From 56dc48b0102965dee174cc285cfbacc7e3f4dd26 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Thu, 19 Dec 2024 19:41:38 +0100 Subject: [PATCH] wip commit I've to go diner, wip commit to be achieved. --- Makefile | 18 ++ .../env.d/dev-ngrok/values.meet.yaml.gotmpl | 186 ++++++++++++++++++ src/helm/env.d/dev/values.meet.yaml.gotmpl | 48 +++-- src/helm/helmfile.yaml | 14 +- src/helm/meet/templates/_helpers.tpl | 9 + src/helm/meet/templates/ingress_ngrok.yaml | 47 +++++ 6 files changed, 302 insertions(+), 20 deletions(-) create mode 100644 src/helm/env.d/dev-ngrok/values.meet.yaml.gotmpl create mode 100644 src/helm/meet/templates/ingress_ngrok.yaml diff --git a/Makefile b/Makefile index 67cb56c1..af0d3bcc 100644 --- a/Makefile +++ b/Makefile @@ -308,3 +308,21 @@ start-tilt: ## start the kubernetes cluster using kind start-tilt-keycloak: ## start the kubernetes cluster using kind, without Pro Connect for authentication, use keycloak DEV_ENV=dev-keycloak tilt up -f ./bin/Tiltfile .PHONY: build-k8s-cluster + +start-tilt-ngrok: ## start the kubernetes cluster using kind with ngrok + DEV_ENV=dev-ngrok tilt up -f ./bin/Tiltfile +.PHONY: start-tilt-ngrok + +install-ngrok-ingress-controller: + @echo "Please provide the following information:" + @read -p "Enter your Kubernetes namespace: " NAMESPACE; \ + read -p "Enter your Ngrok authtoken: " NGROK_AUTHTOKEN; \ + read -p "Enter your Ngrok API key: " NGROK_API_KEY; \ + echo "\nInstalling Ngrok Ingress Controller..."; \ + helm install ngrok-ingress-controller ngrok/kubernetes-ingress-controller \ + --namespace $$NAMESPACE \ + --create-namespace \ + --set credentials.apiKey=$$NGROK_API_KEY \ + --set credentials.authtoken=$$NGROK_AUTHTOKEN +.PHONY: install-ngrok-ingress-controller + diff --git a/src/helm/env.d/dev-ngrok/values.meet.yaml.gotmpl b/src/helm/env.d/dev-ngrok/values.meet.yaml.gotmpl new file mode 100644 index 00000000..a32e5ba0 --- /dev/null +++ b/src/helm/env.d/dev-ngrok/values.meet.yaml.gotmpl @@ -0,0 +1,186 @@ +image: + repository: localhost:5001/meet-backend + pullPolicy: Always + tag: "latest" + +backend: + replicas: 1 + envVars: + DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.127.0.0.1.nip.io,http://meet.127.0.0.1.nip.io + DJANGO_CONFIGURATION: Production + DJANGO_ALLOWED_HOSTS: meet.127.0.0.1.nip.io,closing-moral-oarfish.ngrok-free.app + DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }} + DJANGO_SETTINGS_MODULE: meet.settings + DJANGO_SILENCED_SYSTEM_CHECKS: security.W004, security.W008 + DJANGO_SUPERUSER_PASSWORD: admin + DJANGO_EMAIL_HOST: "mailcatcher" + DJANGO_EMAIL_PORT: 1025 + DJANGO_EMAIL_USE_SSL: False + OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks + OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize + OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token + OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo + OIDC_OP_LOGOUT_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/session/end + OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }} + OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }} + OIDC_RP_SIGN_ALGO: RS256 + OIDC_RP_SCOPES: "openid email given_name usual_name" + OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io + OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" + LOGIN_REDIRECT_URL: https://closing-moral-oarfish.ngrok-free.app + LOGIN_REDIRECT_URL_FAILURE: https://closing-moral-oarfish.ngrok-free.app + LOGOUT_REDIRECT_URL: https://closing-moral-oarfish.ngrok-free.app + DB_HOST: postgres-postgresql + DB_NAME: meet + DB_USER: dinum + DB_PASSWORD: pass + DB_PORT: 5432 + POSTGRES_DB: meet + POSTGRES_USER: dinum + POSTGRES_PASSWORD: pass + REDIS_URL: redis://default:pass@redis-master:6379/1 + STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage + {{- with .Values.livekit.keys }} + {{- range $key, $value := . }} + LIVEKIT_API_SECRET: {{ $value }} + LIVEKIT_API_KEY: {{ $key }} + {{- end }} + {{- end }} + LIVEKIT_API_URL: https://livekit.127.0.0.1.nip.io/ + ALLOW_UNREGISTERED_ROOMS: False + FRONTEND_SILENCE_LIVEKIT_DEBUG: False + FRONTEND_SUPPORT: "{'id': '58ea6697-8eba-4492-bc59-ad6562585041'}" + AWS_S3_ENDPOINT_URL: http://minio.meet.svc.cluster.local:9000 + AWS_S3_ACCESS_KEY_ID: meet + AWS_S3_SECRET_ACCESS_KEY: password + AWS_STORAGE_BUCKET_NAME: meet-media-storage + AWS_S3_REGION_NAME: local + RECORDING_ENABLE: True + RECORDING_VERIFY_SSL: False + RECORDING_STORAGE_EVENT_ENABLE: True + RECORDING_STORAGE_EVENT_TOKEN: password + SUMMARY_SERVICE_ENDPOINT: http://meet-summary:80/api/v1/tasks/ + SUMMARY_SERVICE_API_TOKEN: password + + + migrate: + command: + - "/bin/sh" + - "-c" + - | + python manage.py migrate --no-input && + python manage.py create_demo --force + restartPolicy: Never + + command: + - "gunicorn" + - "-c" + - "/usr/local/etc/gunicorn/meet.py" + - "meet.wsgi:application" + - "--reload" + + createsuperuser: + command: + - "/bin/sh" + - "-c" + - | + python manage.py createsuperuser --email admin@example.com --password admin + restartPolicy: Never + +frontend: + envVars: + VITE_PORT: 8080 + VITE_HOST: 0.0.0.0 + VITE_API_BASE_URL: https://closing-moral-oarfish.ngrok-free.app/ + + replicas: 1 + + image: + repository: localhost:5001/meet-frontend + pullPolicy: Always + tag: "latest" + +ingress: + enabled: true + host: meet.127.0.0.1.nip.io + +ingressAdmin: + enabled: true + host: meet.127.0.0.1.nip.io + +posthog: + ingress: + enabled: false + + ingressAssets: + enabled: false + +summary: + replicas: 1 + envVars: + APP_NAME: summary-microservice + APP_API_TOKEN: password + AWS_STORAGE_BUCKET_NAME: meet-media-storage + AWS_S3_ENDPOINT_URL: minio.meet.svc.cluster.local:9000 + AWS_S3_ACCESS_KEY_ID: meet + AWS_S3_SECRET_ACCESS_KEY: password + OPENAI_API_KEY: password + OPENAI_BASE_URL: https://albertine.beta.numerique.gouv.fr/v1 + OPENAI_ASR_MODEL: openai/whisper-large-v3 + OPENAI_LLM_MODEL: meta-llama/Llama-3.1-8B-Instruct + AWS_S3_SECURE_ACCESS: False + WEBHOOK_API_TOKEN: password + WEBHOOK_URL: https://www.mock-impress.com/webhook/ + CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1 + CELERY_RESULT_BACKEND: redis://default:pass@redis-master:6379/1 + + image: + repository: localhost:5001/meet-summary + pullPolicy: Always + tag: "latest" + + command: + - "uvicorn" + - "summary.main:app" + - "--host" + - "0.0.0.0" + - "--port" + - "8000" + - "--reload" + +celery: + replicas: 1 + envVars: + APP_NAME: summary-microservice + APP_API_TOKEN: password + AWS_STORAGE_BUCKET_NAME: meet-media-storage + AWS_S3_ENDPOINT_URL: minio.meet.svc.cluster.local:9000 + AWS_S3_ACCESS_KEY_ID: meet + AWS_S3_SECRET_ACCESS_KEY: password + OPENAI_API_KEY: password + OPENAI_BASE_URL: https://albertine.beta.numerique.gouv.fr/v1 + OPENAI_ASR_MODEL: openai/whisper-large-v3 + OPENAI_LLM_MODEL: meta-llama/Llama-3.1-8B-Instruct + AWS_S3_SECURE_ACCESS: False + WEBHOOK_API_TOKEN: password + WEBHOOK_URL: https://www.mock-impress.com/webhook/ + CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1 + CELERY_RESULT_BACKEND: redis://default:pass@redis-master:6379/1 + + image: + repository: localhost:5001/meet-summary + pullPolicy: Always + tag: "latest" + + command: + - "celery" + - "-A" + - "summary.core.celery_worker" + - "worker" + - "--pool=solo" + - "--loglevel=info" + +ingressNgrok + enabled: true + className: ngrok + host: closing-moral-oarfish.ngrok-free.app diff --git a/src/helm/env.d/dev/values.meet.yaml.gotmpl b/src/helm/env.d/dev/values.meet.yaml.gotmpl index a73a41f3..47257feb 100644 --- a/src/helm/env.d/dev/values.meet.yaml.gotmpl +++ b/src/helm/env.d/dev/values.meet.yaml.gotmpl @@ -6,9 +6,9 @@ image: backend: replicas: 1 envVars: - DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.127.0.0.1.nip.io,http://meet.127.0.0.1.nip.io + DJANGO_CSRF_TRUSTED_ORIGINS: https://closing-moral-oarfish.ngrok-free.app,http://closing-moral-oarfish.ngrok-free.app DJANGO_CONFIGURATION: Production - DJANGO_ALLOWED_HOSTS: meet.127.0.0.1.nip.io + DJANGO_ALLOWED_HOSTS: closing-moral-oarfish.ngrok-free.app DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }} DJANGO_SETTINGS_MODULE: meet.settings DJANGO_SILENCED_SYSTEM_CHECKS: security.W004, security.W008 @@ -27,9 +27,9 @@ backend: OIDC_RP_SCOPES: "openid email given_name usual_name" OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" - LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io - LOGIN_REDIRECT_URL_FAILURE: https://meet.127.0.0.1.nip.io - LOGOUT_REDIRECT_URL: https://meet.127.0.0.1.nip.io + LOGIN_REDIRECT_URL: https://closing-moral-oarfish.ngrok-free.app + LOGIN_REDIRECT_URL_FAILURE: https://closing-moral-oarfish.ngrok-free.app + LOGOUT_REDIRECT_URL: https://closing-moral-oarfish.ngrok-free.app DB_HOST: postgres-postgresql DB_NAME: meet DB_USER: dinum @@ -40,20 +40,34 @@ backend: POSTGRES_PASSWORD: pass REDIS_URL: redis://default:pass@redis-master:6379/1 STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage - {{- with .Values.livekit.keys }} - {{- range $key, $value := . }} - LIVEKIT_API_SECRET: {{ $value }} - LIVEKIT_API_KEY: {{ $key }} - {{- end }} - {{- end }} - LIVEKIT_API_URL: https://livekit.127.0.0.1.nip.io/ + LIVEKIT_API_SECRET: + secretKeyRef: + name: backend + key: LIVEKIT_API_SECRET + LIVEKIT_API_KEY: + secretKeyRef: + name: backend + key: LIVEKIT_API_KEY + LIVEKIT_API_URL: https://livekit-staging.beta.numerique.gouv.fr ALLOW_UNREGISTERED_ROOMS: False FRONTEND_SILENCE_LIVEKIT_DEBUG: False FRONTEND_SUPPORT: "{'id': '58ea6697-8eba-4492-bc59-ad6562585041'}" - AWS_S3_ENDPOINT_URL: http://minio.meet.svc.cluster.local:9000 - AWS_S3_ACCESS_KEY_ID: meet - AWS_S3_SECRET_ACCESS_KEY: password - AWS_STORAGE_BUCKET_NAME: meet-media-storage + AWS_S3_ENDPOINT_URL: + secretKeyRef: + name: meet-media-storage.bucket.libre.sh + key: url + AWS_S3_ACCESS_KEY_ID: + secretKeyRef: + name: meet-media-storage.bucket.libre.sh + key: accessKey + AWS_S3_SECRET_ACCESS_KEY: + secretKeyRef: + name: meet-media-storage.bucket.libre.sh + key: secretKey + AWS_STORAGE_BUCKET_NAME: + secretKeyRef: + name: meet-media-storage.bucket.libre.sh + key: bucket AWS_S3_REGION_NAME: local RECORDING_ENABLE: True RECORDING_VERIFY_SSL: False @@ -91,7 +105,7 @@ frontend: envVars: VITE_PORT: 8080 VITE_HOST: 0.0.0.0 - VITE_API_BASE_URL: https://meet.127.0.0.1.nip.io/ + VITE_API_BASE_URL: https://closing-moral-oarfish.ngrok-free.app/ replicas: 1 diff --git a/src/helm/helmfile.yaml b/src/helm/helmfile.yaml index 6f970aef..c7c26712 100644 --- a/src/helm/helmfile.yaml +++ b/src/helm/helmfile.yaml @@ -3,6 +3,12 @@ environments: values: - version: 0.0.1 - env.d/{{ .Environment.Name }}/values.secrets.yaml + dev-ngrok: + values: + - version: 0.0.1 + - env.d/{{ .Environment.Name }}/values.secrets.yaml + secrets: + - env.d/{{ .Environment.Name }}/secrets.enc.yaml dev: values: - version: 0.0.1 @@ -33,6 +39,8 @@ repositories: oci: true - name: livekit url: https://helm.livekit.io +- name: ngrok + url: https://charts.ngrok.com releases: - name: postgres @@ -91,7 +99,7 @@ releases: {{ readFile "../../docker/auth/realm.json" | replace "http://localhost:3200" "https://meet.127.0.0.1.nip.io" | indent 14 }} - name: minio - installed: {{ regexMatch "^dev.*" .Environment.Name | toYaml }} + installed: {{ regexMatch "^dev(?!.*ngrok).*" .Environment.Name | toYaml }} namespace: {{ .Namespace }} missingFileHandler: Warn chart: bitnami/minio @@ -157,7 +165,7 @@ releases: - env.d/{{ .Environment.Name }}/secrets.enc.yaml - name: livekit - installed: {{ regexMatch "^dev.*" .Environment.Name | toYaml }} + installed: {{ regexMatch "^dev(?!.*ngrok).*" .Environment.Name | toYaml }} missingFileHandler: Warn namespace: {{ .Namespace }} chart: livekit/livekit-server @@ -168,7 +176,7 @@ releases: - env.d/{{ .Environment.Name }}/secrets.enc.yaml - name: livekit-egress - installed: {{ regexMatch "^dev.*" .Environment.Name | toYaml }} + installed: {{ regexMatch "^dev(?!.*ngrok).*" .Environment.Name | toYaml }} missingFileHandler: Warn namespace: {{ .Namespace }} chart: livekit/egress diff --git a/src/helm/meet/templates/_helpers.tpl b/src/helm/meet/templates/_helpers.tpl index 3bcce4bd..5206317f 100644 --- a/src/helm/meet/templates/_helpers.tpl +++ b/src/helm/meet/templates/_helpers.tpl @@ -166,6 +166,15 @@ Requires top level scope {{ include "meet.fullname" . }}-posthog {{- end }} +{{/* +Full name for the Ngrok + +Requires top level scope +*/}} +{{- define "meet.ingressNgrok.fullname" -}} +{{ include "meet.fullname" . }}-ngrok +{{- end }} + {{/* Full name for the summary diff --git a/src/helm/meet/templates/ingress_ngrok.yaml b/src/helm/meet/templates/ingress_ngrok.yaml new file mode 100644 index 00000000..6f58234d --- /dev/null +++ b/src/helm/meet/templates/ingress_ngrok.yaml @@ -0,0 +1,47 @@ + +{{- if .Values.ingressNgrok.enabled -}} + +{{- $fullName := include "meet.ingressNgrok.fullname" . -}} +{{- if and .Values.ingressNgrok.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingressNgrok.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingressNgrok.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "meet.labels" . | nindent 4 }} + {{- with .Values.ingressNgrok.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ $.Values.ingressNgrok.className }} + rules: + - host: {{ $.Values.ingressNgrok.host }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ include "meet.frontend.fullname" $ }} + port: + number: {{ $.Values.frontend.service.port }} + - path: /api + pathType: Prefix + backend: + service: + name: {{ include "meet.backend.fullname" $ }} + port: + number: {{ $.Values.backend.service.port }} +{{- end }}