♻️(tilt) use hem dev-backend chart (#1340)

Remove usage of bitnami charts and use our own dev-backend charts instead.
2025-09-10 13:43:30 +02:00
parent cd84751cb9
commit eab2a75bff
4 changed files with 108 additions and 112 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,6 +23,7 @@ and this project adheres to
 - ♿(frontend) improve accessibility:
  - ♿(frontend) fix major accessibility issues reported by wave and axe #1344
  - #1341
+- ♻️(tilt) use helm dev-backend chart

 ## [3.6.0] - 2025-09-04

--- a/bin/Tiltfile
+++ b/bin/Tiltfile
@@ -39,9 +39,10 @@ docker_build(
    ]
 )

-k8s_resource('impress-docs-backend-migrate', resource_deps=['postgres-postgresql'])
+k8s_resource('impress-docs-backend-migrate', resource_deps=['dev-backend-postgres'])
 k8s_resource('impress-docs-backend-createsuperuser', resource_deps=['impress-docs-backend-migrate'])
-k8s_resource('impress-docs-backend', resource_deps=['impress-docs-backend-migrate'])
+k8s_resource('dev-backend-keycloak', resource_deps=['dev-backend-keycloak-pg'])
+k8s_resource('impress-docs-backend', resource_deps=['impress-docs-backend-migrate', 'dev-backend-redis', 'dev-backend-keycloak', 'dev-backend-postgres', 'dev-backend-minio:statefulset'])
 k8s_yaml(local('cd ../src/helm && helmfile -n impress -e dev template .'))

 migration = '''
--- a/src/helm/env.d/dev/values.impress.yaml.gotmpl
+++ b/src/helm/env.d/dev/values.impress.yaml.gotmpl
@@ -16,16 +16,16 @@ backend:
  replicas: 1
  envVars:
    COLLABORATION_SERVER_SECRET: my-secret
-    DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io
+    DJANGO_CSRF_TRUSTED_ORIGINS: https://docs.127.0.0.1.nip.io
    DJANGO_CONFIGURATION: Feature
-    DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io
+    DJANGO_ALLOWED_HOSTS: docs.127.0.0.1.nip.io
    DJANGO_SERVER_TO_SERVER_API_TOKENS: secret-api-key
    DJANGO_SECRET_KEY: *djangoSecretKey
    DJANGO_SETTINGS_MODULE: impress.settings
    DJANGO_SUPERUSER_PASSWORD: admin
    DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
    DJANGO_EMAIL_HOST: "mailcatcher"
-    DJANGO_EMAIL_LOGO_IMG: https://impress.127.0.0.1.nip.io/assets/logo-suite-numerique.png
+    DJANGO_EMAIL_LOGO_IMG: https://docs.127.0.0.1.nip.io/assets/logo-suite-numerique.png
    DJANGO_EMAIL_PORT: 1025
    DJANGO_EMAIL_USE_SSL: False
    LOGGING_LEVEL_HANDLERS_CONSOLE: ERROR
@@ -33,29 +33,38 @@ backend:
    LOGGING_LEVEL_LOGGERS_APP: INFO
    OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
    OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name"
-    OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/certs
-    OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/auth
-    OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/token
-    OIDC_OP_USER_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/userinfo
-    OIDC_OP_LOGOUT_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/logout
-    OIDC_RP_CLIENT_ID: impress
+    OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/certs
+    OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/auth
+    OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/token
+    OIDC_OP_USER_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/userinfo
+    OIDC_OP_LOGOUT_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/logout
+    OIDC_RP_CLIENT_ID: docs
    OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email"
-    LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io
-    LOGIN_REDIRECT_URL_FAILURE: https://impress.127.0.0.1.nip.io
-    LOGOUT_REDIRECT_URL: https://impress.127.0.0.1.nip.io
-    DB_HOST: postgres-postgresql
-    DB_NAME: impress
-    DB_USER: dinum
-    DB_PASSWORD: pass
+    LOGIN_REDIRECT_URL: https://docs.127.0.0.1.nip.io
+    LOGIN_REDIRECT_URL_FAILURE: https://docs.127.0.0.1.nip.io
+    LOGOUT_REDIRECT_URL: https://docs.127.0.0.1.nip.io
+    DB_HOST: dev-backend-postgres
+    DB_NAME:
+      secretKeyRef:
+        name: dev-backend-postgres
+        key: database
+    DB_USER:
+      secretKeyRef:
+        name: dev-backend-postgres
+        key: username
+    DB_PASSWORD:
+      secretKeyRef:
+        name: dev-backend-postgres
+        key: password
    DB_PORT: 5432
-    REDIS_URL: redis://default:pass@redis-master:6379/1
-    DJANGO_CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1
-    AWS_S3_ENDPOINT_URL: http://minio.impress.svc.cluster.local:9000
-    AWS_S3_ACCESS_KEY_ID: root
+    REDIS_URL: redis://user:pass@dev-backend-redis:6379/1
+    DJANGO_CELERY_BROKER_URL: redis://user:pass@dev-backend-redis:6379/1
+    AWS_S3_ENDPOINT_URL: http://dev-backend-minio.impress.svc.cluster.local:9000
+    AWS_S3_ACCESS_KEY_ID: dinum
    AWS_S3_SECRET_ACCESS_KEY: password
-    AWS_STORAGE_BUCKET_NAME: impress-media-storage
+    AWS_STORAGE_BUCKET_NAME: docs-media-storage
    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
    Y_PROVIDER_API_BASE_URL: http://impress-y-provider:443/api/
    Y_PROVIDER_API_KEY: my-secret
@@ -73,8 +82,7 @@ backend:

        echo "Database is ready"

-        python manage.py migrate --no-input &&
-        python manage.py create_demo --force
+        python manage.py migrate --no-input
    restartPolicy: Never

  command:
@@ -120,7 +128,7 @@ backend:
 frontend:
  envVars:
    PORT: 8080
-    NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io
+    NEXT_PUBLIC_API_ORIGIN: https://docs.127.0.0.1.nip.io

  replicas: 1
  command:
@@ -141,27 +149,29 @@ yProvider:
    tag: "latest"

  envVars:
-    COLLABORATION_BACKEND_BASE_URL: https://impress.127.0.0.1.nip.io
+    COLLABORATION_BACKEND_BASE_URL: https://docs.127.0.0.1.nip.io
    COLLABORATION_LOGGING: true
-    COLLABORATION_SERVER_ORIGIN: https://impress.127.0.0.1.nip.io
+    COLLABORATION_SERVER_ORIGIN: https://docs.127.0.0.1.nip.io
    COLLABORATION_SERVER_SECRET: my-secret
    Y_PROVIDER_API_KEY: my-secret

 ingress:
  enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: docs.127.0.0.1.nip.io
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: 10m

 ingressCollaborationWS:
  enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: docs.127.0.0.1.nip.io

 ingressCollaborationApi:
  enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: docs.127.0.0.1.nip.io

 ingressAdmin:
  enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: docs.127.0.0.1.nip.io

 posthog:
  ingress:
@@ -172,14 +182,14 @@ posthog:

 ingressMedia:
  enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: docs.127.0.0.1.nip.io

  annotations:
-    nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/media-auth/
+    nginx.ingress.kubernetes.io/auth-url: https://docs.127.0.0.1.nip.io/api/v1.0/documents/media-auth/
    nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
-    nginx.ingress.kubernetes.io/upstream-vhost: minio.impress.svc.cluster.local:9000
-    nginx.ingress.kubernetes.io/rewrite-target: /impress-media-storage/$1
+    nginx.ingress.kubernetes.io/upstream-vhost: dev-backend-minio.impress.svc.cluster.local:9000
+    nginx.ingress.kubernetes.io/rewrite-target: /docs-media-storage/$1

 serviceMedia:
-  host: minio.impress.svc.cluster.local
+  host: dev-backend-minio.impress.svc.cluster.local
  port: 9000
--- a/src/helm/helmfile.yaml
+++ b/src/helm/helmfile.yaml
@@ -4,91 +4,75 @@ environments:
      - version: 3.6.0
 ---
 repositories:
- name: bitnami
-  url: registry-1.docker.io/bitnamicharts
-  oci: true
+- name: dev-backends
+  url: https://suitenumerique.github.io/helm-dev-backend
 ---

 releases:
-  - name: keycloak
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
-    missingFileHandler: Warn
+  - name: dev-backend
    namespace: {{ .Namespace }}
-    chart: bitnami/keycloak
-    version: 17.3.6
+    chart: dev-backends/dev-backend
+    version: 0.0.2
    values:
-      - postgresql:
-          auth:
-            username: keycloak
-            password: keycloak
-            database: keycloak
-      - extraEnvVars:
-          - name: KEYCLOAK_EXTRA_ARGS
-            value: "--import-realm"
-          - name: KC_HOSTNAME_URL
-            value: https://docs-keycloak.127.0.0.1.nip.io
-      - extraVolumes:
-          - name: import
-            configMap:
-              name: docs-keycloak
-      - extraVolumeMounts:
-          - name: import
-            mountPath: /opt/bitnami/keycloak/data/import/
-      - auth:
-          adminUser: su
-          adminPassword: su
-      - proxy: edge
-      - ingress:
+      - postgres:
          enabled: true
-          hostname: docs-keycloak.127.0.0.1.nip.io
-      - extraDeploy:
-        - apiVersion: v1
-          kind: ConfigMap
-          metadata:
-            name: docs-keycloak
-            namespace: {{ .Namespace }}
-          data:
-            impress.json: |
-{{ readFile "../../docker/auth/realm.json" | replace "http://localhost:3200" "https://impress.127.0.0.1.nip.io" | indent 14 }}
-
-  - name: postgres
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
-    namespace: {{ .Namespace }}
-    chart: bitnami/postgresql
-    version: 13.1.5
-    values:
-      - auth:
+          name: postgres
+          #serviceNameOverride: postgres
+          image: postgres:16-alpine
          username: dinum
          password: pass
-          database: impress
-      - tls:
+          database: docs
+          size: 1Gi
+      - redis:
          enabled: true
-          autoGenerated: true
-
-  - name: minio
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
-    namespace: {{ .Namespace }}
-    chart: bitnami/minio
-    version: 12.10.10
-    values: 
-      - auth:
-          rootUser: root
-          rootPassword: password
-      - provisioning:
-          enabled: true
-          buckets:
-            - name: impress-media-storage
-              versioning: true
-
-  - name: redis
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
-    namespace: {{ .Namespace }}
-    chart: bitnami/redis
-    version: 20.6.2
-    values:
-      - auth:
+          name: redis
+          image: redis:8.2-alpine
+          username: user
          password: pass
-        architecture: standalone
+      - minio:
+          enabled: true
+          image: minio/minio
+          name: minio
+          ingress:
+            enabled: true
+            hostname: docs-minio.127.0.0.1.nip.io
+            tls:
+              enabled: true
+              secretName: docs-tls
+          consoleIngress:
+            enabled: true
+            hostname: docs-minio-console.127.0.0.1.nip.io
+            tls:
+              enabled: true
+              secretName: docs-tls
+          username: dinum
+          password: password
+          bucket: docs-media-storage
+          versioning: true
+          size: 1Gi
+      - keycloak:
+          enabled: true
+          image: quay.io/keycloak/keycloak:20.0.1
+          name: keycloak
+          #serviceNameOverride: keycloak
+          hostname: docs-keycloak.127.0.0.1.nip.io
+          username: admin
+          password: pass
+          tls:
+            enabled: true
+            secretName: docs-tls
+          db:
+            username: dinum
+            password: pass
+            database: keycloak
+            size: 1Gi
+            image: postgres:16-alpine
+          realm: 
+            name: docs
+            username: docs
+            password: docs
+            email: docs@example.com
+

  - name: impress
    version: {{ .Values.version }}