[KAIZEN-0] fjern prod-fs .nais/prod-gcp.yaml

navikt · Aug 6, 2024 · 28426d6 · 28426d6
1 parent 6e726fa
commit 28426d6
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 218 deletions.
diff --git a/.github/workflows/gcp.yaml b/.github/workflows/gcp.yaml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,4 +1,4 @@
-name: Build, push, and deploy
+name: Build & deploy to GCP
 
 on: [push]
 
@@ -27,35 +27,53 @@ jobs:
               run: npm ci
               env:
                 NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
-            - name: Lint
-              run: npm run lint
             - name: Test
               run: npm run test
             - name: Build
-              run: npm run build
+              run: npm run build:gcp
             - name: Publish Docker image
               if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/master'
               uses: nais/docker-build-push@v0
               id: docker-build-push
               with:
+                dockerfile: Dockerfile.gcp
+                image_suffix: -gcp
                 team: personoversikt
                 identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
                 project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
 
+    deploy-dev:
+        name: Deploy to dev-gcp
+        needs: build
+        if: github.ref == 'refs/heads/master'
+        environment: dev-gcp
+        runs-on: ubuntu-latest
+        permissions:
+          contents: read
+          id-token: write
+        steps:
+            - uses: actions/checkout@v4
+            - uses: nais/deploy/actions/deploy@v2
+              env:
+                  PRINT_PAYLOAD: true
+                  CLUSTER: dev-gcp
+                  RESOURCE: .nais/dev.yaml
+                  VAR: version=${{ github.sha }},image=${{ needs.build.outputs.image }}
+
     deploy-prod:
-        name: Deploy to prod
+        name: Deploy to prod-gcp
         needs: build
         if: github.ref == 'refs/heads/master'
-        environment: prod-fss
+        environment: prod-gcp
         runs-on: ubuntu-latest
         permissions:
           contents: read
           id-token: write
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - uses: nais/deploy/actions/deploy@v2
               env:
                   PRINT_PAYLOAD: true
-                  CLUSTER: prod-fss
-                  RESOURCE: .nais/prod.yaml
+                  CLUSTER: prod-gcp
+                  RESOURCE: .nais/prod-gcp.yaml
                   VAR: version=${{ github.sha }},image=${{ needs.build.outputs.image }}
diff --git a/.github/workflows/unleash.yml b/.github/workflows/unleash.yml
@@ -5,7 +5,7 @@ on:
       - .nais/unleash/**
       - .github/workflows/unleash.yml
 jobs:
-  deploy-unleash-api-token-to-dev-gcp:
+  deploy-unleash-api-token-to-dev:
     if: github.ref == 'refs/heads/dev'
     name: Deploy unleash api-token to dev-gcp
     runs-on: ubuntu-latest
@@ -21,7 +21,7 @@ jobs:
           CLUSTER: dev-gcp
           RESOURCE: .nais/unleash/unleash-apitoken-preprod.yaml
 
-  deploy-unleash-api-token-to-prod-gcp:
+  deploy-unleash-api-token-to-prod:
     if: github.ref == 'refs/heads/master'
     name: Deploy unleash api-token to prod-gcp
     runs-on: ubuntu-latest
@@ -36,19 +36,3 @@ jobs:
         env:
           CLUSTER: prod-gcp
           RESOURCE: .nais/unleash/unleash-apitoken-prod.yaml
-
-  deploy-unleash-api-token-to-prod:
-    if: github.ref == 'refs/heads/master'
-    name: Deploy unleash api-token to prod-fss
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Deploy unleash api token
-        uses: nais/deploy/actions/deploy@v2
-        env:
-          CLUSTER: prod-fss
-          RESOURCE: .nais/unleash/unleash-apitoken-prod.yaml
diff --git a/.nais/prod-gcp.yaml b/.nais/prod-gcp.yaml
diff --git a/.nais/prod.yaml b/.nais/prod.yaml
@@ -9,17 +9,20 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
 spec:
   image: "{{image}}"
-  port: 8080
-  webproxy: true
+  port: 3000
   liveness:
-    path: /modiapersonoversikt/internal/isAlive
+    path: /internal/liveness
     initialDelay: 20
   readiness:
-    path: /modiapersonoversikt/internal/isReady
+    path: /internal/readiness
     initialDelay: 20
   prometheus:
     enabled: true
-    path: /modiapersonoversikt/internal/metrics
+    path: /internal/metrics
+  observability:
+    autoInstrumentation:
+      enabled: true
+      runtime: sdk
   secureLogs:
     enabled: true
   resources:
@@ -30,7 +33,8 @@ spec:
       cpu: 3000m
       memory: 2048Mi
   ingresses:
-    - https://app.adeo.no/modiapersonoversikt
+    - https://modiapersonoversikt.intern.nav.no
+    - https://modiaflate.intern.nav.no
   replicas:
     min: 2
     max: 4
@@ -43,39 +47,38 @@ spec:
       claims:
         groups:
           - id: "ea34edea-1e80-4759-a1d2-fbe696cf1709" # 0000-GA-BD06_ModiaGenerellTilgang
-  vault:
-    enabled: true
+    sidecar:
+      enabled: true
+      autoLogin: true
+      autoLoginIgnorePaths:
+        - /internal/*
+        - /proxy/**
   accessPolicy:
     outbound:
-      external:
-        - host: personoversikt-unleash-api.nav.cloud.nais.io
       rules:
+        - application: modiapersonoversikt-innstillinger
         - application: modiapersonoversikt-skrivestotte
-          namespace: personoversikt
-          cluster: prod-gcp
+        - application: modiapersonoversikt-draft
+        - application: modiacontextholder
+        - application: modiapersonoversikt-api
+      external:
+        - host: personoversikt-unleash-api.nav.cloud.nais.io
   envFrom:
     - secret: modiapersonoversikt-unleash-api-token
   env:
     - name: APP_NAME
       value: "modiapersonoversikt"
     - name: APP_VERSION
       value: "{{ version }}"
-    - name: UNLEASH_API_URL
-      value: "https://unleash.nais.io/api/"
-    - name: CSP_DIRECTIVES
-      value: "default-src 'self';\
-      script-src 'self' 'unsafe-inline' jsagent.adeo.no https://cdn.nav.no;\
-      style-src 'self' 'unsafe-inline' https://cdn.nav.no;\
-      img-src 'self' data:;\
-      font-src 'self' data: https://cdn.nav.no;\
-        connect-src 'self' eumgw.adeo.no amplitude.nav.no wss://veilederflatehendelser.adeo.no wss://modiapersonoversikt-draft.intern.nav.no wss://modiaeventdistribution.intern.nav.no;\
-      object-src blob:;\
-      frame-src blob:;"
     - name: REFERRER_POLICY
       value: "no-referrer"
-    - name: DATABASE_JDBC_URL
-      value: "jdbc:postgresql://A01DBVL029.adeo.no:5432/modiapersonoversikt"
-    - name: VAULT_MOUNTPATH
-      value: "postgresql/prod-fss/"
+    - name: APP_ENVIRONMENT_NAME
+      value: prod
+    - name: ENVIRONMENT
+      value: ${APP_ENVIRONMENT_NAME}
     - name: UNLEASH_ENVIRONMENT
-      value: "production"
+      value: "development"
+    - name: PUBLIC_DRAFT_WS_URL
+      value: wss://modiapersonoversikt-draft.intern.nav.no
+    - name: CONFIG_PATH
+      value: "./proxy-config-prod.json"