From 0dc844f81f16d9411848c4a0b248938507524d67 Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Fri, 3 Jul 2026 19:21:54 +0530 Subject: [PATCH] chore: update helm templates --- deploy/helm/dograh/templates/coturn-configmap.yaml | 3 ++- deploy/helm/dograh/templates/coturn-deployment.yaml | 12 ++++-------- deploy/helm/dograh/templates/httproute-api.yaml | 4 +++- deploy/helm/dograh/templates/ingress.yaml | 6 +++++- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/deploy/helm/dograh/templates/coturn-configmap.yaml b/deploy/helm/dograh/templates/coturn-configmap.yaml index 9148d4a2..584035ac 100644 --- a/deploy/helm/dograh/templates/coturn-configmap.yaml +++ b/deploy/helm/dograh/templates/coturn-configmap.yaml @@ -26,8 +26,9 @@ data: realm={{ .Values.coturn.realm }} + # static-auth-secret is passed on the turnserver command line (see the + # deployment); the ConfigMap stays secret-free. use-auth-secret - static-auth-secret=$(TURN_SECRET) fingerprint no-cli diff --git a/deploy/helm/dograh/templates/coturn-deployment.yaml b/deploy/helm/dograh/templates/coturn-deployment.yaml index 16d958c2..182ee865 100644 --- a/deploy/helm/dograh/templates/coturn-deployment.yaml +++ b/deploy/helm/dograh/templates/coturn-deployment.yaml @@ -39,17 +39,13 @@ spec: - name: coturn image: {{ include "dograh.coturn.image" . }} imagePullPolicy: {{ .Values.coturn.image.pullPolicy }} - # coturn doesn't expand env vars in its config file; we render - # via envsubst at start so static-auth-secret can come from a - # Kubernetes Secret instead of being baked into the ConfigMap. + # coturn doesn't expand env vars in its config file; pass the + # secret as a CLI flag instead so it can come from a Kubernetes + # Secret without being baked into the ConfigMap. command: - sh - -c - - | - set -e - apk add --no-cache gettext >/dev/null 2>&1 || true - envsubst < /etc/coturn-template/turnserver.conf > /tmp/turnserver.conf - exec turnserver -c /tmp/turnserver.conf + - exec turnserver -c /etc/coturn-template/turnserver.conf --static-auth-secret="${TURN_SECRET}" env: - name: TURN_SECRET valueFrom: diff --git a/deploy/helm/dograh/templates/httproute-api.yaml b/deploy/helm/dograh/templates/httproute-api.yaml index 8e8a2922..24eecf2e 100644 --- a/deploy/helm/dograh/templates/httproute-api.yaml +++ b/deploy/helm/dograh/templates/httproute-api.yaml @@ -24,9 +24,11 @@ spec: {{- end }} rules: - matches: + # /api/v1/ (not /api/) — /api/auth/* and /api/config/* are Next.js + # routes on the UI and must not be captured here. - path: type: PathPrefix - value: /api/ + value: /api/v1/ backendRefs: - name: {{ include "dograh.web.fullname" . }} port: {{ .Values.web.service.port }} diff --git a/deploy/helm/dograh/templates/ingress.yaml b/deploy/helm/dograh/templates/ingress.yaml index e06850cf..e71e3eb4 100644 --- a/deploy/helm/dograh/templates/ingress.yaml +++ b/deploy/helm/dograh/templates/ingress.yaml @@ -32,7 +32,11 @@ spec: {{- end }} http: paths: - - path: /api/ + # /api/v1/ (not /api/) — the UI serves its own Next.js routes under + # /api/auth/* and /api/config/*, which must fall through to the UI. + # Everything browser→backend (REST + the signaling WebSocket) is + # namespaced under /api/v1/. + - path: /api/v1/ pathType: Prefix backend: service: