feat(infra): Meet integration, La Suite theming, Pingora SSH + meet routes
Meet: add backend/frontend/celery deployments and services, meet-config ConfigMap, nginx SPA config, VSO secrets (meet-db-credentials VDS, meet-django-secret and meet-livekit VSS). Wire oidc-meet OAuth2Client. La Suite overlay discipline: move people/docs frontend nginx ConfigMaps and patches from overlays/local to base so both environments share them. Remove values-ory.yaml (folded into base). Add docs-frontend nginx config with sub_filter theming. Add local gitea mkcert CA patch. Pingora: add [ssh] TCP passthrough block (port 22 → Gitea SSH pod) and split meet route into frontend default + backend paths for /api/, /admin/, /oidc/, /static/, /__. Remove now-unused values-pingora.yaml from production overlay (host ports moved to patch-pingora-hostport.yaml). Update both overlay kustomizations to reference all new resources and add meet-backend/meet-frontend image entries.
This commit is contained in:
44
base/lasuite/people-frontend-nginx-configmap.yaml
Normal file
44
base/lasuite/people-frontend-nginx-configmap.yaml
Normal file
@@ -0,0 +1,44 @@
|
||||
# nginx config for people-frontend that rewrites the hardcoded production
|
||||
# integration URL baked into the desk static Next.js build.
|
||||
#
|
||||
# sub_filter rewrites integration.lasuite.numerique.gouv.fr → integration.DOMAIN_SUFFIX
|
||||
# so the gaufre.js widget and services.json come from our own integration service.
|
||||
# gzip must be off for sub_filter to work on JS responses.
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: people-frontend-nginx-conf
|
||||
namespace: lasuite
|
||||
data:
|
||||
default.conf: |
|
||||
server {
|
||||
listen 3000;
|
||||
listen 8080;
|
||||
server_name localhost;
|
||||
server_tokens off;
|
||||
|
||||
root /usr/share/nginx/html;
|
||||
|
||||
gzip off;
|
||||
sub_filter 'integration.lasuite.numerique.gouv.fr' 'integration.DOMAIN_SUFFIX';
|
||||
sub_filter '</head>' '<link rel="preconnect" href="https://fonts.googleapis.com"><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Ysabeau+Variable:ital,wght@0,100..900;1,100..900&display=swap"><link rel="stylesheet" href="https://integration.DOMAIN_SUFFIX/api/v2/theme.css"></head>';
|
||||
sub_filter_once off;
|
||||
sub_filter_types text/html application/javascript;
|
||||
|
||||
location / {
|
||||
try_files $uri index.html $uri/ =404;
|
||||
}
|
||||
|
||||
location /teams/ {
|
||||
error_page 404 /teams/[id]/;
|
||||
}
|
||||
|
||||
location /mail-domains/ {
|
||||
error_page 404 /mail-domains/[slug]/;
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /404.html {
|
||||
internal;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user