🔒️(helm) change domainon production

Add ingress in order to migrate from meet.numerique.gouv.fr to
visio.numerique.gouv.fr

src/helm/env.d/production/values.meet.yaml.gotmpl

@@ -8,9 +8,9 @@ backend:
     argocd.argoproj.io/hook: PostSync
     argocd.argoproj.io/hook-delete-policy: HookSucceeded
   envVars:
-    DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.numerique.gouv.fr
+    DJANGO_CSRF_TRUSTED_ORIGINS: https://visio.numerique.gouv.fr,https://meet.numerique.gouv.fr
     DJANGO_CONFIGURATION: Production
-    DJANGO_ALLOWED_HOSTS: meet.numerique.gouv.fr
+    DJANGO_ALLOWED_HOSTS: visio.numerique.gouv.fr,meet.numerique.gouv.fr
     DJANGO_SECRET_KEY:
       secretKeyRef:
         name: backend
@@ -43,11 +43,11 @@ backend:
         key: OIDC_RP_CLIENT_SECRET
     OIDC_RP_SIGN_ALGO: RS256
     OIDC_RP_SCOPES: "openid email"
-    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.numerique.gouv.fr
+    OIDC_REDIRECT_ALLOWED_HOSTS: https://visio.numerique.gouv.fr
     OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
-    LOGIN_REDIRECT_URL: https://meet.numerique.gouv.fr
+    LOGIN_REDIRECT_URL: https://visio.numerique.gouv.fr
-    LOGIN_REDIRECT_URL_FAILURE: https://meet.numerique.gouv.fr
+    LOGIN_REDIRECT_URL_FAILURE: https://visio.numerique.gouv.fr
-    LOGOUT_REDIRECT_URL: https://meet.numerique.gouv.fr
+    LOGOUT_REDIRECT_URL: https://visio.numerique.gouv.fr
     DB_HOST:
       secretKeyRef:
         name: postgresql.postgres.libre.sh
@@ -113,14 +113,14 @@ frontend:
 
 ingress:
   enabled: true
-  host: meet.numerique.gouv.fr
+  host: visio.numerique.gouv.fr
   className: nginx
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
 
 ingressAdmin:
   enabled: true
-  host: meet.numerique.gouv.fr
+  host: visio.numerique.gouv.fr
   className: nginx
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt

src/helm/extra/templates/redirect.yaml

@@ -39,7 +39,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: transitional-tls
-  namespace: meet-staging
+  namespace: {{ .Release.Namespace | quote }}
 spec:
   dnsNames:
   - {{ .Values.newDomain }}
@@ -47,7 +47,7 @@ spec:
   issuerRef:
     group: cert-manager.io
     kind: ClusterIssuer
-    name: letsencrypt-prod
+    name: {{ index .Values.ingress.annotations "cert-manager.io/cluster-issuer" }}
   secretName: transitional-tls
   usages:
   - digital signature

src/helm/helmfile.yaml

@@ -41,7 +41,6 @@ releases:
     - addRedirect: {{ .Values | get "addRedirect" "False" }}
       enablePermanentRedirect: {{ .Values | get "enablePermanentRedirect" "False"}}
       oldDomain: {{ .Values | get "oldDomain" "demo.com" }}
-      tlsOldSecretName: {{ .Values | get "tlsOldSecretName" "tls"}}
       newDomain: {{ .Values | get "newDomain" "demo.com" }}
 
   - name: meet
@@ -74,7 +73,6 @@ environments:
         addRedirect: True
         enablePermanentRedirect: True
         oldDomain: meet-staging.beta.numerique.gouv.fr
-        tlsOldSecretName: meet-tls
         newDomain: visio-staging.beta.numerique.gouv.fr
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml
@@ -86,5 +84,9 @@ environments:
   production:
     values:
       - version: 0.0.1
+        addRedirect: True
+        enablePermanentRedirect: True
+        oldDomain: meet.numerique.gouv.fr
+        newDomain: visio.numerique.gouv.fr
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml