🔨(tilt) improve local stack

Improve the local tilt file in order to be abble to start all thing without any dependencies to DINUM environment
2024-12-06 12:18:51 +01:00
parent ed4f7dcf6c
commit 0ad37ee6de
9 changed files with 753 additions and 413 deletions
--- a/3
+++ b/3
@@ -305,3 +305,6 @@ start-tilt: ## start the kubernetes cluster using kind
 	tilt up -f ./bin/Tiltfile
 .PHONY: build-k8s-cluster
 start-tilt-keycloak: ## start the kubernetes cluster using kind, without Pro Connect for authentication, use keycloak
 	DEV_ENV=dev-keycloak tilt up -f ./bin/Tiltfile
 .PHONY: build-k8s-cluster
--- a/README.md
+++ b/README.md
@@ -118,6 +118,8 @@ $ make build-k8s-cluster
 Once the Kubernetes cluster is ready, start the application stack locally:
 ```shell
 $ make start-tilt
 or
 $ make start-tilt-keycloak # start stack without Pro Connect, use keycloak
 ```
 These commands set up and run your application environment using Tilt for local Kubernetes development.
--- a/bin/Tiltfile
+++ b/bin/Tiltfile
@@ -38,7 +38,7 @@ docker_build(
    ]
 )
-k8s_yaml(local('cd ../src/helm && helmfile -n meet -e dev template .'))
+k8s_yaml(local('cd ../src/helm && helmfile -n meet -e ${DEV_ENV:-dev} template .'))
 migration = '''
 set -eu
--- a/docker/auth/realm.json
+++ b/docker/auth/realm.json
--- a/src/helm/env.d/dev-keycloak/values.egress.yaml.gotmpl
+++ b/src/helm/env.d/dev-keycloak/values.egress.yaml.gotmpl
@@ -0,0 +1,43 @@
 replicaCount: 1
 terminationGracePeriodSeconds: 18000
 egress:
  log_level: debug
  ws_url: ws://livekit-livekit-server:80
  insecure: true
  enable_chrome_sandbox: true
  {{- with .Values.livekit.keys }}
  {{- range $key, $value := . }}
  api_key: {{ $key }}
  api_secret: {{ $value }}
  {{- end }}
  {{- end }}
  redis:
    address: redis-master:6379
    password: pass
  s3:
    access_key: meet
    secret: password
    region: local
    bucket: meet-media-storage
    endpoint: http://minio:9000
    force_path_style: true
 loadBalancer:
  type: nginx
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
  tls:
    - hosts:
        - livekit-egress.127.0.0.1.nip.io
      secretName: livekit-egress-dinum-cert
 autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 5
 nodeSelector: {}
 resources: {}
--- a/src/helm/env.d/dev-keycloak/values.livekit.yaml.gotmpl
+++ b/src/helm/env.d/dev-keycloak/values.livekit.yaml.gotmpl
@@ -0,0 +1,40 @@
 replicaCount: 1
 terminationGracePeriodSeconds: 18000
 livekit:
  log_level: debug
  rtc:
    use_external_ip: false
    port_range_start: 50000
    port_range_end: 60000
    tcp_port: 7881
  redis:
    address: redis-master:6379
    password: pass
  keys:
  turn:
    enabled: true
    udp_port: 443
    domain: livekit.127.0.0.1.nip.io
    loadBalancerAnnotations: {}
 loadBalancer:
  type: nginx
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
  tls:
    - hosts:
        - livekit.127.0.0.1.nip.io
      secretName: livekit-dinum-cert
 autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 5
  targetCPUUtilizationPercentage: 60
 nodeSelector: {}
 resources: {}
--- a/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl
@@ -0,0 +1,188 @@
 image:
  repository: localhost:5001/meet-backend
  pullPolicy: Always
  tag: "latest"
 backend:
  replicas: 1
  envVars:
    DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.127.0.0.1.nip.io,http://meet.127.0.0.1.nip.io
    DJANGO_CONFIGURATION: Production
    DJANGO_ALLOWED_HOSTS: meet.127.0.0.1.nip.io
    DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
    DJANGO_SETTINGS_MODULE: meet.settings
    DJANGO_SILENCED_SYSTEM_CHECKS: security.W004, security.W008
    DJANGO_SUPERUSER_PASSWORD: admin
    DJANGO_EMAIL_HOST: "mailcatcher"
    DJANGO_EMAIL_PORT: 1025
    DJANGO_EMAIL_USE_SSL: False
    OIDC_OP_JWKS_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/meet/protocol/openid-connect/certs
    OIDC_OP_AUTHORIZATION_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/meet/protocol/openid-connect/auth
    OIDC_OP_TOKEN_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/meet/protocol/openid-connect/token
    OIDC_OP_USER_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/meet/protocol/openid-connect/userinfo
    OIDC_OP_LOGOUT_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/meet/protocol/openid-connect/session/end
    OIDC_RP_CLIENT_ID:
      secretKeyRef:
