Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/Use Zitadel Postgres Integration by default #2181

Merged
merged 20 commits into from
Jun 25, 2024
Merged

Feature/Use Zitadel Postgres Integration by default #2181

Changes from 5 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
022fb3d
fix type in docker compose
r0b2g1t Jun 20, 2024
ad05ac3
Update docker compose cockroachdb to latest-23.2 and zitadel to 2.54.3
r0b2g1t Jun 20, 2024
1a81e15
add zitadel db postgres option for getting started script
r0b2g1t Jun 22, 2024
bad4c00
set postgres as default zitadel db
r0b2g1t Jun 22, 2024
e2ca6a2
fix init_crdb to postgres default
r0b2g1t Jun 22, 2024
4caa508
update crdb to zdb
r0b2g1t Jun 22, 2024
9fe78c9
random pw geration for postgres
r0b2g1t Jun 22, 2024
9120d0e
Merge branch 'main' into feature/zitadel-postgres-integration
r0b2g1t Jun 22, 2024
33c0cb9
update crdb init and wait to new container name zdb
r0b2g1t Jun 22, 2024
fd060ea
fix postgres password generation and fix typos
r0b2g1t Jun 22, 2024
cbb67f4
add env file for zdb
r0b2g1t Jun 22, 2024
385febc
fix env_file for psotgres cleanup postgres compose
r0b2g1t Jun 22, 2024
6831e12
add postgres and cockroach test steps fix typos
r0b2g1t Jun 22, 2024
39d136c
fix cleanup
r0b2g1t Jun 22, 2024
01993b1
update cleanup tset
r0b2g1t Jun 22, 2024
4e3aad5
rename tests
r0b2g1t Jun 22, 2024
2f66cb0
fix ZITADEL_DATABASE environment variable
r0b2g1t Jun 22, 2024
4bb3a3e
fix typo zrdb to zdb
r0b2g1t Jun 22, 2024
6cdf11e
update docker compose cleanup step and fix typo in getting started sc…
r0b2g1t Jun 23, 2024
c0665b2
add rmi all to compose postgres cleanup
r0b2g1t Jun 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
138 changes: 101 additions & 37 deletions infrastructure_files/getting-started-with-zitadel.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,16 @@ wait_crdb() {
}

init_crdb() {
echo -e "\nInitializing Zitadel's CockroachDB\n\n"
$DOCKER_COMPOSE_COMMAND up -d crdb
echo ""
# shellcheck disable=SC2028
echo -n "Waiting cockroachDB to become ready "
wait_crdb
$DOCKER_COMPOSE_COMMAND exec -T crdb /bin/bash -c "cp /cockroach/certs/* /zitadel-certs/ && cockroach cert create-client --overwrite --certs-dir /zitadel-certs/ --ca-key /zitadel-certs/ca.key zitadel_user && chown -R 1000:1000 /zitadel-certs/"
handle_request_command_status $? "init_crdb failed" ""
if [[ $ZITADEL_DATABASE == "cockroach" ]]; then
echo -e "\nInitializing Zitadel's CockroachDB\n\n"
$DOCKER_COMPOSE_COMMAND up -d crdb
echo ""
# shellcheck disable=SC2028
echo -n "Waiting cockroachDB to become ready "
wait_crdb
$DOCKER_COMPOSE_COMMAND exec -T crdb /bin/bash -c "cp /cockroach/certs/* /zitadel-certs/ && cockroach cert create-client --overwrite --certs-dir /zitadel-certs/ --ca-key /zitadel-certs/ca.key zitadel_user && chown -R 1000:1000 /zitadel-certs/"
handle_request_command_status $? "init_crdb failed" ""
fi
}

get_main_ip_address() {
Expand Down Expand Up @@ -156,7 +158,7 @@ create_new_application() {
"'"$BASE_REDIRECT_URL2"'"
],
"postLogoutRedirectUris": [
"'"$LOGOUT_URL"'"
"'"$LOGOUT_URL"'"
],
"RESPONSETypes": [
"OIDC_RESPONSE_TYPE_CODE"
Expand Down Expand Up @@ -461,6 +463,17 @@ initEnvironment() {
exit 1
fi

if [[ $ZITADEL_DATABASE == "" ]]; then
echo "Use Postgres as default Zitadel database."
echo "For using CockroachDB please the environment variable 'export ZITADEL_DATABASE=cockroach'."
CRDB=$(renderDockerComposePostgres)
ZITADEL_DB_ENV=$(renderZidatelPostgresEnv)
elif [[ $DATABASE == "cockroach" ]]; then
echo "Use CockroachDB as Zitadel database."
CRDB=$(renderDockerComposeCockroachDB)
ZITADEL_DB_ENV=$(renderZidatelCockroachDBEnv)
fi

