studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix meet: ALLOWED_HOSTS, OIDC callback, and LiveKit connectivity

Browse Source 
- meet-config: rename ALLOWED_HOSTS → DJANGO_ALLOWED_HOSTS (django-configurations
  ListValue uses DJANGO_ prefix by default; without it the list was empty and
  every browser request got 400 DisallowedHost)
- meet-config: set LIVEKIT_API_URL to public https://livekit.DOMAIN_SUFFIX so
  the meet frontend can reach LiveKit for WebSocket signaling
- pingora-config: add livekit.DOMAIN_SUFFIX → livekit-server:80 WebSocket route
- cert-manager: add livekit.DOMAIN_SUFFIX to TLS cert dnsNames
- oidc-clients: fix meet redirect URI /oidc/callback/ → /api/v1.0/callback/
  (meet embeds mozilla-django-oidc inside the api/v1.0/ prefix); add
  postLogoutRedirectUri for clean logout
- livekit-values: replace hardcoded devkey:secret-placeholder with key_file
  loaded from a VSO-managed K8s Secret (secret/livekit in OpenBao)
- media/vault-secrets: add VaultAuth + VaultStaticSecret for media namespace
  to sync livekit API credentials from OpenBao
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-06 13:56:29 +00:00
parent 1d01a1411a
commit f3faf31d4b
7 changed files with 53 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
base/lasuite/oidc-clients.yaml
View File

@@ -61,7 +61,9 @@ spec:
- code
scope: openid email profile
redirectUris:
- https://meet.DOMAIN_SUFFIX/oidc/callback/
- https://meet.DOMAIN_SUFFIX/api/v1.0/callback/
postLogoutRedirectUris:
- https://meet.DOMAIN_SUFFIX/api/v1.0/logout-callback/
tokenEndpointAuthMethod: client_secret_post
secretName: oidc-meet
skipConsent: true