From eab2a75bff449a60db4821067444808498bcd264 Mon Sep 17 00:00:00 2001 From: Manuel Raynaud Date: Wed, 10 Sep 2025 13:43:30 +0200 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F(tilt)=20use=20hem=20dev-back?= =?UTF-8?q?end=20chart=20(#1340)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove usage of bitnami charts and use our own dev-backend charts instead. --- CHANGELOG.md | 1 + bin/Tiltfile | 5 +- src/helm/env.d/dev/values.impress.yaml.gotmpl | 80 ++++++----- src/helm/helmfile.yaml | 134 ++++++++---------- 4 files changed, 108 insertions(+), 112 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d5e11983..d6d4c544 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ and this project adheres to - ♿(frontend) improve accessibility: - ♿(frontend) fix major accessibility issues reported by wave and axe #1344 - #1341 +- ♻️(tilt) use helm dev-backend chart ## [3.6.0] - 2025-09-04 diff --git a/bin/Tiltfile b/bin/Tiltfile index 5b3e72a7..4ddc284b 100644 --- a/bin/Tiltfile +++ b/bin/Tiltfile @@ -39,9 +39,10 @@ docker_build( ] ) -k8s_resource('impress-docs-backend-migrate', resource_deps=['postgres-postgresql']) +k8s_resource('impress-docs-backend-migrate', resource_deps=['dev-backend-postgres']) k8s_resource('impress-docs-backend-createsuperuser', resource_deps=['impress-docs-backend-migrate']) -k8s_resource('impress-docs-backend', resource_deps=['impress-docs-backend-migrate']) +k8s_resource('dev-backend-keycloak', resource_deps=['dev-backend-keycloak-pg']) +k8s_resource('impress-docs-backend', resource_deps=['impress-docs-backend-migrate', 'dev-backend-redis', 'dev-backend-keycloak', 'dev-backend-postgres', 'dev-backend-minio:statefulset']) k8s_yaml(local('cd ../src/helm && helmfile -n impress -e dev template .')) migration = ''' diff --git a/src/helm/env.d/dev/values.impress.yaml.gotmpl b/src/helm/env.d/dev/values.impress.yaml.gotmpl index e68b24d8..9015258f 100644 --- a/src/helm/env.d/dev/values.impress.yaml.gotmpl +++ b/src/helm/env.d/dev/values.impress.yaml.gotmpl @@ -16,16 +16,16 @@ backend: replicas: 1 envVars: COLLABORATION_SERVER_SECRET: my-secret - DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io + DJANGO_CSRF_TRUSTED_ORIGINS: https://docs.127.0.0.1.nip.io DJANGO_CONFIGURATION: Feature - DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io + DJANGO_ALLOWED_HOSTS: docs.127.0.0.1.nip.io DJANGO_SERVER_TO_SERVER_API_TOKENS: secret-api-key DJANGO_SECRET_KEY: *djangoSecretKey DJANGO_SETTINGS_MODULE: impress.settings DJANGO_SUPERUSER_PASSWORD: admin DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique" DJANGO_EMAIL_HOST: "mailcatcher" - DJANGO_EMAIL_LOGO_IMG: https://impress.127.0.0.1.nip.io/assets/logo-suite-numerique.png + DJANGO_EMAIL_LOGO_IMG: https://docs.127.0.0.1.nip.io/assets/logo-suite-numerique.png DJANGO_EMAIL_PORT: 1025 DJANGO_EMAIL_USE_SSL: False LOGGING_LEVEL_HANDLERS_CONSOLE: ERROR @@ -33,29 +33,38 @@ backend: LOGGING_LEVEL_LOGGERS_APP: INFO OIDC_USERINFO_SHORTNAME_FIELD: "given_name" OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name" - OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/certs - OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/auth - OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/token - OIDC_OP_USER_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/userinfo - OIDC_OP_LOGOUT_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/logout - OIDC_RP_CLIENT_ID: impress + OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/certs + OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/auth + OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/token + OIDC_OP_USER_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/userinfo + OIDC_OP_LOGOUT_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/logout + OIDC_RP_CLIENT_ID: docs OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly OIDC_RP_SIGN_ALGO: RS256 OIDC_RP_SCOPES: "openid email" - LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io - LOGIN_REDIRECT_URL_FAILURE: https://impress.127.0.0.1.nip.io - LOGOUT_REDIRECT_URL: https://impress.127.0.0.1.nip.io - DB_HOST: postgres-postgresql - DB_NAME: impress - DB_USER: dinum - DB_PASSWORD: pass + LOGIN_REDIRECT_URL: https://docs.127.0.0.1.nip.io + LOGIN_REDIRECT_URL_FAILURE: https://docs.127.0.0.1.nip.io + LOGOUT_REDIRECT_URL: https://docs.127.0.0.1.nip.io + DB_HOST: dev-backend-postgres + DB_NAME: + secretKeyRef: + name: dev-backend-postgres + key: database + DB_USER: + secretKeyRef: + name: dev-backend-postgres + key: username + DB_PASSWORD: + secretKeyRef: + name: dev-backend-postgres + key: password DB_PORT: 5432 - REDIS_URL: redis://default:pass@redis-master:6379/1 - DJANGO_CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1 - AWS_S3_ENDPOINT_URL: http://minio.impress.svc.cluster.local:9000 - AWS_S3_ACCESS_KEY_ID: root + REDIS_URL: redis://user:pass@dev-backend-redis:6379/1 + DJANGO_CELERY_BROKER_URL: redis://user:pass@dev-backend-redis:6379/1 + AWS_S3_ENDPOINT_URL: http://dev-backend-minio.impress.svc.cluster.local:9000 + AWS_S3_ACCESS_KEY_ID: dinum AWS_S3_SECRET_ACCESS_KEY: password - AWS_STORAGE_BUCKET_NAME: impress-media-storage + AWS_STORAGE_BUCKET_NAME: docs-media-storage STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage Y_PROVIDER_API_BASE_URL: http://impress-y-provider:443/api/ Y_PROVIDER_API_KEY: my-secret @@ -73,8 +82,7 @@ backend: echo "Database is ready" - python manage.py migrate --no-input && - python manage.py create_demo --force + python manage.py migrate --no-input restartPolicy: Never command: @@ -120,7 +128,7 @@ backend: frontend: envVars: PORT: 8080 - NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io + NEXT_PUBLIC_API_ORIGIN: https://docs.127.0.0.1.nip.io replicas: 1 command: @@ -141,27 +149,29 @@ yProvider: tag: "latest" envVars: - COLLABORATION_BACKEND_BASE_URL: https://impress.127.0.0.1.nip.io + COLLABORATION_BACKEND_BASE_URL: https://docs.127.0.0.1.nip.io COLLABORATION_LOGGING: true - COLLABORATION_SERVER_ORIGIN: https://impress.127.0.0.1.nip.io + COLLABORATION_SERVER_ORIGIN: https://docs.127.0.0.1.nip.io COLLABORATION_SERVER_SECRET: my-secret Y_PROVIDER_API_KEY: my-secret ingress: enabled: true - host: impress.127.0.0.1.nip.io + host: docs.127.0.0.1.nip.io + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 10m ingressCollaborationWS: enabled: true - host: impress.127.0.0.1.nip.io + host: docs.127.0.0.1.nip.io ingressCollaborationApi: enabled: true - host: impress.127.0.0.1.nip.io + host: docs.127.0.0.1.nip.io ingressAdmin: enabled: true - host: impress.127.0.0.1.nip.io + host: docs.127.0.0.1.nip.io posthog: ingress: @@ -172,14 +182,14 @@ posthog: ingressMedia: enabled: true - host: impress.127.0.0.1.nip.io + host: docs.127.0.0.1.nip.io annotations: - nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/media-auth/ + nginx.ingress.kubernetes.io/auth-url: https://docs.127.0.0.1.nip.io/api/v1.0/documents/media-auth/ nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256" - nginx.ingress.kubernetes.io/upstream-vhost: minio.impress.svc.cluster.local:9000 - nginx.ingress.kubernetes.io/rewrite-target: /impress-media-storage/$1 + nginx.ingress.kubernetes.io/upstream-vhost: dev-backend-minio.impress.svc.cluster.local:9000 + nginx.ingress.kubernetes.io/rewrite-target: /docs-media-storage/$1 serviceMedia: - host: minio.impress.svc.cluster.local + host: dev-backend-minio.impress.svc.cluster.local port: 9000 diff --git a/src/helm/helmfile.yaml b/src/helm/helmfile.yaml index 24bd1cc5..ca221de6 100644 --- a/src/helm/helmfile.yaml +++ b/src/helm/helmfile.yaml @@ -4,91 +4,75 @@ environments: - version: 3.6.0 --- repositories: -- name: bitnami - url: registry-1.docker.io/bitnamicharts - oci: true +- name: dev-backends + url: https://suitenumerique.github.io/helm-dev-backend --- releases: - - name: keycloak - installed: {{ eq .Environment.Name "dev" | toYaml }} - missingFileHandler: Warn + - name: dev-backend namespace: {{ .Namespace }} - chart: bitnami/keycloak - version: 17.3.6 + chart: dev-backends/dev-backend + version: 0.0.2 values: - - postgresql: - auth: - username: keycloak - password: keycloak - database: keycloak - - extraEnvVars: - - name: KEYCLOAK_EXTRA_ARGS - value: "--import-realm" - - name: KC_HOSTNAME_URL - value: https://docs-keycloak.127.0.0.1.nip.io - - extraVolumes: - - name: import - configMap: - name: docs-keycloak - - extraVolumeMounts: - - name: import - mountPath: /opt/bitnami/keycloak/data/import/ - - auth: - adminUser: su - adminPassword: su - - proxy: edge - - ingress: + - postgres: enabled: true - hostname: docs-keycloak.127.0.0.1.nip.io - - extraDeploy: - - apiVersion: v1 - kind: ConfigMap - metadata: - name: docs-keycloak - namespace: {{ .Namespace }} - data: - impress.json: | -{{ readFile "../../docker/auth/realm.json" | replace "http://localhost:3200" "https://impress.127.0.0.1.nip.io" | indent 14 }} - - - name: postgres - installed: {{ eq .Environment.Name "dev" | toYaml }} - namespace: {{ .Namespace }} - chart: bitnami/postgresql - version: 13.1.5 - values: - - auth: + name: postgres + #serviceNameOverride: postgres + image: postgres:16-alpine username: dinum password: pass - database: impress - - tls: + database: docs + size: 1Gi + - redis: enabled: true - autoGenerated: true - - - name: minio - installed: {{ eq .Environment.Name "dev" | toYaml }} - namespace: {{ .Namespace }} - chart: bitnami/minio - version: 12.10.10 - values: - - auth: - rootUser: root - rootPassword: password - - provisioning: - enabled: true - buckets: - - name: impress-media-storage - versioning: true - - - name: redis - installed: {{ eq .Environment.Name "dev" | toYaml }} - namespace: {{ .Namespace }} - chart: bitnami/redis - version: 20.6.2 - values: - - auth: + name: redis + image: redis:8.2-alpine + username: user password: pass - architecture: standalone + - minio: + enabled: true + image: minio/minio + name: minio + ingress: + enabled: true + hostname: docs-minio.127.0.0.1.nip.io + tls: + enabled: true + secretName: docs-tls + consoleIngress: + enabled: true + hostname: docs-minio-console.127.0.0.1.nip.io + tls: + enabled: true + secretName: docs-tls + username: dinum + password: password + bucket: docs-media-storage + versioning: true + size: 1Gi + - keycloak: + enabled: true + image: quay.io/keycloak/keycloak:20.0.1 + name: keycloak + #serviceNameOverride: keycloak + hostname: docs-keycloak.127.0.0.1.nip.io + username: admin + password: pass + tls: + enabled: true + secretName: docs-tls + db: + username: dinum + password: pass + database: keycloak + size: 1Gi + image: postgres:16-alpine + realm: + name: docs + username: docs + password: docs + email: docs@example.com + - name: impress version: {{ .Values.version }}