🔧(helm) offer a standalone dev environment

Offer a standalone dev environment or a dinum specific dev environment with ProConnect authentication. Needed to refactor the way secrets are managed in the project, and also re-organize the Helm chart to make it totally standalone. Particulary useful for external wanting to run the project. Work done by @rouja.
2024-12-20 14:07:01 +01:00
parent 4c0230d537
commit b51f127872
24 changed files with 208 additions and 849 deletions
--- a/src/helm/env.d/dev/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/dev/values.meet.yaml.gotmpl
@@ -1,3 +1,14 @@
+secrets:
+  - name: oidcLogin
+    itemId: a25effec-eaea-4ce1-9ed8-3a3cc1c734db
+    field: username
+    podVariable: OIDC_RP_CLIENT_ID
+    clusterSecretStore: bitwarden-login-visio
+  - name: oidcPass
+    itemId: a25effec-eaea-4ce1-9ed8-3a3cc1c734db
+    field: password
+    podVariable: OIDC_RP_CLIENT_SECRET
+    clusterSecretStore: bitwarden-login-visio
 image:
  repository: localhost:5001/meet-backend
  pullPolicy: Always
@@ -21,8 +32,14 @@ backend:
    OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token
    OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo
    OIDC_OP_LOGOUT_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/session/end
-    OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }}
-    OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }}
+    OIDC_RP_CLIENT_ID:
+      secretKeyRef:
+        name: backend
+        key: OIDC_RP_CLIENT_ID
+    OIDC_RP_CLIENT_SECRET:
+      secretKeyRef:
+        name: backend
+        key: OIDC_RP_CLIENT_SECRET
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email given_name usual_name"
    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io