🔧(helm) adapt helm chart

Done: - Rename all occurrences of "impress" to "meet". - Update Agent Connect secrets credentials for the dev environment. - Add new development secrets for LiveKit. - Remove Minio from the dev stack (no cold storage required). - Add LiveKit chart to the stack. - Remove templates and values related to the WebSocket server. The integration of LiveKit was inspired by an example from the "numerique-gouve/infrastructure" repo. However, a notable issue persists with LiveKit's default chart: we are unable to override the namespace, resulting in all LiveKit components running in the default namespace. thx to @rouja for his help.
numerique-gouv · Jul 2, 2024 · af3ab37 · af3ab37
1 parent d67934f
commit af3ab37
Show file tree

Hide file tree

Showing 25 changed files with 188 additions and 531 deletions.
diff --git a/bin/Tiltfile b/bin/Tiltfile
@@ -1,6 +1,6 @@
 load('ext://uibutton', 'cmd_button', 'bool_input', 'location')
 load('ext://namespace', 'namespace_create', 'namespace_inject')
-namespace_create('impress')
+namespace_create('meet')
 
 docker_build(
     'localhost:5001/meet-backend:latest',
@@ -17,35 +17,24 @@ docker_build(
     ]
 )
 
-docker_build(
-    'localhost:5001/impress-y-webrtc-signaling:latest',
-    context='..',
-    dockerfile='../src/frontend/Dockerfile',
-    only=['./src/frontend/', './docker/', './dockerignore'],
-    target = 'y-webrtc-signaling',
-    live_update=[
-        sync('../src/frontend/apps/y-webrtc-signaling/src', '/home/frontend/apps/y-webrtc-signaling/src'),
-    ]
-)
-
 docker_build(
     'localhost:5001/meet-frontend:latest',
     context='..',
     dockerfile='../src/frontend/Dockerfile',
-    only=['./src/frontend', './docker', './dockerignore'],
-    target = 'impress',
+    only=['./src/frontend', './docker', './.dockerignore'],
+    target = 'meet-dev',
     live_update=[
         sync('../src/frontend', '/home/frontend'),
     ]
 )
 
-k8s_yaml(local('cd ../src/helm && helmfile -n impress -e dev template .'))
+k8s_yaml(local('cd ../src/helm && helmfile -n meet -e dev template .'))
 
 migration = '''
 set -eu
 # get k8s pod name from tilt resource name
 POD_NAME="$(tilt get kubernetesdiscovery meet-backend -ojsonpath='{.status.pods[0].name}')"
-kubectl -n impress exec "$POD_NAME" -- python manage.py makemigrations
+kubectl -n meet exec "$POD_NAME" -- python manage.py makemigrations
 '''
 cmd_button('Make migration',
            argv=['sh', '-c', migration],
@@ -58,7 +47,7 @@ pod_migrate = '''
 set -eu
 # get k8s pod name from tilt resource name
 POD_NAME="$(tilt get kubernetesdiscovery meet-backend -ojsonpath='{.status.pods[0].name}')"
-kubectl -n impress exec "$POD_NAME" -- python manage.py migrate --no-input
+kubectl -n meet exec "$POD_NAME" -- python manage.py migrate --no-input
 '''
 cmd_button('Migrate db',
            argv=['sh', '-c', pod_migrate],

diff --git a/src/frontend/Dockerfile b/src/frontend/Dockerfile
@@ -19,7 +19,7 @@ FROM frontend-deps as meet-dev
 
 WORKDIR /home/frontend
 
-EXPOSE 3000
+EXPOSE 8080
 
 CMD [ "npm", "run", "dev"]
 

diff --git a/src/helm/env.d/dev/secrets.enc.yaml b/src/helm/env.d/dev/secrets.enc.yaml
@@ -1,7 +1,10 @@
 djangoSecretKey: ENC[AES256_GCM,data:2b4nHO2i/HtaNJYi1d8xJyhCpK1qV7fHD45T6VarWpNg1HkcJgC7zTgHMEvfedRd2tE=,iv:qcHlXG/mNr3CFtZhjbw3AVRbMxkGZaAZPtHtS8ksO58=,tag:mTC6mc5JKqpEQ/9ubggKmA==,type:str]
 oidc:
-    clientId: ENC[AES256_GCM,data:gcwhXfL4iNwWWleR/l3p2aRSp9nsdLhQtUMlglLqJSdDy6iu,iv:WxK7BBQrVa115dsHEiMC7NyvlQXuhLiZzHYSuhZYy4w=,tag:RYwutm8QB+mIl7b+AYvqxg==,type:str]
-    clientSecret: ENC[AES256_GCM,data:9rU6HWRiX+6afLf4fGyIRyiv/pyihbCbO9DA2L4HOz/RAMaO9iZWW1QqIK8JCBuGh/XP1I3sd0mlbiXxCv1X3w==,iv:0NgcQtCVjIWhfzQbBx2Hh7NxumF3xW8nNuReUkvdk58=,tag:rkMAJ8Ilk8Pusw3PAyW/6A==,type:str]
+    clientId: ENC[AES256_GCM,data:JNeyMxdwJbY48aJ3NmZVB8h0xlwVknFqnJU5bpO6PozfAfCC,iv:wZPT9JJRwIkksjPQrzEcDHyWXusqB9ax6Og64hh1mYo=,tag:WALVMIAlqwzDNpgHesWJLQ==,type:str]
+    clientSecret: ENC[AES256_GCM,data:KMOAVI8+loZ8hO29Ob+DcTHuXZoytrt6VHNo3MEDx6kgaxXazwZLqDmvynNdsNyyfLg8ZZAqxxvhiOVzOwVZ9w==,iv:1DzGfdVR7b+Ou+x15fk3v0aY9xZJslp2+U3H/H363Wo=,tag:/U7PEqr5b++W9sBuqocutA==,type:str]
+livekit:
+    keys:
+        devkey: ENC[AES256_GCM,data:4KJotPCU,iv:QHzp9taZFwsYhno11WCjbJKAPB2huV0KkoCrnDSxQRc=,tag:gokHjR9GV56iRbmV0zbWjQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -53,8 +56,8 @@ sops:
             N0ZkVmNzTzhhRTA5TDMxc2tGN3BFemMKlyPtb7gfYREoPaU3ZlpynCuqxo4KW0b9
             G+3aGz7SKZ7pcuAaWuuMdyA6XzwS/HOe2L2cW3P5x/0k0JQd2Ie8jA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-11T14:59:54Z"
-    mac: ENC[AES256_GCM,data:Pv37FsNCpk5Ckx3a+j+daPB6f34X5kIko/AZIQkgfRXs3SRJtAdp5VuwYTtwcp/s3Hxi6ZZPLZ+YRh6OqN5g3GaOBR4z2Ohv0ioB/5FLMICOt7VM/zroyXWIjWwpRPsRwjesba7nr9CqbQNDYt8ko4O9kR4w6y2JHbzLeOkohHc=,iv:+/B4m+c03e9iQMrijg7hJhDwQJZP55Bhnsr0n00Y2Cw=,tag:vXVZVbU+R1FpNVUSgnFA9A==,type:str]
+    lastmodified: "2024-07-02T16:08:28Z"
+    mac: ENC[AES256_GCM,data:0D1xTZwOpYKfcY94lGQnBgsLOtjxvJwwpja0+IV6zqIb3gO1762AL3btZim0OFRkhYo0SLe1Q6ABQ1tn2txK7GdPkjBaS6eJ3EQ7nuPQ75gelyoQqOOQ92/DxjBhaLkVpupmlB+62w2iMSGIjCU95E3dEc9ivyL/Rd7E0K8Irk4=,iv:c3Sh6iXepP/ptB46CjPZnZJQlNe31EFkRUNCck5sR28=,tag:/LWg/DxgPHME3B++FWGoVQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/src/helm/env.d/dev/values.livekit.yaml.gotmpl b/src/helm/env.d/dev/values.livekit.yaml.gotmpl
@@ -0,0 +1,33 @@
+replicaCount: 1
+terminationGracePeriodSeconds: 18000
+
+livekit:
+  log_level: debug
+  rtc:
+    use_external_ip: true
+    port_range_start: 50000
+    port_range_end: 60000
+    tcp_port: 7881
+  redis:
+    address:
+  keys:
+
+loadBalancer:
