-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathnais-prod-gcp.yaml
215 lines (215 loc) · 6.18 KB
/
nais-prod-gcp.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
kind: Application
apiVersion: nais.io/v1alpha1
metadata:
name: veilarboppfolging
namespace: poao
labels:
team: poao
annotations:
config.linkerd.io/proxy-cpu-limit: "1"
spec:
image: {{image}}
ingresses:
- https://veilarboppfolging-gcp.intern.nav.no
webproxy: true
port: 8080
gcp:
bigQueryDatasets:
- description: Metrikker for veilarboppfolging
name: oppfolging_metrikker
permission: READWRITE
sqlInstances:
- name: veilarboppfolging
type: POSTGRES_14
tier: db-custom-2-13312
diskType: SSD
diskAutoresize: true
highAvailability: true
pointInTimeRecovery: true
flags: # Nødvendig for datastreams
- name: cloudsql.logical_decoding
value: "on"
databases:
- name: veilarboppfolging
envVarPrefix: DB
users:
- name: datastream
prometheus:
enabled: true
path: veilarboppfolging/internal/prometheus
liveness:
path: veilarboppfolging/internal/health/liveness
initialDelay: 30
readiness:
path: veilarboppfolging/internal/health/readiness
initialDelay: 30
replicas:
min: 2
max: 8
cpuThresholdPercentage: 75
resources:
limits:
memory: 6Gi
requests:
cpu: 500m
memory: 2048Mi
observability:
autoInstrumentation:
enabled: true
runtime: java
env:
- name: POAO_TILGANG_URL
value: http://poao-tilgang.poao
- name: POAO_TILGANG_SCOPE
value: api://prod-gcp.poao.poao-tilgang/.default
- name: DIGDIR_KRR_PROXY_URL
value: http://digdir-krr-proxy.team-rocket
- name: DIGDIR_KRR_PROXY_SCOPE
value: api://prod-gcp.team-rocket.digdir-krr-proxy/.default
- name: AMTTILTAK_URL
value: http://amt-tiltak.amt
- name: AMTTILTAK_SCOPE
value: api://prod-gcp.amt.amt-tiltak/.default
- name: KAFKA_ENABLED
value: "true"
- name: VEILARBARENA_URL
value: "https://veilarbarena.prod-fss-pub.nais.io"
- name: VEILARBARENA_AZURE_SCOPE
value: "api://prod-fss.pto.veilarbarena/.default"
- name: NORG2_URL
value: "http://norg2.org/norg2"
- name: PDL_URL
value: "https://pdl-api.prod-fss-pub.nais.io"
- name: PDL_SCOPE
value: "api://prod-fss.pdl.pdl-api/.default"
secureLogs:
enabled: true
kafka:
pool: nav-prod
azure:
application:
enabled: true
allowAllUsers: true #todo burde vi legge inn noen roller her?
claims:
extra:
- NAVident
- azp_name
tokenx:
enabled: true
accessPolicy:
outbound:
rules:
- application: veilarbarena
namespace: pto
cluster: prod-fss
- application: digdir-krr-proxy
namespace: team-rocket
cluster: prod-gcp
- application: poao-tilgang
- application: amt-tiltak
namespace: amt
- application: norg2
namespace: org
external:
- host: veilarbarena.prod-fss-pub.nais.io
- host: pdl-api.prod-fss-pub.nais.io
inbound:
rules:
- application: veilarbregistrering
namespace: paw
cluster: prod-gcp
- application: arbeidssokerregistrering-for-veileder
namespace: paw
cluster: prod-gcp
- application: veilarbapi
namespace: pto
cluster: prod-gcp
- application: paw-proxy
namespace: paw
- application: veilarbperson
namespace: obo
cluster: prod-gcp
- application: veilarbvedtaksstotte
namespace: pto
cluster: prod-fss
- application: veilarbvedtaksstotte
namespace: obo
cluster: prod-gcp
- application: veilarbpersonflate
namespace: poao
cluster: prod-gcp
- application: veilarbportefoljeflatefs
namespace: obo
cluster: prod-gcp
- application: veilarbportefolje
namespace: pto
cluster: prod-fss
- application: veilarbportefolje
namespace: obo
cluster: prod-gcp
- application: modia-robot-api
namespace: personoversikt
cluster: prod-gcp
- application: modiapersonoversikt-api
namespace: personoversikt
cluster: prod-fss
- application: mulighetsrommet-api
namespace: team-mulighetsrommet
cluster: prod-gcp
- application: ditt-sykefravaer
namespace: flex
cluster: prod-gcp
- application: veilarbdirigent
namespace: pto
cluster: prod-fss
- application: veilarbdialog
namespace: dab
cluster: prod-gcp
- application: veilarbaktivitet
namespace: dab
cluster: prod-gcp
- application: aktivitetsplan
namespace: pto
cluster: prod-gcp
- application: arbeidsrettet-dialog
namespace: pto
cluster: prod-gcp
- application: aktivitet-arena-acl
namespace: dab
cluster: prod-gcp
- application: start-samtale
namespace: pto
cluster: prod-gcp
- application: amt-person-service
namespace: amt
cluster: prod-gcp
- application: tms-min-side-proxy
namespace: min-side
cluster: prod-gcp
- application: tms-mikrofrontend-selector
namespace: min-side
cluster: prod-gcp
- application: aia-backend
namespace: paw
cluster: prod-gcp
- application: amt-distribusjon
namespace: amt
cluster: prod-gcp
- application: dokumentfordeling
namespace: arbeidsgiver
cluster: prod-fss
- application: modiapersonoversikt-api
namespace: personoversikt
cluster: prod-gcp
- application: syfomodiaperson
namespace: teamsykefravr
cluster: prod-gcp
- application: tiltaksgjennomforing-api
namespace: arbeidsgiver
cluster: prod-fss
- application: inngar
namespace: dab
- application: statuspoll
namespace: navdig
- application: tiltakspenger-saksbehandling-api
namespace: tpts