people/src/helm/env.d/production/values.desk.yaml.gotmpl

image:
  repository: lasuite/people-backend
  pullPolicy: Always
  tag: "v1.9.1"

backend:
  migrateJobAnnotations:
    argocd.argoproj.io/hook: PostSync
    argocd.argoproj.io/hook-delete-policy: HookSucceeded
  envVars:
    DJANGO_ADMIN_HEADER_BACKGROUND: "#dc3545"
    DJANGO_ADMIN_HEADER_COLOR: "#ffffff"
    DJANGO_CSRF_TRUSTED_ORIGINS: https://regie.numerique.gouv.fr
    DJANGO_CONFIGURATION: Production
    DJANGO_ALLOWED_HOSTS: "*"
    DJANGO_SECRET_KEY:
      secretKeyRef:
        name: backend
        key: DJANGO_SECRET_KEY
    DJANGO_SETTINGS_MODULE: people.settings
    DJANGO_SUPERUSER_EMAIL:
      secretKeyRef:
        name: backend
        key: DJANGO_SUPERUSER_EMAIL
    DJANGO_SUPERUSER_PASSWORD:
      secretKeyRef:
        name: backend
        key: DJANGO_SUPERUSER_PASSWORD
    DJANGO_EMAIL_HOST: "smtp.tem.scw.cloud"
    DJANGO_EMAIL_PORT: 587
    DJANGO_EMAIL_USE_TLS: True
    DJANGO_EMAIL_FROM: "noreply@regie.beta.numerique.gouv.fr"
    DJANGO_EMAIL_HOST_USER:
      secretKeyRef:
        name: backend
        key: DJANGO_EMAIL_HOST_USER
    DJANGO_EMAIL_HOST_PASSWORD:
      secretKeyRef:
        name: backend
        key: DJANGO_EMAIL_HOST_PASSWORD
    DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
    OIDC_OP_JWKS_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/jwks
    OIDC_OP_AUTHORIZATION_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/authorize
    OIDC_OP_TOKEN_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/token
    OIDC_OP_USER_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/userinfo
    OIDC_OP_LOGOUT_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/session/end
    ORGANIZATION_PLUGINS: ["plugins.organizations.NameFromSiretOrganizationPlugin"]
    OIDC_ORGANIZATION_REGISTRATION_ID_FIELD: "siret"
    OIDC_RP_CLIENT_ID:
      secretKeyRef:
        name: backend
        key: OIDC_RP_CLIENT_ID
    OIDC_RP_CLIENT_SECRET:
      secretKeyRef:
        name: backend
        key: OIDC_RP_CLIENT_SECRET
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email siret"
    OIDC_REDIRECT_ALLOWED_HOSTS: https://regie.numerique.gouv.fr
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
    ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "^[0-9]{14}$"}}]'
    LOGIN_REDIRECT_URL: https://regie.numerique.gouv.fr
    LOGIN_REDIRECT_URL_FAILURE: https://regie.numerique.gouv.fr
    LOGOUT_REDIRECT_URL: https://regie.numerique.gouv.fr
    DB_HOST:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
        key: host
    DB_NAME:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
        key: database
    DB_USER:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
        key: username
    DB_PASSWORD:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
        key: password
    DB_PORT:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
        key: port
    POSTGRES_USER:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
        key: username
    POSTGRES_DB:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
        key: database
    POSTGRES_PASSWORD:
      secretKeyRef:
        name: postgresql.postgres.libre.sh
        key: password
    REDIS_URL:
      secretKeyRef:
        name: redis.redis.libre.sh
        key: url
    WEBMAIL_URL: "https://webmail.numerique.gouv.fr"
    MAIL_PROVISIONING_API_URL: "https://api.ovhprod.dimail1.numerique.gouv.fr"
    MAIL_PROVISIONING_API_CREDENTIALS:
      secretKeyRef:
        name: backend
        key: MAIL_PROVISIONING_API_CREDENTIALS
    FEATURE_TEAMS_DISPLAY: False
    FEATURE_CONTACTS_DISPLAY: False
    FEATURE_CONTACTS_CREATE: False
    FEATURE_TEAMS_CREATE: False
    FEATURE_MAILBOXES_CREATE: False
    SENTRY_DSN: "https://b72746c73d669421e7a8ccd3fab0fad2@sentry.incubateur.net/171"

  createsuperuser:
    command:
      - "/bin/sh"
      - "-c"
      - python manage.py createsuperuser --username $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
    restartPolicy: Never

frontend:
  image:
    repository: lasuite/people-frontend
    pullPolicy: Always
    tag: "v1.9.1"

ingress:
  enabled: true
  host: regie.numerique.gouv.fr
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt

ingressAdmin:
  enabled: true
  host: regie.numerique.gouv.fr
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy.beta.numerique.gouv.fr/oauth2/start
    nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy.beta.numerique.gouv.fr/oauth2/auth