🧑‍💻(tilt) load secret vars from new env file

To avoid commiting secrets, I am introducing a new kube-secret
env file that is loaded by tilt as a secret. Dev helm
values are updated accordingly.

Author: FloChehab

Makefile

@@ -73,7 +73,8 @@ create-env-files: \
 	env.d/development/crowdin \
 	env.d/development/postgresql \
 	env.d/development/kc_postgresql \
-	env.d/development/summary
+	env.d/development/summary \
+	env.d/development/kube-secret
 .PHONY: create-env-files
 
 bootstrap: ## Prepare Docker images for the project
@@ -265,6 +266,9 @@ env.d/development/kc_postgresql:
 env.d/development/summary:
 	cp -n env.d/development/summary.dist env.d/development/summary
 
+env.d/development/kube-secret:
+	cp -n env.d/development/kube-secret.dist env.d/development/kube-secret
+
 # -- Internationalization
 
 env.d/development/crowdin:

bin/Tiltfile

@@ -95,6 +95,12 @@ docker_build(
 )
 clean_old_images('localhost:5001/meet-livekit')
 
+load('ext://secret', 'secret_yaml_generic')
+k8s_yaml(secret_yaml_generic(
+    name="secret-dev",
+    from_env_file="../env.d/development/kube-secret"
+))
+
 k8s_yaml(local('cd ../src/helm && helmfile -n meet -e ${DEV_ENV:-dev} template .'))
 
 k8s_resource('minio-bucket', resource_deps=['minio'])

env.d/development/kube-secret.dist

@@ -0,0 +1,4 @@
+WHISPERX_BASE_URL=https://configure-your-url.com
+WHISPERX_API_KEY=<key>
+LLM_BASE_URL=https://configure-your-url.com
+LLM_API_KEY=<key>

src/helm/env.d/dev-dinum/values.meet.yaml.gotmpl

@@ -6,12 +6,24 @@ _summaryEnvVars: &summaryEnvVars
   AWS_S3_ACCESS_KEY_ID: meet
   AWS_S3_SECRET_ACCESS_KEY: password
   AWS_S3_SECURE_ACCESS: False
-  WHISPERX_API_KEY: your-secret-value
-  WHISPERX_BASE_URL: https://configure-your-url.com
+  WHISPERX_API_KEY:
+    secretKeyRef:
+      name: secret-dev
+      key: WHISPERX_API_KEY
+  WHISPERX_BASE_URL:
+    secretKeyRef:
+      name: secret-dev
+      key: WHISPERX_BASE_URL
   WHISPERX_ASR_MODEL: large-v2
   WHISPERX_DEFAULT_LANGUAGE: fr
-  LLM_BASE_URL: https://configure-your-url.com
-  LLM_API_KEY: your-secret-value
+  LLM_BASE_URL:
+    secretKeyRef:
+      name: secret-dev
+      key: LLM_BASE_URL
+  LLM_API_KEY:
+    secretKeyRef:
+      name: secret-dev
+      key: LLM_API_KEY
   LLM_MODEL: meta-llama/Llama-3.1-8B-Instruct
   WEBHOOK_API_TOKEN: password
   WEBHOOK_URL: https://www.mock-impress.com/webhook/

src/helm/env.d/dev-keycloak/values.meet.yaml.gotmpl

@@ -6,12 +6,24 @@ _summaryEnvVars: &summaryEnvVars
   AWS_S3_ACCESS_KEY_ID: meet
   AWS_S3_SECRET_ACCESS_KEY: password
   AWS_S3_SECURE_ACCESS: False
-  WHISPERX_API_KEY: your-secret-value
-  WHISPERX_BASE_URL: https://configure-your-url.com
+  WHISPERX_API_KEY:
+    secretKeyRef:
+      name: secret-dev
+      key: WHISPERX_API_KEY
+  WHISPERX_BASE_URL:
+    secretKeyRef:
+      name: secret-dev
+      key: WHISPERX_BASE_URL
   WHISPERX_ASR_MODEL: large-v2
   WHISPERX_DEFAULT_LANGUAGE: fr
-  LLM_BASE_URL: https://configure-your-url.com
-  LLM_API_KEY: your-secret-value
+  LLM_BASE_URL:
+    secretKeyRef:
+      name: secret-dev
+      key: LLM_BASE_URL
+  LLM_API_KEY:
+    secretKeyRef:
+      name: secret-dev
+      key: LLM_API_KEY
   LLM_MODEL: meta-llama/Llama-3.1-8B-Instruct
   WEBHOOK_API_TOKEN: password
   WEBHOOK_URL: https://www.mock-impress.com/webhook/