chore: update helm templates

This commit is contained in:
Abhishek Kumar 2026-07-03 19:21:54 +05:30
parent 79a4a3c9f1
commit 0dc844f81f
4 changed files with 14 additions and 11 deletions

View file

@ -26,8 +26,9 @@ data:
realm={{ .Values.coturn.realm }}
# static-auth-secret is passed on the turnserver command line (see the
# deployment); the ConfigMap stays secret-free.
use-auth-secret
static-auth-secret=$(TURN_SECRET)
fingerprint
no-cli

View file

@ -39,17 +39,13 @@ spec:
- name: coturn
image: {{ include "dograh.coturn.image" . }}
imagePullPolicy: {{ .Values.coturn.image.pullPolicy }}
# coturn doesn't expand env vars in its config file; we render
# via envsubst at start so static-auth-secret can come from a
# Kubernetes Secret instead of being baked into the ConfigMap.
# coturn doesn't expand env vars in its config file; pass the
# secret as a CLI flag instead so it can come from a Kubernetes
# Secret without being baked into the ConfigMap.
command:
- sh
- -c
- |
set -e
apk add --no-cache gettext >/dev/null 2>&1 || true
envsubst < /etc/coturn-template/turnserver.conf > /tmp/turnserver.conf
exec turnserver -c /tmp/turnserver.conf
- exec turnserver -c /etc/coturn-template/turnserver.conf --static-auth-secret="${TURN_SECRET}"
env:
- name: TURN_SECRET
valueFrom:

View file

@ -24,9 +24,11 @@ spec:
{{- end }}
rules:
- matches:
# /api/v1/ (not /api/) — /api/auth/* and /api/config/* are Next.js
# routes on the UI and must not be captured here.
- path:
type: PathPrefix
value: /api/
value: /api/v1/
backendRefs:
- name: {{ include "dograh.web.fullname" . }}
port: {{ .Values.web.service.port }}

View file

@ -32,7 +32,11 @@ spec:
{{- end }}
http:
paths:
- path: /api/
# /api/v1/ (not /api/) — the UI serves its own Next.js routes under
# /api/auth/* and /api/config/*, which must fall through to the UI.
# Everything browser→backend (REST + the signaling WebSocket) is
# namespaced under /api/v1/.
- path: /api/v1/
pathType: Prefix
backend:
service: