✨(tilt) add missing certificate authority for Python

Avoid disabling SSL verification in development environment, simply mount in the right folder, an extra volume, that declares the certificate authority necessary to validate nip.io domains.
2025-01-13 17:19:28 +01:00
parent 89f2ae548e
commit 3c8e3b9e29
2 changed files with 32 additions and 3 deletions
--- a/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl
@@ -27,7 +27,6 @@ backend:
    OIDC_RP_SCOPES: "openid email"
    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
-    OIDC_VERIFY_SSL: False
    LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io
    LOGIN_REDIRECT_URL_FAILURE: https://meet.127.0.0.1.nip.io
    LOGOUT_REDIRECT_URL: https://meet.127.0.0.1.nip.io
@@ -57,7 +56,7 @@ backend:
    AWS_STORAGE_BUCKET_NAME: meet-media-storage
    AWS_S3_REGION_NAME: local
    RECORDING_ENABLE: True
-    RECORDING_VERIFY_SSL: False
+    RECORDING_VERIFY_SSL: True
    RECORDING_STORAGE_EVENT_ENABLE: True
    RECORDING_STORAGE_EVENT_TOKEN: password
    SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/
@@ -88,6 +87,21 @@ backend:
        python manage.py createsuperuser --email admin@example.com --password admin
    restartPolicy: Never

+  # Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false
+  extraVolumeMounts:
+    - name: certs
+      mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
+      subPath: cacert.pem
+
+  # Extra volumes to manage our local custom CA and avoid to set ssl_verify: false
+  extraVolumes:
+    - name: certs
+      configMap:
+        name: certifi
+        items:
+        - key: cacert.pem
+          path: cacert.pem
+
 frontend:
  envVars:
    VITE_PORT: 8080
--- a/src/helm/env.d/dev/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/dev/values.meet.yaml.gotmpl
@@ -73,7 +73,7 @@ backend:
    AWS_STORAGE_BUCKET_NAME: meet-media-storage
    AWS_S3_REGION_NAME: local
    RECORDING_ENABLE: True
-    RECORDING_VERIFY_SSL: False
+    RECORDING_VERIFY_SSL: True
    RECORDING_STORAGE_EVENT_ENABLE: True
    RECORDING_STORAGE_EVENT_TOKEN: password
    SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/
@@ -104,6 +104,21 @@ backend:
        python manage.py createsuperuser --email admin@example.com --password admin
    restartPolicy: Never

+  # Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false
+  extraVolumeMounts:
+    - name: certs
+      mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
+      subPath: cacert.pem
+
+  # Extra volumes to manage our local custom CA and avoid to set ssl_verify: false
+  extraVolumes:
+    - name: certs
+      configMap:
+        name: certifi
+        items:
+        - key: cacert.pem
+          path: cacert.pem
+
 frontend:
  envVars:
    VITE_PORT: 8080