From 3c8e3b9e29c1a904acc7fe4393782b51f4455852 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Mon, 13 Jan 2025 17:19:28 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8(tilt)=20add=20missing=20certificate?= =?UTF-8?q?=20authority=20for=20Python?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid disabling SSL verification in development environment, simply mount in the right folder, an extra volume, that declares the certificate authority necessary to validate nip.io domains. --- .../env.d/dev-keycloak/values.meet.yaml.gotmpl | 18 ++++++++++++++++-- src/helm/env.d/dev/values.meet.yaml.gotmpl | 17 ++++++++++++++++- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl b/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl index f38284ef..81537f71 100644 --- a/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl +++ b/src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl @@ -27,7 +27,6 @@ backend: OIDC_RP_SCOPES: "openid email" OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" - OIDC_VERIFY_SSL: False LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io LOGIN_REDIRECT_URL_FAILURE: https://meet.127.0.0.1.nip.io LOGOUT_REDIRECT_URL: https://meet.127.0.0.1.nip.io @@ -57,7 +56,7 @@ backend: AWS_STORAGE_BUCKET_NAME: meet-media-storage AWS_S3_REGION_NAME: local RECORDING_ENABLE: True - RECORDING_VERIFY_SSL: False + RECORDING_VERIFY_SSL: True RECORDING_STORAGE_EVENT_ENABLE: True RECORDING_STORAGE_EVENT_TOKEN: password SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/ @@ -88,6 +87,21 @@ backend: python manage.py createsuperuser --email admin@example.com --password admin restartPolicy: Never + # Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false + extraVolumeMounts: + - name: certs + mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem + subPath: cacert.pem + + # Extra volumes to manage our local custom CA and avoid to set ssl_verify: false + extraVolumes: + - name: certs + configMap: + name: certifi + items: + - key: cacert.pem + path: cacert.pem + frontend: envVars: VITE_PORT: 8080 diff --git a/src/helm/env.d/dev/values.meet.yaml.gotmpl b/src/helm/env.d/dev/values.meet.yaml.gotmpl index 3c1f1998..b40bd3dd 100644 --- a/src/helm/env.d/dev/values.meet.yaml.gotmpl +++ b/src/helm/env.d/dev/values.meet.yaml.gotmpl @@ -73,7 +73,7 @@ backend: AWS_STORAGE_BUCKET_NAME: meet-media-storage AWS_S3_REGION_NAME: local RECORDING_ENABLE: True - RECORDING_VERIFY_SSL: False + RECORDING_VERIFY_SSL: True RECORDING_STORAGE_EVENT_ENABLE: True RECORDING_STORAGE_EVENT_TOKEN: password SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/ @@ -104,6 +104,21 @@ backend: python manage.py createsuperuser --email admin@example.com --password admin restartPolicy: Never + # Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false + extraVolumeMounts: + - name: certs + mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem + subPath: cacert.pem + + # Extra volumes to manage our local custom CA and avoid to set ssl_verify: false + extraVolumes: + - name: certs + configMap: + name: certifi + items: + - key: cacert.pem + path: cacert.pem + frontend: envVars: VITE_PORT: 8080