From 5959ef7cb9057a6f483b0b2159b8555f6a7e1378 Mon Sep 17 00:00:00 2001 From: Dragutin Vujovic Date: Wed, 28 Aug 2024 16:08:44 +0200 Subject: [PATCH] Rebase on dev --- .nais/application/application-config-dev.yaml | 66 +++++++------------ .../application/application-config-prod.yaml | 62 +++++++---------- .nais/application/opensearch-prod.yaml | 25 ------- .nais/application/unleash-apitoken-dev.yaml | 5 +- .nais/application/unleash-apitoken-prod.yaml | 5 +- 5 files changed, 52 insertions(+), 111 deletions(-) delete mode 100644 .nais/application/opensearch-prod.yaml diff --git a/.nais/application/application-config-dev.yaml b/.nais/application/application-config-dev.yaml index b02cb84256..6581051ca3 100644 --- a/.nais/application/application-config-dev.yaml +++ b/.nais/application/application-config-dev.yaml @@ -3,25 +3,34 @@ apiVersion: "nais.io/v1alpha1" kind: "Application" metadata: name: veilarbportefolje - namespace: obo + namespace: pto labels: - team: obo + team: pto spec: image: {{image}} replicas: - min: 1 + min: 2 max: 3 cpuThresholdPercentage: 50 port: 8080 ingresses: - - https://veilarbportefolje.intern.dev.nav.no + - https://veilarbportefolje.dev.intern.nav.no + - https://veilarbportefolje.dev-fss-pub.nais.io webproxy: true leaderElection: true secureLogs: enabled: true kafka: pool: nav-dev + vault: + enabled: true + paths: + - kvPath: /serviceuser/data/dev/srvveilarbportefolje + mountPath: /var/run/secrets/nais.io/service_user + - kvPath: /kv/preprod/fss/veilarbportefolje/q1 + mountPath: /var/run/secrets/nais.io/vault envFrom: + - configmap: pto-config - secret: veilarbportefolje-unleash-api-token liveness: path: veilarbportefolje/internal/isAlive @@ -37,13 +46,6 @@ spec: openSearch: access: admin instance: veilarbportefolje - gcp: - sqlInstances: - - type: POSTGRES_15 - tier: db-f1-micro - databases: - - name: veilarbportefolje - envVarPrefix: DB azure: application: allowAllUsers: true @@ -68,30 +70,8 @@ spec: namespace: aura cluster: dev-gcp outbound: - rules: - - application: kodeverk-api - namespace: team-rocket - - application: pdl-api - namespace: pdl - cluster: dev-fss - - application: veilarbvedtaksstotte - namespace: pto - cluster: dev-fss - - application: veilarbarena - namespace: pto - cluster: dev-fss - - application: veilarbveileder - namespace: pto - cluster: dev-fss - - application: poao-tilgang - namespace: poao external: - host: team-obo-unleash-api.nav.cloud.nais.io - - host: pdl-api.dev-fss-pub.nais.io - - host: veilarboppfolging.dev-fss-pub.nais.io - - host: veilarbvedtaksstotte.dev-fss-pub.nais.io - - host: veilarbveileder.dev-fss-pub.nais.io - - host: veilarbarena.dev-fss-pub.nais.io resources: limits: cpu: "4" @@ -103,34 +83,34 @@ spec: - name: JAVA_OPTS value: "-Xms4098m -Xmx8096m --illegal-access=permit --add-opens=java.base/java.lang=ALL-UNNAMED" - name: VEILARBOPPFOLGING_URL - value: "https://veilarboppfolging.dev-fss-pub.nais.io/veilarboppfolging" + value: "http://veilarboppfolging.pto.svc.nais.local/veilarboppfolging" - name: VEILARBOPPFOLGING_TOKEN_SCOPE value: "api://dev-fss.pto.veilarboppfolging/.default" - name: VEILARBVEDTAKSSTOTTE_URL - value: "https://veilarbvedtaksstotte.dev-fss-pub.nais.io/veilarbvedtaksstotte" + value: "http://veilarbvedtaksstotte.pto.svc.nais.local/veilarbvedtaksstotte" - name: VEILARBVEDTAKSSTOTTE_TOKEN_SCOPE value: "api://dev-fss.pto.veilarbvedtaksstotte/.default" - name: VEILARBVEILEDER_URL - value: "https://veilarbveileder.dev-fss-pub.nais.io/veilarbveileder" + value: "http://veilarbveileder.pto.svc.nais.local/veilarbveileder" - name: VEILARBVEILEDER_TOKEN_SCOPE value: "api://dev-fss.pto.veilarbveileder/.default" - name: VEILARBARENA_URL - value: "https://veilarbarena.dev-fss-pub.nais.io/veilarbarena" + value: "http://veilarbarena.pto.svc.nais.local/veilarbarena" - name: VEILARBARENA_TOKEN_SCOPE value: "api://dev-fss.pto.veilarbarena/.default" - name: PDL_URL - value: "https://pdl-api.dev-fss-pub.nais.io" + value: "http://pdl-api.pdl.svc.nais.local" - name: PDL_TOKEN_SCOPE value: "api://dev-fss.pdl.pdl-api/.default" - name: POAO_TILGANG_URL - value: "http://poao-tilgang.poao" + value: "http://poao-tilgang.poao.svc.nais.local" - name: POAO_TILGANG_TOKEN_SCOPE - value: "api://dev-gcp.poao.poao-tilgang/.default" + value: "api://dev-fss.poao.poao-tilgang/.default" - name: KODEVERK_URL - value: "https://kodeverk-api.intern.dev.nav.no" + value: "https://kodeverk-api.nav.no" - name: KODEVERK_SCOPE value: "api://dev-gcp.team-rocket.kodeverk-api/.default" - name: OPPSLAG_ARBEIDSSOEKERREGISTERET_URL - value: "http://paw-arbeidssoekerregisteret-api-oppslag.paw" + value: "https://oppslag-arbeidssoekerregisteret.intern.dev.nav.no" - name: OPPSLAG_ARBEIDSSOEKERREGISTERET_SCOPE - value: "api://dev-gcp.paw.paw-arbeidssoekerregisteret-api-oppslag/.default" \ No newline at end of file + value: "api://dev-gcp.paw.paw-arbeidssoekerregisteret-api-oppslag/.default" diff --git a/.nais/application/application-config-prod.yaml b/.nais/application/application-config-prod.yaml index 56a618b32e..8c629474db 100644 --- a/.nais/application/application-config-prod.yaml +++ b/.nais/application/application-config-prod.yaml @@ -3,9 +3,9 @@ apiVersion: "nais.io/v1alpha1" kind: "Application" metadata: name: veilarbportefolje - namespace: obo + namespace: pto labels: - team: obo + team: pto spec: image: {{image}} replicas: @@ -15,13 +15,24 @@ spec: port: 8080 ingresses: - https://veilarbportefolje.intern.nav.no + - https://veilarbportefolje.prod-fss-pub.nais.io + - https://veilarbportefolje.nais.adeo.no + - https://app.adeo.no/veilarbportefolje webproxy: true leaderElection: true secureLogs: enabled: true kafka: pool: nav-prod + vault: + enabled: true + paths: + - kvPath: /serviceuser/data/prod/srvveilarbportefolje + mountPath: /var/run/secrets/nais.io/service_user + - kvPath: /kv/prod/fss/veilarbportefolje/default + mountPath: /var/run/secrets/nais.io/vault envFrom: + - configmap: pto-config - secret: veilarbportefolje-unleash-api-token liveness: path: veilarbportefolje/internal/isAlive @@ -37,13 +48,6 @@ spec: openSearch: access: admin instance: veilarbportefolje - gcp: - sqlInstances: - - type: POSTGRES_15 - tier: db-custom-1-4096 - databases: - - name: veilarbportefolje - envVarPrefix: DB azure: application: allowAllUsers: true @@ -57,36 +61,16 @@ spec: rules: - application: veilarbportefoljeflatefs namespace: obo + cluster: prod-gcp - application: veilarbpersonflate namespace: poao + cluster: prod-gcp - application: pto-admin namespace: pto cluster: prod-fss outbound: - rules: - - application: kodeverk-api - namespace: team-rocket - - application: pdl-api - namespace: pdl - cluster: dev-fss - - application: veilarbvedtaksstotte - namespace: pto - cluster: dev-fss - - application: veilarbarena - namespace: pto - cluster: dev-fss - - application: veilarbveileder - namespace: pto - cluster: dev-fss - - application: poao-tilgang - namespace: poao external: - host: team-obo-unleash-api.nav.cloud.nais.io - - host: pdl-api.dev-fss-pub.nais.io - - host: veilarboppfolging.dev-fss-pub.nais.io - - host: veilarbvedtaksstotte.dev-fss-pub.nais.io - - host: veilarbveileder.dev-fss-pub.nais.io - - host: veilarbarena.dev-fss-pub.nais.io resources: limits: cpu: "4" @@ -98,34 +82,34 @@ spec: - name: JAVA_OPTS value: "-Xms4096m -Xmx10144m --illegal-access=permit --add-opens=java.base/java.lang=ALL-UNNAMED" - name: VEILARBOPPFOLGING_URL - value: "https://veilarboppfolging.prod-fss-pub.nais.io/veilarboppfolging" + value: "http://veilarboppfolging.pto.svc.nais.local/veilarboppfolging" - name: VEILARBOPPFOLGING_TOKEN_SCOPE value: "api://prod-fss.pto.veilarboppfolging/.default" - name: VEILARBVEDTAKSSTOTTE_URL - value: "https://veilarbvedtaksstotte.prod-fss-pub.nais.io/veilarbvedtaksstotte" + value: "http://veilarbvedtaksstotte.pto.svc.nais.local/veilarbvedtaksstotte" - name: VEILARBVEDTAKSSTOTTE_TOKEN_SCOPE value: "api://prod-fss.pto.veilarbvedtaksstotte/.default" - name: VEILARBVEILEDER_URL - value: "https://veilarbveileder.prod-fss-pub.nais.io/veilarbveileder" + value: "http://veilarbveileder.pto.svc.nais.local/veilarbveileder" - name: VEILARBVEILEDER_TOKEN_SCOPE value: "api://prod-fss.pto.veilarbveileder/.default" - name: VEILARBARENA_URL - value: "https://veilarbarena.prod-fss-pub.nais.io/veilarbarena" + value: "http://veilarbarena.pto.svc.nais.local/veilarbarena" - name: VEILARBARENA_TOKEN_SCOPE value: "api://prod-fss.pto.veilarbarena/.default" - name: PDL_URL - value: "https://pdl-api.prod-fss-pub.nais.io" + value: "http://pdl-api.pdl.svc.nais.local" - name: PDL_TOKEN_SCOPE value: "api://prod-fss.pdl.pdl-api/.default" - name: POAO_TILGANG_URL - value: "http://poao-tilgang.poao" + value: "http://poao-tilgang.poao.svc.nais.local" - name: POAO_TILGANG_TOKEN_SCOPE value: "api://prod-fss.poao.poao-tilgang/.default" - name: KODEVERK_URL - value: "https://kodeverk-api.intern.nav.no" + value: "https://kodeverk-api.nav.no" - name: KODEVERK_SCOPE value: "api://prod-gcp.team-rocket.kodeverk-api/.default" - name: OPPSLAG_ARBEIDSSOEKERREGISTERET_URL - value: "http://paw-arbeidssoekerregisteret-api-oppslag.paw" + value: "https://oppslag-arbeidssoekerregisteret.intern.nav.no" - name: OPPSLAG_ARBEIDSSOEKERREGISTERET_SCOPE value: "api://prod-gcp.paw.paw-arbeidssoekerregisteret-api-oppslag/.default" diff --git a/.nais/application/opensearch-prod.yaml b/.nais/application/opensearch-prod.yaml deleted file mode 100644 index 151b13f23e..0000000000 --- a/.nais/application/opensearch-prod.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: aiven.io/v1alpha1 -kind: OpenSearch -metadata: - labels: - team: obo - name: opensearch-obo-veilarbportefolje - namespace: obo -spec: - plan: startup-8 - project: nav-prod - ---- - -apiVersion: aiven.io/v1alpha1 -kind: ServiceIntegration -metadata: - labels: - team: obo - name: opensearch-obo-veilarbportefolje - namespace: obo -spec: - project: nav-prod - integrationType: prometheus - destinationEndpointId: 76685598-1048-4f56-b34a-9769ef747a92 - sourceServiceName: opensearch-obo-veilarbportefolje \ No newline at end of file diff --git a/.nais/application/unleash-apitoken-dev.yaml b/.nais/application/unleash-apitoken-dev.yaml index 9176494e37..1971cc9bed 100644 --- a/.nais/application/unleash-apitoken-dev.yaml +++ b/.nais/application/unleash-apitoken-dev.yaml @@ -2,9 +2,10 @@ apiVersion: unleash.nais.io/v1 kind: ApiToken metadata: name: veilarbportefolje - namespace: obo + namespace: pto + cluster: dev-fss labels: - team: obo + team: pto spec: unleashInstance: apiVersion: unleash.nais.io/v1 diff --git a/.nais/application/unleash-apitoken-prod.yaml b/.nais/application/unleash-apitoken-prod.yaml index 77a37a53cf..0c5e5e9dad 100644 --- a/.nais/application/unleash-apitoken-prod.yaml +++ b/.nais/application/unleash-apitoken-prod.yaml @@ -2,9 +2,10 @@ apiVersion: unleash.nais.io/v1 kind: ApiToken metadata: name: veilarbportefolje - namespace: obo + namespace: pto + cluster: prod-fss labels: - team: obo + team: pto spec: unleashInstance: apiVersion: unleash.nais.io/v1