Updating nginx configruation

Author: LukasCuperDT

kubernetes/helm_charts/upstream/zitadel/Chart.yaml

@@ -5,5 +5,5 @@ type: application
 version: 0.1.0
 dependencies:
   - name: zitadel
-    version: "9.4.0"
+    version: "9.4.1"
     repository: "https://charts.zitadel.com"

kubernetes/helm_charts/upstream/zitadel/values-preprod.yaml

@@ -9,6 +9,7 @@ zitadel:
     # See all defaults here:
     # https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
     configmapConfig:
+      # The configmapConfig should be minimal as the main config comes from the secret
       Machine:
         Identification:
           Hostname:
@@ -19,7 +20,7 @@ zitadel:
     # The ZITADEL config under secretConfig is written to a Kubernetes Secret
     # See all defaults here:
     # https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
-    secretConfig:
+    # secretConfig:
 
     # Annotations set on secretConfig secret
     secretConfigAnnotations:
@@ -138,8 +139,8 @@ zitadel:
 
   imagePullSecrets:
     - name: regcred
-  nameOverride: ""
-  fullnameOverride: ""
+  # nameOverride: ""
+  # fullnameOverride: ""
 
   # Annotations to add to the deployment
   annotations: {}
@@ -211,16 +212,15 @@ zitadel:
     annotations:
       kubernetes.io/ingress.class: "nginx"
       cert-manager.io/cluster-issuer: "letsencrypt-prod"
-      nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
-      nginx.ingress.kubernetes.io/proxy-body-size: "64m"
-      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
-      nginx.ingress.kubernetes.io/ssl-redirect: "true"
-      nginx.ingress.kubernetes.io/enable-cors: "true"
-      nginx.ingress.kubernetes.io/cors-allow-origin: "*"
-      nginx.ingress.kubernetes.io/cors-allow-methods: "GET, PUT, POST, DELETE, PATCH, OPTIONS"
-      nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization"
-      nginx.ingress.kubernetes.io/cors-max-age: "86400"
+      nginx.ingress.kubernetes.io/modsecurity-snippet: |
+          SecRuleRemoveById 949110
+      nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+      nginx.ingress.kubernetes.io/configuration-snippet: |
+          grpc_set_header Host $host;
+          more_clear_input_headers "Host" "X-Forwarded-Host";
+          proxy_set_header Host $http_host;
+          proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
+      nginx.ingress.kubernetes.io/server-snippet: "grpc_buffer_size 8k;"
     hosts:
       - host: zitadel.eco-preprod.tsi-dev.otc-service.com
         paths:
@@ -277,11 +277,10 @@ zitadel:
     additionalArgs:
       - "--init-projections=true"
       - "--tlsMode=external"
-      - "--force=true"
     machinekeyWriter:
       image:
-        repository: bitnami/kubectl
-        tag: ""
+        repository: alpine/k8s
+        tag: "1.31.4"
       resources: {}
 
   readinessProbe: