♻️(dev) refacto tilt stack
To be able to move the repository on the new organization and to facilitate external developer integration we need to create a standalone dev stack and use external secret.
This commit is contained in:
Jacques ROUSSEL
104
src/helm/env.d/dev-keycloak/values.desk.yaml.gotmpl
Normal file
104
src/helm/env.d/dev-keycloak/values.desk.yaml.gotmpl
Normal file
@@ -0,0 +1,104 @@
|
||||
image:
|
||||
repository: localhost:5001/people-backend
|
||||
pullPolicy: Always
|
||||
tag: "latest"
|
||||
|
||||
backend:
|
||||
replicas: 1
|
||||
envVars:
|
||||
DJANGO_CSRF_TRUSTED_ORIGINS: https://desk.127.0.0.1.nip.io,http://desk.127.0.0.1.nip.io
|
||||
DJANGO_CONFIGURATION: Local
|
||||
DJANGO_ALLOWED_HOSTS: "*"
|
||||
DJANGO_SECRET_KEY: kkdsjfhkjhsfdkjhsd76kjhkjh
|
||||
DJANGO_SETTINGS_MODULE: people.settings
|
||||
DJANGO_SUPERUSER_PASSWORD: admin
|
||||
DJANGO_SUPERUSER_EMAIL: admin@example.com
|
||||
DJANGO_EMAIL_HOST_PASSWORD: changeme
|
||||
DJANGO_EMAIL_HOST: "mailcatcher"
|
||||
DJANGO_EMAIL_PORT: 1025
|
||||
DJANGO_EMAIL_USE_SSL: False
|
||||
OIDC_RS_CLIENT_ID: changeme
|
||||
OIDC_RS_CLIENT_SECRET: changeme
|
||||
OIDC_RS_PRIVATE_KEY_STR: "lkj"
|
||||
OIDC_OP_JWKS_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/people/protocol/openid-connect/certs
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/people/protocol/openid-connect/auth
|
||||
OIDC_OP_TOKEN_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/people/protocol/openid-connect/token
|
||||
OIDC_OP_USER_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/people/protocol/openid-connect/userinfo
|
||||
OIDC_OP_LOGOUT_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/people/protocol/openid-connect/logout
|
||||
OIDC_ORGANIZATION_REGISTRATION_ID_FIELD: "siret"
|
||||
OIDC_RP_CLIENT_ID: people
|
||||
OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
|
||||
OIDC_RP_SIGN_ALGO: RS256
|
||||
OIDC_RP_SCOPES: "openid email siret"
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS: https://desk.127.0.0.1.nip.io
|
||||
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
|
||||
ORGANIZATION_PLUGINS: "plugins.organizations.NameFromSiretOrganizationPlugin"
|
||||
ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "^[0-9]{14}$"}}]'
|
||||
LOGIN_REDIRECT_URL: https://desk.127.0.0.1.nip.io
|
||||
LOGIN_REDIRECT_URL_FAILURE: https://desk.127.0.0.1.nip.io
|
||||
LOGOUT_REDIRECT_URL: https://desk.127.0.0.1.nip.io
|
||||
DB_HOST: postgres-postgresql
|
||||
DB_NAME: people
|
||||
DB_USER: dinum
|
||||
DB_PASSWORD: pass
|
||||
DB_PORT: 5432
|
||||
POSTGRES_DB: people
|
||||
POSTGRES_USER: dinum
|
||||
POSTGRES_PASSWORD: pass
|
||||
REDIS_URL: redis://default:pass@redis-master:6379/1
|
||||
WEBMAIL_URL: "https://onestendev.yapasdewebmail.fr"
|
||||
MAIL_PROVISIONING_API_URL: "http://dimail:8000"
|
||||
MAIL_PROVISIONING_API_CREDENTIALS: changeme
|
||||
SENTRY_DSN: "https://b72746c73d669421e7a8ccd3fab0fad2@sentry.incubateur.net/171"
|
||||
command:
|
||||
- "gunicorn"
|
||||
- "-c"
|
||||
- "/usr/local/etc/gunicorn/people.py"
|
||||
- "people.wsgi:application"
|
||||
- "--reload"
|
||||
|
||||
createsuperuser:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- python manage.py createsuperuser --username ${DJANGO_SUPERUSER_EMAIL} --password ${DJANGO_SUPERUSER_PASSWORD} || echo ok
|
||||
restartPolicy: Never
|
||||
|
||||
# Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false
|
||||
extraVolumeMounts:
|
||||
- name: certs
|
||||
mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
|
||||
subPath: cacert.pem
|
||||
|
||||
# Exra volumes to manage our local custom CA and avoid to set ssl_verify: false
|
||||
extraVolumes:
|
||||
- name: certs
|
||||
configMap:
|
||||
name: certifi
|
||||
items:
|
||||
- key: cacert.pem
|
||||
path: cacert.pem
|
||||
|
||||
frontend:
|
||||
envVars:
|
||||
PORT: 8080
|
||||
NEXT_PUBLIC_API_ORIGIN: https://desk.127.0.0.1.nip.io
|
||||
|
||||
replicas: 1
|
||||
command:
|
||||
- yarn
|
||||
- dev
|
||||
|
||||
image:
|
||||
repository: localhost:5001/people-frontend
|
||||
pullPolicy: Always
|
||||
tag: "latest"
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
host: desk.127.0.0.1.nip.io
|
||||
|
||||
ingressAdmin:
|
||||
enabled: true
|
||||
host: desk.127.0.0.1.nip.io
|
||||
|
||||
@@ -1,80 +0,0 @@
|
||||
djangoSecretKey: ENC[AES256_GCM,data:MeAsS1OoGaC1yKvK4jlsvtM/tnXdy3AiZItRafBIvHJzz2D1fQ2Ol85cX6cJ1H7XGRs=,iv:cV/H03WnCYiPgjvuQTUXuhsPd/mHforbI818lkv4Tcw=,tag:ofJ9+AA+aMxuAt03n2j6sQ==,type:str]
|
||||
djangoSuperUserPass: ENC[AES256_GCM,data:CrUCj+w=,iv:VvCIQYDvhbIeWI2lJt6kw4hBxzERY4H9OOV6CkCxXg4=,tag:e6LLH8bBenG7ZlWutkiECQ==,type:str]
|
||||
mail_provisioning_api_credentials: ENC[AES256_GCM,data:2iDJSkOV/muVZQ5ZrWyBB+uslzEj/4Yv,iv:awJgZ4wUl1xM19yTFooa1e/U91awm8xraZWEYI5ZIh4=,tag:/n64HEwNVO5f1XuoYBTI6g==,type:str]
|
||||
oidc:
|
||||
clientId: ENC[AES256_GCM,data:C7WWJAC02IZ47FVtHUoFMX/t9u9Ar1wU0xN54IR+TcVmNLR6,iv:GCu4unvxtV2sxxR+Jo9c39Zyo21utQPM4/iyk0OIFOE=,tag:qU5Vcfq9LRxffRJW/h1taA==,type:str]
|
||||
clientSecret: ENC[AES256_GCM,data:0FttMuHtz3zciIoGZl+2ele2SR2IGSW12RXZuYMZtHZBT71jgN4v9cR9zKPvpbudqGvoF86doPfHWZvBCcx6zA==,iv:HyfUnSsWWTVEK4Pf7kgK0MtlZvQiy6cKODjCw0WDG4w=,tag:0NbQK6+SWB82ul89kmzRHA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObklxN2hPUEd2bkZQSE1j
|
||||
MWE0a1dJcVloOTcyOHNmcC84dytaZ0NXNVJFCkl2eGFLUTh3LzFIRzNRNUhMT2Ir
|
||||
aWpxK2cvcVZXbUVTbFFUSFZnaGtuekEKLS0tIFJ2NnJMejZuYWFTbkFYNGYrSS9X
|
||||
aUxCb21NTlpYQWdraTA0djBsRkVCbGcK8l3yr3Wsit1bjWrHahdY4bPdVjz76WHC
|
||||
ESSR0ekaHw+7jXe8yhfalLrFTyN9aa5/wJOy51oNIh6i9J9qiGpt5A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRldFY3lFUkJ6UmhVUkJ5
|
||||
ZmlQczJ2MklFSy9BVVV3K0UwWVpIOW5FYkc0CnI4WHNhTk1qa1BmOU16L0k2YzV5
|
||||
Z25tT244NnlibVdMcWRWNlFleG1FYlUKLS0tIGpMcktpQjcva29TWVJkWGRNL0Vi
|
||||
RTZ2V2luMTdaUGU3a04xSU1aSFJ4WWsKqTKbwlTGmTc99D4Ud/ohQNWamGX9QR06
|
||||
jLLK2ySKP2EbBZxLe+3MZlufPPiESY8246pfdaymrdWZ1PS00TOdhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaMTVWNHlXc0k2UUM4b3Q2
|
||||
VTNQSmYySXc3Y0tWUHU2czhVWWt4bldabFdrClg2TWRvbHZkYVpiMnF2U2tPYXJy
|
||||
ZXNwQzBVcnBXMkxEMmNXeWFXWGNVb2sKLS0tIGduOWpSTkxCKzNXY2xtQS9rWGp2
|
||||
WTEyeDlRYlVtQTJ3N3RPMVpla0U3MTgK87FDs8GwhUGwgV5aLTWYAaVi+4QkWCmv
|
||||
BG/RfGeYAm87FGGg/UUEPUCZgLnYPZwz/SzKfAZQlRP5s3POFRGpEg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZHZCVlIwM2cyeVMzWUpR
|
||||
ZlFPSmthdGF2MVNwOFpjSWJmV1ptV3BZVHo0Ckh3ckc1K013YkdxUzNsMEUwa0pw
|
||||
SFdGR3lmTlpJRzRFVTRqRmc4SFlMMW8KLS0tIGxnSWhmWlpPelhlZTkwOXBrMDRT
|
||||
U1JPK3Z6NzBxNFNWenEyYVJZRzF2T1kKyFhaWvQ2/ZttyBDshz6fmhd3cgL31rhO
|
||||
0EtPVQO5p7kDDyG2/TyrfR32C5/5+YNqS+Cggk31jon7blNvV3asVA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hnhuzj96ktkhpyygvmz0x9h8mfvssz7ss6emmukags644mdhf4msajk93r
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUzVTRCtOWlBMOGwwMTNp
|
||||
ZndVZVZ4bXlPUHJCeFVhRVVpKzlmWnNZS0N3CjdWOGRNQmZkM2tib29NK0NXT3pH
|
||||
alNnVDhiUWlTUXJkc0ZRb3MyLzhjY3cKLS0tIENzRDllUVV0dkdyeVNoclUwc21Z
|
||||
amd2TEttd25PN2NNY0RFclZISFBaUVkKGUYbTjt/cw7KzHeSNt9Kem+Xhy7zcxC+
|
||||
JPEliPnJiMuzoZNIoKq0Ta1aWaC9leN5k5JAbFOpqQTkcY+38V3Fpw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuWlkvaWNjdnFFTG44UkN6
|
||||
Q3RaeUk3T3N1RFlISm1HQzkwa3MzdmtQSGdJCmdwM241WmhpS2ZKWVFNSmE5MTRQ
|
||||
c3FGeWFhZFpobjQ1SEV4OWR0ZDNLMWsKLS0tIGpqaU5jZ1NhakErd2JsZG53RDNv
|
||||
SXdwdThDSnRrRktSMW9xckpsNDNKV1kKI+iCo2o87qVA9E2dtnmIu251Xg0KbgVF
|
||||
/J/M1HQVnIEHxhQYSjXat0ZAZDs5B1YnZ+nUG3iJ8q1hOKp2O9xtIw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1rjchule5sncn8r8gfph07muee6vzx4wqfrtldt5jjzke4vlfxy2qqplfvc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoYUhBcjdGQTBTUWJ3cGgy
|
||||
NXJHYnM5dXZHTzNzL1NWSitEYit3NWNhN2hjClErOGNFLzZ6VHVnaFRyZk05dFB4
|
||||
M29ybkduSE44Uk9BcGN0aVQ0TUxxUVkKLS0tIGtsUGhMdXdIQlZNKzJNRzNnWUhF
|
||||
M2hQY3kraFNqbjU3SkIzcWdZeDZIWFkK7Z39fJzr7a7/Lk62hU9GUjQPeA6C4Jp7
|
||||
3Nj8sGpGKbt83u2tNYTHtpNa2a6MFqKfccxRKxwYUf9DfPRhH5p9nQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-23T09:37:33Z"
|
||||
mac: ENC[AES256_GCM,data:L6tN1Lx4FtDUty2OKHIS9KiaayX9mTwiXzBsrPP8rEM3Gs/Z/v4XMfiIylBs6m1XUwrOy7kFNUGfnu1d72nB4ukWZBHTmcE9wZ3U1AaEnjjMPdIlUtyaNxmAbw5/QprZcempMLd5750QjEUHqDTzmF2+yI+Jt0mRMQEAFYY/5b4=,iv:vyRwRl1minGkv3XJMORWaf5NwJXWGa8us/x/DAyRDrQ=,tag:zgKEgD7IH/b1x7LRzq2NXg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
@@ -1,3 +1,19 @@
|
||||
secrets:
|
||||
- name: oidcLogin
|
||||
itemId: 753d95be-f0d0-44ff-b8b9-bdd905f2ae1d
|
||||
field: username
|
||||
podVariable: OIDC_RP_CLIENT_ID
|
||||
clusterSecretStore: bitwarden-login-desk
|
||||
- name: oidcPass
|
||||
itemId: 753d95be-f0d0-44ff-b8b9-bdd905f2ae1d
|
||||
field: password
|
||||
podVariable: OIDC_RP_CLIENT_SECRET
|
||||
clusterSecretStore: bitwarden-login-desk
|
||||
- name: mail_provisioning_api_credentials
|
||||
itemId: 2fcb5d3c-d037-4ec5-967d-3d15b261e2ab
|
||||
field: password
|
||||
podVariable: MAIL_PROVISIONING_API_CREDENTIALS
|
||||
clusterSecretStore: bitwarden-login-desk
|
||||
image:
|
||||
repository: localhost:5001/people-backend
|
||||
pullPolicy: Always
|
||||
@@ -9,15 +25,10 @@ backend:
|
||||
DJANGO_CSRF_TRUSTED_ORIGINS: https://desk.127.0.0.1.nip.io,http://desk.127.0.0.1.nip.io
|
||||
DJANGO_CONFIGURATION: Local
|
||||
DJANGO_ALLOWED_HOSTS: "*"
|
||||
DJANGO_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SECRET_KEY
|
||||
DJANGO_SECRET_KEY: changeme
|
||||
DJANGO_SETTINGS_MODULE: people.settings
|
||||
DJANGO_SUPERUSER_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SUPERUSER_PASSWORD
|
||||
DJANGO_SUPERUSER_EMAIL: admin@example.com
|
||||
DJANGO_SUPERUSER_PASSWORD: admin
|
||||
DJANGO_EMAIL_HOST: "mailcatcher"
|
||||
DJANGO_EMAIL_PORT: 1025
|
||||
DJANGO_EMAIL_USE_SSL: False
|
||||
@@ -71,7 +82,7 @@ backend:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- python manage.py createsuperuser --username admin@example.com --password admin
|
||||
- python manage.py createsuperuser --username ${DJANGO_SUPERUSER_EMAIL} --password ${DJANGO_SUPERUSER_PASSWORD} || echo ok
|
||||
restartPolicy: Never
|
||||
|
||||
frontend:
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
../../../../secrets/numerique-gouv/people/env/preprod/secrets.enc.yaml
|
||||
@@ -1,139 +0,0 @@
|
||||
image:
|
||||
repository: lasuite/people-backend
|
||||
pullPolicy: Always
|
||||
tag: "v1.9.1"
|
||||
|
||||
backend:
|
||||
migrateJobAnnotations:
|
||||
argocd.argoproj.io/hook: PreSync
|
||||
argocd.argoproj.io/hook-delete-policy: HookSucceeded
|
||||
envVars:
|
||||
DJANGO_CSRF_TRUSTED_ORIGINS: https://desk-preprod.beta.numerique.gouv.fr
|
||||
DJANGO_CONFIGURATION: PreProduction
|
||||
DJANGO_ALLOWED_HOSTS: "*"
|
||||
DJANGO_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SECRET_KEY
|
||||
DJANGO_SETTINGS_MODULE: people.settings
|
||||
DJANGO_SUPERUSER_EMAIL:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SUPERUSER_EMAIL
|
||||
DJANGO_SUPERUSER_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SUPERUSER_PASSWORD
|
||||
DJANGO_EMAIL_HOST: "smtp.tem.scw.cloud"
|
||||
DJANGO_EMAIL_PORT: 587
|
||||
DJANGO_EMAIL_USE_TLS: True
|
||||
DJANGO_EMAIL_FROM: "noreply@regie.beta.numerique.gouv.fr"
|
||||
DJANGO_EMAIL_HOST_USER:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_EMAIL_HOST_USER
|
||||
DJANGO_EMAIL_HOST_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_EMAIL_HOST_PASSWORD
|
||||
DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
|
||||
OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize
|
||||
OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token
|
||||
OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo
|
||||
OIDC_OP_LOGOUT_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/session/end
|
||||
OIDC_ORGANIZATION_REGISTRATION_ID_FIELD: "siret"
|
||||
OIDC_RP_CLIENT_ID:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RP_CLIENT_ID
|
||||
OIDC_RP_CLIENT_SECRET:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RP_CLIENT_SECRET
|
||||
OIDC_RP_SIGN_ALGO: RS256
|
||||
OIDC_RP_SCOPES: "openid email siret"
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS: https://desk-preprod.beta.numerique.gouv.fr
|
||||
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
|
||||
ORGANIZATION_PLUGINS: ["plugins.organizations.NameFromSiretOrganizationPlugin"]
|
||||
ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "^[0-9]{14}$"}}]'
|
||||
LOGIN_REDIRECT_URL: https://desk-preprod.beta.numerique.gouv.fr
|
||||
LOGIN_REDIRECT_URL_FAILURE: https://desk-preprod.beta.numerique.gouv.fr
|
||||
LOGOUT_REDIRECT_URL: https://desk-preprod.beta.numerique.gouv.fr
|
||||
DB_HOST:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: host
|
||||
DB_NAME:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: database
|
||||
DB_USER:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: username
|
||||
DB_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: password
|
||||
DB_PORT:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: port
|
||||
POSTGRES_USER:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: username
|
||||
POSTGRES_DB:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: database
|
||||
POSTGRES_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: password
|
||||
REDIS_URL:
|
||||
secretKeyRef:
|
||||
name: redis.redis.libre.sh
|
||||
key: url
|
||||
WEBMAIL_URL: "https://webmail.test.ox.numerique.gouv.fr"
|
||||
MAIL_PROVISIONING_API_URL: "https://api.ovhdev.dimail1.numerique.gouv.fr"
|
||||
MAIL_PROVISIONING_API_CREDENTIALS:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: MAIL_PROVISIONING_API_CREDENTIALS
|
||||
FEATURE_TEAMS_DISPLAY: False
|
||||
FEATURE_CONTACTS_DISPLAY: False
|
||||
FEATURE_CONTACTS_CREATE: False
|
||||
FEATURE_TEAMS_CREATE: False
|
||||
FEATURE_MAILBOXES_CREATE: False
|
||||
SENTRY_DSN: "https://b72746c73d669421e7a8ccd3fab0fad2@sentry.incubateur.net/171"
|
||||
|
||||
createsuperuser:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- python manage.py createsuperuser --username $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
|
||||
restartPolicy: Never
|
||||
|
||||
frontend:
|
||||
image:
|
||||
repository: lasuite/people-frontend
|
||||
pullPolicy: Always
|
||||
tag: "v1.9.1"
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
host: desk-preprod.beta.numerique.gouv.fr
|
||||
className: nginx
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
|
||||
ingressAdmin:
|
||||
enabled: true
|
||||
host: desk-preprod.beta.numerique.gouv.fr
|
||||
className: nginx
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start
|
||||
nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth
|
||||
@@ -1 +0,0 @@
|
||||
../../../../secrets/numerique-gouv/people/env/production/secrets.enc.yaml
|
||||
@@ -1,141 +0,0 @@
|
||||
image:
|
||||
repository: lasuite/people-backend
|
||||
pullPolicy: Always
|
||||
tag: "v1.9.1"
|
||||
|
||||
backend:
|
||||
migrateJobAnnotations:
|
||||
argocd.argoproj.io/hook: PostSync
|
||||
argocd.argoproj.io/hook-delete-policy: HookSucceeded
|
||||
envVars:
|
||||
DJANGO_ADMIN_HEADER_BACKGROUND: "#dc3545"
|
||||
DJANGO_ADMIN_HEADER_COLOR: "#ffffff"
|
||||
DJANGO_CSRF_TRUSTED_ORIGINS: https://regie.numerique.gouv.fr
|
||||
DJANGO_CONFIGURATION: Production
|
||||
DJANGO_ALLOWED_HOSTS: "*"
|
||||
DJANGO_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SECRET_KEY
|
||||
DJANGO_SETTINGS_MODULE: people.settings
|
||||
DJANGO_SUPERUSER_EMAIL:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SUPERUSER_EMAIL
|
||||
DJANGO_SUPERUSER_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SUPERUSER_PASSWORD
|
||||
DJANGO_EMAIL_HOST: "smtp.tem.scw.cloud"
|
||||
DJANGO_EMAIL_PORT: 587
|
||||
DJANGO_EMAIL_USE_TLS: True
|
||||
DJANGO_EMAIL_FROM: "noreply@regie.beta.numerique.gouv.fr"
|
||||
DJANGO_EMAIL_HOST_USER:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_EMAIL_HOST_USER
|
||||
DJANGO_EMAIL_HOST_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_EMAIL_HOST_PASSWORD
|
||||
DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
|
||||
OIDC_OP_JWKS_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/jwks
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/authorize
|
||||
OIDC_OP_TOKEN_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/token
|
||||
OIDC_OP_USER_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/userinfo
|
||||
OIDC_OP_LOGOUT_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/session/end
|
||||
ORGANIZATION_PLUGINS: ["plugins.organizations.NameFromSiretOrganizationPlugin"]
|
||||
OIDC_ORGANIZATION_REGISTRATION_ID_FIELD: "siret"
|
||||
OIDC_RP_CLIENT_ID:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RP_CLIENT_ID
|
||||
OIDC_RP_CLIENT_SECRET:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RP_CLIENT_SECRET
|
||||
OIDC_RP_SIGN_ALGO: RS256
|
||||
OIDC_RP_SCOPES: "openid email siret"
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS: https://regie.numerique.gouv.fr
|
||||
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
|
||||
ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "^[0-9]{14}$"}}]'
|
||||
LOGIN_REDIRECT_URL: https://regie.numerique.gouv.fr
|
||||
LOGIN_REDIRECT_URL_FAILURE: https://regie.numerique.gouv.fr
|
||||
LOGOUT_REDIRECT_URL: https://regie.numerique.gouv.fr
|
||||
DB_HOST:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: host
|
||||
DB_NAME:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: database
|
||||
DB_USER:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: username
|
||||
DB_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: password
|
||||
DB_PORT:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: port
|
||||
POSTGRES_USER:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: username
|
||||
POSTGRES_DB:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: database
|
||||
POSTGRES_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: password
|
||||
REDIS_URL:
|
||||
secretKeyRef:
|
||||
name: redis.redis.libre.sh
|
||||
key: url
|
||||
WEBMAIL_URL: "https://webmail.numerique.gouv.fr"
|
||||
MAIL_PROVISIONING_API_URL: "https://api.ovhprod.dimail1.numerique.gouv.fr"
|
||||
MAIL_PROVISIONING_API_CREDENTIALS:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: MAIL_PROVISIONING_API_CREDENTIALS
|
||||
FEATURE_TEAMS_DISPLAY: False
|
||||
FEATURE_CONTACTS_DISPLAY: False
|
||||
FEATURE_CONTACTS_CREATE: False
|
||||
FEATURE_TEAMS_CREATE: False
|
||||
FEATURE_MAILBOXES_CREATE: False
|
||||
SENTRY_DSN: "https://b72746c73d669421e7a8ccd3fab0fad2@sentry.incubateur.net/171"
|
||||
|
||||
createsuperuser:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- python manage.py createsuperuser --username $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
|
||||
restartPolicy: Never
|
||||
|
||||
frontend:
|
||||
image:
|
||||
repository: lasuite/people-frontend
|
||||
pullPolicy: Always
|
||||
tag: "v1.9.1"
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
host: regie.numerique.gouv.fr
|
||||
className: nginx
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
|
||||
ingressAdmin:
|
||||
enabled: true
|
||||
host: regie.numerique.gouv.fr
|
||||
className: nginx
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy.beta.numerique.gouv.fr/oauth2/start
|
||||
nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy.beta.numerique.gouv.fr/oauth2/auth
|
||||
@@ -1 +0,0 @@
|
||||
../../../../secrets/numerique-gouv/people/env/staging/secrets.enc.yaml
|
||||
@@ -1,150 +0,0 @@
|
||||
image:
|
||||
repository: lasuite/people-backend
|
||||
pullPolicy: Always
|
||||
tag: "main"
|
||||
|
||||
backend:
|
||||
migrateJobAnnotations:
|
||||
argocd.argoproj.io/hook: PreSync
|
||||
argocd.argoproj.io/hook-delete-policy: HookSucceeded
|
||||
envVars:
|
||||
DJANGO_ADMIN_HEADER_BACKGROUND: "#0f5132"
|
||||
DJANGO_ADMIN_HEADER_COLOR: "#ffffff"
|
||||
DJANGO_CSRF_TRUSTED_ORIGINS: http://desk-staging.beta.numerique.gouv.fr,https://desk-staging.beta.numerique.gouv.fr
|
||||
DJANGO_CONFIGURATION: Staging
|
||||
DJANGO_ALLOWED_HOSTS: "*"
|
||||
DJANGO_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SECRET_KEY
|
||||
DJANGO_SETTINGS_MODULE: people.settings
|
||||
DJANGO_SUPERUSER_EMAIL:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SUPERUSER_EMAIL
|
||||
DJANGO_SUPERUSER_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_SUPERUSER_PASSWORD
|
||||
DJANGO_EMAIL_HOST: "smtp.tem.scw.cloud"
|
||||
DJANGO_EMAIL_PORT: 587
|
||||
DJANGO_EMAIL_USE_TLS: True
|
||||
DJANGO_EMAIL_FROM: "noreply@regie.beta.numerique.gouv.fr"
|
||||
DJANGO_EMAIL_HOST_USER:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_EMAIL_HOST_USER
|
||||
DJANGO_EMAIL_HOST_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: DJANGO_EMAIL_HOST_PASSWORD
|
||||
DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
|
||||
OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize
|
||||
OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token
|
||||
OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo
|
||||
OIDC_OP_LOGOUT_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/session/end
|
||||
OIDC_OP_INTROSPECTION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/checktoken
|
||||
OIDC_OP_URL: https://fca.integ01.dev-agentconnect.fr/api/v2
|
||||
OIDC_ORGANIZATION_REGISTRATION_ID_FIELD: "siret"
|
||||
OIDC_RP_CLIENT_ID:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RP_CLIENT_ID
|
||||
OIDC_RP_CLIENT_SECRET:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RP_CLIENT_SECRET
|
||||
OIDC_RS_CLIENT_ID:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RS_CLIENT_ID
|
||||
OIDC_RS_CLIENT_SECRET:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RS_CLIENT_SECRET
|
||||
OIDC_RS_PRIVATE_KEY_STR:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: OIDC_RS_PRIVATE_KEY_STR
|
||||
OIDC_RP_SIGN_ALGO: RS256
|
||||
OIDC_RP_SCOPES: "openid email siret"
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS: https://desk-staging.beta.numerique.gouv.fr
|
||||
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
|
||||
ORGANIZATION_PLUGINS: "plugins.organizations.NameFromSiretOrganizationPlugin"
|
||||
ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "^[0-9]{14}$"}}]'
|
||||
LOGIN_REDIRECT_URL: https://desk-staging.beta.numerique.gouv.fr
|
||||
LOGIN_REDIRECT_URL_FAILURE: https://desk-staging.beta.numerique.gouv.fr
|
||||
LOGOUT_REDIRECT_URL: https://desk-staging.beta.numerique.gouv.fr
|
||||
DB_HOST:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: host
|
||||
DB_NAME:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: database
|
||||
DB_USER:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: username
|
||||
DB_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: password
|
||||
DB_PORT:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: port
|
||||
POSTGRES_USER:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: username
|
||||
POSTGRES_DB:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: database
|
||||
POSTGRES_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: postgresql.postgres.libre.sh
|
||||
key: password
|
||||
REDIS_URL:
|
||||
secretKeyRef:
|
||||
name: redis.redis.libre.sh
|
||||
key: url
|
||||
WEBMAIL_URL: "https://webmail.test.ox.numerique.gouv.fr"
|
||||
MAIL_PROVISIONING_API_URL: "https://api.ovhdev.dimail1.numerique.gouv.fr"
|
||||
MAIL_PROVISIONING_API_CREDENTIALS:
|
||||
secretKeyRef:
|
||||
name: backend
|
||||
key: MAIL_PROVISIONING_API_CREDENTIALS
|
||||
SENTRY_DSN: "https://b72746c73d669421e7a8ccd3fab0fad2@sentry.incubateur.net/171"
|
||||
|
||||
createsuperuser:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- python manage.py createsuperuser --username $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
|
||||
restartPolicy: Never
|
||||
|
||||
frontend:
|
||||
image:
|
||||
repository: lasuite/people-frontend
|
||||
pullPolicy: Always
|
||||
tag: "main"
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
host: desk-staging.beta.numerique.gouv.fr
|
||||
className: nginx
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
|
||||
ingressAdmin:
|
||||
enabled: true
|
||||
host: desk-staging.beta.numerique.gouv.fr
|
||||
className: nginx
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start
|
||||
nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth
|
||||
Reference in New Issue
Block a user