docs/src/helm/env.d/dev/values.impress.yaml.gotmpl at baac317c97fd78aa444b0ab4673b588cbd45f3c5 · suitenumerique/docs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
djangoSecretKey: &djangoSecretKey "lkjsdlfkjsldkfjslkdfjslkdjfslkdjf"
djangoSuperUserEmail: admin@example.com
djangoSuperUserPass: admin
aiApiKey: changeme
aiBaseUrl: changeme
oidc:
    clientId: impress
    clientSecret: ThisIsAnExampleKeyForDevPurposeOnly

image:
  repository: localhost:5001/impress-backend
  pullPolicy: Always
  tag: "latest"

backend:
  replicas: 1
  envVars:
    COLLABORATION_SERVER_SECRET: my-secret
    DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io
    DJANGO_CONFIGURATION: Feature
    DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io
    DJANGO_SERVER_TO_SERVER_API_TOKENS: secret-api-key
    DJANGO_SECRET_KEY: *djangoSecretKey
    DJANGO_SETTINGS_MODULE: impress.settings
    DJANGO_SUPERUSER_PASSWORD: admin
    DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
    DJANGO_EMAIL_HOST: "mailcatcher"
    DJANGO_EMAIL_LOGO_IMG: https://impress.127.0.0.1.nip.io/assets/logo-suite-numerique.png
    DJANGO_EMAIL_PORT: 1025
    DJANGO_EMAIL_USE_SSL: False
    LOGGING_LEVEL_HANDLERS_CONSOLE: ERROR
    LOGGING_LEVEL_LOGGERS_ROOT: INFO
    LOGGING_LEVEL_LOGGERS_APP: INFO
    OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
    OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name"
    OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/certs
    OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/auth
    OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/token
    OIDC_OP_USER_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/userinfo
    OIDC_OP_LOGOUT_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/logout
    OIDC_RP_CLIENT_ID: impress
    OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email"
    LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io
    LOGIN_REDIRECT_URL_FAILURE: https://impress.127.0.0.1.nip.io
    LOGOUT_REDIRECT_URL: https://impress.127.0.0.1.nip.io
    DB_HOST: postgres-postgresql
    DB_NAME: impress
    DB_USER: dinum
    DB_PASSWORD: pass
    DB_PORT: 5432
    FRONTEND_FOOTER_FEATURE_ENABLED: true
    FRONTEND_URL_JSON_FOOTER: https://impress.127.0.0.1.nip.io/contents/footer-demo.json
    POSTGRES_DB: impress
    POSTGRES_USER: dinum
    POSTGRES_PASSWORD: pass
    REDIS_URL: redis://default:pass@redis-master:6379/1
    AWS_S3_ENDPOINT_URL: http://minio.impress.svc.cluster.local:9000
    AWS_S3_ACCESS_KEY_ID: root
    AWS_S3_SECRET_ACCESS_KEY: password
    AWS_STORAGE_BUCKET_NAME: impress-media-storage
    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
    Y_PROVIDER_API_BASE_URL: http://impress-y-provider:443/api/
    Y_PROVIDER_API_KEY: my-secret
  migrate:
    command:
      - "/bin/sh"
      - "-c"
      - |
        python manage.py migrate --no-input &&
        python manage.py create_demo --force
    restartPolicy: Never

  command:
    - "gunicorn"
    - "-c"
    - "/usr/local/etc/gunicorn/impress.py"
    - "impress.wsgi:application"
    - "--reload"

  createsuperuser:
    command:
      - "/bin/sh"
      - "-c"
      - |
        python manage.py createsuperuser --email admin@example.com --password admin
    restartPolicy: Never

  # Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false
  extraVolumeMounts:
    - name: certs
      mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
      subPath: cacert.pem

  # Exra volumes to manage our local custom CA and avoid to set ssl_verify: false
  extraVolumes:
    - name: certs
      configMap:
        name: certifi
        items:
        - key: cacert.pem
          path: cacert.pem

frontend:
  envVars:
    PORT: 8080
    NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io

  replicas: 1
  command:
    - yarn
    - dev

  image:
    repository: localhost:5001/impress-frontend
    pullPolicy: Always
    tag: "latest"

yProvider:
  replicas: 1

  image:
    repository: localhost:5001/impress-y-provider
    pullPolicy: Always
    tag: "latest"

  envVars:
    COLLABORATION_BACKEND_BASE_URL: https://impress.127.0.0.1.nip.io
    COLLABORATION_LOGGING: true
    COLLABORATION_SERVER_ORIGIN: https://impress.127.0.0.1.nip.io
    COLLABORATION_SERVER_SECRET: my-secret
    Y_PROVIDER_API_KEY: my-secret

ingress:
  enabled: true
  host: impress.127.0.0.1.nip.io

ingressCollaborationWS:
  enabled: true
  host: impress.127.0.0.1.nip.io

ingressCollaborationApi:
  enabled: true
  host: impress.127.0.0.1.nip.io

ingressAdmin:
  enabled: true
  host: impress.127.0.0.1.nip.io

posthog:
  ingress:
    enabled: false

  ingressAssets:
    enabled: false

ingressMedia:
  enabled: true
  host: impress.127.0.0.1.nip.io

  annotations:
    nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/media-auth/
    nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
    nginx.ingress.kubernetes.io/upstream-vhost: minio.impress.svc.cluster.local:9000
    nginx.ingress.kubernetes.io/rewrite-target: /impress-media-storage/$1

serviceMedia:
  host: minio.impress.svc.cluster.local
  port: 9000