♻️(tilt) use hem dev-backend chart (#1340)

Remove usage of bitnami charts and use our own dev-backend charts
instead.

Author: lunika

CHANGELOG.md

@@ -23,6 +23,7 @@ and this project adheres to
 - ♿(frontend) improve accessibility:
   - ♿(frontend) fix major accessibility issues reported by wave and axe #1344
   - #1341
+- ♻️(tilt) use helm dev-backend chart
 
 ## [3.6.0] - 2025-09-04
 

bin/Tiltfile

@@ -39,9 +39,10 @@ docker_build(
     ]
 )
 
-k8s_resource('impress-docs-backend-migrate', resource_deps=['postgres-postgresql'])
+k8s_resource('impress-docs-backend-migrate', resource_deps=['dev-backend-postgres'])
 k8s_resource('impress-docs-backend-createsuperuser', resource_deps=['impress-docs-backend-migrate'])
-k8s_resource('impress-docs-backend', resource_deps=['impress-docs-backend-migrate'])
+k8s_resource('dev-backend-keycloak', resource_deps=['dev-backend-keycloak-pg'])
+k8s_resource('impress-docs-backend', resource_deps=['impress-docs-backend-migrate', 'dev-backend-redis', 'dev-backend-keycloak', 'dev-backend-postgres', 'dev-backend-minio:statefulset'])
 k8s_yaml(local('cd ../src/helm && helmfile -n impress -e dev template .'))
 
 migration = '''

src/helm/env.d/dev/values.impress.yaml.gotmpl

@@ -16,46 +16,55 @@ backend:
   replicas: 1
   envVars:
     COLLABORATION_SERVER_SECRET: my-secret
-    DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io
+    DJANGO_CSRF_TRUSTED_ORIGINS: https://docs.127.0.0.1.nip.io
     DJANGO_CONFIGURATION: Feature
-    DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io
+    DJANGO_ALLOWED_HOSTS: docs.127.0.0.1.nip.io
     DJANGO_SERVER_TO_SERVER_API_TOKENS: secret-api-key
     DJANGO_SECRET_KEY: *djangoSecretKey
     DJANGO_SETTINGS_MODULE: impress.settings
     DJANGO_SUPERUSER_PASSWORD: admin
     DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
     DJANGO_EMAIL_HOST: "mailcatcher"
-    DJANGO_EMAIL_LOGO_IMG: https://impress.127.0.0.1.nip.io/assets/logo-suite-numerique.png
+    DJANGO_EMAIL_LOGO_IMG: https://docs.127.0.0.1.nip.io/assets/logo-suite-numerique.png
     DJANGO_EMAIL_PORT: 1025
     DJANGO_EMAIL_USE_SSL: False
     LOGGING_LEVEL_HANDLERS_CONSOLE: ERROR
     LOGGING_LEVEL_LOGGERS_ROOT: INFO
     LOGGING_LEVEL_LOGGERS_APP: INFO
     OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
     OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name"
-    OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/certs
-    OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/auth
-    OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/token
-    OIDC_OP_USER_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/userinfo
-    OIDC_OP_LOGOUT_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/logout
-    OIDC_RP_CLIENT_ID: impress
+    OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/certs
+    OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/auth
+    OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/token
+    OIDC_OP_USER_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/userinfo
+    OIDC_OP_LOGOUT_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/logout
+    OIDC_RP_CLIENT_ID: docs
     OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
     OIDC_RP_SIGN_ALGO: RS256
     OIDC_RP_SCOPES: "openid email"
-    LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io
-    LOGIN_REDIRECT_URL_FAILURE: https://impress.127.0.0.1.nip.io
-    LOGOUT_REDIRECT_URL: https://impress.127.0.0.1.nip.io
-    DB_HOST: postgres-postgresql
-    DB_NAME: impress
-    DB_USER: dinum
-    DB_PASSWORD: pass
+    LOGIN_REDIRECT_URL: https://docs.127.0.0.1.nip.io
+    LOGIN_REDIRECT_URL_FAILURE: https://docs.127.0.0.1.nip.io
+    LOGOUT_REDIRECT_URL: https://docs.127.0.0.1.nip.io
+    DB_HOST: dev-backend-postgres
+    DB_NAME:
+      secretKeyRef:
+        name: dev-backend-postgres
+        key: database
+    DB_USER:
+      secretKeyRef:
+        name: dev-backend-postgres
+        key: username
+    DB_PASSWORD:
+      secretKeyRef:
+        name: dev-backend-postgres
+        key: password
     DB_PORT: 5432
-    REDIS_URL: redis://default:pass@redis-master:6379/1
-    DJANGO_CELERY_BROKER_URL: redis://default:pass@redis-master:6379/1
-    AWS_S3_ENDPOINT_URL: http://minio.impress.svc.cluster.local:9000
-    AWS_S3_ACCESS_KEY_ID: root
+    REDIS_URL: redis://user:pass@dev-backend-redis:6379/1
+    DJANGO_CELERY_BROKER_URL: redis://user:pass@dev-backend-redis:6379/1
+    AWS_S3_ENDPOINT_URL: http://dev-backend-minio.impress.svc.cluster.local:9000
+    AWS_S3_ACCESS_KEY_ID: dinum
     AWS_S3_SECRET_ACCESS_KEY: password
-    AWS_STORAGE_BUCKET_NAME: impress-media-storage
+    AWS_STORAGE_BUCKET_NAME: docs-media-storage
     STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
     Y_PROVIDER_API_BASE_URL: http://impress-y-provider:443/api/
     Y_PROVIDER_API_KEY: my-secret
@@ -73,8 +82,7 @@ backend:
 
