Skip to content

Commit 111bec4

Browse files
LudvigHzLudvigHz
authored
Merge pull request #99 from navikt/dev
[PROD] fjerne fnr fra url, gcp & avhengigheter
2 parents 8b2fef5 + 5aff379 commit 111bec4

40 files changed

+618
-674
lines changed

.github/dependabot.yml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: gradle
4+
directory: /
5+
schedule:
6+
interval: daily
7+
time: "05:00"
8+
timezone: Europe/Oslo
9+
10+
- package-ecosystem: github-actions
11+
directory: /
12+
schedule:
13+
interval: daily
14+
time: "05:00"
15+
timezone: Europe/Oslo

.github/workflows/main.yml

Lines changed: 44 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,12 @@ jobs:
1111
runs-on: ubuntu-latest
1212
if: github.ref != 'refs/heads/dev' && github.ref != 'refs/heads/master'
1313
steps:
14-
- uses: actions/checkout@v3
15-
- name: Set up JDK 17
16-
uses: actions/setup-java@v3
14+
- uses: actions/checkout@v4
15+
- name: Set up JDK 21
16+
uses: actions/setup-java@v4
1717
with:
1818
distribution: 'temurin'
19-
java-version: 17
19+
java-version: 21
2020
cache: 'gradle'
2121
- name: Install ktlint
2222
uses: nbadal/action-ktlint-setup@v1
@@ -39,12 +39,12 @@ jobs:
3939
outputs:
4040
image: ${{ steps.docker-build-push.outputs.image }}
4141
steps:
42-
- uses: actions/checkout@v3
43-
- name: Set up JDK 17
44-
uses: actions/setup-java@v3
42+
- uses: actions/checkout@v4
43+
- name: Set up JDK 21
44+
uses: actions/setup-java@v4
4545
with:
4646
distribution: 'temurin'
47-
java-version: 17
47+
java-version: 21
4848
cache: 'gradle'
4949
continue-on-error: true
5050
- name: Build
@@ -66,14 +66,31 @@ jobs:
6666
contents: read
6767
id-token: write
6868
steps:
69-
- uses: actions/checkout@v3
69+
- uses: actions/checkout@v4
7070
- uses: nais/deploy/actions/deploy@v2
7171
env:
7272
PRINT_PAYLOAD: true
7373
CLUSTER: dev-fss
7474
RESOURCE: .nais/preprod.yml
7575
VAR: image=${{ needs.build-and-push.outputs.image }}
7676

77+
deploy-dev-gcp:
78+
name: Deploy to dev-gcp
79+
needs: build-and-push
80+
if: github.ref == 'refs/heads/dev'
81+
runs-on: ubuntu-latest
82+
permissions:
83+
contents: read
84+
id-token: write
85+
steps:
86+
- uses: actions/checkout@v4
87+
- uses: nais/deploy/actions/deploy@v2
88+
env:
89+
PRINT_PAYLOAD: true
90+
CLUSTER: dev-gcp
91+
RESOURCE: .nais/dev.yml
92+
VAR: image=${{ needs.build-and-push.outputs.image }}
93+
7794
deploy-prod:
7895
name: Deploy to prod
7996
needs: build-and-push
@@ -83,10 +100,27 @@ jobs:
83100
contents: read
84101
id-token: write
85102
steps:
86-
- uses: actions/checkout@v3
103+
- uses: actions/checkout@v4
87104
- uses: nais/deploy/actions/deploy@v2
88105
env:
89106
PRINT_PAYLOAD: true
90107
CLUSTER: prod-fss
91108
RESOURCE: .nais/prod.yml
92109
VAR: image=${{ needs.build-and-push.outputs.image }}
110+
111+
deploy-prod-gcp:
112+
name: Deploy to prod gcp
113+
needs: build-and-push
114+
if: github.ref == 'refs/heads/master'
115+
runs-on: ubuntu-latest
116+
permissions:
117+
contents: read
118+
id-token: write
119+
steps:
120+
- uses: actions/checkout@v4
121+
- uses: nais/deploy/actions/deploy@v2
122+
env:
123+
PRINT_PAYLOAD: true
124+
CLUSTER: prod-gcp
125+
RESOURCE: .nais/prod-gcp.yml
126+
VAR: image=${{ needs.build-and-push.outputs.image }}

.nais/dev.yml

Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
apiVersion: "nais.io/v1alpha1"
2+
kind: "Application"
3+
metadata:
4+
name: modia-robot-api
5+
namespace: personoversikt
6+
labels:
7+
team: personoversikt
8+
spec:
9+
image: {{image}}
10+
port: 7070
11+
liveness:
12+
path: /internal/isAlive
13+
initialDelay: 20
14+
timeout: 1
15+
periodSeconds: 5
16+
failureThreshold: 10
17+
readiness:
18+
path: /internal/isReady
19+
initialDelay: 20
20+
timeout: 1
21+
prometheus:
22+
enabled: true
23+
path: /internal/metrics
24+
secureLogs:
25+
enabled: true
26+
resources:
27+
requests:
28+
cpu: 50m
29+
memory: 256Mi
30+
limits:
31+
cpu: 2000m
32+
memory: 512Mi
33+
ingresses:
34+
- https://modia-robot-api.intern.dev.nav.no
35+
replicas:
36+
min: 1
37+
max: 1
38+
cpuThresholdPercentage: 90
39+
azure:
40+
application:
41+
enabled: true
42+
tenant: trygdeetaten.no
43+
allowAllUsers: true
44+
claims:
45+
extra:
46+
- "NAVident"
47+
accessPolicy:
48+
outbound:
49+
external:
50+
- host: veilarboppfolging.dev-fss-pub.nais.io
51+
- host: nom-api.intern.dev.nav.no
52+
- host: pdl-api.dev-fss-pub.nais.io
53+
- host: saf-q1.dev-fss-pub.nais.io
54+
- host: digdir-krr-proxy.intern.dev.nav.no
55+
- host: sokos-utbetaldata.dev-fss-pub.nais.io
56+
- host: sf-henvendelse-api-proxy.dev-fss-pub.nais.io
57+
- host: sokos-kontoregister-person.intern.dev.nav.no
58+
inbound:
59+
rules:
60+
- application: rpa-medlemskap-og-avgift
61+
namespace: team-rpa
62+
cluster: dev-fss
63+
- application: ida
64+
cluster: prod-fss
65+
namespace: traktor
66+
- application: rpa-nav-okonomi-stonad
67+
cluster: dev-fss
68+
namespace: team-rpa-nos
69+
env:
70+
- name: IDENT_ALLOW_LIST
71+
value: "R154727,R156418,R158345,R158346,R160569,R165950,R165951,R165952,R150818,R150819,R155645,R162552,Z994123,Z990351,Z992779,Z990949,Z990467,Z991629,Z990237,Z994673,Z994818,Z990715,Z990715"
72+
- name: OPPFOLGING_URL
73+
value: "https://veilarboppfolging.dev-fss-pub.nais.io/veilarboppfolging/api"
74+
- name: OPPFOLGING_SCOPE
75+
value: "dev-fss:pto:veilarboppfolging"
76+
- name: NOM_URL
77+
value: "https://nom-api.intern.dev.nav.no"
78+
- name: NOM_SCOPE
79+
value: "dev-gcp:nom:nom-api"
80+
- name: PDL_URL
81+
value: "https://pdl-api.dev-fss-pub.nais.io/graphql"
82+
- name: PDL_SCOPE
83+
value: "dev-fss:pdl:pdl-api"
84+
- name: SAF_URL
85+
value: "https://saf-q1.dev-fss-pub.nais.io/graphql"
86+
- name: SAF_SCOPE
87+
value: "dev-fss:teamdokumenthandtering:saf"
88+
- name: SKRIVESTOTTE_URL
89+
value: "https://modiapersonoversikt-skrivestotte.intern.dev.nav.no"
90+
- name: DIGDIR_KRR_URL
91+
value: "https://digdir-krr-proxy.intern.dev.nav.no/"
92+
- name: DIGDIR_KRR_SCOPE
93+
value: "dev-gcp:team-rocket:digdir-krr-proxy"
94+
- name: UTBETALDATA_SOKOS_URL
95+
value: "https://sokos-utbetaldata.dev-fss-pub.nais.io/utbetaldata/api"
96+
- name: UTBETAL_SOKOS_SCOPE
97+
value: "dev-fss:okonomi:sokos-utbetaldata"
98+
- name: SF_HENVENDELSE_URL
99+
value: "https://sf-henvendelse-api-proxy.dev-fss-pub.nais.io/api"
100+
- name: SF_HENVENDELSE_SCOPE
101+
value: "dev-fss:teamnks:sf-henvendelse-api-proxy"
102+
- name: KONTOREGISTER_REST_URL
103+
value: "https://sokos-kontoregister-person.intern.dev.nav.no/api/system"
104+
- name: KONTOREGISTER_SCOPE
105+
value: "dev-gcp:okonomi:sokos-kontoregister-person"
106+
- name: CXF_SECURE_LOG
107+
value: "enabled"

.nais/preprod.yml

Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,6 @@ spec:
99
image: {{image}}
1010
port: 7070
1111
webproxy: true
12-
accessPolicy:
13-
inbound:
14-
rules:
15-
- application: rpa-medlemskap-og-avgift
16-
namespace: team-rpa
17-
cluster: dev-fss
1812
liveness:
1913
path: /internal/isAlive
2014
initialDelay: 20
@@ -51,6 +45,18 @@ spec:
5145
claims:
5246
extra:
5347
- "NAVident"
48+
accessPolicy:
49+
inbound:
50+
rules:
51+
- application: rpa-medlemskap-og-avgift
52+
namespace: team-rpa
53+
cluster: dev-fss
54+
- application: ida
55+
cluster: prod-fss
56+
namespace: traktor
57+
- application: rpa-nav-okonomi-stonad
58+
cluster: dev-fss
59+
namespace: team-rpa-nos
5460
vault:
5561
enabled: true
5662
paths:
@@ -64,15 +70,11 @@ spec:
6470
mountPath: /var/run/secrets/nais.io/vault
6571
env:
6672
- name: IDENT_ALLOW_LIST
67-
value: "R154727,R156418,R158345,R158346,R160569,R165950,R165951,R165952,R150818,R150819,R155645,R162552,Z994123,Z990351,Z992779,Z990949,Z990467,Z991629,Z990237,Z994673,Z994818"
68-
- name: SECURITYTOKENSERVICE_URL
69-
value: "https://sts-q1.preprod.local/SecurityTokenServiceProvider/"
73+
value: "R154727,R156418,R158345,R158346,R160569,R165950,R165951,R165952,R150818,R150819,R155645,R162552,Z994123,Z990351,Z992779,Z990949,Z990467,Z991629,Z990237,Z994673,Z994818,Z990715,Z990715"
7074
- name: OPPFOLGING_URL
7175
value: "https://veilarboppfolging.dev.intern.nav.no/veilarboppfolging/api"
7276
- name: OPPFOLGING_SCOPE
7377
value: "dev-fss:pto:veilarboppfolging"
74-
- name: TPS_PERSONV3_URL
75-
value: "https://app-q1.adeo.no/tpsws-aura/ws/Person/v3"
7678
- name: NOM_URL
7779
value: "https://nom-api.intern.dev.nav.no"
7880
- name: NOM_SCOPE
@@ -99,5 +101,9 @@ spec:
99101
value: "https://sf-henvendelse.dev.intern.nav.no/api"
100102
- name: SF_HENVENDELSE_SCOPE
101103
value: "dev-fss:teamcrm:sf-henvendelse"
104+
- name: KONTOREGISTER_REST_URL
105+
value: "https://sokos-kontoregister-person.intern.dev.nav.no/api/system"
106+
- name: KONTOREGISTER_SCOPE
107+
value: "dev-gcp:okonomi:sokos-kontoregister-person"
102108
- name: CXF_SECURE_LOG
103109
value: "enabled"

.nais/prod-gcp.yml

Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
apiVersion: "nais.io/v1alpha1"
2+
kind: "Application"
3+
metadata:
4+
name: modia-robot-api
5+
namespace: personoversikt
6+
labels:
7+
team: personoversikt
8+
spec:
9+
image: {{image}}
10+
port: 7070
11+
liveness:
12+
path: /internal/isAlive
13+
initialDelay: 20
14+
timeout: 1
15+
periodSeconds: 5
16+
failureThreshold: 10
17+
readiness:
18+
path: /internal/isReady
19+
initialDelay: 20
20+
timeout: 1
21+
prometheus:
22+
enabled: true
23+
path: /internal/metrics
24+
secureLogs:
25+
enabled: true
26+
resources:
27+
requests:
28+
cpu: 50m
29+
memory: 256Mi
30+
limits:
31+
cpu: 2000m
32+
memory: 512Mi
33+
ingresses:
34+
- https://modia-robot-api.intern.nav.no
35+
replicas:
36+
min: 2
37+
max: 4
38+
cpuThresholdPercentage: 65
39+
azure:
40+
application:
41+
enabled: true
42+
tenant: nav.no
43+
allowAllUsers: true
44+
claims:
45+
extra:
46+
- "NAVident"
47+
accessPolicy:
48+
outbound:
49+
external:
50+
- host: veilarboppfolging.prod-fss-pub.nais.io
51+
- host: nom-api.intern.prod.nav.no
52+
- host: pdl-api.prod-fss-pub.nais.io
53+
- host: saf.prod-fss-pub.nais.io
54+
- host: digdir-krr-proxy.intern.nav.no
55+
- host: sokos-utbetaldata.prod-fss-pub.nais.io
56+
- host: sf-henvendelse-api-proxy.prod-fss-pub.nais.io
57+
- host: sokos-kontoregister-person.intern.nav.no
58+
inbound:
59+
rules:
60+
- application: rpa-medlemskap-og-avgift
61+
namespace: team-rpa
62+
cluster: prod-fss
63+
- application: ida
64+
cluster: prod-fss
65+
namespace: traktor
66+
- application: rpa-nav-okonomi-stonad
67+
cluster: prod-fss
68+
namespace: team-rpa-nos
69+
env:
70+
- name: IDENT_ALLOW_LIST
71+
value: "R154727,R156418,R158345,R158346,R160569,R165950,R165951,R165952,R150818,R150819,R155645,R162552,D159483,U143410"
72+
- name: OPPFOLGING_URL
73+
value: "https://veilarboppfolging.prod-fss-pub.nais.io/veilarboppfolging/api"
74+
- name: OPPFOLGING_SCOPE
75+
value: "prod-fss:pto:veilarboppfolging"
76+
- name: NOM_URL
77+
value: "https://nom-api.intern.nav.no"
78+
- name: NOM_SCOPE
79+
value: "prod-gcp:nom:nom-api"
80+
- name: PDL_URL
81+
value: "https://pdl-api.prod-fss-pub.nais.io/graphql"
82+
- name: PDL_SCOPE
83+
value: "prod-fss:pdl:pdl-api"
84+
- name: SAF_URL
85+
value: "https://saf.prod-fss-pub.nais.io/graphql"
86+
- name: SAF_SCOPE
87+
value: "prod-fss:teamdokumenthandtering:saf"
88+
- name: SKRIVESTOTTE_URL
89+
value: "https://modiapersonoversikt-skrivestotte.intern.nav.no"
90+
- name: DIGDIR_KRR_URL
91+
value: "https://digdir-krr-proxy.intern.nav.no/"
92+
- name: DIGDIR_KRR_SCOPE
93+
value: "prod-gcp:team-rocket:digdir-krr-proxy"
94+
- name: UTBETALDATA_SOKOS_URL
95+
value: "https://sokos-utbetaldata.prod-fss-pub.nais.io/utbetaldata/api"
96+
- name: UTBETAL_SOKOS_SCOPE
97+
value: "prod-fss:okonomi:sokos-utbetaldata"
98+
- name: SF_HENVENDELSE_URL
99+
value: "https://sf-henvendelse-api-proxy.prod-fss-pub.nais.io/api"
100+
- name: SF_HENVENDELSE_SCOPE
101+
value: "prod-fss:teamnks:sf-henvendelse-api-proxy"
102+
- name: KONTOREGISTER_REST_URL
103+
value: "https://sokos-kontoregister-person.intern.nav.no/api/system"
104+
- name: KONTOREGISTER_SCOPE
105+
value: "prod-gcp:okonomi:sokos-kontoregister-person"
106+
- name: CXF_SECURE_LOG
107+
value: "enabled"

0 commit comments

Comments
 (0)