🚚(helm) update values for remote environments

I have updated the staging, pre-prod and production environments. Done: - Remove silenced security checks, as SECURE_PROXY_SSL_HEADER is set in prod. - Rename "impress" to "meet" - Rename "docs" to "meet" - Remove unused values (webrtc, ingressWS) I haven't yet received the definitive DNS configuration from Florian or Olivier. The hosts meet.numerique.gouv.fr and all meet-*.beta.numerique.gouv.fr are only hypothetical at this point.
2024-07-03 14:44:43 +02:00
parent bb6f111381
commit 4fe3333eea
3 changed files with 36 additions and 78 deletions
--- a/src/helm/env.d/preprod/values.impress.yaml.gotmpl
+++ b/src/helm/env.d/preprod/values.impress.yaml.gotmpl
@@ -8,7 +8,7 @@ backend:
    argocd.argoproj.io/hook: PreSync
    argocd.argoproj.io/hook-delete-policy: HookSucceeded
  envVars:
-    DJANGO_CSRF_TRUSTED_ORIGINS: http://impress-preprod.beta.numerique.gouv.fr,https://impress-preprod.beta.numerique.gouv.fr
+    DJANGO_CSRF_TRUSTED_ORIGINS: http://meet-preprod.beta.numerique.gouv.fr,https://meet-preprod.beta.numerique.gouv.fr
    DJANGO_CONFIGURATION: Production
    DJANGO_ALLOWED_HOSTS: "*"
    DJANGO_SUPERUSER_EMAIL:
@@ -19,7 +19,7 @@ backend:
      secretKeyRef:
        name: backend
        key: DJANGO_SECRET_KEY
-    DJANGO_SETTINGS_MODULE: impress.settings
+    DJANGO_SETTINGS_MODULE: meet.settings
    DJANGO_SUPERUSER_PASSWORD:
      secretKeyRef:
        name: backend
@@ -27,7 +27,6 @@ backend:
    DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr"
    DJANGO_EMAIL_PORT: 465
    DJANGO_EMAIL_USE_SSL: True
-    DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
    OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks
    OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize
    OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token
@@ -43,11 +42,11 @@ backend:
        key: OIDC_RP_CLIENT_SECRET
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email"
-    OIDC_REDIRECT_ALLOWED_HOSTS: https://impress-preprod.beta.numerique.gouv.fr
+    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet-preprod.beta.numerique.gouv.fr
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
-    LOGIN_REDIRECT_URL: https://impress-preprod.beta.numerique.gouv.fr
-    LOGIN_REDIRECT_URL_FAILURE: https://impress-preprod.beta.numerique.gouv.fr
-    LOGOUT_REDIRECT_URL: https://impress-preprod.beta.numerique.gouv.fr
+    LOGIN_REDIRECT_URL: https://meet-preprod.beta.numerique.gouv.fr
+    LOGIN_REDIRECT_URL_FAILURE: https://meet-preprod.beta.numerique.gouv.fr
+    LOGOUT_REDIRECT_URL: https://meet-preprod.beta.numerique.gouv.fr
    DB_HOST:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
@@ -86,19 +85,19 @@ backend:
        key: url
    AWS_S3_ENDPOINT_URL:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: url
    AWS_S3_ACCESS_KEY_ID:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: accessKey
    AWS_S3_SECRET_ACCESS_KEY:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: secretKey
    AWS_STORAGE_BUCKET_NAME:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: bucket
    AWS_S3_REGION_NAME: local
    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
@@ -117,29 +116,16 @@ frontend:
    pullPolicy: Always
    tag: "v0.1.0"

-webrtc:
-  image:
-    repository: lasuite/impress-y-webrtc-signaling
-    pullPolicy: Always
-    tag: "v0.1.0"
-
 ingress:
  enabled: true
-  host: impress-preprod.beta.numerique.gouv.fr
-  className: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-
-ingressWS:
-  enabled: true
-  host: impress-preprod.beta.numerique.gouv.fr
+  host: meet-preprod.beta.numerique.gouv.fr
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod

 ingressAdmin:
  enabled: true
-  host: impress-preprod.beta.numerique.gouv.fr
+  host: meet-preprod.beta.numerique.gouv.fr
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
--- a/src/helm/env.d/production/values.impress.yaml.gotmpl
+++ b/src/helm/env.d/production/values.impress.yaml.gotmpl
@@ -8,14 +8,14 @@ backend:
    argocd.argoproj.io/hook: PostSync
    argocd.argoproj.io/hook-delete-policy: HookSucceeded
  envVars:
-    DJANGO_CSRF_TRUSTED_ORIGINS: https://docs.numerique.gouv.fr
+    DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.numerique.gouv.fr
    DJANGO_CONFIGURATION: Production
    DJANGO_ALLOWED_HOSTS: "*"
    DJANGO_SECRET_KEY:
      secretKeyRef:
        name: backend
        key: DJANGO_SECRET_KEY
-    DJANGO_SETTINGS_MODULE: impress.settings
+    DJANGO_SETTINGS_MODULE: meet.settings
    DJANGO_SUPERUSER_EMAIL:
      secretKeyRef:
        name: backend
@@ -27,7 +27,6 @@ backend:
    DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr"
    DJANGO_EMAIL_PORT: 465
    DJANGO_EMAIL_USE_SSL: True
-    DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
    OIDC_OP_JWKS_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/jwks
    OIDC_OP_AUTHORIZATION_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/authorize
    OIDC_OP_TOKEN_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/token
@@ -43,11 +42,11 @@ backend:
        key: OIDC_RP_CLIENT_SECRET
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email"
-    OIDC_REDIRECT_ALLOWED_HOSTS: https://docs.numerique.gouv.fr
+    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.numerique.gouv.fr
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
-    LOGIN_REDIRECT_URL: https://docs.numerique.gouv.fr
-    LOGIN_REDIRECT_URL_FAILURE: https://docs.numerique.gouv.fr
-    LOGOUT_REDIRECT_URL: https://docs.numerique.gouv.fr
+    LOGIN_REDIRECT_URL: https://meet.numerique.gouv.fr
+    LOGIN_REDIRECT_URL_FAILURE: https://meet.numerique.gouv.fr
+    LOGOUT_REDIRECT_URL: https://meet.numerique.gouv.fr
    DB_HOST:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
@@ -86,19 +85,19 @@ backend:
        key: url
    AWS_S3_ENDPOINT_URL:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: url
    AWS_S3_ACCESS_KEY_ID:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: accessKey
    AWS_S3_SECRET_ACCESS_KEY:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: secretKey
    AWS_STORAGE_BUCKET_NAME:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: bucket
    AWS_S3_REGION_NAME: local
    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
@@ -117,29 +116,16 @@ frontend:
    pullPolicy: Always
    tag: "v0.1.0"