         echo "Database is ready"
 
-        python manage.py migrate --no-input &&
-        python manage.py create_demo --force
+        python manage.py migrate --no-input
     restartPolicy: Never
 
   command:
@@ -120,7 +128,7 @@ backend:
 frontend:
   envVars:
     PORT: 8080
-    NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io
+    NEXT_PUBLIC_API_ORIGIN: https://docs.127.0.0.1.nip.io
 
   replicas: 1
   command:
@@ -141,27 +149,29 @@ yProvider:
     tag: "latest"
 
   envVars:
-    COLLABORATION_BACKEND_BASE_URL: https://impress.127.0.0.1.nip.io
+    COLLABORATION_BACKEND_BASE_URL: https://docs.127.0.0.1.nip.io
     COLLABORATION_LOGGING: true
-    COLLABORATION_SERVER_ORIGIN: https://impress.127.0.0.1.nip.io
+    COLLABORATION_SERVER_ORIGIN: https://docs.127.0.0.1.nip.io
     COLLABORATION_SERVER_SECRET: my-secret
     Y_PROVIDER_API_KEY: my-secret
 
 ingress:
   enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: docs.127.0.0.1.nip.io
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: 10m
 
 ingressCollaborationWS:
   enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: docs.127.0.0.1.nip.io
 
 ingressCollaborationApi:
   enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: docs.127.0.0.1.nip.io
 
 ingressAdmin:
   enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: docs.127.0.0.1.nip.io
 
 posthog:
   ingress:
@@ -172,14 +182,14 @@ posthog:
 
 ingressMedia:
   enabled: true
-  host: impress.127.0.0.1.nip.io
+  host: docs.127.0.0.1.nip.io
 
   annotations:
-    nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/media-auth/
+    nginx.ingress.kubernetes.io/auth-url: https://docs.127.0.0.1.nip.io/api/v1.0/documents/media-auth/
     nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
-    nginx.ingress.kubernetes.io/upstream-vhost: minio.impress.svc.cluster.local:9000
-    nginx.ingress.kubernetes.io/rewrite-target: /impress-media-storage/$1
+    nginx.ingress.kubernetes.io/upstream-vhost: dev-backend-minio.impress.svc.cluster.local:9000
+    nginx.ingress.kubernetes.io/rewrite-target: /docs-media-storage/$1
 
 serviceMedia:
-  host: minio.impress.svc.cluster.local
+  host: dev-backend-minio.impress.svc.cluster.local
   port: 9000

src/helm/helmfile.yaml

@@ -4,91 +4,75 @@ environments:
       - version: 3.6.0
 ---
 repositories:
-- name: bitnami
-  url: registry-1.docker.io/bitnamicharts
-  oci: true
+- name: dev-backends
+  url: https://suitenumerique.github.io/helm-dev-backend
 ---
 
 releases:
-  - name: keycloak
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
-    missingFileHandler: Warn
+  - name: dev-backend
     namespace: {{ .Namespace }}
-    chart: bitnami/keycloak
-    version: 17.3.6
+    chart: dev-backends/dev-backend
+    version: 0.0.2
     values:
-      - postgresql:
-          auth:
-            username: keycloak
-            password: keycloak
-            database: keycloak
-      - extraEnvVars:
-          - name: KEYCLOAK_EXTRA_ARGS
-            value: "--import-realm"
-          - name: KC_HOSTNAME_URL
-            value: https://docs-keycloak.127.0.0.1.nip.io
-      - extraVolumes:
-          - name: import
-            configMap:
-              name: docs-keycloak
-      - extraVolumeMounts:
-          - name: import
-            mountPath: /opt/bitnami/keycloak/data/import/
-      - auth:
-          adminUser: su
-          adminPassword: su
-      - proxy: edge
-      - ingress:
+      - postgres:
           enabled: true
-          hostname: docs-keycloak.127.0.0.1.nip.io
-      - extraDeploy:
-        - apiVersion: v1
-          kind: ConfigMap
-          metadata:
-            name: docs-keycloak
-            namespace: {{ .Namespace }}
-          data:
-            impress.json: |
-{{ readFile "../../docker/auth/realm.json" | replace "http://localhost:3200" "https://impress.127.0.0.1.nip.io" | indent 14 }}
-
-  - name: postgres
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
-    namespace: {{ .Namespace }}
-    chart: bitnami/postgresql
-    version: 13.1.5
-    values:
-      - auth:
+          name: postgres
+          #serviceNameOverride: postgres
+          image: postgres:16-alpine
           username: dinum
           password: pass
-          database: impress
-      - tls:
+          database: docs
+          size: 1Gi
+      - redis:
           enabled: true
-          autoGenerated: true
-
-  - name: minio
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
-    namespace: {{ .Namespace }}
-    chart: bitnami/minio
-    version: 12.10.10
-    values: 
-      - auth:
-          rootUser: root
-          rootPassword: password
-      - provisioning:
+          name: redis
+          image: redis:8.2-alpine
+          username: user
+          password: pass
+      - minio:
           enabled: true
-          buckets:
-            - name: impress-media-storage
-              versioning: true
-
-  - name: redis
-    installed: {{ eq .Environment.Name "dev" | toYaml }}
-    namespace: {{ .Namespace }}
-    chart: bitnami/redis
-    version: 20.6.2
-    values:
-      - auth:
+          image: minio/minio
+          name: minio
+          ingress:
+            enabled: true
+            hostname: docs-minio.127.0.0.1.nip.io
+            tls:
+              enabled: true
+              secretName: docs-tls
+          consoleIngress:
+            enabled: true
+            hostname: docs-minio-console.127.0.0.1.nip.io
+            tls:
+              enabled: true
+              secretName: docs-tls
+          username: dinum
+          password: password
+          bucket: docs-media-storage
+          versioning: true
+          size: 1Gi
+      - keycloak:
+          enabled: true
+          image: quay.io/keycloak/keycloak:20.0.1
+          name: keycloak
+          #serviceNameOverride: keycloak
+          hostname: docs-keycloak.127.0.0.1.nip.io
+          username: admin
           password: pass
-        architecture: standalone
+          tls:
+            enabled: true
+            secretName: docs-tls
+          db:
+            username: dinum
+            password: pass
+            database: keycloak
+            size: 1Gi
+            image: postgres:16-alpine
+          realm: 
+            name: docs
+            username: docs
+            password: docs
+            email: [email protected]
+
 
   - name: impress
     version: {{ .Values.version }}