Skip to content
This repository was archived by the owner on Aug 11, 2025. It is now read-only.

Commit 43e2bf0

Browse files
martintvetermartintveter
authored
accesspolicy fixes (#38)
* legger til dekoratoren som external host * refactor nais.yaml + templates til dev.yaml og mock.yaml. Samt oppdatert deploy workflow
1 parent 22490ff commit 43e2bf0

File tree

6 files changed

+145
-88
lines changed

6 files changed

+145
-88
lines changed

.github/workflows/deploy_gcp.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,14 +24,12 @@ jobs:
2424
run: |
2525
PROJECT_NAME=$(echo ${{ github.repository }} | cut -d/ -f2)
2626
echo "IMAGE=ghcr.io/${{ github.repository }}/$PROJECT_NAME:${{ steps.artifact-version.outputs.version }}" >> $GITHUB_ENV
27-
echo "CONFIG_FILE=${{ github.event.inputs.config-file-name }}" >> $GITHUB_ENV
2827
- name: Deploy til GCP
2928
uses: nais/deploy/actions/deploy@v1
3029
env:
3130
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
32-
RESOURCE: nais.yaml
31+
RESOURCE: nais/${{ github.event.inputs.config-file-name }}.yaml
3332
CLUSTER: dev-gcp
34-
VARS: nais/${{ env.CONFIG_FILE }}.json
3533
REF: ${{ steps.artifact-version.outputs.version }}
3634
PRINT_PAYLOAD: true
3735
IMAGE: ${{ env.IMAGE }}

nais.yaml

Lines changed: 0 additions & 69 deletions
This file was deleted.

nais/dev.json

Lines changed: 0 additions & 8 deletions
This file was deleted.

nais/dev.yaml

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
apiVersion: "nais.io/v1alpha1"
2+
kind: "Application"
3+
metadata:
4+
name: sosialhjelp-proxy-dev
5+
namespace: teamdigisos
6+
labels:
7+
team: teamdigisos
8+
annotations:
9+
nais.io/run-as-group: "0"
10+
nais.io/read-only-file-system: "false"
11+
nginx.ingress.kubernetes.io/proxy-body-size: "150M"
12+
spec:
13+
image: {{image}}
14+
port: 8080
15+
accessPolicy:
16+
outbound:
17+
external:
18+
- host: dekoratoren.dev.nav.no
19+
- host: sosialhjelp-soknad-dev.dev.nav.no
20+
- host: sosialhjelp-soknad-api-dev.dev.nav.no
21+
- host: sosialhjelp-innsyn-dev.dev.nav.no
22+
- host: sosialhjelp-innsyn-api-dev.dev.nav.no
23+
- host: sosialhjelp-modia-dev.dev.nav.no
24+
- host: sosialhjelp-modia-api-dev.dev.nav.no
25+
- host: sosialhjelp-avtaler-dev.dev.nav.no
26+
- host: sosialhjelp-avtaler-api-dev.dev.nav.no
27+
rules:
28+
- application: sosialhjelp-soknad-dev
29+
- application: sosialhjelp-soknad-api-dev
30+
- application: sosialhjelp-innsyn-dev
31+
- application: sosialhjelp-innsyn-api-dev
32+
- application: sosialhjelp-modia-dev
33+
- application: sosialhjelp-modia-api-dev
34+
- application: sosialhjelp-avtaler-dev
35+
- application: sosialhjelp-avtaler-api-dev
36+
inbound:
37+
rules:
38+
- application: sosialhjelp-soknad-api-dev
39+
- application: sosialhjelp-innsyn-api-dev
40+
- application: sosialhjelp-modia-api-dev
41+
- application: sosialhjelp-avtaler-api-dev
42+
ingresses:
43+
- "https://digisos.dev.nav.no"
44+
prometheus:
45+
enabled: false
46+
liveness:
47+
path: /internal/isAlive
48+
initialDelay: 20
49+
readiness:
50+
path: /internal/isAlive
51+
initialDelay: 20
52+
resources:
53+
limits:
54+
cpu: 200m
55+
memory: 256Mi
56+
requests:
57+
cpu: 1m
58+
memory: 32Mi
59+
replicas:
60+
min: 1
61+
max: 1
62+
cpuThresholdPercentage: 50
63+
env:
64+
- name: PORT
65+
value: "8080"
66+
- name: DOMENE_PA_UTSIDEN
67+
value: ".dev.nav.no"
68+
- name: DOMENE_PA_INNSIDEN
69+
value: "-dev.dev.nav.no"

nais/mock.json

Lines changed: 0 additions & 8 deletions
This file was deleted.

nais/mock.yaml

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
apiVersion: "nais.io/v1alpha1"
2+
kind: "Application"
3+
metadata:
4+
name: sosialhjelp-proxy-mock
5+
namespace: teamdigisos
6+
labels:
7+
team: teamdigisos
8+
annotations:
9+
nais.io/run-as-group: "0"
10+
nais.io/read-only-file-system: "false"
11+
nginx.ingress.kubernetes.io/proxy-body-size: "150M"
12+
spec:
13+
image: {{image}}
14+
port: 8080
15+
accessPolicy:
16+
outbound:
17+
external:
18+
- host: dekoratoren.ekstern.dev.nav.no
19+
- host: sosialhjelp-soknad-mock.dev.nav.no
20+
- host: sosialhjelp-soknad-api-mock.dev.nav.no
21+
- host: sosialhjelp-innsyn-mock.dev.nav.no
22+
- host: sosialhjelp-innsyn-api-mock.dev.nav.no
23+
- host: sosialhjelp-modia-mock.dev.nav.no
24+
- host: sosialhjelp-modia-api-mock.dev.nav.no
25+
- host: sosialhjelp-mock-alt-mock.dev.nav.no
26+
- host: sosialhjelp-mock-alt-api-mock.dev.nav.no
27+
- host: sosialhjelp-fagsystem-mock.dev.nav.no
28+
- host: sosialhjelp-avtaler-mock.dev.nav.no
29+
- host: sosialhjelp-avtaler-api-mock.dev.nav.no
30+
rules:
31+
- application: sosialhjelp-soknad-mock
32+
- application: sosialhjelp-soknad-api-mock
33+
- application: sosialhjelp-innsyn-mock
34+
- application: sosialhjelp-innsyn-api-mock
35+
- application: sosialhjelp-modia-mock
36+
- application: sosialhjelp-modia-api-mock
37+
- application: sosialhjelp-mock-alt-mock
38+
- application: sosialhjelp-mock-alt-api-mock
39+
- application: sosialhjelp-fagsystem-mock-mock
40+
- application: sosialhjelp-avtaler-mock
41+
- application: sosialhjelp-avtaler-api-mock
42+
inbound:
43+
rules:
44+
- application: sosialhjelp-soknad-api-mock
45+
- application: sosialhjelp-innsyn-api-mock
46+
- application: sosialhjelp-modia-api-mock
47+
- application: sosialhjelp-avtaler-api-mock
48+
ingresses:
49+
- "https://digisos.ekstern.dev.nav.no"
50+
prometheus:
51+
enabled: false
52+
liveness:
53+
path: /internal/isAlive
54+
initialDelay: 20
55+
readiness:
56+
path: /internal/isAlive
57+
initialDelay: 20
58+
resources:
59+
limits:
60+
cpu: 200m
61+
memory: 256Mi
62+
requests:
63+
cpu: 1m
64+
memory: 32Mi
65+
replicas:
66+
min: 1
67+
max: 1
68+
cpuThresholdPercentage: 50
69+
env:
70+
- name: PORT
71+
value: "8080"
72+
- name: DOMENE_PA_UTSIDEN
73+
value: ".ekstern.dev.nav.no"
74+
- name: DOMENE_PA_INNSIDEN
75+
value: "-mock.dev.nav.no"

0 commit comments

Comments
 (0)