Skip to content

Commit c0623e8

Browse files
AntoLCAntoLC
committed
📸(helm) production-example
We add a "production-example" environment to the helm chart. We have the "dev" environment already, but this one can be mistaken for a production, so we add a "production-example" to make it clear. "dev" is for development, it is used by our Tilt stack.
1 parent 33d1f3c commit c0623e8

File tree

1 file changed

+220
-0
lines changed

1 file changed

+220
-0
lines changed

src/helm/env.d/production-example/values.impress.yaml.gotmpl

Lines changed: 220 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,220 @@
1+
image:
2+
repository: lasuite/impress-backend
3+
pullPolicy: Always
4+
tag: "v1.10.0"
5+
6+
backend:
7+
migrateJobAnnotations:
8+
argocd.argoproj.io/hook: PostSync
9+
argocd.argoproj.io/hook-delete-policy: HookSucceeded
10+
envVars:
11+
AI_API_KEY:
12+
secretKeyRef:
13+
name: backend
14+
key: AI_API_KEY
15+
AI_BASE_URL: https://albert.api.etalab.gouv.fr/v1/
16+
AI_MODEL: meta-llama/Meta-Llama-3.1-70B-Instruct
17+
COLLABORATION_API_URL: https://docs.numerique.gouv.fr/collaboration/api/
18+
COLLABORATION_SERVER_SECRET:
19+
secretKeyRef:
20+
name: backend
21+
key: COLLABORATION_SERVER_SECRET
22+
DJANGO_CSRF_TRUSTED_ORIGINS: https://docs.numerique.gouv.fr
23+
DJANGO_CONFIGURATION: Production
24+
DJANGO_ALLOWED_HOSTS: docs.numerique.gouv.fr
25+
DJANGO_SECRET_KEY:
26+
secretKeyRef:
27+
name: backend
28+
key: DJANGO_SECRET_KEY
29+
DJANGO_SERVER_TO_SERVER_API_TOKENS:
30+
secretKeyRef:
31+
name: backend
32+
key: DJANGO_SERVER_TO_SERVER_API_TOKENS
33+
DJANGO_SETTINGS_MODULE: impress.settings
34+
DJANGO_SUPERUSER_EMAIL:
35+
secretKeyRef:
36+
name: backend
37+
key: DJANGO_SUPERUSER_EMAIL
38+
DJANGO_SUPERUSER_PASSWORD:
39+
secretKeyRef:
40+
name: backend
41+
key: DJANGO_SUPERUSER_PASSWORD
42+
DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
43+
DJANGO_EMAIL_HOST: "smtp.tem.scw.cloud"
44+
DJANGO_EMAIL_LOGO_IMG: https://docs.numerique.gouv.fr/assets/logo-suite-numerique.png
45+
DJANGO_EMAIL_PORT: 587
46+
DJANGO_EMAIL_USE_TLS: True
47+
DJANGO_EMAIL_FROM: "[email protected]"
48+
DJANGO_EMAIL_HOST_USER:
49+
secretKeyRef:
50+
name: backend
51+
key: DJANGO_EMAIL_HOST_USER
52+
DJANGO_EMAIL_HOST_PASSWORD:
53+
secretKeyRef:
54+
name: backend
55+
key: DJANGO_EMAIL_HOST_PASSWORD
56+
DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
57+
OIDC_OP_JWKS_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/jwks
58+
OIDC_OP_AUTHORIZATION_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/authorize
59+
OIDC_OP_TOKEN_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/token
60+
OIDC_OP_USER_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/userinfo
61+
OIDC_OP_LOGOUT_ENDPOINT: https://auth.agentconnect.gouv.fr/api/v2/session/end
62+
OIDC_RP_CLIENT_ID:
63+
secretKeyRef:
64+
name: backend
65+
key: OIDC_RP_CLIENT_ID
66+
OIDC_RP_CLIENT_SECRET:
67+
secretKeyRef:
68+
name: backend
69+
key: OIDC_RP_CLIENT_SECRET
70+
OIDC_RP_SIGN_ALGO: RS256
71+
OIDC_RP_SCOPES: "openid email given_name usual_name"
72+
USER_OIDC_FIELD_TO_SHORTNAME: "given_name"
73+
USER_OIDC_FIELDS_TO_FULLNAME: "given_name,usual_name"
74+
OIDC_REDIRECT_ALLOWED_HOSTS: https://docs.numerique.gouv.fr
75+
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
76+
LOGIN_REDIRECT_URL: https://docs.numerique.gouv.fr
77+
LOGIN_REDIRECT_URL_FAILURE: https://docs.numerique.gouv.fr
78+
LOGOUT_REDIRECT_URL: https://docs.numerique.gouv.fr
79+
DB_HOST:
80+
secretKeyRef:
81+
name: postgresql.postgres.libre.sh
82+
key: host
83+
DB_NAME:
84+
secretKeyRef:
85+
name: postgresql.postgres.libre.sh
86+
key: database
87+
DB_USER:
88+
secretKeyRef:
89+
name: postgresql.postgres.libre.sh
90+
key: username
91+
DB_PASSWORD:
92+
secretKeyRef:
93+
name: postgresql.postgres.libre.sh
94+
key: password
95+
DB_PORT:
96+
secretKeyRef:
97+
name: postgresql.postgres.libre.sh
98+
key: port
99+
POSTGRES_USER:
100+
secretKeyRef:
101+
name: postgresql.postgres.libre.sh
102+
key: username
103+
POSTGRES_DB:
104+
secretKeyRef:
105+
name: postgresql.postgres.libre.sh
106+
key: database
107+
POSTGRES_PASSWORD:
108+
secretKeyRef:
109+
name: postgresql.postgres.libre.sh
110+
key: password
111+
REDIS_URL:
112+
secretKeyRef:
113+
name: redis.redis.libre.sh
114+
key: url
115+
AWS_S3_ENDPOINT_URL:
116+
secretKeyRef:
117+
name: impress-media-storage.bucket.libre.sh
118+
key: url
119+
AWS_S3_ACCESS_KEY_ID:
120+
secretKeyRef:
121+
name: impress-media-storage.bucket.libre.sh
122+
key: accessKey
123+
AWS_S3_SECRET_ACCESS_KEY:
124+
secretKeyRef:
125+
name: impress-media-storage.bucket.libre.sh
126+
key: secretKey
127+
AWS_STORAGE_BUCKET_NAME:
128+
secretKeyRef:
129+
name: impress-media-storage.bucket.libre.sh
130+
key: bucket
131+
AWS_S3_REGION_NAME: local
132+
STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
133+
Y_PROVIDER_API_BASE_URL: http://impress-y-provider:443/api/
134+
Y_PROVIDER_API_KEY:
135+
secretKeyRef:
136+
name: backend
137+
key: Y_PROVIDER_API_KEY
138+
139+
createsuperuser:
140+
command:
141+
- "/bin/sh"
142+
- "-c"
143+
- |
144+
python manage.py createsuperuser --email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
145+
restartPolicy: Never
146+
147+
frontend:
148+
image:
149+
repository: lasuite/impress-frontend
150+
pullPolicy: Always
151+
tag: "v1.10.0"
152+
153+
yProvider:
154+
image:
155+
repository: lasuite/impress-y-provider
156+
pullPolicy: Always
157+
tag: "v1.10.0"
158+
159+
envVars:
160+
COLLABORATION_LOGGING: true
161+
COLLABORATION_SERVER_ORIGIN: https://docs.numerique.gouv.fr
162+
COLLABORATION_SERVER_SECRET:
163+
secretKeyRef:
164+
name: backend
165+
key: COLLABORATION_SERVER_SECRET
166+
Y_PROVIDER_API_KEY:
167+
secretKeyRef:
168+
name: backend
169+
key: Y_PROVIDER_API_KEY
170+
171+
ingress:
172+
enabled: true
173+
host: docs.numerique.gouv.fr
174+
className: nginx
175+
annotations:
176+
cert-manager.io/cluster-issuer: letsencrypt
177+
178+
ingressCollaborationWS:
179+
enabled: true
180+
host: docs.numerique.gouv.fr
181+
className: nginx
182+
183+
annotations:
184+
cert-manager.io/cluster-issuer: letsencrypt
185+
nginx.ingress.kubernetes.io/auth-url: https://docs.numerique.gouv.fr/api/v1.0/documents/collaboration-auth/
186+
187+
ingressCollaborationApi:
188+
enabled: true
189+
host: docs.numerique.gouv.fr
190+
className: nginx
191+
192+
annotations:
193+
cert-manager.io/cluster-issuer: letsencrypt
194+
195+
ingressAdmin:
196+
enabled: true
197+
host: docs.numerique.gouv.fr
198+
className: nginx
199+
annotations:
200+
cert-manager.io/cluster-issuer: letsencrypt
201+
nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy.beta.numerique.gouv.fr/oauth2/start
202+
nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy.beta.numerique.gouv.fr/oauth2/auth
203+
204+
ingressMedia:
205+
enabled: true
206+
host: docs.numerique.gouv.fr
207+
208+
annotations:
209+
cert-manager.io/cluster-issuer: letsencrypt
210+
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
211+
nginx.ingress.kubernetes.io/auth-url: https://docs.numerique.gouv.fr/api/v1.0/documents/media-auth/
212+
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
213+
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
214+
nginx.ingress.kubernetes.io/rewrite-target: /impress-impress-media-storage/$1
215+
nginx.ingress.kubernetes.io/ssl-redirect: "true"
216+
nginx.ingress.kubernetes.io/upstream-vhost: s3.hedy-lamarr.indiehosters.net
217+
218+
serviceMedia:
219+
host: s3.hedy-lamarr.indiehosters.net
220+
port: 443

0 commit comments

Comments
 (0)