From 9f560da179affea1f58b10dadf023acb45ec4246 Mon Sep 17 00:00:00 2001 From: Dragutin Vujovic Date: Wed, 28 Aug 2024 13:46:28 +0200 Subject: [PATCH] Prepare app for prod --- ...h-dev.yaml => deploy-opensearch-prod.yaml} | 6 +- .../workflows/deploy-unleash-api-token.yaml | 2 +- .nais/application/application-config-dev.yaml | 5 +- .../application/application-config-prod.yaml | 62 ++++++++++++------- .nais/application/opensearch-prod.yaml | 25 ++++++++ .nais/application/unleash-apitoken-dev.yaml | 1 - .nais/application/unleash-apitoken-prod.yaml | 5 +- pom.xml | 8 +-- 8 files changed, 74 insertions(+), 40 deletions(-) rename .github/workflows/{deploy-opensearch-dev.yaml => deploy-opensearch-prod.yaml} (69%) create mode 100644 .nais/application/opensearch-prod.yaml diff --git a/.github/workflows/deploy-opensearch-dev.yaml b/.github/workflows/deploy-opensearch-prod.yaml similarity index 69% rename from .github/workflows/deploy-opensearch-dev.yaml rename to .github/workflows/deploy-opensearch-prod.yaml index 639f939c96..bb635480ba 100644 --- a/.github/workflows/deploy-opensearch-dev.yaml +++ b/.github/workflows/deploy-opensearch-prod.yaml @@ -1,4 +1,4 @@ -name: Deploy opensearch til Dev +name: Deploy opensearch til Prod on: workflow_dispatch: @@ -13,5 +13,5 @@ jobs: - uses: actions/checkout@v4 - uses: nais/deploy/actions/deploy@v2 env: - CLUSTER: dev-gcp - RESOURCE: ".nais/application/opensearch-dev.yaml" \ No newline at end of file + CLUSTER: prod-gcp + RESOURCE: ".nais/application/opensearch-prod.yaml" \ No newline at end of file diff --git a/.github/workflows/deploy-unleash-api-token.yaml b/.github/workflows/deploy-unleash-api-token.yaml index 06cb650aad..498d23bdc5 100644 --- a/.github/workflows/deploy-unleash-api-token.yaml +++ b/.github/workflows/deploy-unleash-api-token.yaml @@ -39,7 +39,7 @@ jobs: uses: nais/deploy/actions/deploy@v2 if: github.ref == 'refs/heads/master' env: - CLUSTER: prod-fss + CLUSTER: prod-gcp RESOURCE: .nais/application/unleash-apitoken-prod.yaml PRINT_PAYLOAD: true diff --git a/.nais/application/application-config-dev.yaml b/.nais/application/application-config-dev.yaml index db2954411c..b02cb84256 100644 --- a/.nais/application/application-config-dev.yaml +++ b/.nais/application/application-config-dev.yaml @@ -9,7 +9,7 @@ metadata: spec: image: {{image}} replicas: - min: 2 + min: 1 max: 3 cpuThresholdPercentage: 50 port: 8080 @@ -40,6 +40,7 @@ spec: gcp: sqlInstances: - type: POSTGRES_15 + tier: db-f1-micro databases: - name: veilarbportefolje envVarPrefix: DB @@ -126,7 +127,7 @@ spec: - name: POAO_TILGANG_TOKEN_SCOPE value: "api://dev-gcp.poao.poao-tilgang/.default" - name: KODEVERK_URL - value: "https://kodeverk-api.nav.no" + value: "https://kodeverk-api.intern.dev.nav.no" - name: KODEVERK_SCOPE value: "api://dev-gcp.team-rocket.kodeverk-api/.default" - name: OPPSLAG_ARBEIDSSOEKERREGISTERET_URL diff --git a/.nais/application/application-config-prod.yaml b/.nais/application/application-config-prod.yaml index 8c629474db..56a618b32e 100644 --- a/.nais/application/application-config-prod.yaml +++ b/.nais/application/application-config-prod.yaml @@ -3,9 +3,9 @@ apiVersion: "nais.io/v1alpha1" kind: "Application" metadata: name: veilarbportefolje - namespace: pto + namespace: obo labels: - team: pto + team: obo spec: image: {{image}} replicas: @@ -15,24 +15,13 @@ spec: port: 8080 ingresses: - https://veilarbportefolje.intern.nav.no - - https://veilarbportefolje.prod-fss-pub.nais.io - - https://veilarbportefolje.nais.adeo.no - - https://app.adeo.no/veilarbportefolje webproxy: true leaderElection: true secureLogs: enabled: true kafka: pool: nav-prod - vault: - enabled: true - paths: - - kvPath: /serviceuser/data/prod/srvveilarbportefolje - mountPath: /var/run/secrets/nais.io/service_user - - kvPath: /kv/prod/fss/veilarbportefolje/default - mountPath: /var/run/secrets/nais.io/vault envFrom: - - configmap: pto-config - secret: veilarbportefolje-unleash-api-token liveness: path: veilarbportefolje/internal/isAlive @@ -48,6 +37,13 @@ spec: openSearch: access: admin instance: veilarbportefolje + gcp: + sqlInstances: + - type: POSTGRES_15 + tier: db-custom-1-4096 + databases: + - name: veilarbportefolje + envVarPrefix: DB azure: application: allowAllUsers: true @@ -61,16 +57,36 @@ spec: rules: - application: veilarbportefoljeflatefs namespace: obo - cluster: prod-gcp - application: veilarbpersonflate namespace: poao - cluster: prod-gcp - application: pto-admin namespace: pto cluster: prod-fss outbound: + rules: + - application: kodeverk-api + namespace: team-rocket + - application: pdl-api + namespace: pdl + cluster: dev-fss + - application: veilarbvedtaksstotte + namespace: pto + cluster: dev-fss + - application: veilarbarena + namespace: pto + cluster: dev-fss + - application: veilarbveileder + namespace: pto + cluster: dev-fss + - application: poao-tilgang + namespace: poao external: - host: team-obo-unleash-api.nav.cloud.nais.io + - host: pdl-api.dev-fss-pub.nais.io + - host: veilarboppfolging.dev-fss-pub.nais.io + - host: veilarbvedtaksstotte.dev-fss-pub.nais.io + - host: veilarbveileder.dev-fss-pub.nais.io + - host: veilarbarena.dev-fss-pub.nais.io resources: limits: cpu: "4" @@ -82,34 +98,34 @@ spec: - name: JAVA_OPTS value: "-Xms4096m -Xmx10144m --illegal-access=permit --add-opens=java.base/java.lang=ALL-UNNAMED" - name: VEILARBOPPFOLGING_URL - value: "http://veilarboppfolging.pto.svc.nais.local/veilarboppfolging" + value: "https://veilarboppfolging.prod-fss-pub.nais.io/veilarboppfolging" - name: VEILARBOPPFOLGING_TOKEN_SCOPE value: "api://prod-fss.pto.veilarboppfolging/.default" - name: VEILARBVEDTAKSSTOTTE_URL - value: "http://veilarbvedtaksstotte.pto.svc.nais.local/veilarbvedtaksstotte" + value: "https://veilarbvedtaksstotte.prod-fss-pub.nais.io/veilarbvedtaksstotte" - name: VEILARBVEDTAKSSTOTTE_TOKEN_SCOPE value: "api://prod-fss.pto.veilarbvedtaksstotte/.default" - name: VEILARBVEILEDER_URL - value: "http://veilarbveileder.pto.svc.nais.local/veilarbveileder" + value: "https://veilarbveileder.prod-fss-pub.nais.io/veilarbveileder" - name: VEILARBVEILEDER_TOKEN_SCOPE value: "api://prod-fss.pto.veilarbveileder/.default" - name: VEILARBARENA_URL - value: "http://veilarbarena.pto.svc.nais.local/veilarbarena" + value: "https://veilarbarena.prod-fss-pub.nais.io/veilarbarena" - name: VEILARBARENA_TOKEN_SCOPE value: "api://prod-fss.pto.veilarbarena/.default" - name: PDL_URL - value: "http://pdl-api.pdl.svc.nais.local" + value: "https://pdl-api.prod-fss-pub.nais.io" - name: PDL_TOKEN_SCOPE value: "api://prod-fss.pdl.pdl-api/.default" - name: POAO_TILGANG_URL - value: "http://poao-tilgang.poao.svc.nais.local" + value: "http://poao-tilgang.poao" - name: POAO_TILGANG_TOKEN_SCOPE value: "api://prod-fss.poao.poao-tilgang/.default" - name: KODEVERK_URL - value: "https://kodeverk-api.nav.no" + value: "https://kodeverk-api.intern.nav.no" - name: KODEVERK_SCOPE value: "api://prod-gcp.team-rocket.kodeverk-api/.default" - name: OPPSLAG_ARBEIDSSOEKERREGISTERET_URL - value: "https://oppslag-arbeidssoekerregisteret.intern.nav.no" + value: "http://paw-arbeidssoekerregisteret-api-oppslag.paw" - name: OPPSLAG_ARBEIDSSOEKERREGISTERET_SCOPE value: "api://prod-gcp.paw.paw-arbeidssoekerregisteret-api-oppslag/.default" diff --git a/.nais/application/opensearch-prod.yaml b/.nais/application/opensearch-prod.yaml new file mode 100644 index 0000000000..151b13f23e --- /dev/null +++ b/.nais/application/opensearch-prod.yaml @@ -0,0 +1,25 @@ +apiVersion: aiven.io/v1alpha1 +kind: OpenSearch +metadata: + labels: + team: obo + name: opensearch-obo-veilarbportefolje + namespace: obo +spec: + plan: startup-8 + project: nav-prod + +--- + +apiVersion: aiven.io/v1alpha1 +kind: ServiceIntegration +metadata: + labels: + team: obo + name: opensearch-obo-veilarbportefolje + namespace: obo +spec: + project: nav-prod + integrationType: prometheus + destinationEndpointId: 76685598-1048-4f56-b34a-9769ef747a92 + sourceServiceName: opensearch-obo-veilarbportefolje \ No newline at end of file diff --git a/.nais/application/unleash-apitoken-dev.yaml b/.nais/application/unleash-apitoken-dev.yaml index 0a9e9847b4..9176494e37 100644 --- a/.nais/application/unleash-apitoken-dev.yaml +++ b/.nais/application/unleash-apitoken-dev.yaml @@ -3,7 +3,6 @@ kind: ApiToken metadata: name: veilarbportefolje namespace: obo - cluster: dev-gcp labels: team: obo spec: diff --git a/.nais/application/unleash-apitoken-prod.yaml b/.nais/application/unleash-apitoken-prod.yaml index 0c5e5e9dad..77a37a53cf 100644 --- a/.nais/application/unleash-apitoken-prod.yaml +++ b/.nais/application/unleash-apitoken-prod.yaml @@ -2,10 +2,9 @@ apiVersion: unleash.nais.io/v1 kind: ApiToken metadata: name: veilarbportefolje - namespace: pto - cluster: prod-fss + namespace: obo labels: - team: pto + team: obo spec: unleashInstance: apiVersion: unleash.nais.io/v1 diff --git a/pom.xml b/pom.xml index 8b2d876faf..41829ef62b 100644 --- a/pom.xml +++ b/pom.xml @@ -186,12 +186,6 @@ - - - com.github.navikt - veilarbregistrering-skjema - ${veilarbregistrering.skjema.version} - com.github.navikt pto-schema @@ -348,7 +342,7 @@ io.micrometer micrometer-registry-prometheus - 1.13.2 + 1.13.3