studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

👷(helm) preprod configuration

Browse Source 
This PR adds the preprod configuration
for the helm chart.
This commit is contained in:
Jacques ROUSSEL
2024-05-24 12:29:22 +02:00
committed by Anthony LC
parent 06af320d61
commit 72bb079f10
6 changed files with 297 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/helm/env.d/preprod/secrets.enc.yaml Normal file
View File

@@ -0,0 +1,62 @@
djangoSuperUserEmail: ENC[AES256_GCM,data:H1jUBjaAYNQyKTx+zB2PQkhQmTTbEcI3eKlc1hM=,iv:NybOri6oWGyPGOkLqumTuWOjWxd3EbgyfEntO1fj48Q=,tag:WbV3r01/D/vgp7oZ2iEauw==,type:str]
djangoSuperUserPass: ENC[AES256_GCM,data:xphbGcEf7V8LUvAkOg==,iv:3lUDI21WUoDmTSKN4X/i39XQPTiL2SRfpeDYVzgEtCY=,tag:2F8Llk4DNVdN+VlbmYxtaQ==,type:str]
djangoSecretKey: ENC[AES256_GCM,data:otw8d6DxHmCYI7NDjG2/8LuHw7opYxA/a2YJRFbRI4q6k5rEm3OZQXhY+a65CjXsLmk=,iv:0LTA6FDXIhOquOhFl3ccf1jB3MM6SMpJZjPc10IH1JY=,tag:s+qHB6EVy8u6LN5joVncFQ==,type:str]
oidc:
clientId: ENC[AES256_GCM,data:8bKg0t3yX7c+yQLxwsS7MdOBjBISQOg7YJqJA45O+BPaq0cN,iv:mIc64r5yG6tZqs8KALtje1OePaHrw0NIrI6wUyxgiho=,tag:xSiJaaZjXrPrpFTrd4fDHQ==,type:str]
clientSecret: ENC[AES256_GCM,data:PyfBgnuhbOzHH9vXoEcofipo+LkSJD/NVv0tNqyn9krWGCmkcIpKoE5PwN0psabJr7OMM8wgdIq7dQOwbo7qlQ==,iv:DJygUtIoMTa/X53pd6J//3eZbeBLCI8cmovjhXyqhew=,tag:O2Cs6Ro6SGkBvJkJArWr8A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTK3JVSUowZUhRemtlbWly
Z3ZEZ203eHNPTTV2dFdnSktiQ0dMcG9ib3pJCkpTSTlIWnFwNFpWRXQ4QldSSlRY
dFJGdEUxTFZ3QUNpQkJXSWpjNHA4MU0KLS0tIFdtSkpoN0h0TEFQWXJlcDgwcVln
dEtiQTh6ZlMvTTZQOUpIaFR3TFJCQk0KaO3OyygbuCWIuFNy8qE5KyePaSYgzdV9
2tOss1evqVR9weI7eH9Ir3bqIyLIPPdKAz1iyEVusI1Ah3SBv5CgEA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Q2x0WjltaE51ckpTaTQv
WDVjVHhKbWFDdys0Ynp3ckdFN05NYzNmU2dzCjBMRXE5YnBpemJGcmlsUHRJQ011
eWl3TGlOaWFQOE9ZOG53UFJHc1pMTncKLS0tIDJIZWdZOE5wTTc2Unl3dEc5WGJv
ejFxeWVVT1NBYWdQYXViL2V1L2l5ZTgK80dqSiXOlokM+aZ429qbsgzrfOxVd3/y
XHSyBN9kTQxR7Dc62B6ynsVbpVXNtrIZ665hoZenG3JGHvbQ55b6HA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyLzlNdkFlWWEwamEybUVC
amlVZm9mL09haktlWkg1UXNLODA5VUtuTUFrCjlGN3JOVnlyTmppQm1ud2k2QStN
T2NJSCszdTJXb1FsclVOdTh2QUJOU00KLS0tIDBVaEcycXhuWlNtYXVLSithaUZp
V052NFpsNGoxZlRra2R5TzVIQ3JKYjAKMzf80YaXkzsl1FtS2w9KDXk/vNO3fP6L
YvJDA2hXap1FyKRFV9cM4NsuxY9ELlsfhduxhH3a11YH95ZTkhs9aQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSkZPd3lYZXgxYityVDE3
ZDFmQU5lTTFYMDRJYnRNZFVqdDkvTmJ2Z2xFCmR5SGRzd3FqckZKYTR6QjZUY1dI
MTdWWXY1bUlpLytWQVVZdDY1dmRiK2MKLS0tIFFaQXY3K3dMTWo4RnF6VjEvRUd5
UjhkaXpVMm40ZmFBSTYxWUp1ZnBrdFkKhHW1f9liTP4j3wsejMqHCFujbUquhuFY
eADVM66fkjyjQMmzFtneBCJMJ0e+LHoMUMVDO2a3SaZYTaRj/ZRvLg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYalhTWlhocklJN3N0eFBC
c1FjemZlK3cyMWxrbnpEWnp2Nlczalo4RWxVCmtvU0NKdnU3Tk5JdTJIUUhuc0dB
UlBrOWtCMlM3SW1PdEVlM0ludXpicTgKLS0tIGVWVHdXNWdOSENGZmFvNk50bENV
QnlsM3BKYTRFMDJqa1kxL1VtMHlsT0kKiJCMZLjdnIkLZxaZ3ecCxNsirnHApgi1
jgJZWXFCgjAVpuaqDfH2taElVR9Bm9ATjKjQPlvYZhguHdy0iJh++A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-24T12:41:08Z"
mac: ENC[AES256_GCM,data:QYNpy3qpYJgcLShlr0nCGG6XJz8BTkIvSvuGbh2mxO/W+0SlTbsi3hwqpXW0zoiPMy/43BBqa9Vs0y+l+kYLE1A8rRuv1+EljvzDZfvPfwZ+L/mdNNiRExtqbjmaTShKJqqklz8s2k4OvEA6ZI6QCiB7RIb/r6zl91/Yc7BC9Pc=,iv:1jOy/rnFA/Lf2QG7RDXiPbdwT04JdOiB7vHBAFBVGm0=,tag:/5U1/DJA10+4jzdecQKiNQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

