mirror of
https://github.com/zitadel/zitadel.git
synced 2025-03-01 00:07:22 +00:00
8d96f1a895
* early prototyp * fix some errors * remove docker image cache * add comment * add false * typo * test cache speed * upload artifact * remove tag * seperate after build step * debug * debug * debug * debug * debug * test gh * test * test * test * test * test golang * test go * test with release image * fix * use scratch to export * test * fix path * ref * typo * debug * test * debug * speed up docker * test * debug * debug * try scope * test cache * restore cache * reenable operator build * fix duplicate * fix buildpush version * test cache * improve caching * test release IF * only run console and zitadel without dispatch * test with reworked operator * testing without release step * lint yaml * fix if * improve wording * enable release step & only notify sentry on main * console from file system * update docker file paths * remove migration line * add statik for operator * console files using go 1.15 * fix console default path * improve code QL Co-authored-by: Livio Amstutz <livio.a@gmail.com>
339 lines
8.6 KiB
YAML
339 lines
8.6 KiB
YAML
Log:
|
|
Level: $ZITADEL_LOG_LEVEL
|
|
Formatter:
|
|
Format: text
|
|
|
|
Tracing:
|
|
Type: $ZITADEL_TRACING_TYPE
|
|
Config:
|
|
ProjectID: $ZITADEL_TRACING_PROJECT_ID
|
|
MetricPrefix: ZITADEL-V1
|
|
Fraction: $ZITADEL_TRACING_FRACTION
|
|
Endpoint: $ZITADEL_TRACING_ENDPOINT
|
|
|
|
AssetStorage:
|
|
Type: $ZITADEL_ASSET_STORAGE_TYPE
|
|
Config:
|
|
Endpoint: $ZITADEL_ASSET_STORAGE_ENDPOINT
|
|
AccessKeyID: $ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID
|
|
SecretAccessKey: $ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY
|
|
SSL: $ZITADEL_ASSET_STORAGE_SSL
|
|
Location: $ZITADEL_ASSET_STORAGE_LOCATION
|
|
BucketPrefix: $ZITADEL_ASSET_STORAGE_BUCKET_PREFIX
|
|
MultiDelete: $ZITADEL_ASSET_STORAGE_MULTI_DELETE
|
|
|
|
Metrics:
|
|
Type: 'otel'
|
|
Config:
|
|
MeterName: 'github.com/caos/zitadel'
|
|
|
|
EventstoreBase:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
Database: 'eventstore'
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
|
|
Commands:
|
|
Eventstore:
|
|
User: 'eventstore'
|
|
Password: $CR_EVENTSTORE_PASSWORD
|
|
SSL:
|
|
Cert: $CR_EVENTSTORE_CERT
|
|
Key: $CR_EVENTSTORE_KEY
|
|
|
|
Queries:
|
|
Eventstore:
|
|
User: 'queries'
|
|
Password: $CR_QUERIES_PASSWORD
|
|
SSL:
|
|
Cert: $CR_QUERIES_CERT
|
|
Key: $CR_QUERIES_KEY
|
|
|
|
AuthZ:
|
|
Repository:
|
|
Eventstore:
|
|
ServiceName: 'AuthZ'
|
|
Repository:
|
|
SQL:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'authz'
|
|
Database: 'eventstore'
|
|
Password: $CR_AUTHZ_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_AUTHZ_CERT
|
|
Key: $CR_AUTHZ_KEY
|
|
Cache:
|
|
Type: 'fastcache'
|
|
Config:
|
|
MaxCacheSizeInByte: 10485760 #10mb
|
|
View:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'authz'
|
|