-webrtc:
-  image:
-    repository: lasuite/impress-y-webrtc-signaling
-    pullPolicy: Always
-    tag: "v0.1.0"
-
 ingress:
  enabled: true
-  host: docs.numerique.gouv.fr
-  className: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-
-ingressWS:
-  enabled: true
-  host: docs.numerique.gouv.fr
+  host: meet.numerique.gouv.fr
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt

 ingressAdmin:
  enabled: true
-  host: docs.numerique.gouv.fr
+  host: meet.numerique.gouv.fr
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
--- a/src/helm/env.d/staging/values.impress.yaml.gotmpl
+++ b/src/helm/env.d/staging/values.impress.yaml.gotmpl
@@ -8,14 +8,14 @@ backend:
    argocd.argoproj.io/hook: PreSync
    argocd.argoproj.io/hook-delete-policy: HookSucceeded
  envVars:
-    DJANGO_CSRF_TRUSTED_ORIGINS: http://impress-staging.beta.numerique.gouv.fr,https://impress-staging.beta.numerique.gouv.fr
+    DJANGO_CSRF_TRUSTED_ORIGINS: http://meet-staging.beta.numerique.gouv.fr,https://meet-staging.beta.numerique.gouv.fr
    DJANGO_CONFIGURATION: Production
    DJANGO_ALLOWED_HOSTS: "*"
    DJANGO_SECRET_KEY:
      secretKeyRef:
        name: backend
        key: DJANGO_SECRET_KEY
-    DJANGO_SETTINGS_MODULE: impress.settings
+    DJANGO_SETTINGS_MODULE: meet.settings
    DJANGO_SUPERUSER_EMAIL:
      secretKeyRef:
        name: backend
@@ -27,7 +27,6 @@ backend:
    DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr"
    DJANGO_EMAIL_PORT: 465
    DJANGO_EMAIL_USE_SSL: True
-    DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
    OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks
    OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize
    OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token
@@ -43,11 +42,11 @@ backend:
        key: OIDC_RP_CLIENT_SECRET
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email"
-    OIDC_REDIRECT_ALLOWED_HOSTS: https://impress-staging.beta.numerique.gouv.fr
+    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet-staging.beta.numerique.gouv.fr
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
-    LOGIN_REDIRECT_URL: https://impress-staging.beta.numerique.gouv.fr
-    LOGIN_REDIRECT_URL_FAILURE: https://impress-staging.beta.numerique.gouv.fr
-    LOGOUT_REDIRECT_URL: https://impress-staging.beta.numerique.gouv.fr
+    LOGIN_REDIRECT_URL: https://meet-staging.beta.numerique.gouv.fr
+    LOGIN_REDIRECT_URL_FAILURE: https://meet-staging.beta.numerique.gouv.fr
+    LOGOUT_REDIRECT_URL: https://meet-staging.beta.numerique.gouv.fr
    DB_HOST:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
@@ -86,19 +85,19 @@ backend:
        key: url
    AWS_S3_ENDPOINT_URL:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: url
    AWS_S3_ACCESS_KEY_ID:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: accessKey
    AWS_S3_SECRET_ACCESS_KEY:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: secretKey
    AWS_STORAGE_BUCKET_NAME:
      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
+        name: meet-media-storage.bucket.libre.sh
        key: bucket
    AWS_S3_REGION_NAME: local
    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
@@ -117,29 +116,16 @@ frontend:
    pullPolicy: Always
    tag: "main"

-webrtc:
-  image:
-    repository: lasuite/impress-y-webrtc-signaling
-    pullPolicy: Always
-    tag: "main"
-
 ingress:
  enabled: true
-  host: impress-staging.beta.numerique.gouv.fr
-  className: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-
-ingressWS:
-  enabled: true
-  host: impress-staging.beta.numerique.gouv.fr
+  host: meet-staging.beta.numerique.gouv.fr
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod

 ingressAdmin:
  enabled: true
-  host: impress-staging.beta.numerique.gouv.fr
+  host: meet-staging.beta.numerique.gouv.fr
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod