Prepare app for prod

navikt · Aug 28, 2024 · 9f560da · 9f560da
1 parent 505713c
commit 9f560da
Show file tree

Hide file tree

Showing 8 changed files with 74 additions and 40 deletions.
diff --git a/.github/workflows/deploy-opensearch-dev.yaml → ...hub/workflows/deploy-opensearch-prod.yaml b/.github/workflows/deploy-opensearch-dev.yaml → ...hub/workflows/deploy-opensearch-prod.yaml
@@ -1,4 +1,4 @@
-name: Deploy opensearch til Dev
+name: Deploy opensearch til Prod
 on:
   workflow_dispatch:
 
@@ -13,5 +13,5 @@ jobs:
       - uses: actions/checkout@v4
       - uses: nais/deploy/actions/deploy@v2
         env:
-          CLUSTER: dev-gcp
-          RESOURCE: ".nais/application/opensearch-dev.yaml"
+          CLUSTER: prod-gcp
+          RESOURCE: ".nais/application/opensearch-prod.yaml"
diff --git a/.github/workflows/deploy-unleash-api-token.yaml b/.github/workflows/deploy-unleash-api-token.yaml
@@ -39,7 +39,7 @@ jobs:
         uses: nais/deploy/actions/deploy@v2
         if: github.ref == 'refs/heads/master'
         env:
-          CLUSTER: prod-fss
+          CLUSTER: prod-gcp
           RESOURCE: .nais/application/unleash-apitoken-prod.yaml
           PRINT_PAYLOAD: true
 
diff --git a/.nais/application/application-config-dev.yaml b/.nais/application/application-config-dev.yaml
@@ -9,7 +9,7 @@ metadata:
 spec:
   image: {{image}}
   replicas:
-    min: 2
+    min: 1
     max: 3
     cpuThresholdPercentage: 50
   port: 8080
@@ -40,6 +40,7 @@ spec:
   gcp:
     sqlInstances:
       - type: POSTGRES_15
+        tier: db-f1-micro
         databases:
           - name: veilarbportefolje
             envVarPrefix: DB
@@ -126,7 +127,7 @@ spec:
     - name: POAO_TILGANG_TOKEN_SCOPE
       value: "api://dev-gcp.poao.poao-tilgang/.default"
     - name: KODEVERK_URL
-      value: "https://kodeverk-api.nav.no"
+      value: "https://kodeverk-api.intern.dev.nav.no"
     - name: KODEVERK_SCOPE
       value: "api://dev-gcp.team-rocket.kodeverk-api/.default"
     - name: OPPSLAG_ARBEIDSSOEKERREGISTERET_URL

diff --git a/.nais/application/application-config-prod.yaml b/.nais/application/application-config-prod.yaml
@@ -3,9 +3,9 @@ apiVersion: "nais.io/v1alpha1"
 kind: "Application"
 metadata:
   name: veilarbportefolje
-  namespace: pto
+  namespace: obo
   labels:
-    team: pto
+    team: obo
 spec:
   image: {{image}}
   replicas:
@@ -15,24 +15,13 @@ spec:
   port: 8080
   ingresses:
     - https://veilarbportefolje.intern.nav.no
-    - https://veilarbportefolje.prod-fss-pub.nais.io
-    - https://veilarbportefolje.nais.adeo.no
-    - https://app.adeo.no/veilarbportefolje
   webproxy: true
   leaderElection: true
   secureLogs:
     enabled: true
   kafka:
     pool: nav-prod
-  vault:
-    enabled: true
-    paths:
-      - kvPath: /serviceuser/data/prod/srvveilarbportefolje
-        mountPath: /var/run/secrets/nais.io/service_user
-      - kvPath: /kv/prod/fss/veilarbportefolje/default
-        mountPath: /var/run/secrets/nais.io/vault
   envFrom:
-    - configmap: pto-config
     - secret: veilarbportefolje-unleash-api-token
   liveness:
     path: veilarbportefolje/internal/isAlive
@@ -48,6 +37,13 @@ spec:
   openSearch:
     access: admin
     instance: veilarbportefolje
+  gcp:
+    sqlInstances:
+      - type: POSTGRES_15
+        tier: db-custom-1-4096
+        databases:
+          - name: veilarbportefolje
+            envVarPrefix: DB
   azure:
     application:
       allowAllUsers: true
@@ -61,16 +57,36 @@ spec:
       rules:
         - application: veilarbportefoljeflatefs
           namespace: obo
-          cluster: prod-gcp
         - application: veilarbpersonflate
           namespace: poao
-          cluster: prod-gcp
         - application: pto-admin
           namespace: pto
           cluster: prod-fss
     outbound:
+      rules:
+        - application: kodeverk-api
+          namespace: team-rocket
+        - application: pdl-api
+          namespace: pdl
+          cluster: dev-fss
+        - application: veilarbvedtaksstotte
+          namespace: pto
+          cluster: dev-fss
+        - application: veilarbarena
+          namespace: pto
+          cluster: dev-fss
+        - application: veilarbveileder
+          namespace: pto
+          cluster: dev-fss
+        - application: poao-tilgang
+          namespace: poao
       external:
         - host: team-obo-unleash-api.nav.cloud.nais.io
+        - host: pdl-api.dev-fss-pub.nais.io
+        - host: veilarboppfolging.dev-fss-pub.nais.io
+        - host: veilarbvedtaksstotte.dev-fss-pub.nais.io
+        - host: veilarbveileder.dev-fss-pub.nais.io
+        - host: veilarbarena.dev-fss-pub.nais.io
   resources:
     limits:
       cpu: "4"
@@ -82,34 +98,34 @@ spec:
     - name: JAVA_OPTS
       value: "-Xms4096m -Xmx10144m --illegal-access=permit --add-opens=java.base/java.lang=ALL-UNNAMED"
     - name: VEILARBOPPFOLGING_URL
-      value: "http://veilarboppfolging.pto.svc.nais.local/veilarboppfolging"
+      value: "https://veilarboppfolging.prod-fss-pub.nais.io/veilarboppfolging"
     - name: VEILARBOPPFOLGING_TOKEN_SCOPE
       value: "api://prod-fss.pto.veilarboppfolging/.default"
     - name: VEILARBVEDTAKSSTOTTE_URL
-      value: "http://veilarbvedtaksstotte.pto.svc.nais.local/veilarbvedtaksstotte"
+      value: "https://veilarbvedtaksstotte.prod-fss-pub.nais.io/veilarbvedtaksstotte"
     - name: VEILARBVEDTAKSSTOTTE_TOKEN_SCOPE
       value: "api://prod-fss.pto.veilarbvedtaksstotte/.default"
     - name: VEILARBVEILEDER_URL
-      value: "http://veilarbveileder.pto.svc.nais.local/veilarbveileder"
+      value: "https://veilarbveileder.prod-fss-pub.nais.io/veilarbveileder"
     - name: VEILARBVEILEDER_TOKEN_SCOPE
       value: "api://prod-fss.pto.veilarbveileder/.default"
     - name: VEILARBARENA_URL
-      value: "http://veilarbarena.pto.svc.nais.local/veilarbarena"
+      value: "https://veilarbarena.prod-fss-pub.nais.io/veilarbarena"
     - name: VEILARBARENA_TOKEN_SCOPE
       value: "api://prod-fss.pto.veilarbarena/.default"
     - name: PDL_URL
-      value: "http://pdl-api.pdl.svc.nais.local"
+      value: "https://pdl-api.prod-fss-pub.nais.io"
     - name: PDL_TOKEN_SCOPE
       value: "api://prod-fss.pdl.pdl-api/.default"
     - name: POAO_TILGANG_URL
-      value: "http://poao-tilgang.poao.svc.nais.local"
+      value: "http://poao-tilgang.poao"
     - name: POAO_TILGANG_TOKEN_SCOPE
       value: "api://prod-fss.poao.poao-tilgang/.default"
     - name: KODEVERK_URL
-      value: "https://kodeverk-api.nav.no"
+      value: "https://kodeverk-api.intern.nav.no"
     - name: KODEVERK_SCOPE
       value: "api://prod-gcp.team-rocket.kodeverk-api/.default"
     - name: OPPSLAG_ARBEIDSSOEKERREGISTERET_URL
-      value: "https://oppslag-arbeidssoekerregisteret.intern.nav.no"
+      value: "http://paw-arbeidssoekerregisteret-api-oppslag.paw"
     - name: OPPSLAG_ARBEIDSSOEKERREGISTERET_SCOPE
       value: "api://prod-gcp.paw.paw-arbeidssoekerregisteret-api-oppslag/.default"
diff --git a/.nais/application/opensearch-prod.yaml b/.nais/application/opensearch-prod.yaml
@@ -0,0 +1,25 @@
+apiVersion: aiven.io/v1alpha1
+kind: OpenSearch
+metadata:
+  labels:
+    team: obo
+  name: opensearch-obo-veilarbportefolje
+  namespace: obo
+spec:
+  plan: startup-8
+  project: nav-prod
+
+---
+
+apiVersion: aiven.io/v1alpha1
+kind: ServiceIntegration
+metadata:
+  labels:
+    team: obo
+  name: opensearch-obo-veilarbportefolje
+  namespace: obo
+spec:
+  project: nav-prod
+  integrationType: prometheus
+  destinationEndpointId: 76685598-1048-4f56-b34a-9769ef747a92
+  sourceServiceName: opensearch-obo-veilarbportefolje
diff --git a/.nais/application/unleash-apitoken-dev.yaml b/.nais/application/unleash-apitoken-dev.yaml
@@ -3,7 +3,6 @@ kind: ApiToken
 metadata:
   name: veilarbportefolje
   namespace: obo
-  cluster: dev-gcp
   labels:
     team: obo
 spec:

diff --git a/.nais/application/unleash-apitoken-prod.yaml b/.nais/application/unleash-apitoken-prod.yaml
@@ -2,10 +2,9 @@ apiVersion: unleash.nais.io/v1
 kind: ApiToken
 metadata:
   name: veilarbportefolje
-  namespace: pto
-  cluster: prod-fss
+  namespace: obo
   labels:
-    team: pto
+    team: obo
 spec:
   unleashInstance:
     apiVersion: unleash.nais.io/v1

diff --git a/pom.xml b/pom.xml
@@ -186,12 +186,6 @@
                 </exclusion>
             </exclusions>
         </dependency>
-
-        <dependency>
-            <groupId>com.github.navikt</groupId>
-            <artifactId>veilarbregistrering-skjema</artifactId>
-            <version>${veilarbregistrering.skjema.version}</version>
-        </dependency>
         <dependency>
             <groupId>com.github.navikt</groupId>
             <artifactId>pto-schema</artifactId>
@@ -348,7 +342,7 @@
         <dependency>
             <groupId>io.micrometer</groupId>
             <artifactId>micrometer-registry-prometheus</artifactId>
-            <version>1.13.2</version>
+            <version>1.13.3</version>
         </dependency>
 
         <!-- Swagger -->