+  type: nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+  tls:
+    - hosts:
+        - livekit.127.0.0.1.nip.io
+      secretName: livekit-dinum-cert
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 5
+  targetCPUUtilizationPercentage: 60
+
+nodeSelector: {}
+resources: {}
diff --git a/...helm/env.d/dev/values.impress.yaml.gotmpl → src/helm/env.d/dev/values.meet.yaml.gotmpl b/...helm/env.d/dev/values.impress.yaml.gotmpl → src/helm/env.d/dev/values.meet.yaml.gotmpl
@@ -6,11 +6,11 @@ image:
 backend:
   replicas: 1
   envVars:
-    DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io,http://impress.127.0.0.1.nip.io
+    DJANGO_CSRF_TRUSTED_ORIGINS: https://meet.127.0.0.1.nip.io,http://meet.127.0.0.1.nip.io
     DJANGO_CONFIGURATION: Production
     DJANGO_ALLOWED_HOSTS: "*"
     DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
-    DJANGO_SETTINGS_MODULE: impress.settings
+    DJANGO_SETTINGS_MODULE: meet.settings
     DJANGO_SUPERUSER_PASSWORD: admin
     DJANGO_EMAIL_HOST: "mailcatcher"
     DJANGO_EMAIL_PORT: 1025
@@ -24,25 +24,32 @@ backend:
     OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }}
     OIDC_RP_SIGN_ALGO: RS256
     OIDC_RP_SCOPES: "openid email"
-    OIDC_REDIRECT_ALLOWED_HOSTS: https://impress.127.0.0.1.nip.io
+    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io
     OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
-    LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io
-    LOGIN_REDIRECT_URL_FAILURE: https://impress.127.0.0.1.nip.io
-    LOGOUT_REDIRECT_URL: https://impress.127.0.0.1.nip.io
+    LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io
+    LOGIN_REDIRECT_URL_FAILURE: https://meet.127.0.0.1.nip.io
+    LOGOUT_REDIRECT_URL: https://meet.127.0.0.1.nip.io
     DB_HOST: postgres-postgresql
-    DB_NAME: impress
+    DB_NAME: meet
     DB_USER: dinum
     DB_PASSWORD: pass
     DB_PORT: 5432
-    POSTGRES_DB: impress
+    POSTGRES_DB: meet
     POSTGRES_USER: dinum
     POSTGRES_PASSWORD: pass
     REDIS_URL: redis://default:pass@redis-master:6379/1
-    AWS_S3_ENDPOINT_URL: http://minio.impress.svc.cluster.local:9000
-    AWS_S3_ACCESS_KEY_ID: impress
+    AWS_S3_ENDPOINT_URL: http://minio.meet.svc.cluster.local:9000
+    AWS_S3_ACCESS_KEY_ID: meet
     AWS_S3_SECRET_ACCESS_KEY: password
-    AWS_STORAGE_BUCKET_NAME: impress-media-storage
+    AWS_STORAGE_BUCKET_NAME: meet-media-storage
     STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
+    {{- with .Values.livekit.keys }}
+    {{- range $key, $value := . }}
+    LIVEKIT_API_SECRET: {{ $value }}
+    LIVEKIT_API_KEY: {{ $key }}
+    {{- end }}
+    {{- end }}
+
 
