Nais manifests for prod (#287)

Jorgen-5 · Jorgen-5 · web-flow · commit 84098b6d314e · 2025-08-19T09:20:31.000+02:00
* Nais manifests for everything except for klass mail. Also changed solr deploy to have input for the cluster to deploy to

* Add klass mail

---------

Co-authored-by: Jorgen-5 &lt;rlj@ssb.no&gt;
diff --git a/.github/workflows/klass-solr-deploy.yaml b/.github/workflows/klass-solr-deploy.yaml
@@ -2,6 +2,15 @@ name: Klass-solr deploy
 
 on:
   workflow_dispatch:
+    inputs:
+      cluster:
+        description: "Which cluster to deploy to?"
+        required: true
+        default: "test"
+        type: choice
+        options:
+          - test
+          - prod
 
 jobs:
   deploy:
@@ -19,7 +28,7 @@ jobs:
       - name: Deploy to Nais
         uses: nais/deploy/actions/deploy@v2
         env:
-          CLUSTER: test
-          RESOURCE: .nais/test/klass-solr.yaml
+          CLUSTER: ${{ github.event.inputs.cluster }}
+          RESOURCE: .nais/${{ github.event.inputs.cluster }}/klass-solr.yaml
           WORKLOAD_IMAGE: europe-north1-docker.pkg.dev/${{ secrets.NAIS_MANAGEMENT_PROJECT_ID }}/dapla-metadata/klass-solr:5.5.2
-          VAR: image=europe-north1-docker.pkg.dev/${{ secrets.NAIS_MANAGEMENT_PROJECT_ID }}/dapla-metadata/klass-solr:5.5.2
+          VAR: image=europe-north1-docker.pkg.dev/${{ secrets.NAIS_MANAGEMENT_PROJECT_ID }}/dapla-metadata/klass-solr:5.5.2
diff --git a/.nais/prod/klass-api.yaml b/.nais/prod/klass-api.yaml
@@ -0,0 +1,61 @@
+# Deploy config for the prod cluster
+apiVersion: nais.io/v1alpha1
+kind: Application
+metadata:
+  name: klass
+  namespace: dapla-metadata
+  labels:
+    team: dapla-metadata
+spec:
+  image: "{{ image }}"  # Injected from the GitHub Action
+  port: 8080
+
+  ingresses:
+    - https://klass.intern.ssb.no
+
+  replicas:
+    min: 1
+    max: 1
+  resources:
+    requests:
+      cpu: 400m
+      memory: 1024Mi
+    limits:
+      memory: 2048Mi
+  gcp:
+    sqlInstances:
+      - type: POSTGRES_17
+        tier: db-custom-1-3840
+        databases:
+          - name: klass
+  env:
+    - name: SPRING_PROFILES_ACTIVE
+      value: api, postgres, solr-remote, skip-indexing
+    - name: SPRING_DATA_SOLR_HOST
+      value: http://klass-solr/solr
+    - name: KLASS_ENV_CLIENT_KLASS_MAIL_URL
+      value: http://klass-mail
+
+  accessPolicy:
+    outbound:
+      rules:
+        - application: klass-solr
+        - application: klass-mail
+
+  prometheus:
+    enabled: true
+    path: /prometheus
+    port: "8090"
+
+  liveness:
+    path: /actuator/health/liveness
+    port: 8080
+    initialDelay: 60
+  readiness:
+    path: /actuator/health/readiness
+    port: 8080
+    initialDelay: 60
+  startup:
+    path: /actuator/health/liveness
+    port: 8080
+    initialDelay: 60
diff --git a/.nais/prod/klass-forvaltning.yaml b/.nais/prod/klass-forvaltning.yaml
@@ -0,0 +1,74 @@
+apiVersion: nais.io/v1alpha1
+kind: Application
+metadata:
+  name: klass-forvaltning
+  namespace: dapla-metadata
+  labels:
+    team: dapla-metadata
+spec:
+  image: "{{ image }}" # Injected from the GitHub Action
+  port: 8081
+  ingresses:
+    - https://klass-forvaltning.intern.ssb.no
+    - https://i.ssb.no/klass/admin
+  accessPolicy:
+    outbound:
+      external:
+        - host: auth.ssb.no
+      rules:
+        - application: klass-solr
+        - application: klass-mail
+  login:
+    provider: openid
+    enforce:
+      enabled: true
+      excludePaths:
+        - /manage
+        - /klass/admin/schemas/version.xsd
+  replicas:
+    min: 1
+    max: 1
+  resources:
+    requests:
+      cpu: 400m
+      memory: 1024Mi
+    limits:
+      memory: 2048Mi
+  env:
+    - name: SPRING_PROFILES_ACTIVE
+      value: frontend, postgres, small-import, skip-indexing, ad-offline, remote-solr
+    - name: KLASS_SECURITY_OAUTH2_LOGOUT_PATH
+      value: /oauth2/logout
+    - name: SPRING_DATA_SOLR_HOST
+      value: http://klass-solr/solr/
+    - name: KLASS_ENV_SERVER
+      value: klass-forvaltning.intern.ssb.no
+    - name: KLASS_ENV_CLIENT_KLASS_MAIL_URL
+      value: http://klass-mail
+  envFrom:
+    - secret: google-sql-klass
+    - secret: klass-forvaltning-application-properties
+  filesFrom:
+    - mountPath: /var/run/secrets/nais.io/sqlcertificate
+      secret: sqeletor-klass-827ec8ec
+  prometheus:
+    enabled: true
+    path: /actuator/prometheus
+    port: "8091"
+  liveness:
+    path: /actuator/health
+    initialDelay: 60
+    port: 8091
+  readiness:
+    path: /actuator/health
+    initialDelay: 60
+    port: 8091
+    failureThreshold: 10
+    periodSeconds: 10
+  startup:
+    path: /actuator/health
+    initialDelay: 60
+    port: 8091
+    failureThreshold: 10
+    periodSeconds: 10
+  terminationGracePeriodSeconds: 120
diff --git a/.nais/prod/klass-mail.yaml b/.nais/prod/klass-mail.yaml
@@ -0,0 +1,45 @@
+# Deploy config for the test cluster
+apiVersion: nais.io/v1alpha1
+kind: Application
+metadata:
+  name: klass-mail
+  namespace: dapla-metadata
+  labels:
+    team: dapla-metadata
+spec:
+  image: "{{ image }}"  # Injected from the GitHub Action
+  port: 8082
+
+  replicas:
+    min: 1
+    max: 1
+  resources:
+    requests:
+      cpu: 10m
+  env:
+    - name: MESSAGING_POSTMAN_PUBSUB_TOPIC_INCOMING
+      value: projects/sup-t-2r/topics/sup-prod-postman-incoming-topic
+
+  accessPolicy:
+    inbound:
+      rules:
+        - application: klass
+        - application: klass-forvaltning
+
+  prometheus:
+    enabled: true
+    path: /prometheus
+    port: "8091"
+
+  liveness:
+    path: /actuator/health/liveness
+    port: 8091
+    initialDelay: 60
+  readiness:
+    path: /actuator/health/readiness
+    port: 8091
+    initialDelay: 60
+  startup:
+    path: /actuator/health/liveness
+    port: 8091
+    initialDelay: 60
diff --git a/.nais/prod/klass-solr-pvc.yaml b/.nais/prod/klass-solr-pvc.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: klass-solr-pvc
+  namespace: dapla-metadata
+  labels:
+    app: klass-solr
+    team: dapla-metadata
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: standard-rwo
diff --git a/.nais/prod/klass-solr.yaml b/.nais/prod/klass-solr.yaml
@@ -0,0 +1,52 @@
+# Deploy config for the prod cluster
+apiVersion: nais.io/v1alpha1
+kind: Application
+metadata:
+  name: klass-solr
+  namespace: dapla-metadata
+  labels:
+    team: dapla-metadata
+  annotations:
+    nais.io/read-only-file-system: "false"
+    nais.io/run-as-user: "8983"
+    nais.io/run-as-group: "8983"
+spec:
+  image: "{{ image }}"
+  port: 8983
+
+  filesFrom:
+    - persistentVolumeClaim: klass-solr-pvc
+      mountPath: /opt/solr/server/solr/mycores/Klass/data
+
+  replicas:
+    min: 1
+    max: 1
+  resources:
+    requests:
+      cpu: 400m
+      memory: 1024Mi
+    limits:
+      memory: 2048Mi
+
+  accessPolicy:
+    inbound:
+      rules:
+        - application: klass
+        - application: klass-forvaltning
+
+
+  liveness:
+    path: /solr/admin/cores?action=STATUS
+    port: 8983
+    initialDelay: 60
+
+  readiness:
+    path: /solr/admin/cores?action=STATUS
+    port: 8983
+    initialDelay: 60
+
+  startup:
+    path: /solr/admin/cores?action=STATUS
+    port: 8983
+    initialDelay: 60
+
