mirror of
https://github.com/suitenumerique/docs
synced 2026-04-21 13:37:20 +00:00
df173c3ce6
The keycloak configuration used in dev environment is too generic and we can have a conflict with other project that are using the same ingress domain. Also the namespace was missing in the keycloak extra ConfigMap leading to creating it in the default namespace.
171 lines
5.2 KiB
Go Template
171 lines
5.2 KiB
Go Template
djangoSecretKey: &djangoSecretKey "lkjsdlfkjsldkfjslkdfjslkdjfslkdjf"
|
|
djangoSuperUserEmail: admin@example.com
|
|
djangoSuperUserPass: admin
|
|
aiApiKey: changeme
|
|
aiBaseUrl: changeme
|
|
oidc:
|
|
clientId: impress
|
|
clientSecret: ThisIsAnExampleKeyForDevPurposeOnly
|
|
|
|
image:
|
|
repository: localhost:5001/impress-backend
|
|
pullPolicy: Always
|
|
tag: "latest"
|
|
|
|
backend:
|
|
replicas: 1
|
|
envVars:
|
|
COLLABORATION_SERVER_SECRET: my-secret
|
|
DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io
|
|
DJANGO_CONFIGURATION: Feature
|
|
DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io
|
|
DJANGO_SERVER_TO_SERVER_API_TOKENS: secret-api-key
|
|
DJANGO_SECRET_KEY: *djangoSecretKey
|
|
DJANGO_SETTINGS_MODULE: impress.settings
|
|
DJANGO_SUPERUSER_PASSWORD: admin
|
|
DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
|
|
DJANGO_EMAIL_HOST: "mailcatcher"
|
|
DJANGO_EMAIL_LOGO_IMG: https://impress.127.0.0.1.nip.io/assets/logo-suite-numerique.png
|
|
DJANGO_EMAIL_PORT: 1025
|
|
DJANGO_EMAIL_USE_SSL: False
|
|
LOGGING_LEVEL_HANDLERS_CONSOLE: ERROR
|
|
LOGGING_LEVEL_LOGGERS_ROOT: INFO
|
|
LOGGING_LEVEL_LOGGERS_APP: INFO
|
|
USER_OIDC_FIELD_TO_SHORTNAME: "given_name"
|
|
USER_OIDC_FIELDS_TO_FULLNAME: "given_name,usual_name"
|
|
OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/certs
|
|
OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/auth
|
|
OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/token
|
|
OIDC_OP_USER_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/userinfo
|
|
OIDC_OP_LOGOUT_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/logout
|
|
OIDC_RP_CLIENT_ID: impress
|
|
OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
|
|
OIDC_RP_SIGN_ALGO: RS256
|
|
OIDC_RP_SCOPES: "openid email"
|
|
LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io
|
|
LOGIN_REDIRECT_URL_FAILURE: https://impress.127.0.0.1.nip.io
|
|
LOGOUT_REDIRECT_URL: https://impress.127.0.0.1.nip.io
|
|
DB_HOST: postgres-postgresql
|
|
DB_NAME: impress
|
|
DB_USER: dinum
|
|
DB_PASSWORD: pass
|
|
DB_PORT: 5432
|
|
FRONTEND_HOMEPAGE_FEATURE_ENABLED: true
|
|
FRONTEND_FOOTER_FEATURE_ENABLED: true
|
|
FRONTEND_URL_JSON_FOOTER: https://impress.127.0.0.1.nip.io/contents/footer-demo.json
|
|
POSTGRES_DB: impress
|
|
POSTGRES_USER: dinum
|
|
POSTGRES_PASSWORD: pass
|
|
REDIS_URL: redis://default:pass@redis-master:6379/1
|
|
AWS_S3_ENDPOINT_URL: http://minio.impress.svc.cluster.local:9000
|
|
AWS_S3_ACCESS_KEY_ID: root
|
|
AWS_S3_SECRET_ACCESS_KEY: password
|
|
AWS_STORAGE_BUCKET_NAME: impress-media-storage
|
|
STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
|
|
Y_PROVIDER_API_BASE_URL: http://impress-y-provider:443/api/
|
|
Y_PROVIDER_API_KEY: my-secret
|
|
migrate:
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
python manage.py migrate --no-input &&
|
|
python manage.py create_demo --force
|
|
restartPolicy: Never
|
|
|
|
command:
|
|
- "gunicorn"
|
|
- "-c"
|
|
- "/usr/local/etc/gunicorn/impress.py"
|
|
- "impress.wsgi:application"
|
|
- "--reload"
|
|
|
|
createsuperuser:
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
python manage.py createsuperuser --email admin@example.com --password admin
|
|
restartPolicy: Never
|
|
|
|
# Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false
|
|
extraVolumeMounts:
|
|
- name: certs
|
|
mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
|
|
subPath: cacert.pem
|
|
|
|
# Exra volumes to manage our local custom CA and avoid to set ssl_verify: false
|
|
extraVolumes:
|
|
- name: certs
|
|
configMap:
|
|
name: certifi
|
|
items:
|
|
- key: cacert.pem
|
|
path: cacert.pem
|
|
|
|
frontend:
|
|
envVars:
|
|
PORT: 8080
|
|
NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io
|
|
|
|
replicas: 1
|
|
command:
|
|
- yarn
|
|
- dev
|
|
|
|
image:
|
|
repository: localhost:5001/impress-frontend
|
|
pullPolicy: Always
|
|
tag: "latest"
|
|
|
|
yProvider:
|
|
replicas: 1
|
|
|
|
image:
|
|
repository: localhost:5001/impress-y-provider
|
|
pullPolicy: Always
|
|
tag: "latest"
|
|
|
|
envVars:
|
|
COLLABORATION_BACKEND_BASE_URL: https://impress.127.0.0.1.nip.io
|
|
COLLABORATION_LOGGING: true
|
|
COLLABORATION_SERVER_ORIGIN: https://impress.127.0.0.1.nip.io
|
|
COLLABORATION_SERVER_SECRET: my-secret
|
|
Y_PROVIDER_API_KEY: my-secret
|
|
|
|
ingress:
|
|
enabled: true
|
|
host: impress.127.0.0.1.nip.io
|
|
|
|
ingressCollaborationWS:
|
|
enabled: true
|
|
host: impress.127.0.0.1.nip.io
|
|
|
|
ingressCollaborationApi:
|
|
enabled: true
|
|
host: impress.127.0.0.1.nip.io
|
|
|
|
ingressAdmin:
|
|
enabled: true
|
|
host: impress.127.0.0.1.nip.io
|
|
|
|
posthog:
|
|
ingress:
|
|
enabled: false
|
|
|
|
ingressAssets:
|
|
enabled: false
|
|
|
|
ingressMedia:
|
|
enabled: true
|
|
host: impress.127.0.0.1.nip.io
|
|
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/media-auth/
|
|
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
|
|
nginx.ingress.kubernetes.io/upstream-vhost: minio.impress.svc.cluster.local:9000
|
|
nginx.ingress.kubernetes.io/rewrite-target: /impress-media-storage/$1
|
|
|
|
serviceMedia:
|
|
host: minio.impress.svc.cluster.local
|
|
port: 9000
|