Migrate GCP

navikt · Dec 21, 2023 · 659672a · 659672a
1 parent a776e6b
commit 659672a
Show file tree

Hide file tree

Showing 51 changed files with 233 additions and 581 deletions.
diff --git a/.github/workflows/alerts.yaml b/.github/workflows/alerts.yaml
@@ -17,5 +17,5 @@ jobs:
         uses: nais/deploy/actions/deploy@v1
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-          CLUSTER: prod-fss
+          CLUSTER: prod-gcp
           RESOURCE: alerts.yaml
diff --git a/.github/workflows/deploy-preprod.yaml b/.github/workflows/deploy-preprod.yaml
@@ -54,15 +54,15 @@ jobs:
           echo ${IMAGE}
 
   deploy-dev:
-    name: Deploy to NAIS Dev-fss
+    name: Deploy to NAIS dev-gcp
     needs: build
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: nais/deploy/actions/deploy@v1
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-          CLUSTER: dev-fss
+          CLUSTER: dev-gcp
           RESOURCE: naiserator-dev.yaml
 
       # Notify Slack

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -55,15 +55,15 @@ jobs:
 
   deploy-dev:
     if: github.ref == 'refs/heads/master'
-    name: Deploy to NAIS Dev-fss
+    name: Deploy to NAIS dev-gcp
     needs: build
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: nais/deploy/actions/deploy@v1
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-          CLUSTER: dev-fss
+          CLUSTER: dev-gcp
           RESOURCE: naiserator-dev.yaml
 
       # Notify Slack
@@ -79,15 +79,15 @@ jobs:
 
   deploy-prod:
     if: github.ref == 'refs/heads/master'
-    name: Deploy to NAIS Prod-fss
+    name: Deploy to NAIS prod-gcp
     needs: deploy-dev
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: nais/deploy/actions/deploy@v1
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-          CLUSTER: prod-fss
+          CLUSTER: prod-gcp
           RESOURCE: naiserator-prod.yaml
 
       # Notify Slack

diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,8 @@
-FROM navikt/java:11-appdynamics
-ENV APPD_ENABLED=true
-LABEL org.opencontainers.image.source=https://github.com/navikt/syfomotebehov
-
-COPY init.sh /init-scripts/init.sh
-
-COPY build/libs/*.jar app.jar
-
-ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom \
-               -Dspring.profiles.active=remote"
+FROM gcr.io/distroless/java17
+WORKDIR /app
+COPY build/libs/app.jar app.jar
+ENV JDK_JAVA_OPTIONS="-XX:MaxRAMPercentage=75  -Dspring.profiles.active=remote"
+ENV TZ="Europe/Oslo"
+EXPOSE 8080
+USER nonroot
+CMD [ "app.jar" ]
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -11,11 +11,13 @@ object Versions {
     const val flywayVersion = "8.4.4"
     const val tokenSupportVersion = "1.3.19"
     const val ojdbcVersion = "19.3.0.0"
-    const val h2Version = "2.1.210"
     const val mockkVersion = "1.12.7"
     const val springMockkVersion = "3.1.1"
     const val confluent = "7.1.1"
     const val isdialogmoteSchema = "1.0.5"
+    const val hikari = "5.0.1"
+    const val postgres = "42.6.0"
+    const val postgresEmbedded = "0.13.4"
 }
 
 plugins {
@@ -78,32 +80,33 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-jersey")
     implementation("org.springframework.boot:spring-boot-starter-cache")
     implementation("org.springframework.boot:spring-boot-starter-data-jpa")
-    implementation("org.springframework.boot:spring-boot-starter-jta-atomikos")
     implementation("org.springframework.boot:spring-boot-starter-webflux")
 
     implementation("io.micrometer:micrometer-registry-prometheus:1.8.2")
 
     implementation("no.nav.security:token-validation-spring:${Versions.tokenSupportVersion}")
 
-    implementation("com.oracle.ojdbc:ojdbc8:${Versions.ojdbcVersion}")
     implementation("org.springframework.kafka:spring-kafka")
     implementation("io.confluent:kafka-avro-serializer:${Versions.confluent}")
     implementation("io.confluent:kafka-schema-registry:${Versions.confluent}")
     implementation("no.nav.syfo.dialogmote.avro:isdialogmote-schema:${Versions.isdialogmoteSchema}")
-    implementation("org.flywaydb:flyway-core:${Versions.flywayVersion}")
     implementation("javax.inject:javax.inject:1")
     implementation("org.slf4j:slf4j-api:1.7.35")
     implementation("net.logstash.logback:logstash-logback-encoder:6.4")
     implementation("org.apache.commons:commons-lang3:3.5")
     implementation("com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20211018.2")
 
+    implementation("org.flywaydb:flyway-core:${Versions.flywayVersion}")
+    implementation("com.zaxxer:HikariCP:${Versions.hikari}")
+    implementation("org.postgresql:postgresql:${Versions.postgres}")
+    testImplementation("com.opentable.components:otj-pg-embedded:${Versions.postgresEmbedded}")
+
     testImplementation("org.junit.jupiter:junit-jupiter:${Versions.junitJupiterVersion}")
     testImplementation("no.nav.security:token-validation-test-support:${Versions.tokenSupportVersion}")
     testImplementation("org.springframework.kafka:spring-kafka-test")
     testImplementation("org.springframework.boot:spring-boot-starter-test") {
         exclude(module = "junit")
     }
-    testImplementation("com.h2database:h2:${Versions.h2Version}")
     testImplementation("io.mockk:mockk:${Versions.mockkVersion}")
     testImplementation("com.ninja-squad:springmockk:${Versions.springMockkVersion}")
 }

diff --git a/init.sh b/init.sh
diff --git a/naiserator-dev.yaml b/naiserator-dev.yaml
@@ -8,7 +8,11 @@ metadata:
 spec:
   image: {{ image }}
   port: 8080
-  team: teamsykefravr
+  startup:
+    path: /syfomotebehov/internal/isAlive
+    periodSeconds: 5
+    timeout: 5
+    failureThreshold: 10
   liveness:
     path: /syfomotebehov/internal/isAlive
     initialDelay: 30
@@ -21,11 +25,10 @@ spec:
     timeout: 1
   resources:
     limits:
-      cpu: 2000m
-      memory: 2048Mi
+      memory: 1048Mi
     requests:
-      cpu: 1000m
-      memory: 1024Mi
+      cpu: 100m
+      memory: 512Mi
   replicas:
     min: 2
     max: 4
@@ -34,101 +37,80 @@ spec:
     enabled: true
     path: /syfomotebehov/internal/prometheus
   ingresses:
-    - "https://syfomotebehov.dev.intern.nav.no"
-    - "https://syfomotebehov.nais.preprod.local"
-    - "https://app-q1.adeo.no/syfomotebehov"
-    - "https://syfomotebehov.dev-fss-pub.nais.io"
+    - "https://syfomotebehov.intern.dev.nav.no"
   tokenx:
     enabled: true
   accessPolicy:
     inbound:
       rules:
         - application: syfomodiaperson
           namespace: teamsykefravr
-          cluster: dev-fss
         - application: dialogmote-frontend
-          namespace: team-esyfo
-          cluster: dev-gcp
         - application: ditt-sykefravaer
           namespace: flex
-          cluster: dev-gcp
-        - application: isyfomock
-          namespace: teamsykefravr
-          cluster: dev-gcp
     outbound:
+      external:
+        - host: "pdl-api.dev-fss-pub.nais.io"
       rules:
         - application: esyfovarsel
-          namespace: team-esyfo
-          cluster: dev-gcp
+        - application: syfobrukertilgang
+        - application: istilgangskontroll
+          namespace: teamsykefravr
+        - application: syfobehandlendeenhet
+          namespace: teamsykefravr
         - application: isnarmesteleder
           namespace: teamsykefravr
-          cluster: dev-gcp
   azure:
     application:
       enabled: true
       tenant: trygdeetaten.no
-      replyURLs:
-        - "https://syfomotebehov.dev.intern.nav.no/oauth2/callback"
       claims:
         extra:
           - "NAVident"
-  vault:
+  idporten:
     enabled: true
-    paths:
-      - kvPath: "/oracle/data/dev/creds/syfomotebehov_q1-user"
-        mountPath: "/secrets/syfomotebehovdb/credentials"
-      - kvPath: "/oracle/data/dev/config/syfomotebehov_q1"
-        mountPath: "/secrets/syfomotebehovdb/config"
-      - kvPath: "/kv/preprod/fss/syfomotebehov/team-esyfo"
-        mountPath: "/var/run/secrets/nais.io/vault"
-  envFrom:
-    - configmap: loginservice-idporten
+    sidecar:
+      enabled: true
+  gcp:
+    sqlInstances:
+      - type: POSTGRES_14
+        databases:
+          - name: syfomotebehov-db
+        diskAutoresize: true
   kafka:
     pool: nav-dev
   env:
     - name: APP_NAME
       value: "syfomotebehov"
-    - name: APPDYNAMICS_CONTROLLER_HOST_NAME
-      value: appdynamics.adeo.no
-    - name: APPDYNAMICS_CONTROLLER_PORT
-      value: "443"
-    - name: APPDYNAMICS_CONTROLLER_SSL_ENABLED
+    - name: TOGGLE_KANDIDATLISTA
       value: "true"
-    - name: toggle_enable_nullstill
-      value: 'false'
-    - name: SPRING_KAFKA_BOOTSTRAP_SERVERS
-      value: b27apvl00045.preprod.local:8443,b27apvl00046.preprod.local:8443,b27apvl00047.preprod.local:8443
+    - name: TOKENX_IDP
+      value: "https://oidc-ver2.difi.no/idporten-oidc-provider/"
+    - name: DIALOGMOTE_FRONTEND_CLIENT_ID
+      value: "dev-gcp:team-esyfo:dialogmote-frontend"
+    - name: DITT_SYKEFRAVAER_FRONTEND_CLIENT_ID
+      value: "dev-gcp:flex:ditt-sykefravaer"
+    - name: PDL_CLIENT_ID
+      value: "dev-fss.pdl.pdl-api"
     - name: PDL_URL
-      value: https://pdl-api.nais.preprod.local/graphql
+      value: "https://pdl-api.dev-fss-pub.nais.io/graphql"
+    - name: ISTILGANGSKONTROLL_CLIENT_ID
+      value: "dev-gcp.teamsykefravr.istilgangskontroll"
+    - name: ISTILGANGSKONTROLL_URL
+      value: "http://istilgangskontroll.teamsykefravr"
+    - name: SYFOBRUKERTILGANG_CLIENT_ID
+      value: "dev-gcp.team-esyfo.syfobrukertilgang"
     - name: SYFOBRUKERTILGANG_URL
-      value: https://syfobrukertilgang.nais.preprod.local
-    - name: SYFOTILGANGSKONTROLL_CLIENT_ID
-      value: "dev-fss.teamsykefravr.syfo-tilgangskontroll"
-    - name: TILGANGSKONTROLLAPI_URL
-      value: https://syfo-tilgangskontroll.nais.preprod.local/syfo-tilgangskontroll/api/tilgang
-    - name: ESYFOVARSELAPI_URL
-      value: https://esyfovarsel.dev.intern.nav.no/api/bruker
-    - name: SECURITY_TOKEN_SERVICE_REST_URL
-      value: https://security-token-service.nais.preprod.local
+      value: "http://syfobrukertilgang"
+    - name: ESYFOVARSEL_CLIENT_ID
+      value: "dev-gcp.team-esyfo.esyfovarsel"
+    - name: ESYFOVARSEL_URL
+      value: "http://esyfovarsel"
     - name: SYFOBEHANDLENDEENHET_CLIENT_ID
       value: "dev-gcp.teamsykefravr.syfobehandlendeenhet"
     - name: SYFOBEHANDLENDEENHET_URL
-      value: "https://syfobehandlendeenhet.dev.intern.nav.no"
-    - name: NO_NAV_SECURITY_JWT_ISSUER_INTERN_DISCOVERYURL
-      value: https://isso-q.adeo.no:443/isso/oauth2/.well-known/openid-configuration
-    - name: KAFKA_ENV_NAME
-      value: q1
-    - name: DIALOGMOTE_FRONTEND_CLIENT_ID
-      value: dev-gcp:team-esyfo:dialogmote-frontend
-    - name: SYFOBRUKERTILGANG_CLIENT_ID
-      value: dev-fss:team-esyfo:syfobrukertilgang
-    - name: TOKENX_IDP
-      value: https://oidc-ver2.difi.no/idporten-oidc-provider/
-    - name: DITT_SYKEFRAVAER_FRONTEND_CLIENT_ID
-      value: dev-gcp:flex:ditt-sykefravaer
-    - name: TOGGLE_KANDIDATLISTA
-      value: "true"
-    - name: ISNARMESTELEDER_URL
-      value: "https://isnarmesteleder.dev.intern.nav.no"
+      value: "http://syfobehandlendeenhet.teamsykefravr"
     - name: ISNARMESTELEDER_CLIENT_ID
       value: "dev-gcp.teamsykefravr.isnarmesteleder"
+    - name: ISNARMESTELEDER_URL
+      value: "http://isnarmesteleder.teamsykefravr"