[KAIZEN-0] deploy til prod gcp

Author: abrhanav

.github/workflows/main.yml

@@ -107,3 +107,20 @@ jobs:
           CLUSTER: prod-fss
           RESOURCE: .nais/prod.yml
           VAR: image=${{ needs.build-and-push.outputs.image }}
+
+  deploy-prod-gcp:
+    name: Deploy to prod gcp
+    needs: build-and-push
+    if: github.ref == 'refs/heads/master'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: nais/deploy/actions/deploy@v2
+        env:
+          PRINT_PAYLOAD: true
+          CLUSTER: prod-gcp
+          RESOURCE: .nais/prod-gcp.yml
+          VAR: image=${{ needs.build-and-push.outputs.image }}

.nais/prod-gcp.yml

@@ -0,0 +1,108 @@
+apiVersion: "nais.io/v1alpha1"
+kind: "Application"
+metadata:
+  name: modia-robot-api
+  namespace: personoversikt
+  labels:
+    team: personoversikt
+spec:
+  image: {{image}}
+  port: 7070
+  webproxy: true
+  liveness:
+    path: /internal/isAlive
+    initialDelay: 20
+    timeout: 1
+    periodSeconds: 5
+    failureThreshold: 10
+  readiness:
+    path: /internal/isReady
+    initialDelay: 20
+    timeout: 1
+  prometheus:
+    enabled: true
+    path: /internal/metrics
+  secureLogs:
+    enabled: true
+  resources:
+    requests:
+      cpu: 50m
+      memory: 256Mi
+    limits:
+      cpu: 2000m
+      memory: 512Mi
+  ingresses:
+    - https://modia-robot-api.intern.nav.no
+  replicas:
+    min: 2
+    max: 4
+    cpuThresholdPercentage: 65
+  azure:
+    application:
+      enabled: true
+      tenant: nav.no
+      allowAllUsers: true
+      claims:
+        extra:
+          - "NAVident"
+  accessPolicy:
+    outbound:
+      external:
+        - host: veilarboppfolging.prod-fss-pub.nais.io
+        - host: nom-api.intern.prod.nav.no
+        - host: pdl-api.prod-fss-pub.nais.io
+        - host: saf.prod-fss-pub.nais.io
+        - host: digdir-krr-proxy.intern.nav.no
+        - host: sokos-utbetaldata.prod-fss-pub.nais.io
+        - host: sf-henvendelse-api-proxy.prod-fss-pub.nais.io
+        - host: sokos-kontoregister-person.intern.nav.no
+    inbound:
+      rules:
+        - application: rpa-medlemskap-og-avgift
+          namespace: team-rpa
+          cluster: prod-fss
+        - application: ida
+          cluster: prod-fss
+          namespace: traktor
+        - application: rpa-nav-okonomi-stonad
+          cluster: prod-fss
+          namespace: team-rpa-nos
+  env:
+    - name: IDENT_ALLOW_LIST
+      value: "R154727,R156418,R158345,R158346,R160569,R165950,R165951,R165952,R150818,R150819,R155645,R162552,D159483,U143410"
+    - name: OPPFOLGING_URL
+      value: "https://veilarboppfolging.prod-fss-pub.nais.io/veilarboppfolging/api"
+    - name: OPPFOLGING_SCOPE
+      value: "prod-fss:pto:veilarboppfolging"
+    - name: NOM_URL
+      value: "https://nom-api.intern.dev.nav.no"
+    - name: NOM_SCOPE
+      value: "prod-gcp:nom:nom-api"
+    - name: PDL_URL
+      value: "https://pdl-api.prod-fss-pub.nais.io/graphql"
+    - name: PDL_SCOPE
+      value: "prod-fss:pdl:pdl-api"
+    - name: SAF_URL
+      value: "https://saf.prod-fss-pub.nais.io/graphql"
+    - name: SAF_SCOPE
+      value: "prod-fss:teamdokumenthandtering:saf"
+    - name: SKRIVESTOTTE_URL
+      value: "https://modiapersonoversikt-skrivestotte.intern.nav.no"
+    - name: DIGDIR_KRR_URL
+      value: "https://digdir-krr-proxy.intern.dev.nav.no/"
+    - name: DIGDIR_KRR_SCOPE
+      value: "prod-gcp:team-rocket:digdir-krr-proxy"
+    - name: UTBETALDATA_SOKOS_URL
+      value: "https://sokos-utbetaldata.prod-fss-pub.nais.io/utbetaldata/api"
+    - name: UTBETAL_SOKOS_SCOPE
+      value: "prod-fss:okonomi:sokos-utbetaldata"
+    - name: SF_HENVENDELSE_URL
+      value: "https://sf-henvendelse-api-proxy.prod-fss-pub.nais.io/api"
+    - name: SF_HENVENDELSE_SCOPE
+      value: "prod-fss:teamnks:sf-henvendelse-api-proxy"
+    - name: KONTOREGISTER_REST_URL
+      value: "https://sokos-kontoregister-person.intern.dev.nav.no/api/system"
+    - name: KONTOREGISTER_SCOPE
+      value: "prod-gcp:okonomi:sokos-kontoregister-person"
+    - name: CXF_SECURE_LOG
+      value: "enabled"