diff --git a/.github/workflows/default.yml b/.github/workflows/default.yml index 5bbde61..bbf335b 100644 --- a/.github/workflows/default.yml +++ b/.github/workflows/default.yml @@ -51,7 +51,7 @@ jobs: if: github.ref == 'refs/heads/master' && github.event_name != 'release' strategy: matrix: - cluster: ["dev-sbs", "dev-gcp", "dev-fss", "labs-gcp"] + cluster: ["dev-sbs", "dev-fss"] timeout-minutes: 2 steps: - name: Checkout @@ -64,13 +64,32 @@ jobs: RESOURCE: naiserator.yml,network_policy.yml VARS: .nais/${{ matrix.cluster }}.json + deploy-dev-labs-gcp: + runs-on: ubuntu-latest + needs: build + if: github.ref == 'refs/heads/master' && github.event_name != 'release' + strategy: + matrix: + cluster: [ "dev-gcp", "labs-gcp" ] + timeout-minutes: 2 + steps: + - name: Checkout + uses: actions/checkout@master + - name: Deploy to ${{ matrix.cluster }} + uses: nais/deploy/actions/deploy@master + env: + APIKEY: ${{ secrets.NAIS_DEPLOY_KEY }} + CLUSTER: ${{ matrix.cluster }} + RESOURCE: naiserator-gcp.yml,network_policy.yml + VARS: .nais/${{ matrix.cluster }}.json + deploy-prod: runs-on: ubuntu-latest needs: build if: github.event_name == 'release' strategy: matrix: - cluster: ["prod-sbs", "prod-gcp", "prod-fss"] + cluster: ["prod-sbs", "prod-fss"] timeout-minutes: 2 steps: - name: Checkout @@ -82,3 +101,19 @@ jobs: CLUSTER: ${{ matrix.cluster }} RESOURCE: naiserator.yml,network_policy.yml VARS: .nais/${{ matrix.cluster }}.json + + deploy-prod-gcp: + runs-on: ubuntu-latest + needs: build + if: github.event_name == 'release' + timeout-minutes: 2 + steps: + - name: Checkout + uses: actions/checkout@master + - name: Deploy to prod-gcp + uses: nais/deploy/actions/deploy@master + env: + APIKEY: ${{ secrets.NAIS_DEPLOY_KEY }} + CLUSTER: prod-gcp + RESOURCE: naiserator.yml,network_policy.yml + VARS: .nais/prod-gcp.json diff --git a/.nais/dev-fss.json b/.nais/dev-fss.json index 5b44193..1e0df8b 100644 --- a/.nais/dev-fss.json +++ b/.nais/dev-fss.json @@ -1,6 +1,5 @@ { "namespace": "default", "pool": "nav-dev", - "webproxy": "true", - "no_proxy": "localhost,127.0.0.1,10.254.0.1,.local,.adeo.no,.nav.no,.aetat.no,.devillo.no,.oera.no" + "proxy": "https://webproxy.nais:8088" } \ No newline at end of file diff --git a/.nais/dev-gcp.json b/.nais/dev-gcp.json index ec78b90..4e88b28 100644 --- a/.nais/dev-gcp.json +++ b/.nais/dev-gcp.json @@ -1,6 +1,4 @@ { "namespace": "dataplattform", - "pool": "nav-dev", - "webproxy": "false", - "no_proxy": ".nav.no" + "pool": "nav-dev" } \ No newline at end of file diff --git a/.nais/dev-sbs.json b/.nais/dev-sbs.json index 5b44193..1e0df8b 100644 --- a/.nais/dev-sbs.json +++ b/.nais/dev-sbs.json @@ -1,6 +1,5 @@ { "namespace": "default", "pool": "nav-dev", - "webproxy": "true", - "no_proxy": "localhost,127.0.0.1,10.254.0.1,.local,.adeo.no,.nav.no,.aetat.no,.devillo.no,.oera.no" + "proxy": "https://webproxy.nais:8088" } \ No newline at end of file diff --git a/.nais/labs-gcp.json b/.nais/labs-gcp.json index ec78b90..4e88b28 100644 --- a/.nais/labs-gcp.json +++ b/.nais/labs-gcp.json @@ -1,6 +1,4 @@ { "namespace": "dataplattform", - "pool": "nav-dev", - "webproxy": "false", - "no_proxy": ".nav.no" + "pool": "nav-dev" } \ No newline at end of file diff --git a/.nais/prod-fss.json b/.nais/prod-fss.json index cccf308..cd8083c 100644 --- a/.nais/prod-fss.json +++ b/.nais/prod-fss.json @@ -1,6 +1,5 @@ { "namespace": "default", "pool": "nav-prod", - "webproxy": "true", - "no_proxy": "localhost,127.0.0.1,10.254.0.1,.local,.adeo.no,.nav.no,.aetat.no,.devillo.no,.oera.no" + "proxy": "https://webproxy.nais:8088" } \ No newline at end of file diff --git a/.nais/prod-gcp.json b/.nais/prod-gcp.json index dc4ee76..e21f982 100644 --- a/.nais/prod-gcp.json +++ b/.nais/prod-gcp.json @@ -1,6 +1,4 @@ { "namespace": "dataplattform", - "pool": "nav-prod", - "webproxy": "false", - "no_proxy": ".nav.no" + "pool": "nav-prod" } \ No newline at end of file diff --git a/.nais/prod-sbs.json b/.nais/prod-sbs.json index cccf308..cd8083c 100644 --- a/.nais/prod-sbs.json +++ b/.nais/prod-sbs.json @@ -1,6 +1,5 @@ { "namespace": "default", "pool": "nav-prod", - "webproxy": "true", - "no_proxy": "localhost,127.0.0.1,10.254.0.1,.local,.adeo.no,.nav.no,.aetat.no,.devillo.no,.oera.no" + "proxy": "https://webproxy.nais:8088" } \ No newline at end of file diff --git a/naiserator-gcp.yml b/naiserator-gcp.yml new file mode 100644 index 0000000..dd0d520 --- /dev/null +++ b/naiserator-gcp.yml @@ -0,0 +1,47 @@ +apiVersion: "nais.io/v1alpha1" +kind: "Application" +metadata: + labels: + team: dataplattform + name: ingress-collector + namespace: dataplattform +spec: + image: {{image}} + port: 8000 + prometheus: + enabled: false + path: /metrics + istio: + enabled: false + liveness: + path: /is-alive + timeout: 2 + initialDelay: 2 + periodSeconds: 7 + failureThreshold: 3 + readiness: + path: /is-ready + timeout: 2 + initialDelay: 2 + periodSeconds: 7 + failureThreshold: 3 + replicas: + min: 1 + max: 1 + resources: + limits: + cpu: 200m + memory: 128Mi + requests: + cpu: 100m + memory: 64Mi + webproxy: {{webproxy}} + env: + - name: WEB_CONCURRENCY + value: "1" + - name: ACCESS_LOG + value: "" + - name: REQUESTS_CA_BUNDLE + value: /etc/pki/tls/certs/ca-bundle.crt + - name: SSL_CERT_FILE + value: /etc/pki/tls/certs/ca-bundle.crt diff --git a/naiserator.yml b/naiserator.yml index 0f3a0c5..bc83833 100644 --- a/naiserator.yml +++ b/naiserator.yml @@ -45,7 +45,11 @@ spec: value: /etc/pki/tls/certs/ca-bundle.crt - name: SSL_CERT_FILE value: /etc/pki/tls/certs/ca-bundle.crt - - name: NO_PROXY - value: {{no_proxy}} - - name: no_proxy - value: {{no_proxy}} + - name: HTTPS_PROXY + value: {{proxy}} + - name: HTTP_PROXY + value: {{proxy}} + - name: https_proxy + value: {{proxy}} + - name: http_proxy + value: {{proxy}}