140
src/helm/env.d/preprod/values.impress.yaml.gotmpl Normal file
View File

@@ -0,0 +1,140 @@
image:
repository: lasuite/impress-backend
pullPolicy: Always
tag: "v0.1.0"
backend:
migrateJobAnnotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook-delete-policy: HookSucceeded
envVars:
DJANGO_CSRF_TRUSTED_ORIGINS: http://impress-preprod.beta.numerique.gouv.fr,https://impress-preprod.beta.numerique.gouv.fr
DJANGO_CONFIGURATION: Production
DJANGO_ALLOWED_HOSTS: "*"
DJANGO_SUPERUSER_EMAIL:
secretKeyRef:
name: backend
key: DJANGO_SUPERUSER_EMAIL
DJANGO_SECRET_KEY:
secretKeyRef:
name: backend
key: DJANGO_SECRET_KEY
DJANGO_SETTINGS_MODULE: impress.settings
DJANGO_SUPERUSER_PASSWORD:
secretKeyRef:
name: backend
key: DJANGO_SUPERUSER_PASSWORD
DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr"
DJANGO_EMAIL_PORT: 465
DJANGO_EMAIL_USE_SSL: True
DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks
OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize
OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token
OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo
OIDC_OP_LOGOUT_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/session/end
OIDC_RP_CLIENT_ID:
secretKeyRef:
name: backend
key: OIDC_RP_CLIENT_ID
OIDC_RP_CLIENT_SECRET:
secretKeyRef:
name: backend
key: OIDC_RP_CLIENT_SECRET
OIDC_RP_SIGN_ALGO: RS256
OIDC_RP_SCOPES: "openid email"
OIDC_REDIRECT_ALLOWED_HOSTS: https://impress-preprod.beta.numerique.gouv.fr
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
LOGIN_REDIRECT_URL: https://impress-preprod.beta.numerique.gouv.fr
LOGIN_REDIRECT_URL_FAILURE: https://impress-preprod.beta.numerique.gouv.fr
LOGOUT_REDIRECT_URL: https://impress-preprod.beta.numerique.gouv.fr
DB_HOST:
secretKeyRef:
name: postgresql.postgres.libre.sh
key: host
DB_NAME:
secretKeyRef:
name: postgresql.postgres.libre.sh
key: database
DB_USER:
secretKeyRef:
name: postgresql.postgres.libre.sh
key: username
DB_PASSWORD:
secretKeyRef:
name: postgresql.postgres.libre.sh
key: password
DB_PORT:
secretKeyRef:
name: postgresql.postgres.libre.sh
key: port
POSTGRES_USER:
secretKeyRef:
name: postgresql.postgres.libre.sh
key: username
POSTGRES_DB:
secretKeyRef:
name: postgresql.postgres.libre.sh
key: database
POSTGRES_PASSWORD:
secretKeyRef:
name: postgresql.postgres.libre.sh
key: password
REDIS_URL:
secretKeyRef:
name: redis.redis.libre.sh
key: url
AWS_S3_ENDPOINT_URL:
secretKeyRef:
name: impress-media-storage.bucket.libre.sh
key: url
AWS_S3_ACCESS_KEY_ID:
secretKeyRef:
name: impress-media-storage.bucket.libre.sh
key: accessKey
AWS_S3_SECRET_ACCESS_KEY:
secretKeyRef:
name: impress-media-storage.bucket.libre.sh
key: secretKey
AWS_STORAGE_BUCKET_NAME:
secretKeyRef:
name: impress-media-storage.bucket.libre.sh
key: bucket
AWS_S3_REGION_NAME: local
STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
createsuperuser:
command:
- "/bin/sh"
- "-c"
- |
python manage.py createsuperuser --email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
restartPolicy: Never
frontend:
image:
repository: lasuite/impress-frontend
pullPolicy: Always
tag: "v0.1.0"
webrtc:
image:
repository: lasuite/impress-y-webrtc-signaling
pullPolicy: Always
tag: "v0.1.0"
ingress:
enabled: true
host: impress-preprod.beta.numerique.gouv.fr
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
ingressAdmin:
enabled: true
host: impress-preprod.beta.numerique.gouv.fr
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start
nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth