zitadel:
  masterkeySecretName: "zitadel"
  configmapConfig:
    Log:
      Level: 'info'
    LogStore:
      Access:
        Stdout:
          Enabled: true
    ExternalSecure: true
    ExternalDomain: ${ service_uri }
    ExternalPort: 443
    TLS:
      Enabled: false
    FirstInstance:
      Org:
        Machine:
          Machine:
            Username: zitadel-admin-sa
            Name: Admin
          MachineKey:
            ExpirationDate: "2026-01-01T00:00:00Z"
            Type: 1
    Database:
      Postgres:
        Host: postgresql-hl.postgresql.svc.cluster.local
        Port: 5432
        Database: ${ database }
        MaxOpenConns: 20
        MaxIdleConns: 10
        MaxConnLifetime: 30m
        MaxConnIdleTime: 5m
        User:
          Username: ${ database_username }
          Password: "${ database_password }"
          SSL:
            Mode: disable
        %{ if database_root_username != null }Admin:
          Username: ${ database_root_username }
          Password: "${ database_root_password }"
          SSL:
            Mode: disable
        %{ endif }

readinessProbe:
    initialDelaySeconds: 5
    periodSeconds: 5
    failureThreshold: 10

startupProbe:
    periodSeconds: 5
    failureThreshold: 30

service:
  annotations:
    traefik.ingress.kubernetes.io/service.serversscheme: h2c

ingress:
  enabled: true
  className: traefik
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: web
    traefik.ingress.kubernetes.io/router.middlewares: default-preserve-host-headers@kubernetescrd
    %{ if display_on_homepage }gethomepage.dev/enabled: "true"
    gethomepage.dev/name: "Zitadel"
    gethomepage.dev/description: "Identity and Access Management"
    gethomepage.dev/group: "Tools"
    gethomepage.dev/icon: "zitadel.png"
    %{ endif }
  hosts:
    - host: ${service_uri}
      paths:
        - path: /
          pathType: Prefix