meet/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl

image:
  repository: localhost:5001/meet-backend
  pullPolicy: Always
  tag: "latest"

backend:
  replicas: 1
  envVars:
    DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.127.0.0.1.nip.io,http://meet.127.0.0.1.nip.io
    DJANGO_CONFIGURATION: Production
    DJANGO_ALLOWED_HOSTS: meet.127.0.0.1.nip.io
    DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
    DJANGO_SETTINGS_MODULE: meet.settings
    DJANGO_SILENCED_SYSTEM_CHECKS: security.W004, security.W008
    DJANGO_SUPERUSER_PASSWORD: admin
    DJANGO_EMAIL_HOST: "mailcatcher"
    DJANGO_EMAIL_PORT: 1025
    DJANGO_EMAIL_USE_SSL: False
    DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
    DJANGO_EMAIL_SUPPORT_EMAIL: "test@yopmail.com"
    DJANGO_EMAIL_LOGO_IMG: https://meet.127.0.0.1.nip.io/assets/logo-suite-numerique.png
    DJANGO_EMAIL_DOMAIN: meet.127.0.0.1.nip.io
    DJANGO_EMAIL_APP_BASE_URL: https://meet.127.0.0.1.nip.io
    OIDC_OP_JWKS_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/meet/protocol/openid-connect/certs
    OIDC_OP_AUTHORIZATION_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/meet/protocol/openid-connect/auth
    OIDC_OP_TOKEN_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/meet/protocol/openid-connect/token
    OIDC_OP_USER_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/meet/protocol/openid-connect/userinfo
    OIDC_OP_LOGOUT_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/meet/protocol/openid-connect/logout
    OIDC_RP_CLIENT_ID: meet
    OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email"
    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
    LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io
    LOGIN_REDIRECT_URL_FAILURE: https://meet.127.0.0.1.nip.io
    LOGOUT_REDIRECT_URL: https://meet.127.0.0.1.nip.io
    DB_HOST: postgres
    DB_NAME: meet
    DB_USER: dinum
    DB_PASSWORD: pass
    DB_PORT: 5432
    REDIS_URL: redis://default:pass@redis-master:6379/1
    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
    {{- with .Values.livekit.keys }}
    {{- range $key, $value := . }}
    LIVEKIT_API_SECRET: {{ $value }}
    LIVEKIT_API_KEY: {{ $key }}
    {{- end }}
    {{- end }}
    LIVEKIT_API_URL: https://livekit.127.0.0.1.nip.io/
    LIVEKIT_FORCE_WSS_PROTOCOL: True
    LIVEKIT_ENABLE_FIREFOX_PROXY_WORKAROUND: True
    ALLOW_UNREGISTERED_ROOMS: False
    FRONTEND_SILENCE_LIVEKIT_DEBUG: False
    FRONTEND_SUPPORT: "{'id': '58ea6697-8eba-4492-bc59-ad6562585041', 'help_article_transcript': 'https://lasuite.crisp.help/fr/article/visio-transcript-1sjq43x', 'help_article_recording': 'https://lasuite.crisp.help/fr/article/visio-enregistrement-wgc8o0', 'help_article_more_tools': 'https://lasuite.crisp.help/fr/article/visio-tools-bvxj23'}"
    FRONTEND_TRANSCRIPT: "{'form_beta_users': 'https://grist.numerique.gouv.fr/o/docs/forms/3fFfvJoTBEQ6ZiMi8zsQwX/17'}"
    FRONTEND_FEEDBACK: "{'url': 'https://grist.numerique.gouv.fr/o/docs/cbMv4G7pLY3Z/USER-RESEARCH-or-LA-SUITE/f/26'}"
    FRONTEND_MANIFEST_LINK: "https://docs.numerique.gouv.fr/docs/1ef86abf-f7e0-46ce-b6c7-8be8b8af4c3d/"
    AWS_S3_ENDPOINT_URL: http://minio.meet.svc.cluster.local:9000
    AWS_S3_ACCESS_KEY_ID: meet
    AWS_S3_SECRET_ACCESS_KEY: password
    AWS_STORAGE_BUCKET_NAME: meet-media-storage
    AWS_S3_REGION_NAME: local
    RECORDING_ENABLE: True
    RECORDING_STORAGE_EVENT_ENABLE: True
    RECORDING_STORAGE_EVENT_TOKEN: password
    SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/
    SUMMARY_SERVICE_API_TOKEN: password
    SCREEN_RECORDING_BASE_URL: https://meet.127.0.0.1.nip.io/recordings
    ROOM_TELEPHONY_ENABLED: True
    ROOM_TELEPHONY_DEFAULT_COUNTRY: 'FR'
    ROOM_TELEPHONY_PHONE_NUMBER: '+33901020304'
    SSL_CERT_FILE: /usr/local/lib/python3.13/site-packages/certifi/cacert.pem
    ROOM_SUBTITLE_ENABLED: True


  migrate:
    command:
      - "/bin/sh"
      - "-c"
      - |
        python manage.py migrate --no-input
    restartPolicy: Never

  command:
    - "gunicorn"
    - "-c"
    - "/usr/local/etc/gunicorn/meet.py"
    - "meet.wsgi:application"
    - "--reload"

  createsuperuser:
    command:
      - "/bin/sh"
      - "-c"
      - |
        python manage.py createsuperuser --email admin@example.com --password admin
    restartPolicy: Never

  # Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false
  extraVolumeMounts:
    - name: certs
      mountPath: /usr/local/lib/python3.13/site-packages/certifi/cacert.pem
      subPath: cacert.pem

  # Extra volumes to manage our local custom CA and avoid to set ssl_verify: false
  extraVolumes:
    - name: certs
      configMap:
        name: certifi
        items:
        - key: cacert.pem
          path: cacert.pem

frontend:
  envVars:
    VITE_APP_TITLE: "LaSuite Meet"
    VITE_PORT: 8080
    VITE_HOST: 0.0.0.0
    VITE_API_BASE_URL: https://meet.127.0.0.1.nip.io/

  replicas: 1

  image:
    repository: localhost:5001/meet-frontend-generic
    pullPolicy: Always
    tag: "latest"

ingress:
  enabled: true
  host: meet.127.0.0.1.nip.io

ingressAdmin:
  enabled: true
  host: meet.127.0.0.1.nip.io

posthog:
  ingress:
    enabled: false
  
  ingressAssets:
    enabled: false

summary:
  replicas: 1
  envVars:
    APP_NAME: summary-microservice
    APP_API_TOKEN: password
    AWS_STORAGE_BUCKET_NAME: meet-media-storage
    AWS_S3_ENDPOINT_URL: minio.meet.svc.cluster.local:9000
    AWS_S3_ACCESS_KEY_ID: meet
    AWS_S3_SECRET_ACCESS_KEY: password
    AWS_S3_SECURE_ACCESS: False
    WHISPERX_API_KEY: your-secret-value
    WHISPERX_BASE_URL: https://configure-your-url.com
    WHISPERX_ASR_MODEL: large-v2
    LLM_BASE_URL: https://configure-your-url.com
    LLM_API_KEY: your-secret-value
    LLM_MODEL: meta-llama/Llama-3.1-8B-Instruct
    WEBHOOK_API_TOKEN: password
    WEBHOOK_URL: https://www.mock-impress.com/webhook/
    CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1
    CELERY_RESULT_BACKEND: redis://default:pass@redis-master:6379/1
    TASK_TRACKER_REDIS_URL: redis://default:pass@redis-master:6379/1
  
  image:
    repository: localhost:5001/meet-summary
    pullPolicy: Always
    tag: "latest"
  
  command:
    - "uvicorn"
    - "summary.main:app"
    - "--host"
    - "0.0.0.0"
    - "--port"
    - "8000"
    - "--reload"

celery:
  replicas: 1
  envVars:
    APP_NAME: summary-microservice
    APP_API_TOKEN: password
    AWS_STORAGE_BUCKET_NAME: meet-media-storage
    AWS_S3_ENDPOINT_URL: minio.meet.svc.cluster.local:9000
    AWS_S3_ACCESS_KEY_ID: meet
    AWS_S3_SECRET_ACCESS_KEY: password
    AWS_S3_SECURE_ACCESS: False
    WHISPERX_API_KEY: your-secret-value
    WHISPERX_BASE_URL: https://configure-your-url.com
    WHISPERX_ASR_MODEL: large-v2
    LLM_BASE_URL: https://configure-your-url.com
    LLM_API_KEY: your-secret-value
    LLM_MODEL: meta-llama/Llama-3.1-8B-Instruct
    WEBHOOK_API_TOKEN: password
    WEBHOOK_URL: https://www.mock-impress.com/webhook/
    CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1
    CELERY_RESULT_BACKEND: redis://default:pass@redis-master:6379/1
    TASK_TRACKER_REDIS_URL: redis://default:pass@redis-master:6379/1
  
  image:
    repository: localhost:5001/meet-summary
    pullPolicy: Always
    tag: "latest"

  command:
    - "celery"
    - "-A"
    - "summary.core.celery_worker"
    - "worker"
    - "--pool=solo"
    - "--loglevel=info"

agents:
  replicas: 1
  envVars:
    LIVEKIT_URL: https://livekit.127.0.0.1.nip.io/
    {{- with .Values.livekit.keys }}
    {{- range $key, $value := . }}
    LIVEKIT_API_SECRET: {{ $value }}
    LIVEKIT_API_KEY: {{ $key }}
    {{- end }}
    {{- end }}

  image:
    repository: localhost:5001/meet-agents
    pullPolicy: Always
    tag: "latest"

  # Extra volume mounts to manage our local custom CA and avoid to disable ssl
  extraVolumeMounts:
    - name: certs
      mountPath: /usr/lib/ssl/cert.pem
      subPath: cert.pem

  # Extra volumes to manage our local custom CA and avoid to disable ssl
  extraVolumes:
    - name: certs
      configMap:
        name: certifi
        items:
        - key: cacert.pem
          path: cert.pem

ingressMedia:
  enabled: true
  host: meet.127.0.0.1.nip.io

  annotations:
    nginx.ingress.kubernetes.io/auth-url: https://meet.127.0.0.1.nip.io/api/v1.0/recordings/media-auth/
    nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
    nginx.ingress.kubernetes.io/upstream-vhost: minio.meet.svc.cluster.local:9000
    nginx.ingress.kubernetes.io/rewrite-target: /meet-media-storage/$1

serviceMedia:
  host: minio.meet.svc.cluster.local
  port: 9000