r0b2g1t marked this conversation as resolved.
Show resolved Hide resolved
echo Rendering initial files...
renderDockerCompose > docker-compose.yml
renderCaddyfile > Caddyfile
Expand Down Expand Up @@ -634,15 +647,15 @@ renderManagementJson() {
"ExtraConfig": {
"ManagementEndpoint": "$NETBIRD_HTTP_PROTOCOL://$NETBIRD_DOMAIN/management/v1"
}
},
"DeviceAuthorizationFlow": {
"Provider": "hosted",
"ProviderConfig": {
"Audience": "$NETBIRD_AUTH_CLIENT_ID_CLI",
"ClientID": "$NETBIRD_AUTH_CLIENT_ID_CLI",
"Scope": "openid"
}
},
},
"DeviceAuthorizationFlow": {
"Provider": "hosted",
"ProviderConfig": {
"Audience": "$NETBIRD_AUTH_CLIENT_ID_CLI",
"ClientID": "$NETBIRD_AUTH_CLIENT_ID_CLI",
"Scope": "openid"
}
},
"PKCEAuthorizationFlow": {
"ProviderConfig": {
"Audience": "$NETBIRD_AUTH_CLIENT_ID_CLI",
Expand Down Expand Up @@ -679,6 +692,21 @@ renderZitadelEnv() {
cat <<EOF
ZITADEL_LOG_LEVEL=debug
ZITADEL_MASTERKEY=$ZITADEL_MASTERKEY
ZITADEL_EXTERNALSECURE=$ZITADEL_EXTERNALSECURE
ZITADEL_TLS_ENABLED="false"
ZITADEL_EXTERNALPORT=$NETBIRD_PORT
ZITADEL_EXTERNALDOMAIN=$NETBIRD_DOMAIN
ZITADEL_FIRSTINSTANCE_PATPATH=/machinekey/zitadel-admin-sa.token
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_SCOPES=openid
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE=$ZIDATE_TOKEN_EXPIRATION_DATE
$ZITADEL_DB_ENV
EOF
}

renderZidatelCockroachDBEnv() {
cat <<EOF
ZITADEL_DATABASE_COCKROACH_HOST=crdb
ZITADEL_DATABASE_COCKROACH_USER_USERNAME=zitadel_user
ZITADEL_DATABASE_COCKROACH_USER_SSL_MODE=verify-full
Expand All @@ -689,15 +717,20 @@ ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_MODE=verify-full
ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT="/crdb-certs/ca.crt"
ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT="/crdb-certs/client.root.crt"
ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY="/crdb-certs/client.root.key"
ZITADEL_EXTERNALSECURE=$ZITADEL_EXTERNALSECURE
ZITADEL_TLS_ENABLED="false"
ZITADEL_EXTERNALPORT=$NETBIRD_PORT
ZITADEL_EXTERNALDOMAIN=$NETBIRD_DOMAIN
ZITADEL_FIRSTINSTANCE_PATPATH=/machinekey/zitadel-admin-sa.token
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_SCOPES=openid
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE=$ZIDATE_TOKEN_EXPIRATION_DATE
EOF
}

renderZidatelPostgresEnv() {
cat <<EOF
ZITADEL_DATABASE_POSTGRES_HOST=crdb
ZITADEL_DATABASE_POSTGRES_PORT=5432
ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=zitadel
r0b2g1t marked this conversation as resolved.
Show resolved Hide resolved
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=root
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=postgres
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
EOF
}

Expand All @@ -717,7 +750,7 @@ services:
volumes:
- netbird_caddy_data:/data
- ./Caddyfile:/etc/caddy/Caddyfile
#UI dashboard
# UI dashboard
dashboard:
image: netbirdio/dashboard:latest
restart: unless-stopped
Expand Down Expand Up @@ -760,7 +793,7 @@ services:
zitadel:
restart: 'always'
networks: [netbird]
image: 'ghcr.io/zitadel/zitadel:v2.31.3'
image: 'ghcr.io/zitadel/zitadel:v2.54.3'
r0b2g1t marked this conversation as resolved.
Show resolved Hide resolved
command: 'start-from-init --masterkeyFromEnv --tlsMode $ZITADEL_TLS_MODE'
env_file:
- ./zitadel.env
Expand All @@ -770,11 +803,24 @@ services:
volumes:
- ./machinekey:/machinekey
- netbird_zitadel_certs:/crdb-certs:ro
# CockroachDB for zitadel
$CRDB
netbird_management:
netbird_caddy_data:
netbird_crdb_data:
netbird_zitadel_certs:

networks:
netbird:
EOF
}

renderDockerComposeCockroachDB() {
cat <<EOF
# CockroachDB for Zitadel
r0b2g1t marked this conversation as resolved.
Show resolved Hide resolved
crdb:
restart: 'always'
networks: [netbird]
image: 'cockroachdb/cockroach:v22.2.2'
image: 'cockroachdb/cockroach:latest-v23.2'
command: 'start-single-node --advertise-addr crdb'
volumes:
- netbird_crdb_data:/cockroach/cockroach-data
Expand All @@ -788,14 +834,32 @@ services:
start_period: '20s'

volumes:
netbird_management:
netbird_caddy_data:
netbird_crdb_data:
netbird_crdb_certs:
netbird_zitadel_certs:
EOF
}

networks:
netbird:
renderDockerComposePostgres() {
cat <<EOF
# Postgres for Zitadel
crdb:
r0b2g1t marked this conversation as resolved.
Show resolved Hide resolved
restart: 'always'
networks: [netbird]
image: 'postgres:16-alpine'
environment:
- POSTGRES_USER=root
- POSTGRES_PASSWORD=postgres
r0b2g1t marked this conversation as resolved.
Show resolved Hide resolved
healthcheck:
test: ["CMD-SHELL", "pg_isready", "-d", "db_prod"]
interval: 5s
timeout: 60s
retries: 10
start_period: 5s
ports:
- '5432:5432'
volumes:
- netbird_crdb_data:/var/lib/postgresql/data:rw

volumes:
EOF
}

Expand Down
Loading