2ef95aa835
Refactor BaseEgress class to leverage latest livekit-api client's custom session support. Simplifies code by using built-in capability to disable SSL verification in development environments instead of previous workaround.
245 lines
7.5 KiB
Go Template
245 lines
7.5 KiB
Go Template
secrets:
|
|
- name: oidcLogin
|
|
itemId: a25effec-eaea-4ce1-9ed8-3a3cc1c734db
|
|
field: username
|
|
podVariable: OIDC_RP_CLIENT_ID
|
|
clusterSecretStore: bitwarden-login-meet
|
|
- name: oidcPass
|
|
itemId: a25effec-eaea-4ce1-9ed8-3a3cc1c734db
|
|
field: password
|
|
podVariable: OIDC_RP_CLIENT_SECRET
|
|
clusterSecretStore: bitwarden-login-meet
|
|
- name: brevoApiKey
|
|
itemId: 99107889-6124-4436-97cc-a5193f28443f
|
|
field: password
|
|
podVariable: BREVO_API_KEY
|
|
clusterSecretStore: bitwarden-login-meet
|
|
image:
|
|
repository: localhost:5001/meet-backend
|
|
pullPolicy: Always
|
|
tag: "latest"
|
|
|
|
backend:
|
|
replicas: 1
|
|
envVars:
|
|
DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.127.0.0.1.nip.io,http://meet.127.0.0.1.nip.io
|
|
DJANGO_CONFIGURATION: Production
|
|
DJANGO_ALLOWED_HOSTS: meet.127.0.0.1.nip.io
|
|
DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
|
|
DJANGO_SETTINGS_MODULE: meet.settings
|
|
DJANGO_SILENCED_SYSTEM_CHECKS: security.W004, security.W008
|
|
DJANGO_SUPERUSER_PASSWORD: admin
|
|
DJANGO_EMAIL_HOST: "mailcatcher"
|
|
DJANGO_EMAIL_PORT: 1025
|
|
DJANGO_EMAIL_USE_SSL: False
|
|
DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
|
|
DJANGO_EMAIL_SUPPORT_EMAIL: "test@yopmail.com"
|
|
DJANGO_EMAIL_LOGO_IMG: https://meet.127.0.0.1.nip.io/assets/logo-suite-numerique.png
|
|
DJANGO_EMAIL_DOMAIN: meet.127.0.0.1.nip.io
|
|
DJANGO_EMAIL_APP_BASE_URL: https://meet.127.0.0.1.nip.io
|
|
OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks
|
|
OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize
|
|
OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token
|
|
OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo
|
|
OIDC_OP_LOGOUT_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/session/end
|
|
OIDC_RP_CLIENT_ID:
|
|
secretKeyRef:
|
|
name: backend
|
|
key: OIDC_RP_CLIENT_ID
|
|
OIDC_RP_CLIENT_SECRET:
|
|
secretKeyRef:
|
|
name: backend
|
|
key: OIDC_RP_CLIENT_SECRET
|
|
OIDC_RP_SIGN_ALGO: RS256
|
|
OIDC_RP_SCOPES: "openid email given_name usual_name"
|
|
OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io
|
|
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
|
|
LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io
|
|
LOGIN_REDIRECT_URL_FAILURE: https://meet.127.0.0.1.nip.io
|
|
LOGOUT_REDIRECT_URL: https://meet.127.0.0.1.nip.io
|
|
DB_HOST: postgres-postgresql
|
|
DB_NAME: meet
|
|
DB_USER: dinum
|
|
DB_PASSWORD: pass
|
|
DB_PORT: 5432
|
|
POSTGRES_DB: meet
|
|
POSTGRES_USER: dinum
|
|
POSTGRES_PASSWORD: pass
|
|
REDIS_URL: redis://default:pass@redis-master:6379/1
|
|
STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
|
|
{{- with .Values.livekit.keys }}
|
|
{{- range $key, $value := . }}
|
|
LIVEKIT_API_SECRET: {{ $value }}
|
|
LIVEKIT_API_KEY: {{ $key }}
|
|
{{- end }}
|
|
{{- end }}
|
|
LIVEKIT_API_URL: https://livekit.127.0.0.1.nip.io/
|
|
ALLOW_UNREGISTERED_ROOMS: False
|
|
FRONTEND_SILENCE_LIVEKIT_DEBUG: False
|
|
FRONTEND_SUPPORT: "{'id': '58ea6697-8eba-4492-bc59-ad6562585041'}"
|
|
AWS_S3_ENDPOINT_URL: http://minio.meet.svc.cluster.local:9000
|
|
AWS_S3_ACCESS_KEY_ID: meet
|
|
AWS_S3_SECRET_ACCESS_KEY: password
|
|
AWS_STORAGE_BUCKET_NAME: meet-media-storage
|
|
AWS_S3_REGION_NAME: local
|
|
RECORDING_ENABLE: True
|
|
RECORDING_STORAGE_EVENT_ENABLE: True
|
|
RECORDING_STORAGE_EVENT_TOKEN: password
|
|
SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/
|
|
SUMMARY_SERVICE_API_TOKEN: password
|
|
SCREEN_RECORDING_BASE_URL: https://meet.127.0.0.1.nip.io/recordings
|
|
SIGNUP_NEW_USER_TO_MARKETING_EMAIL: True
|
|
BREVO_API_KEY:
|
|
secretKeyRef:
|
|
name: backend
|
|
key: BREVO_API_KEY
|
|
BREVO_API_CONTACT_LIST_IDS: 8
|
|
SSL_CERT_FILE: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
|
|
|
|
|
|
migrate:
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
python manage.py migrate --no-input &&
|
|
python manage.py create_demo --force
|
|
restartPolicy: Never
|
|
|
|
command:
|
|
- "gunicorn"
|
|
- "-c"
|
|
- "/usr/local/etc/gunicorn/meet.py"
|
|
- "meet.wsgi:application"
|
|
- "--reload"
|
|
|
|
createsuperuser:
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
python manage.py createsuperuser --email admin@example.com --password admin
|
|
restartPolicy: Never
|
|
|
|
# Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false
|
|
extraVolumeMounts:
|
|
- name: certs
|
|
mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
|
|
subPath: cacert.pem
|
|
|
|
# Extra volumes to manage our local custom CA and avoid to set ssl_verify: false
|
|
extraVolumes:
|
|
- name: certs
|
|
configMap:
|
|
name: certifi
|
|
items:
|
|
- key: cacert.pem
|
|
path: cacert.pem
|
|
|
|
frontend:
|
|
envVars:
|
|
VITE_PORT: 8080
|
|
VITE_HOST: 0.0.0.0
|
|
VITE_API_BASE_URL: https://meet.127.0.0.1.nip.io/
|
|
|
|
replicas: 1
|
|
|
|
image:
|
|
repository: localhost:5001/meet-frontend
|
|
pullPolicy: Always
|
|
tag: "latest"
|
|
|
|
ingress:
|
|
enabled: true
|
|
host: meet.127.0.0.1.nip.io
|
|
|
|
ingressAdmin:
|
|
enabled: true
|
|
host: meet.127.0.0.1.nip.io
|
|
|
|
posthog:
|
|
ingress:
|
|
enabled: false
|
|
|
|
ingressAssets:
|
|
enabled: false
|
|
|
|
summary:
|
|
replicas: 1
|
|
envVars:
|
|
APP_NAME: summary-microservice
|
|
APP_API_TOKEN: password
|
|
AWS_STORAGE_BUCKET_NAME: meet-media-storage
|
|
AWS_S3_ENDPOINT_URL: minio.meet.svc.cluster.local:9000
|
|
AWS_S3_ACCESS_KEY_ID: meet
|
|
AWS_S3_SECRET_ACCESS_KEY: password
|
|
OPENAI_API_KEY: password
|
|
OPENAI_BASE_URL: https://albertine.beta.numerique.gouv.fr/v1
|
|
OPENAI_ASR_MODEL: openai/whisper-large-v3
|
|
OPENAI_LLM_MODEL: meta-llama/Llama-3.1-8B-Instruct
|
|
AWS_S3_SECURE_ACCESS: False
|
|
WEBHOOK_API_TOKEN: password
|
|
WEBHOOK_URL: https://www.mock-impress.com/webhook/
|
|
CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1
|
|
CELERY_RESULT_BACKEND: redis://default:pass@redis-master:6379/1
|
|
|
|
image:
|
|
repository: localhost:5001/meet-summary
|
|
pullPolicy: Always
|
|
tag: "latest"
|
|
|
|
command:
|
|
- "uvicorn"
|
|
- "summary.main:app"
|
|
- "--host"
|
|
- "0.0.0.0"
|
|
- "--port"
|
|
- "8000"
|
|
- "--reload"
|
|
|
|
celery:
|
|
replicas: 1
|
|
envVars:
|
|
APP_NAME: summary-microservice
|
|
APP_API_TOKEN: password
|
|
AWS_STORAGE_BUCKET_NAME: meet-media-storage
|
|
AWS_S3_ENDPOINT_URL: minio.meet.svc.cluster.local:9000
|
|
AWS_S3_ACCESS_KEY_ID: meet
|
|
AWS_S3_SECRET_ACCESS_KEY: password
|
|
OPENAI_API_KEY: password
|
|
OPENAI_BASE_URL: https://albertine.beta.numerique.gouv.fr/v1
|
|
OPENAI_ASR_MODEL: openai/whisper-large-v3
|
|
OPENAI_LLM_MODEL: meta-llama/Llama-3.1-8B-Instruct
|
|
AWS_S3_SECURE_ACCESS: False
|
|
WEBHOOK_API_TOKEN: password
|
|
WEBHOOK_URL: https://www.mock-impress.com/webhook/
|
|
CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1
|
|
CELERY_RESULT_BACKEND: redis://default:pass@redis-master:6379/1
|
|
|
|
image:
|
|
repository: localhost:5001/meet-summary
|
|
pullPolicy: Always
|
|
tag: "latest"
|
|
|
|
command:
|
|
- "celery"
|
|
- "-A"
|
|
- "summary.core.celery_worker"
|
|
- "worker"
|
|
- "--pool=solo"
|
|
- "--loglevel=info"
|
|
|
|
ingressMedia:
|
|
enabled: true
|
|
host: meet.127.0.0.1.nip.io
|
|
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/auth-url: https://meet.127.0.0.1.nip.io/api/v1.0/recordings/media-auth/
|
|
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
|
|
nginx.ingress.kubernetes.io/upstream-vhost: minio.meet.svc.cluster.local:9000
|
|
nginx.ingress.kubernetes.io/rewrite-target: /meet-media-storage/$1
|
|
|
|
serviceMedia:
|
|
host: minio.meet.svc.cluster.local
|
|
port: 9000
|