   migrate:
     command:
@@ -56,8 +63,8 @@ backend:
   command:
     - "gunicorn"
     - "-c"
-    - "/usr/local/etc/gunicorn/impress.py"
-    - "impress.wsgi:application"
+    - "/usr/local/etc/gunicorn/meet.py"
+    - "meet.wsgi:application"
     - "--reload"
 
   createsuperuser:
@@ -70,36 +77,22 @@ backend:
 
 frontend:
   envVars:
-    PORT: 8080
-    NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io
-    NEXT_PUBLIC_SIGNALING_URL: wss://impress.127.0.0.1.nip.io/ws
+    VITE_PORT: 8080
+    VITE_HOST: 0.0.0.0
+    VITE_API_BASE_URL: https://meet.127.0.0.1.nip.io/api/v1.0/
+    VITE_LIVEKIT_SERVER_URL: https://livekit.127.0.0.1.nip.io/
 
   replicas: 1
-  command:
-    - yarn
-    - dev
 
   image:
     repository: localhost:5001/meet-frontend
     pullPolicy: Always
     tag: "latest"
 
-webrtc:
-  replicas: 1
-
-  image:
-    repository: localhost:5001/impress-y-webrtc-signaling
-    pullPolicy: Always
-    tag: "latest"
-
 ingress:
   enabled: true
-  host: impress.127.0.0.1.nip.io
-
-ingressWS:
-  enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: meet.127.0.0.1.nip.io
 
 ingressAdmin:
   enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: meet.127.0.0.1.nip.io
diff --git a/src/helm/extra/Chart.yaml b/src/helm/extra/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
 name: extra
-description: A Helm chart to add some manifests to impress
+description: A Helm chart to add some manifests to meet
 type: application
 version: 0.1.0
diff --git a/src/helm/extra/templates/postgresql.yaml b/src/helm/extra/templates/postgresql.yaml
@@ -4,4 +4,4 @@ metadata:
   name: postgresql
   namespace: {{ .Release.Namespace | quote }}
 spec:
-  database: impress
+  database: meet
diff --git a/src/helm/extra/templates/s3.yaml b/src/helm/extra/templates/s3.yaml
diff --git a/src/helm/helmfile.yaml b/src/helm/helmfile.yaml
@@ -2,6 +2,8 @@ repositories:
 - name: bitnami
   url: registry-1.docker.io/bitnamicharts
   oci: true
+- name: livekit
+  url: https://helm.livekit.io
 
 releases:
   - name: postgres
@@ -13,26 +15,11 @@ releases:
       - auth:
           username: dinum
           password: pass
-          database: impress
+          database: meet
       - tls:
           enabled: true
           autoGenerated: true
 
-  - name: minio
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
-    namespace: {{ .Namespace }}
-    chart: bitnami/minio
-    version: 12.10.10
-    values: 
-      - auth:
-          rootUser: impress
-          rootPassword: password
-      - provisioning:
-          enabled: true
-          buckets:
-            - name: impress-media-storage
-              versioning: true
-
   - name: redis
     installed: {{ eq .Environment.Name "dev" | toYaml }}
     namespace: {{ .Namespace }}
@@ -50,12 +37,21 @@ releases:
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml
 
-  - name: impress
+  - name: meet
     version: {{ .Values.version }}
     namespace: {{ .Namespace }}
-    chart: ./impress
+    chart: ./meet
+    values:
+      - env.d/{{ .Environment.Name }}/values.meet.yaml.gotmpl
+    secrets:
+      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
+
+  - name: livekit
+    installed: {{ eq .Environment.Name "dev" | toYaml }}
+    namespace: {{ .Namespace }}
+    chart: livekit/livekit-server
     values:
-      - env.d/{{ .Environment.Name }}/values.impress.yaml.gotmpl
+      - env.d/{{ .Environment.Name }}/values.livekit.yaml.gotmpl
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml
 

diff --git a/src/helm/impress/templates/ingress_ws.yaml b/src/helm/impress/templates/ingress_ws.yaml