🔒️(helm) change domainon production

Add ingress in order to migrate from meet.numerique.gouv.fr to visio.numerique.gouv.fr
2024-09-23 14:06:42 +02:00
parent 1103902c12
commit 90c88a8bd3
3 changed files with 14 additions and 12 deletions
--- a/src/helm/env.d/production/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/production/values.meet.yaml.gotmpl
@@ -8,9 +8,9 @@ backend:
    argocd.argoproj.io/hook: PostSync
    argocd.argoproj.io/hook-delete-policy: HookSucceeded
  envVars:
-    DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.numerique.gouv.fr
+    DJANGO_CSRF_TRUSTED_ORIGINS: https://visio.numerique.gouv.fr,https://meet.numerique.gouv.fr
    DJANGO_CONFIGURATION: Production
-    DJANGO_ALLOWED_HOSTS: meet.numerique.gouv.fr
+    DJANGO_ALLOWED_HOSTS: visio.numerique.gouv.fr,meet.numerique.gouv.fr
    DJANGO_SECRET_KEY:
      secretKeyRef:
        name: backend
@@ -43,11 +43,11 @@ backend:
        key: OIDC_RP_CLIENT_SECRET
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email"
-    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.numerique.gouv.fr
+    OIDC_REDIRECT_ALLOWED_HOSTS: https://visio.numerique.gouv.fr
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
-    LOGIN_REDIRECT_URL: https://meet.numerique.gouv.fr
-    LOGIN_REDIRECT_URL_FAILURE: https://meet.numerique.gouv.fr
-    LOGOUT_REDIRECT_URL: https://meet.numerique.gouv.fr
+    LOGIN_REDIRECT_URL: https://visio.numerique.gouv.fr
+    LOGIN_REDIRECT_URL_FAILURE: https://visio.numerique.gouv.fr
+    LOGOUT_REDIRECT_URL: https://visio.numerique.gouv.fr
    DB_HOST:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
@@ -113,14 +113,14 @@ frontend:

 ingress:
  enabled: true
-  host: meet.numerique.gouv.fr
+  host: visio.numerique.gouv.fr
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt

 ingressAdmin:
  enabled: true
-  host: meet.numerique.gouv.fr
+  host: visio.numerique.gouv.fr
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
--- a/src/helm/extra/templates/redirect.yaml
+++ b/src/helm/extra/templates/redirect.yaml
@@ -39,7 +39,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: transitional-tls
-  namespace: meet-staging
+  namespace: {{ .Release.Namespace | quote }}
 spec:
  dnsNames:
  - {{ .Values.newDomain }}
@@ -47,7 +47,7 @@ spec:
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
-    name: letsencrypt-prod
+    name: {{ index .Values.ingress.annotations "cert-manager.io/cluster-issuer" }}
  secretName: transitional-tls
  usages:
  - digital signature
--- a/src/helm/helmfile.yaml
+++ b/src/helm/helmfile.yaml
@@ -41,7 +41,6 @@ releases:
    - addRedirect: {{ .Values | get "addRedirect" "False" }}
      enablePermanentRedirect: {{ .Values | get "enablePermanentRedirect" "False"}}
      oldDomain: {{ .Values | get "oldDomain" "demo.com" }}
-      tlsOldSecretName: {{ .Values | get "tlsOldSecretName" "tls"}}
      newDomain: {{ .Values | get "newDomain" "demo.com" }}

  - name: meet
@@ -74,7 +73,6 @@ environments:
        addRedirect: True
        enablePermanentRedirect: True
        oldDomain: meet-staging.beta.numerique.gouv.fr
-        tlsOldSecretName: meet-tls
        newDomain: visio-staging.beta.numerique.gouv.fr
    secrets:
      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
@@ -86,5 +84,9 @@ environments:
  production:
    values:
      - version: 0.0.1
+        addRedirect: True
+        enablePermanentRedirect: True
+        oldDomain: meet.numerique.gouv.fr
+        newDomain: visio.numerique.gouv.fr
    secrets:
      - env.d/{{ .Environment.Name }}/secrets.enc.yaml