        name: backend
        key: OIDC_RP_CLIENT_ID
    OIDC_RP_CLIENT_SECRET:
      secretKeyRef:
        name: backend
        key: OIDC_RP_CLIENT_SECRET
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email"
    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
    OIDC_VERIFY_SSL: False
    LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io
    LOGIN_REDIRECT_URL_FAILURE: https://meet.127.0.0.1.nip.io
    LOGOUT_REDIRECT_URL: https://meet.127.0.0.1.nip.io
    DB_HOST: postgres-postgresql
    DB_NAME: meet
    DB_USER: dinum
    DB_PASSWORD: pass
    DB_PORT: 5432
    POSTGRES_DB: meet
    POSTGRES_USER: dinum
    POSTGRES_PASSWORD: pass
    REDIS_URL: redis://default:pass@redis-master:6379/1
    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
    {{- with .Values.livekit.keys }}
    {{- range $key, $value := . }}
    LIVEKIT_API_SECRET: {{ $value }}
    LIVEKIT_API_KEY: {{ $key }}
    {{- end }}
    {{- end }}
    LIVEKIT_API_URL: https://livekit.127.0.0.1.nip.io/
    ALLOW_UNREGISTERED_ROOMS: False
    FRONTEND_SILENCE_LIVEKIT_DEBUG: False
    FRONTEND_SUPPORT: "{'id': '58ea6697-8eba-4492-bc59-ad6562585041'}"
    AWS_S3_ENDPOINT_URL: http://minio.meet.svc.cluster.local:9000
    AWS_S3_ACCESS_KEY_ID: meet
    AWS_S3_SECRET_ACCESS_KEY: password
    AWS_STORAGE_BUCKET_NAME: meet-media-storage
    AWS_S3_REGION_NAME: local
    RECORDING_ENABLE: True
    RECORDING_VERIFY_SSL: False
    RECORDING_STORAGE_EVENT_ENABLE: True
    RECORDING_STORAGE_EVENT_TOKEN: password
    SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/
    SUMMARY_SERVICE_API_TOKEN: password
  migrate:
    command:
      - "/bin/sh"
      - "-c"
      - |
        python manage.py migrate --no-input &&
        python manage.py create_demo --force
    restartPolicy: Never
  command:
    - "gunicorn"
    - "-c"
    - "/usr/local/etc/gunicorn/meet.py"
    - "meet.wsgi:application"
    - "--reload"
  createsuperuser:
    command:
      - "/bin/sh"
      - "-c"
      - |
        python manage.py createsuperuser --email admin@example.com --password admin
    restartPolicy: Never
 frontend:
  envVars:
    VITE_PORT: 8080
    VITE_HOST: 0.0.0.0
    VITE_API_BASE_URL: https://meet.127.0.0.1.nip.io/
  replicas: 1
  image:
    repository: localhost:5001/meet-frontend
    pullPolicy: Always
    tag: "latest"
 ingress:
  enabled: true
  host: meet.127.0.0.1.nip.io
 ingressAdmin:
  enabled: true
  host: meet.127.0.0.1.nip.io
 posthog:
  ingress:
    enabled: false
  ingressAssets:
    enabled: false
 summary:
  replicas: 1
  envVars:
    APP_NAME: summary-microservice
    APP_API_TOKEN: password
    AWS_STORAGE_BUCKET_NAME: meet-media-storage
    AWS_S3_ENDPOINT_URL: minio.meet.svc.cluster.local:9000
    AWS_S3_ACCESS_KEY_ID: meet
    AWS_S3_SECRET_ACCESS_KEY: password
    OPENAI_API_KEY: password
    OPENAI_BASE_URL: https://albertine.beta.numerique.gouv.fr/v1
    OPENAI_ASR_MODEL: openai/whisper-large-v3
    OPENAI_LLM_MODEL: meta-llama/Llama-3.1-8B-Instruct
    AWS_S3_SECURE_ACCESS: False
    WEBHOOK_API_TOKEN: password
    WEBHOOK_URL: https://www.mock-impress.com/webhook/
    CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1
    CELERY_RESULT_BACKEND: redis://default:pass@redis-master:6379/1
  image:
    repository: localhost:5001/meet-summary
    pullPolicy: Always
    tag: "latest"
  command:
    - "uvicorn"
    - "summary.main:app"
    - "--host"
    - "0.0.0.0"
    - "--port"
    - "8000"
    - "--reload"
 celery:
  replicas: 1
  envVars:
    APP_NAME: summary-microservice
    APP_API_TOKEN: password
    AWS_STORAGE_BUCKET_NAME: meet-media-storage
    AWS_S3_ENDPOINT_URL: minio.meet.svc.cluster.local:9000
    AWS_S3_ACCESS_KEY_ID: meet
    AWS_S3_SECRET_ACCESS_KEY: password
    OPENAI_API_KEY: password
    OPENAI_BASE_URL: https://albertine.beta.numerique.gouv.fr/v1
    OPENAI_ASR_MODEL: openai/whisper-large-v3
    OPENAI_LLM_MODEL: meta-llama/Llama-3.1-8B-Instruct
    AWS_S3_SECURE_ACCESS: False
    WEBHOOK_API_TOKEN: password
    WEBHOOK_URL: https://www.mock-impress.com/webhook/
    CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1
    CELERY_RESULT_BACKEND: redis://default:pass@redis-master:6379/1
  image:
    repository: localhost:5001/meet-summary
    pullPolicy: Always
    tag: "latest"
  command:
    - "celery"
    - "-A"
    - "summary.core.celery_worker"
