apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: testing-zitadel
  namespace: 'xxx'
  selfLink: >-
    /apis/serving.knative.dev/v1/namespaces/xxx/services/testing-zitadel
  uid: xxx
  resourceVersion: AAY+b7K6iIw
  generation: 16
  creationTimestamp: '2025-09-05T08:08:46.443693Z'
  labels:
    goog-terraform-provisioned: 'true'
    run.googleapis.com/satisfiesPzs: 'true'
    cloud.googleapis.com/location: europe-west2
  annotations:
    serving.knative.dev/creator: xxx
    serving.knative.dev/lastModifier: xxx
    run.googleapis.com/ingress: internal-and-cloud-load-balancing
    run.googleapis.com/operation-id: e09ce536-bb3e-4378-aee4-1868ff258cb2
    run.googleapis.com/ingress-status: internal-and-cloud-load-balancing
    run.googleapis.com/urls: >-
      ["https://testing-zitadel-xxx.europe-west2.run.app","https://testing-zitadel-xxx.a.run.app"]
spec:
  template:
    metadata:
      labels:
        run.googleapis.com/startupProbeType: Custom
      annotations:
        run.googleapis.com/sessionAffinity: 'false'
        run.googleapis.com/vpc-access-egress: private-ranges-only
        autoscaling.knative.dev/minScale: '0'
        run.googleapis.com/cloudsql-instances: 'xxx:europe-west2:testing-zitadel-db'
        autoscaling.knative.dev/maxScale: '2'
        run.googleapis.com/vpc-access-connector: >-
          projects/xxx/locations/europe-west2/connectors/serverless-connector
        run.googleapis.com/cpu-throttling: 'false'
    spec:
      containerConcurrency: 80
      timeoutSeconds: 300
      serviceAccountName: testing-zitadel-sa@xxx.iam.gserviceaccount.com
      containers:
      - name: zitadel
        image: >-
          europe-west2-docker.pkg.dev/xxx/ghcr-remote/zitadel/zitadel:v4.1.1
        args:
        - start
        - '--masterkeyFromEnv'
        - '--tlsMode'
        - external
        ports:
        - name: http1
          containerPort: 8080
        env:
        - name: ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_BASEURI
          value: 'https://xxx/ui/v2/login'
        - name: ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_MACHINE_NAME
          value: Automatically Initialized IAM_LOGIN_CLIENT
        - name: ZITADEL_DATABASE_POSTGRES_USER_PASSWORD
          valueFrom:
            secretKeyRef:
              key: latest
              name: testing-zitadel-db-password
        - name: ZITADEL_DATABASE_POSTGRES_HOST
          value: '/cloudsql/xxx:europe-west2:testing-zitadel-db'
        - name: ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME
          value: admin
        - name: ZITADEL_DATABASE_POSTGRES_USER_USERNAME
          valueFrom:
            secretKeyRef:
              key: latest
              name: testing-zitadel-db-user
        - name: ZITADEL_LOG_LEVEL
          value: debug
        - name: ZITADEL_SAML_DEFAULTLOGINURLV2
          value: 'https://xxx/ui/v2/login/login?samlRequest='
        - name: ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              key: latest
              name: testing-zitadel-db-password
        - name: ZITADEL_OIDC_DEFAULTLOGOUTURLV2
          value: 'https://xxx/ui/v2/login/logout?post_logout_redirect='
        - name: ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE
          value: require
        - name: ZITADEL_DATABASE_POSTGRES_DATABASE
          value: zitadel
        - name: ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED
          value: 'false'
        - name: ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME
          valueFrom:
            secretKeyRef:
              key: latest
              name: testing-zitadel-db-user
        - name: ZITADEL_OIDC_DEFAULTLOGINURLV2
          value: 'https://xxx/ui/v2/login/login?authRequest='
        - name: ZITADEL_LOG_FORMATTER
          value: json
        - name: ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_PAT_EXPIRATIONDATE
          value: '2029-01-01T00:00:00Z'
        - name: ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE
          value: require
        - name: ZITADEL_EXTERNALPORT
          value: '443'
        - name: ZITADEL_EXTERNALDOMAIN
          value: xxx
        - name: ZITADEL_FIRSTINSTANCE_LOGINCLIENTPATPATH
          value: /shared/login-client.pat
        - name: ZITADEL_DATABASE_POSTGRES_PORT
          value: '5432'
        - name: ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_MACHINE_USERNAME
          value: login-client
        - name: ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD
          valueFrom:
            secretKeyRef:
              key: latest
              name: testing-zitadel-admin-password
        - name: ZITADEL_EXTERNALSECURE
          value: 'true'
        - name: ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED
          value: 'true'
        - name: ZITADEL_MASTERKEY
          valueFrom:
            secretKeyRef:
              key: latest
              name: testing-zitadel-masterkey
        resources:
          limits:
            cpu: 800m
            memory: 448Mi
        volumeMounts:
        - name: shared-data
          mountPath: /shared
        livenessProbe:
          initialDelaySeconds: 60
          timeoutSeconds: 10
          periodSeconds: 30
          failureThreshold: 3
          httpGet:
            path: /debug/healthz
            port: 8080
        startupProbe:
          initialDelaySeconds: 30
          timeoutSeconds: 10
          periodSeconds: 10
          failureThreshold: 10
          httpGet:
            path: /debug/healthz
            port: 8080
      - name: zitadel-login
        image: >-
          europe-west2-docker.pkg.dev/xxx/ghcr-remote/zitadel/zitadel-login:latest
        env:
        - name: ZITADEL_LOG_LEVEL
          value: debug
        - name: ZITADEL_API_URL
          value: 'http://localhost:8080'
        - name: ZITADEL_SERVICE_USER_TOKEN_FILE
          value: /shared/login-client.pat
        resources:
          limits:
            cpu: 200m
            memory: 192Mi
        volumeMounts:
        - name: shared-data
          mountPath: /shared
      volumes:
      - name: shared-data
        emptyDir:
          medium: Memory
          sizeLimit: 128Mi
  traffic:
  - percent: 100
    latestRevision: true