🔧(helm) manage htaccess

- add htaccess
- fix issue with kind

Author: rouja

.sops.yaml

@@ -0,0 +1,9 @@
+creation_rules:
+  - path_regex: ./*
+    key_groups:
+    - age:
+      - age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x # jacques
+      - age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 # github-repo
+      - age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg # Anthony Le-Courric
+      - age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 # Antoine Lebaud
+

bin/Tiltfile

@@ -21,7 +21,7 @@ docker_build(
     'localhost:5001/impress-y-webrtc-signaling:latest',
     context='..',
     dockerfile='../src/frontend/Dockerfile',
-    only=['./src/frontend/', './docker/', './dockerignore'],
+    only=['./src/frontend/', './docker/', './.dockerignore'],
     target = 'y-webrtc-signaling',
     live_update=[
         sync('../src/frontend/apps/y-webrtc-signaling/src', '/home/frontend/apps/y-webrtc-signaling/src'),
@@ -32,7 +32,7 @@ docker_build(
     'localhost:5001/impress-frontend:latest',
     context='..',
     dockerfile='../src/frontend/Dockerfile',
-    only=['./src/frontend', './docker', './dockerignore'],
+    only=['./src/frontend', './docker', './.dockerignore'],
     target = 'impress',
     live_update=[
         sync('../src/frontend', '/home/frontend'),

bin/start-kind.sh

@@ -1,7 +1,9 @@
-djangoSecretKey: ENC[AES256_GCM,data:2b4nHO2i/HtaNJYi1d8xJyhCpK1qV7fHD45T6VarWpNg1HkcJgC7zTgHMEvfedRd2tE=,iv:qcHlXG/mNr3CFtZhjbw3AVRbMxkGZaAZPtHtS8ksO58=,tag:mTC6mc5JKqpEQ/9ubggKmA==,type:str]
+djangoSuperUserEmail: ENC[AES256_GCM,data:7b1xfYmr1g0RlBmsHBRA39ZPV/6+1DrtHQ==,iv:/GW7oLxPTZYmRWVPvyAQMoZl1owHM4Fo0XAOtyEh2rA=,tag:DaqoW+dglyAOXMm5+mrDfA==,type:str]
+djangoSuperUserPass: ENC[AES256_GCM,data:RQgX,iv:q3CdfmwGfHSTjLXTimDk/1MyoFLviRuwmZa2E7GUzhY=,tag:HCtdtqgSxdJIHFhI8xpegQ==,type:str]
+djangoSecretKey: ENC[AES256_GCM,data:mtJCf6mKfj/fJkg4wmfIvvU1vkUEF77BI8TUFikp/M3nPveDXhKmy3Cw3cXFpOYiFZ0=,iv:qwPRKsPS1Jhylj5asbmknXm1xOX3nfp9iccuorUrcj0=,tag:ENVfAt4i3PttoqD8+Kc4wQ==,type:str]
 oidc:
-    clientId: ENC[AES256_GCM,data:gcwhXfL4iNwWWleR/l3p2aRSp9nsdLhQtUMlglLqJSdDy6iu,iv:WxK7BBQrVa115dsHEiMC7NyvlQXuhLiZzHYSuhZYy4w=,tag:RYwutm8QB+mIl7b+AYvqxg==,type:str]
-    clientSecret: ENC[AES256_GCM,data:9rU6HWRiX+6afLf4fGyIRyiv/pyihbCbO9DA2L4HOz/RAMaO9iZWW1QqIK8JCBuGh/XP1I3sd0mlbiXxCv1X3w==,iv:0NgcQtCVjIWhfzQbBx2Hh7NxumF3xW8nNuReUkvdk58=,tag:rkMAJ8Ilk8Pusw3PAyW/6A==,type:str]
+    clientId: ENC[AES256_GCM,data:wndPCbysbWDybdHglcG+wkMWk1rrD40hKqFxct9T3TLEGOk/,iv:RH1OdBX1GYIT90sSq0AGz49fFi6dL0m49Pegs6Ko9tQ=,tag:/tKytQwoZkBX1Tf96gAjIA==,type:str]
+    clientSecret: ENC[AES256_GCM,data:MUJ0wsg+LC2QZ1jZ0Twd3FS3dQevmJq9/97qVI3ARHuJIVlQz0Qah4vE7/iR+sn7ME2o1s1AzV4c1Yx/F3nHBg==,iv:LvinICSzF/8EvrHZD4Jp6lt7g3yxSOEgVHPrc3SShjo=,tag:yvkyyBXmhEkmGL7jZevUCA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -11,50 +13,41 @@ sops:
         - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiem9OZTZYQnV5UVpzaHN0
-            MlpGL2xaMTVldkVPY2Jub3IxU2FhcVBNYWxvCk1qbHJFa2ZVdmp4Yy9COGFPNzlL
-            amh5S21qbm1jTlgxZjBZMk5BTllNZlUKLS0tIGM5aTJrbnRSdXZPWVF3RVR2dlRD
-            NThRV1hpb0k5RElvRlYySTZyMXp3dGsK92FrBnrHAIRcGooyJviJSUA+eHiwvVkm
-            b1T9jk9bmoipV/8WkXbGyk0TZKYuB4pvPE88eNLrYeotTiRu9tJUNw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SEZZa0l2QXVleFBsZ3Ja
+            aVVkdkQySXp5OGF6K2R1K21JSS9jR1BLRVEwCnFJemdITElaVytiS0NDbktlT3Fk
+            cTdMREFjTXZSMlUzMEtENS94eUw3RDAKLS0tIHlsK0t6YTZuQllERmMwYklORTBU
+            NjdoazdLekZja0FqMWJmRTgvY3lRQjQKq73e9CaI5ooS9IHg/lID6l1nhQE5eOCH
+            agLfEIjAHXwyZvwOPUal96A1uf+79bvC6xz8jsyCwlaTzSdKQAc5bg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQUhLb2Z4N3ptTjBHZ3N3
-            cVBNMDJFS09wck9LcytJR1h4WCtlblZpYkJnCmdBN1laOGdiN1lKbUFBOTdLTUM1
-            NHFLZm51M0dLakIxcG1ncnFrb3dCeXMKLS0tIDdWUmlkYy9PSWhoYkRPNXc4aDNa
-            TWxUMUlqUHhNL3NZL0R2WE9ySU5wcTAKMzwEzXiGSGr4BJNZ78mo68V1Jq4ydOWl
-            dlSkEe+zv2jYYmLxirBDbLN+dwUwyAA8/eYYidvuMvHw1sfT14GyRw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGV0wzN213a2xDNUFhWnpQ
+            bzlsS3o3bys3UGVhTjRzSVRWZndBMmVDTDJRCjdiQ3JEOGRwVEc4YWRHR3crd01y
+            clpnODZaNkR4MlhiNklUTHo0anBwU00KLS0tIGtwdnVxeGprZ1FteC8rdThpK3F4
+            cDFyMlJsWkZzNWZmV2J0YmFiM1g4TUEKnX6NvHhSvYQN2VtCSY/z1ejXMeTZRn7M
+            dY3QyMnyxFyAOi/f7d0oI3ni9vpXwxUor2yC5Jl0ZUypAuPys58E0A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZFRjVmtiVXpONk4xZktB
-            TXo5OE1Jam1qREdPTjJSanUvd3R3dWI5SDA0CjZqZDNxZklNZXhvOExSaGlzOW85
-            OFYxMzhYMTFDUStpYTdLdEFEdUU3ZW8KLS0tIDVkYmVQMTcvbFhFa0xPb2h6TlFW
-            TmJUY2hncjg4TkhxOWRxazh5cXQyWHcKgDbgGfl1WQiT6tIG/pmikYUYIF0l4kj7
-            ZxlgL+Vn9y3fl5B2LGn/fXfi9B/exgLMCR/GRm3vF4OpPqLYbL0rzw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaY2h5UWlBb20zWnFJd09Q
+            QkZRVWl6S3lhcHl6YnBBcFRmZHYxRlVFdFU4CnJYU3NneStsSGlaYnpCQnhuazFh
+            RmYvNCsvVkpEYVo1TW83TDRuL1hKdjQKLS0tIE5QMEdoY0ZuOU9WTzJCYjNGWUQ0
+            QlNOcUtmanZ3aGRxTk1YNzk2d25YZ0UKe2cxQ/KKWTPKOe904Fz+LnGQSONzyQwR
+            MvRuoH8GMpGVAdmWSGyX/lfhy3GKm0b4p6eUhjNGWMqTDx/D2Wyxwg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWanllM2FDOStFNWVhR1A3
-            MVJMRDFCTHY3ZlF3MHg3MGxOWGRtSko0MVd3CmFheUllSkN4VTF5WmZubU1BeWtp
-            em1tL3dwWGszYmVYSUlwVVZDR3BIK0UKLS0tIDQrWEtuZGVSM3JwM0xYc2N2alpG
-            eEtzN3Y3UVZkQVlBd0dUWmdVdStSUmcKNQZ0uj0Sj3e7Q9PKsZi4CcS5LEWlD9tL
-            nOaoMiN1AA307uvePKgFAuChQ5VsAGMcegLJ5M8w516/+yO42yexUw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbGFHck12OTZ3UmZJb1Zr
+            aEx6eUFmVEdSN0tXd3o3aFh5cnlTV1gyN0RVCm1xODQ1dE5CcUlla0o1K3FZR2l5
+            ejJtYWtKY1J3VExUVGgyMVE1aEdVWHcKLS0tIFErOXUzZmkrZitReWRad2pod3g4
+            Y2lvZ0ZSQTQ1clpVRjVqVkpiU29xMHMKmJx6THddKTBkKwX7iZzXkZPLHowLZEGp
+            rDkOw5w+V1ECbGmpkYssh8Cv0WsJVXpxfdLhzrzAWPJEQFz7T8sqYw==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxa0F4VW5oRGFYSVpPOTVW
-            QjEvL2czQkRwK0tWOStxYkJRaUlHUjlSWWswClE4TW9tLy9oQXZQSVc3R3cwTGU1
-            ZGh4UTUzR0FKY0NmMFFaaTFKakVNNlkKLS0tIFRvZ0V5emV6cjBqNlZxOEpwVy8y
-            N0ZkVmNzTzhhRTA5TDMxc2tGN3BFemMKlyPtb7gfYREoPaU3ZlpynCuqxo4KW0b9
-            G+3aGz7SKZ7pcuAaWuuMdyA6XzwS/HOe2L2cW3P5x/0k0JQd2Ie8jA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-11T14:59:54Z"
-    mac: ENC[AES256_GCM,data:Pv37FsNCpk5Ckx3a+j+daPB6f34X5kIko/AZIQkgfRXs3SRJtAdp5VuwYTtwcp/s3Hxi6ZZPLZ+YRh6OqN5g3GaOBR4z2Ohv0ioB/5FLMICOt7VM/zroyXWIjWwpRPsRwjesba7nr9CqbQNDYt8ko4O9kR4w6y2JHbzLeOkohHc=,iv:+/B4m+c03e9iQMrijg7hJhDwQJZP55Bhnsr0n00Y2Cw=,tag:vXVZVbU+R1FpNVUSgnFA9A==,type:str]
+    lastmodified: "2024-07-02T10:03:17Z"
+    mac: ENC[AES256_GCM,data:qx236E1cFtBmbYyUf6B95/Fwu2hoi9ZAhUcYiY/tsG9h1+kwXntfkvbH3ekyI7A5ZrpJXMeQZ7gLc+ohci4m5Ju+/G39MjMt+ww0Y6gBMqe59YlHfeFD2mYsnn9j1pqtbrIJ6+8fLDmhaXtGtXP3qRmFTc9LwL6Rm+5gn8cjcnA=,iv:TC7zBnQ0hRz0JSytrYVnyJiI1eMWRTBqctLajZYUhvU=,tag:wCBeo2xD5UpdRqGjkZxbXA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.8.1

secrets

@@ -129,13 +129,19 @@ ingress:
   className: nginx
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/auth-secret: htaccess
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
 
 ingressWS:
   enabled: true
   host: impress-preprod.beta.numerique.gouv.fr
   className: nginx
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/auth-secret: htaccess
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
 
 ingressAdmin:
   enabled: true

src/helm/env.d/dev/secrets.enc.yaml

@@ -129,13 +129,19 @@ ingress:
   className: nginx
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/auth-secret: htaccess
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
 
 ingressWS:
   enabled: true
   host: docs.numerique.gouv.fr
   className: nginx
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/auth-secret: htaccess
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
 
 ingressAdmin:
   enabled: true

src/helm/env.d/preprod/values.impress.yaml.gotmpl

@@ -0,0 +1,9 @@
+{{ if .Values.htaccess }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: htaccess
+  namespace: {{ .Release.Namespace | quote }}
+stringData:
+  auth: {{ .Values.htaccess }}
+{{ end }}