From 4fe3333eea87eaa73ce48a714c2aeceac8f56ea6 Mon Sep 17 00:00:00 2001 From: antoine lebaud Date: Wed, 3 Jul 2024 14:44:43 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=9A(helm)=20update=20values=20for=20re?= =?UTF-8?q?mote=20environments?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I have updated the staging, pre-prod and production environments. Done: - Remove silenced security checks, as SECURE_PROXY_SSL_HEADER is set in prod. - Rename "impress" to "meet" - Rename "docs" to "meet" - Remove unused values (webrtc, ingressWS) I haven't yet received the definitive DNS configuration from Florian or Olivier. The hosts meet.numerique.gouv.fr and all meet-*.beta.numerique.gouv.fr are only hypothetical at this point. --- ...ss.yaml.gotmpl => values.meet.yaml.gotmpl} | 38 ++++++------------- ...ss.yaml.gotmpl => values.meet.yaml.gotmpl} | 38 ++++++------------- ...ss.yaml.gotmpl => values.meet.yaml.gotmpl} | 38 ++++++------------- 3 files changed, 36 insertions(+), 78 deletions(-) rename src/helm/env.d/preprod/{values.impress.yaml.gotmpl => values.meet.yaml.gotmpl} (75%) rename src/helm/env.d/production/{values.impress.yaml.gotmpl => values.meet.yaml.gotmpl} (78%) rename src/helm/env.d/staging/{values.impress.yaml.gotmpl => values.meet.yaml.gotmpl} (75%) diff --git a/src/helm/env.d/preprod/values.impress.yaml.gotmpl b/src/helm/env.d/preprod/values.meet.yaml.gotmpl similarity index 75% rename from src/helm/env.d/preprod/values.impress.yaml.gotmpl rename to src/helm/env.d/preprod/values.meet.yaml.gotmpl index e0595613..3dda9f9f 100644 --- a/src/helm/env.d/preprod/values.impress.yaml.gotmpl +++ b/src/helm/env.d/preprod/values.meet.yaml.gotmpl @@ -8,7 +8,7 @@ backend: argocd.argoproj.io/hook: PreSync argocd.argoproj.io/hook-delete-policy: HookSucceeded envVars: - DJANGO_CSRF_TRUSTED_ORIGINS: http://impress-preprod.beta.numerique.gouv.fr,https://impress-preprod.beta.numerique.gouv.fr + DJANGO_CSRF_TRUSTED_ORIGINS: http://meet-preprod.beta.numerique.gouv.fr,https://meet-preprod.beta.numerique.gouv.fr DJANGO_CONFIGURATION: Production DJANGO_ALLOWED_HOSTS: "*" DJANGO_SUPERUSER_EMAIL: @@ -19,7 +19,7 @@ backend: secretKeyRef: name: backend key: DJANGO_SECRET_KEY - DJANGO_SETTINGS_MODULE: impress.settings + DJANGO_SETTINGS_MODULE: meet.settings DJANGO_SUPERUSER_PASSWORD: secretKeyRef: name: backend @@ -27,7 +27,6 @@ backend: DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr" DJANGO_EMAIL_PORT: 465 DJANGO_EMAIL_USE_SSL: True - DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004 OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token @@ -43,11 +42,11 @@ backend: key: OIDC_RP_CLIENT_SECRET OIDC_RP_SIGN_ALGO: RS256 OIDC_RP_SCOPES: "openid email" - OIDC_REDIRECT_ALLOWED_HOSTS: https://impress-preprod.beta.numerique.gouv.fr + OIDC_REDIRECT_ALLOWED_HOSTS: https://meet-preprod.beta.numerique.gouv.fr OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" - LOGIN_REDIRECT_URL: https://impress-preprod.beta.numerique.gouv.fr - LOGIN_REDIRECT_URL_FAILURE: https://impress-preprod.beta.numerique.gouv.fr - LOGOUT_REDIRECT_URL: https://impress-preprod.beta.numerique.gouv.fr + LOGIN_REDIRECT_URL: https://meet-preprod.beta.numerique.gouv.fr + LOGIN_REDIRECT_URL_FAILURE: https://meet-preprod.beta.numerique.gouv.fr + LOGOUT_REDIRECT_URL: https://meet-preprod.beta.numerique.gouv.fr DB_HOST: secretKeyRef: name: postgresql.postgres.libre.sh @@ -86,19 +85,19 @@ backend: key: url AWS_S3_ENDPOINT_URL: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: url AWS_S3_ACCESS_KEY_ID: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: accessKey AWS_S3_SECRET_ACCESS_KEY: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: secretKey AWS_STORAGE_BUCKET_NAME: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: bucket AWS_S3_REGION_NAME: local STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage @@ -117,29 +116,16 @@ frontend: pullPolicy: Always tag: "v0.1.0" -webrtc: - image: - repository: lasuite/impress-y-webrtc-signaling - pullPolicy: Always - tag: "v0.1.0" - ingress: enabled: true - host: impress-preprod.beta.numerique.gouv.fr - className: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - -ingressWS: - enabled: true - host: impress-preprod.beta.numerique.gouv.fr + host: meet-preprod.beta.numerique.gouv.fr className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod ingressAdmin: enabled: true - host: impress-preprod.beta.numerique.gouv.fr + host: meet-preprod.beta.numerique.gouv.fr className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod diff --git a/src/helm/env.d/production/values.impress.yaml.gotmpl b/src/helm/env.d/production/values.meet.yaml.gotmpl similarity index 78% rename from src/helm/env.d/production/values.impress.yaml.gotmpl rename to src/helm/env.d/production/values.meet.yaml.gotmpl index 1b45ed45..4c52812d 100644 --- a/src/helm/env.d/production/values.impress.yaml.gotmpl +++ b/src/helm/env.d/production/values.meet.yaml.gotmpl @@ -8,14 +8,14 @@ backend: argocd.argoproj.io/hook: PostSync argocd.argoproj.io/hook-delete-policy: HookSucceeded envVars: - DJANGO_CSRF_TRUSTED_ORIGINS: https://docs.numerique.gouv.fr + DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.numerique.gouv.fr DJANGO_CONFIGURATION: Production DJANGO_ALLOWED_HOSTS: "*" DJANGO_SECRET_KEY: secretKeyRef: name: backend key: DJANGO_SECRET_KEY - DJANGO_SETTINGS_MODULE: impress.settings + DJANGO_SETTINGS_MODULE: meet.settings DJANGO_SUPERUSER_EMAIL: secretKeyRef: name: backend @@ -27,7 +27,6 @@ backend: DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr" DJANGO_EMAIL_PORT: 465 DJANGO_EMAIL_USE_SSL: True - DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004 OIDC_OP_JWKS_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/jwks OIDC_OP_AUTHORIZATION_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/authorize OIDC_OP_TOKEN_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/token @@ -43,11 +42,11 @@ backend: key: OIDC_RP_CLIENT_SECRET OIDC_RP_SIGN_ALGO: RS256 OIDC_RP_SCOPES: "openid email" - OIDC_REDIRECT_ALLOWED_HOSTS: https://docs.numerique.gouv.fr + OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.numerique.gouv.fr OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" - LOGIN_REDIRECT_URL: https://docs.numerique.gouv.fr - LOGIN_REDIRECT_URL_FAILURE: https://docs.numerique.gouv.fr - LOGOUT_REDIRECT_URL: https://docs.numerique.gouv.fr + LOGIN_REDIRECT_URL: https://meet.numerique.gouv.fr + LOGIN_REDIRECT_URL_FAILURE: https://meet.numerique.gouv.fr + LOGOUT_REDIRECT_URL: https://meet.numerique.gouv.fr DB_HOST: secretKeyRef: name: postgresql.postgres.libre.sh @@ -86,19 +85,19 @@ backend: key: url AWS_S3_ENDPOINT_URL: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: url AWS_S3_ACCESS_KEY_ID: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: accessKey AWS_S3_SECRET_ACCESS_KEY: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: secretKey AWS_STORAGE_BUCKET_NAME: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: bucket AWS_S3_REGION_NAME: local STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage @@ -117,29 +116,16 @@ frontend: pullPolicy: Always tag: "v0.1.0" -webrtc: - image: - repository: lasuite/impress-y-webrtc-signaling - pullPolicy: Always - tag: "v0.1.0" - ingress: enabled: true - host: docs.numerique.gouv.fr - className: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt - -ingressWS: - enabled: true - host: docs.numerique.gouv.fr + host: meet.numerique.gouv.fr className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt ingressAdmin: enabled: true - host: docs.numerique.gouv.fr + host: meet.numerique.gouv.fr className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt diff --git a/src/helm/env.d/staging/values.impress.yaml.gotmpl b/src/helm/env.d/staging/values.meet.yaml.gotmpl similarity index 75% rename from src/helm/env.d/staging/values.impress.yaml.gotmpl rename to src/helm/env.d/staging/values.meet.yaml.gotmpl index d8d0fc41..2fce7b77 100644 --- a/src/helm/env.d/staging/values.impress.yaml.gotmpl +++ b/src/helm/env.d/staging/values.meet.yaml.gotmpl @@ -8,14 +8,14 @@ backend: argocd.argoproj.io/hook: PreSync argocd.argoproj.io/hook-delete-policy: HookSucceeded envVars: - DJANGO_CSRF_TRUSTED_ORIGINS: http://impress-staging.beta.numerique.gouv.fr,https://impress-staging.beta.numerique.gouv.fr + DJANGO_CSRF_TRUSTED_ORIGINS: http://meet-staging.beta.numerique.gouv.fr,https://meet-staging.beta.numerique.gouv.fr DJANGO_CONFIGURATION: Production DJANGO_ALLOWED_HOSTS: "*" DJANGO_SECRET_KEY: secretKeyRef: name: backend key: DJANGO_SECRET_KEY - DJANGO_SETTINGS_MODULE: impress.settings + DJANGO_SETTINGS_MODULE: meet.settings DJANGO_SUPERUSER_EMAIL: secretKeyRef: name: backend @@ -27,7 +27,6 @@ backend: DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr" DJANGO_EMAIL_PORT: 465 DJANGO_EMAIL_USE_SSL: True - DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004 OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token @@ -43,11 +42,11 @@ backend: key: OIDC_RP_CLIENT_SECRET OIDC_RP_SIGN_ALGO: RS256 OIDC_RP_SCOPES: "openid email" - OIDC_REDIRECT_ALLOWED_HOSTS: https://impress-staging.beta.numerique.gouv.fr + OIDC_REDIRECT_ALLOWED_HOSTS: https://meet-staging.beta.numerique.gouv.fr OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" - LOGIN_REDIRECT_URL: https://impress-staging.beta.numerique.gouv.fr - LOGIN_REDIRECT_URL_FAILURE: https://impress-staging.beta.numerique.gouv.fr - LOGOUT_REDIRECT_URL: https://impress-staging.beta.numerique.gouv.fr + LOGIN_REDIRECT_URL: https://meet-staging.beta.numerique.gouv.fr + LOGIN_REDIRECT_URL_FAILURE: https://meet-staging.beta.numerique.gouv.fr + LOGOUT_REDIRECT_URL: https://meet-staging.beta.numerique.gouv.fr DB_HOST: secretKeyRef: name: postgresql.postgres.libre.sh @@ -86,19 +85,19 @@ backend: key: url AWS_S3_ENDPOINT_URL: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: url AWS_S3_ACCESS_KEY_ID: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: accessKey AWS_S3_SECRET_ACCESS_KEY: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: secretKey AWS_STORAGE_BUCKET_NAME: secretKeyRef: - name: impress-media-storage.bucket.libre.sh + name: meet-media-storage.bucket.libre.sh key: bucket AWS_S3_REGION_NAME: local STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage @@ -117,29 +116,16 @@ frontend: pullPolicy: Always tag: "main" -webrtc: - image: - repository: lasuite/impress-y-webrtc-signaling - pullPolicy: Always - tag: "main" - ingress: enabled: true - host: impress-staging.beta.numerique.gouv.fr - className: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - -ingressWS: - enabled: true - host: impress-staging.beta.numerique.gouv.fr + host: meet-staging.beta.numerique.gouv.fr className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod ingressAdmin: enabled: true - host: impress-staging.beta.numerique.gouv.fr + host: meet-staging.beta.numerique.gouv.fr className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod