🚚(helm) update values for remote environments

I have updated the staging, pre-prod and production environments. Done: - Remove silenced security checks, as SECURE_PROXY_SSL_HEADER is set in prod. - Rename "impress" to "meet" - Rename "docs" to "meet" - Remove unused values (webrtc, ingressWS) I haven't yet received the definitive DNS configuration from Florian or Olivier. The hosts meet.numerique.gouv.fr and all meet-*.beta.numerique.gouv.fr are only hypothetical at this point.
2024-07-03 14:44:43 +02:00
parent bb6f111381
commit 4fe3333eea
3 changed files with 36 additions and 78 deletions
--- a/src/helm/env.d/production/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/production/values.meet.yaml.gotmpl
@@ -0,0 +1,133 @@
+image:
+  repository: lasuite/meet-backend
+  pullPolicy: Always
+  tag: "v0.1.0"
+
+backend:
+  migrateJobAnnotations:
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/hook-delete-policy: HookSucceeded
+  envVars:
+    DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.numerique.gouv.fr
+    DJANGO_CONFIGURATION: Production
+    DJANGO_ALLOWED_HOSTS: "*"
+    DJANGO_SECRET_KEY:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SECRET_KEY
+    DJANGO_SETTINGS_MODULE: meet.settings
+    DJANGO_SUPERUSER_EMAIL:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SUPERUSER_EMAIL
+    DJANGO_SUPERUSER_PASSWORD:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SUPERUSER_PASSWORD
+    DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr"
+    DJANGO_EMAIL_PORT: 465
+    DJANGO_EMAIL_USE_SSL: True
+    OIDC_OP_JWKS_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/jwks
+    OIDC_OP_AUTHORIZATION_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/authorize
+    OIDC_OP_TOKEN_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/token
+    OIDC_OP_USER_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/userinfo
+    OIDC_OP_LOGOUT_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/session/end
+    OIDC_RP_CLIENT_ID:
+      secretKeyRef:
+        name: backend
+        key: OIDC_RP_CLIENT_ID
+    OIDC_RP_CLIENT_SECRET:
+      secretKeyRef:
+        name: backend
+        key: OIDC_RP_CLIENT_SECRET
+    OIDC_RP_SIGN_ALGO: RS256
+    OIDC_RP_SCOPES: "openid email"
+    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.numerique.gouv.fr
+    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
+    LOGIN_REDIRECT_URL: https://meet.numerique.gouv.fr
+    LOGIN_REDIRECT_URL_FAILURE: https://meet.numerique.gouv.fr
+    LOGOUT_REDIRECT_URL: https://meet.numerique.gouv.fr
+    DB_HOST:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: host
+    DB_NAME:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: database
+    DB_USER:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: username
+    DB_PASSWORD:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: password
+    DB_PORT:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: port
+    POSTGRES_USER:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: username
+    POSTGRES_DB:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: database
+    POSTGRES_PASSWORD:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: password
+    REDIS_URL:
+      secretKeyRef:
+        name: redis.redis.libre.sh
+        key: url
+    AWS_S3_ENDPOINT_URL:
+      secretKeyRef:
+        name: meet-media-storage.bucket.libre.sh
+        key: url
+    AWS_S3_ACCESS_KEY_ID:
+      secretKeyRef:
+        name: meet-media-storage.bucket.libre.sh
+        key: accessKey
+    AWS_S3_SECRET_ACCESS_KEY:
+      secretKeyRef:
+        name: meet-media-storage.bucket.libre.sh
+        key: secretKey
+    AWS_STORAGE_BUCKET_NAME:
+      secretKeyRef:
+        name: meet-media-storage.bucket.libre.sh
+        key: bucket
+    AWS_S3_REGION_NAME: local
+    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
+
+  createsuperuser:
+    command:
+      - "/bin/sh"
+      - "-c"
+      - |
+        python manage.py createsuperuser --email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
+    restartPolicy: Never
+
+frontend:
+  image:
+    repository: lasuite/meet-frontend
+    pullPolicy: Always
+    tag: "v0.1.0"
+
+ingress:
+  enabled: true
+  host: meet.numerique.gouv.fr
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+
+ingressAdmin:
+  enabled: true
+  host: meet.numerique.gouv.fr
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy.beta.numerique.gouv.fr/oauth2/start
+    nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy.beta.numerique.gouv.fr/oauth2/auth