Database: 'authz'
|
|
Password: $CR_AUTHZ_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_AUTHZ_CERT
|
|
Key: $CR_AUTHZ_KEY
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
Auth:
|
|
SearchLimit: 1000
|
|
Domain: $ZITADEL_DEFAULT_DOMAIN
|
|
APIDomain: $ZITADEL_API_DOMAIN
|
|
Eventstore:
|
|
ServiceName: 'authAPI'
|
|
Repository:
|
|
SQL:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'auth'
|
|
Database: 'eventstore'
|
|
Password: $CR_AUTH_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_AUTH_CERT
|
|
Key: $CR_AUTH_KEY
|
|
Cache:
|
|
Type: 'fastcache'
|
|
Config:
|
|
MaxCacheSizeInByte: 10485760 #10mb
|
|
AuthRequest:
|
|
Connection:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'auth'
|
|
Database: 'auth'
|
|
Password: $CR_AUTH_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_AUTH_CERT
|
|
Key: $CR_AUTH_KEY
|
|
View:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'auth'
|
|
Database: 'auth'
|
|
Password: $CR_AUTH_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_AUTH_CERT
|
|
Key: $CR_AUTH_KEY
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
Admin:
|
|
SearchLimit: 1000
|
|
Domain: $ZITADEL_DEFAULT_DOMAIN
|
|
APIDomain: $ZITADEL_API_DOMAIN
|
|
Eventstore:
|
|
ServiceName: 'Admin'
|
|
Repository:
|
|
SQL:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'adminapi'
|
|
Database: 'eventstore'
|
|
Password: $CR_ADMINAPI_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_ADMINAPI_CERT
|
|
Key: $CR_ADMINAPI_KEY
|
|
Cache:
|
|
Type: 'fastcache'
|
|
Config:
|
|
MaxCacheSizeInByte: 10485760 #10mb
|
|
View:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'adminapi'
|
|
Database: 'adminapi'
|
|
Password: $CR_ADMINAPI_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_ADMINAPI_CERT
|
|
Key: $CR_ADMINAPI_KEY
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
Mgmt:
|
|
SearchLimit: 1000
|
|
Domain: $ZITADEL_DEFAULT_DOMAIN
|
|
APIDomain: $ZITADEL_API_DOMAIN
|
|
Eventstore:
|
|
ServiceName: 'ManagementAPI'
|
|
Repository:
|
|
SQL:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'management'
|
|
Database: 'eventstore'
|
|
Password: $CR_MANAGEMENT_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_MANAGEMENT_CERT
|
|
Key: $CR_MANAGEMENT_KEY
|
|
Cache:
|
|
Type: 'fastcache'
|
|
Config:
|
|
MaxCacheSizeInByte: 10485760 #10mb
|
|
View:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'management'
|
|
Database: 'management'
|
|
Password: $CR_MANAGEMENT_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_MANAGEMENT_CERT
|
|
Key: $CR_MANAGEMENT_KEY
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
API:
|
|
GRPC:
|
|
ServerPort: 50001
|
|
GatewayPort: 50002
|
|
CustomHeaders:
|
|
- x-zitadel-
|
|
OIDC:
|
|
OPConfig:
|
|
Issuer: $ZITADEL_ISSUER
|
|
DefaultLogoutRedirectURI: $ZITADEL_ACCOUNTS/logout/done
|
|
CodeMethodS256: true
|
|
AuthMethodPrivateKeyJWT: true
|
|
StorageConfig:
|
|
DefaultLoginURL: $ZITADEL_ACCOUNTS/login?authRequestID=
|
|
DefaultAccessTokenLifetime: 12h
|
|
DefaultIdTokenLifetime: 12h
|
|
DefaultRefreshTokenIdleExpiration: 720h #30d
|
|
DefaultRefreshTokenExpiration: 2160h #90d
|
|
SigningKeyAlgorithm: RS256
|
|
UserAgentCookieConfig:
|
|
Name: caos.zitadel.useragent
|
|
Domain: $ZITADEL_COOKIE_DOMAIN
|
|
MaxAge: 8760h #365*24h (1 year)
|
|
Key:
|
|
EncryptionKeyID: $ZITADEL_COOKIE_KEY
|
|
Cache:
|
|
MaxAge: $ZITADEL_CACHE_MAXAGE
|
|
SharedMaxAge: $ZITADEL_CACHE_SHARED_MAXAGE
|
|
Endpoints:
|
|
Auth:
|
|
Path: 'authorize'
|
|
URL: '$ZITADEL_AUTHORIZE/authorize'
|
|
Token:
|
|
Path: 'token'
|
|
URL: '$ZITADEL_OAUTH/token'
|
|
Introspection:
|
|
Path: 'introspect'
|
|
URL: '$ZITADEL_OAUTH/introspect'
|
|
EndSession:
|
|
Path: 'endsession'
|
|
URL: '$ZITADEL_AUTHORIZE/endsession'
|
|
Userinfo:
|
|
Path: 'userinfo'
|
|
URL: '$ZITADEL_OAUTH/userinfo'
|
|
Keys:
|
|
Path: 'keys'
|
|
URL: '$ZITADEL_OAUTH/keys'
|
|
|
|
UI:
|
|
Port: 50003
|
|
Login:
|
|
Handler:
|
|
BaseURL: '$ZITADEL_ACCOUNTS'
|
|
OidcAuthCallbackURL: '$ZITADEL_AUTHORIZE/authorize/callback?id='
|
|
ZitadelURL: '$ZITADEL_CONSOLE'
|
|
LanguageCookieName: 'caos.zitadel.login.lang'
|
|
DefaultLanguage: 'de'
|
|
CSRF:
|
|
CookieName: 'caos.zitadel.login.csrf'
|
|
Key:
|
|
EncryptionKeyID: $ZITADEL_CSRF_KEY
|
|
Development: $ZITADEL_CSRF_DEV
|
|
UserAgentCookieConfig:
|
|
Name: caos.zitadel.useragent
|
|
Domain: $ZITADEL_COOKIE_DOMAIN
|
|
MaxAge: 8760h #365*24h (1 year)
|
|
Key:
|
|
EncryptionKeyID: $ZITADEL_COOKIE_KEY
|
|
Cache:
|
|
MaxAge: $ZITADEL_CACHE_MAXAGE
|
|
SharedMaxAge: $ZITADEL_CACHE_SHARED_MAXAGE
|
|
StaticCache:
|
|
Type: bigcache
|
|
Config:
|
|
MaxCacheSizeInByte: 52428800 #50MB
|
|
Console:
|
|
ConsoleOverwriteDir: $ZITADEL_CONSOLE_DIR
|
|
ShortCache:
|
|
MaxAge: $ZITADEL_SHORT_CACHE_MAXAGE
|
|
SharedMaxAge: $ZITADEL_SHORT_CACHE_SHARED_MAXAGE
|
|
LongCache:
|
|
MaxAge: $ZITADEL_CACHE_MAXAGE
|
|
SharedMaxAge: $ZITADEL_CACHE_SHARED_MAXAGE
|
|
CSPDomain: $ZITADEL_DEFAULT_DOMAIN
|
|
|
|
Notification:
|
|
APIDomain: $ZITADEL_API_DOMAIN
|
|
Repository:
|
|
DefaultLanguage: 'de'
|
|
Domain: $ZITADEL_DEFAULT_DOMAIN
|
|
Eventstore:
|
|
ServiceName: 'Notification'
|
|
Repository:
|
|
SQL:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'notification'
|
|
Database: 'eventstore'
|
|
Password: $CR_NOTIFICATION_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_NOTIFICATION_CERT
|
|
Key: $CR_NOTIFICATION_KEY
|
|
Cache:
|
|
Type: 'fastcache'
|
|
Config:
|
|
MaxCacheSizeInByte: 10485760 #10mb
|
|
View:
|
|
Host: $ZITADEL_EVENTSTORE_HOST
|
|
Port: $ZITADEL_EVENTSTORE_PORT
|
|
User: 'notification'
|
|
Database: 'notification'
|
|
Password: $CR_NOTIFICATION_PASSWORD
|
|
SSL:
|
|
Mode: $CR_SSL_MODE
|
|
RootCert: $CR_ROOT_CERT
|
|
Cert: $CR_NOTIFICATION_CERT
|
|
Key: $CR_NOTIFICATION_KEY
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
Handlers: |