11 @@ kubectl get pods --all-namespaces --watch
 # Or if you have the watch binary installed
 watch -n .1 "kubectl get pods --all-namespaces"
 ```
-
+## Screenshots
+![Dashboard](https://media.discordapp.net/attachments/1288861233541550101/1288867332093116426/image.png)
+![Login](https://media.discordapp.net/attachments/1288861233541550101/1288867328850657343/image.png)
+![Change Password](https://media.discordapp.net/attachments/1288861233541550101/1288867330755133532/image.png)
+![2FA Setup](https://media.discordapp.net/attachments/1288861233541550101/1288867330037911582/image.png)
 ## Contributors
 
 <a href="https://github.com/zitadel/zitadel-charts/graphs/contributors">

diff --git a/charts/zitadel-umbrella/Chart.lock b/charts/zitadel-umbrella/Chart.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 15.5.35
+- name: cockroachdb
+  repository: https://charts.cockroachdb.com/
+  version: 14.0.3
+digest: sha256:b2453e7eccc9cc111e14816b3d308e8686e53f9b945794d4821d726c688f272c
+generated: "2024-10-03T23:38:57.462436343+02:00"
diff --git a/charts/zitadel-umbrella/Chart.yaml b/charts/zitadel-umbrella/Chart.yaml
@@ -0,0 +1,12 @@
+# This Chart.yaml is extended by the Charts.yaml for the zitadel chart.
+name: zitadel-umbrella
+description: A vendored Helm chart for ZITADEL with subcharts
+dependencies:
+  - name: postgresql
+    version: 15.5.35
+    repository: https://charts.bitnami.com/bitnami
+    condition: postgresql.enabled
+  - name: cockroachdb
+    version: 14.0.3
+    repository: https://charts.cockroachdb.com/
+    condition: cockroachdb.enabled
diff --git a/charts/zitadel-umbrella/values.yaml b/charts/zitadel-umbrella/values.yaml
@@ -0,0 +1,21 @@
+# This Chart.yaml is extended by the values.yaml for the zitadel chart.
+postgresql:
+  # enable postgresql helm subchart: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/
+  enabled: true
+  auth:
+    username: zitadel
+    password: zitadel
+    postgresPassword: zitadel
+  volumePermissions:
+    enabled: true
+  tls:
+    enabled: false
+    certificatesSecret: postgres-cert
+    certFilename: "tls.crt"
+    certKeyFilename: "tls.key"
+
+cockroachdb:
+  # enable cockroachdb helm subchart: https://github.com/cockroachdb/helm-charts
+  enabled: false
+  tls:
+    enabled: false
diff --git a/charts/zitadel/Chart.yaml b/charts/zitadel/Chart.yaml
@@ -1,12 +1,64 @@
-apiVersion: v2
+# Specific values unique to the zitadel chart
 name: zitadel
 description: A Helm chart for ZITADEL
+# Common values with the zitadel-umbrella chart...
+apiVersion: v2
 type: application
 appVersion: v2.61.0
 version: 8.5.0
 kubeVersion: ">= 1.21.0-0"
 icon: https://zitadel.com/zitadel-logo-dark.svg
+home: https://zitadel.com
+keywords:
+  - auth
+  - authentication
+  - sso
+  - single-sign-on
+  - single_sign_on
+  - idp
+  - identity
+  - identity-platform
+  - identity_platform
+  - oidc
+  - open-identity
+  - open_identity
+  - open-identity-connect
+  - open_identity_connect
+  - oauth
+sources:
+  - https://zitadel.com/docs/self-hosting/deploy/overview
+  - https://github.com/zitadel/zitadel
 maintainers:
   - name: zitadel
     email: [email protected]
     url: https://zitadel.com
+annotations:
+  artifacthub.io/maintainers: |
+    - name: Zitadel Team
+      email: [email protected]
+      url: https://zitadel.com
+  artifacthub.io/links: |
+    - name: GitHub
+      url: https://github.com/zitadel/zitadel-charts
+    - name: Examples
+      url: https://github.com/zitadel/zitadel-charts/tree/main/examples
+    - name: Discord
+      url: https://zitadel.com/chat
+    - name: Documentation
+      url: https://zitadel.com/docs/self-hosting/deploy/overview
+  artifacthub.io/images: |
+    - name: zitadel
+      image: ghcr.io/zitadel/zitadel
+  artifacthub.io/license: Apache License 2.0
+  artifacthub.io/changes: |
+    - kind: changed
+      description: overhauled helm chart
+  artifacthub.io/screenshots: |
+    - title: Dashboard
+      url: https://media.discordapp.net/attachments/1288861233541550101/1288867332093116426/image.png
+    - title: Login
+      url: https://media.discordapp.net/attachments/1288861233541550101/1288867328850657343/image.png
+    - title: Change Password
+      url: https://media.discordapp.net/attachments/1288861233541550101/1288867330755133532/image.png
+    - title: 2fa Setup
+      url: https://media.discordapp.net/attachments/1288861233541550101/1288867330037911582/image.png
diff --git a/charts/zitadel/acceptance_test/acceptance_test.go b/charts/zitadel/acceptance_test/acceptance_test.go
@@ -0,0 +1,154 @@
+package acceptance_test
+
+import (
+	"fmt"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/gruntwork-io/terratest/modules/k8s"
+	"github.com/stretchr/testify/suite"
+)
+
+func TestPostgresInsecure(t *testing.T) {
+	t.Parallel()
+	example := "1-postgres-insecure"
+	workDir, valuesFile, values := readConfig(t, example)
+	cfg := values.Zitadel.ConfigmapConfig
+	suite.Run(t, Configure(
+		t,
+		newNamespaceIdentifier(example),
+		Postgres.WithValues(filepath.Join(workDir, "postgres-values.yaml")),
+		[]string{valuesFile},
+		cfg.ExternalDomain,
+		cfg.ExternalPort,
+		cfg.ExternalSecure,
+		nil,
+		nil,
+		nil,
+	))
+}
+
+func TestPostgresSecure(t *testing.T) {
+	t.Parallel()
+	example := "2-postgres-secure"
+	workDir, valuesFile, values := readConfig(t, example)
+	cfg := values.Zitadel.ConfigmapConfig
+	suite.Run(t, Configure(
+		t,
+		newNamespaceIdentifier(example),
+		Postgres.WithValues(filepath.Join(workDir, "postgres-values.yaml")),
+		[]string{valuesFile},
+		cfg.ExternalDomain,
+		cfg.ExternalPort,
+		cfg.ExternalSecure,
+		func(cfg *ConfigurationTest) {
+			k8s.KubectlApply(t, cfg.KubeOptions, filepath.Join(workDir, "certs-job.yaml"))
+			k8s.WaitUntilJobSucceed(t, cfg.KubeOptions, "create-certs", 120, 3*time.Second)
+		},
+		nil,
+		nil,
+	))
+}
+
+func TestCockroachInsecure(t *testing.T) {
+	t.Parallel()
+	example := "3-cockroach-insecure"
+	workDir, valuesFile, values := readConfig(t, example)
+	cfg := values.Zitadel.ConfigmapConfig
+	suite.Run(t, Configure(
+		t,
+		newNamespaceIdentifier(example),
+		Cockroach.WithValues(filepath.Join(workDir, "cockroach-values.yaml")),
+		[]string{valuesFile},
+		cfg.ExternalDomain,
+		cfg.ExternalPort,
+		cfg.ExternalSecure,
+		nil,
+		nil,
+		nil,
+	))
+}
+
+func TestCockroachSecure(t *testing.T) {
+	t.Parallel()
+	example := "4-cockroach-secure"
+	workDir, valuesFile, values := readConfig(t, example)
+	cfg := values.Zitadel.ConfigmapConfig
+	suite.Run(t, Configure(
+		t,
+		newNamespaceIdentifier(example),
+		Cockroach.WithValues(filepath.Join(workDir, "cockroach-values.yaml")),
+		[]string{valuesFile},
+		cfg.ExternalDomain,
+		cfg.ExternalPort,
+		cfg.ExternalSecure,
+		nil,
+		func(cfg *ConfigurationTest) {
+			k8s.KubectlApply(t, cfg.KubeOptions, filepath.Join(workDir, "zitadel-cert-job.yaml"))
+			k8s.WaitUntilJobSucceed(t, cfg.KubeOptions, "create-zitadel-cert", 120, 3*time.Second)
+		},
+		nil,
+	))
+}
+
+func TestReferencedSecrets(t *testing.T) {
+	t.Parallel()
+	example := "5-referenced-secrets"
+	workDir, valuesFile, values := readConfig(t, example)
+	cfg := values.Zitadel.ConfigmapConfig
+	suite.Run(t, Configure(
+		t,
+		newNamespaceIdentifier(example),
+		Postgres.WithValues(filepath.Join(workDir, "postgres-values.yaml")),
+		[]string{valuesFile},
+		cfg.ExternalDomain,
+		cfg.ExternalPort,
+		cfg.ExternalSecure,
+		nil,
+		func(cfg *ConfigurationTest) {
+			k8s.KubectlApply(t, cfg.KubeOptions, filepath.Join(workDir, "zitadel-secrets.yaml"))
+			k8s.KubectlApply(t, cfg.KubeOptions, filepath.Join(workDir, "zitadel-masterkey.yaml"))
+		},
+		nil,
+	))
+}
+
+func TestMachineUser(t *testing.T) {
+	t.Parallel()
+	example := "6-machine-user"
+	workDir, valuesFile, values := readConfig(t, example)
+	cfg := values.Zitadel.ConfigmapConfig
+	saUsername := cfg.FirstInstance.Org.Machine.Machine.Username
+	suite.Run(t, Configure(
+		t,
+		newNamespaceIdentifier(example),
+		Postgres.WithValues(filepath.Join(workDir, "postgres-values.yaml")),
+		[]string{valuesFile},
+		cfg.ExternalDomain,
+		cfg.ExternalPort,
+		cfg.ExternalSecure,
+		nil,
+		nil,
+		testAuthenticatedAPI(saUsername, fmt.Sprintf("%s.json", saUsername))),
+	)
+}
+
+func TestSelfSigned(t *testing.T) {
+	t.Parallel()
+	example := "7-self-signed"
+	workDir, valuesFile, values := readConfig(t, example)
+	cfg := values.Zitadel.ConfigmapConfig
+	suite.Run(t, Configure(
+		t,
+		newNamespaceIdentifier(example),
+		Postgres.WithValues(filepath.Join(workDir, "postgres-values.yaml")),
+		[]string{valuesFile},
+		cfg.ExternalDomain,
+		cfg.ExternalPort,
+		cfg.ExternalSecure,
+		nil,
+		nil,
+		nil,
+	))
+}