    - "worker"
    - "--pool=solo"
    - "--loglevel=info"
--- a/src/helm/env.d/dev-keycloak/values.secrets.yaml
+++ b/src/helm/env.d/dev-keycloak/values.secrets.yaml
@@ -0,0 +1,10 @@
 djangoSecretKey: u!vbjDW71aru&OZA%NZQi0x
 livekit:
    keys:
        devkey: secret
 livekitApi:
    key: devkey
    secret: secret
 oidc:
    clientId: meet
    clientSecret: ThisIsAnExampleKeyForDevPurposeOnly
--- a/src/helm/helmfile.yaml
+++ b/src/helm/helmfile.yaml
@@ -1,4 +1,8 @@
 environments:
  dev-keycloak:
    values:
      - version: 0.0.1
      - env.d/{{ .Environment.Name }}/values.secrets.yaml
  dev:
    values:
      - version: 0.0.1
@@ -32,7 +36,8 @@ repositories:
 releases:
  - name: postgres
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
+    installed: {{ regexMatch "^dev.*" .Environment.Name | toYaml }}
    missingFileHandler: Warn
    namespace: {{ .Namespace }}
    chart: bitnami/postgresql
    version: 13.1.5
@@ -45,9 +50,50 @@ releases:
          enabled: true
          autoGenerated: true
-  - name: minio
+  - name: keycloak
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
+    installed: {{ eq .Environment.Name "dev-keycloak" | toYaml }}
    missingFileHandler: Warn
    namespace: {{ .Namespace }}
    chart: bitnami/keycloak
    version: 17.3.6
    values:
      - postgresql:
          auth:
            username: keycloak
            password: keycloak
            database: keycloak
      - extraEnvVars:
          - name: KEYCLOAK_EXTRA_ARGS
            value: "--import-realm"
          - name: KC_HOSTNAME_URL
            value: https://keycloak.127.0.0.1.nip.io
      - extraVolumes:
          - name: import
            configMap:
              name: meet-keycloak
      - extraVolumeMounts:
          - name: import
            mountPath: /opt/bitnami/keycloak/data/import/
      - auth:
          adminUser: su
          adminPassword: su
      - proxy: edge
      - ingress:
          enabled: true
          hostname: keycloak.127.0.0.1.nip.io
      - extraDeploy:
        - apiVersion: v1
          kind: ConfigMap
          metadata:
            name: meet-keycloak
          data:
            meet.json: |
 {{ readFile "../../docker/auth/realm.json" | replace "http://localhost:3200" "https://meet.127.0.0.1.nip.io" | indent 14 }}
  - name: minio
    installed: {{ regexMatch "^dev.*" .Environment.Name | toYaml }}
    namespace: {{ .Namespace }}
    missingFileHandler: Warn
    chart: bitnami/minio
    version: 12.10.10
    values:
@@ -75,7 +121,8 @@ releases:
            name: mkcert
  - name: redis
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
+    installed: {{ regexMatch "^dev.*" .Environment.Name | toYaml }}
    missingFileHandler: Warn
    namespace: {{ .Namespace }}
    chart: bitnami/redis
    version: 18.19.2
@@ -85,7 +132,8 @@ releases:
        architecture: standalone
  - name: extra
-    installed: {{ ne .Environment.Name "dev" | toYaml }}
+    installed: {{ not (regexMatch "^dev.*" .Environment.Name) | toYaml }}
    missingFileHandler: Warn
    namespace: {{ .Namespace }}
    chart: ./extra
    secrets:
@@ -100,26 +148,32 @@ releases:
  - name: meet
    version: {{ .Values.version }}
    namespace: {{ .Namespace }}
    missingFileHandler: Warn
    chart: ./meet
    values:
      - env.d/{{ .Environment.Name }}/values.meet.yaml.gotmpl
      - env.d/{{ .Environment.Name }}/values.secrets.yaml
    secrets:
      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
  - name: livekit
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
+    installed: {{ regexMatch "^dev.*" .Environment.Name | toYaml }}
    missingFileHandler: Warn
    namespace: {{ .Namespace }}
    chart: livekit/livekit-server
    values:
      - env.d/{{ .Environment.Name }}/values.livekit.yaml.gotmpl
      - env.d/{{ .Environment.Name }}/values.secrets.yaml
    secrets:
      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
  - name: livekit-egress
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
+    installed: {{ regexMatch "^dev.*" .Environment.Name | toYaml }}
    missingFileHandler: Warn
    namespace: {{ .Namespace }}
    chart: livekit/egress
    values:
      - env.d/{{ .Environment.Name }}/values.egress.yaml.gotmpl
      - env.d/{{ .Environment.Name }}/values.secrets.yaml
    secrets:
      - env.d/{{ .Environment.Name }}/secrets.enc.yaml