-
Notifications
You must be signed in to change notification settings - Fork 1
/
nais-prod-gcp.yaml
127 lines (126 loc) · 3.91 KB
/
nais-prod-gcp.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
apiVersion: "nais.io/v1alpha1"
kind: "Application"
metadata:
name: veilarbperson
namespace: obo
labels:
team: obo
spec:
image: {{image}}
port: 8080
webproxy: true
ingresses:
- https://veilarbperson-gcp.intern.nav.no
liveness:
path: veilarbperson/internal/isAlive
initialDelay: 30
readiness:
path: veilarbperson/internal/isReady
initialDelay: 30
prometheus:
enabled: true
path: veilarbperson/internal/prometheus
resources:
limits:
memory: 2048Mi
requests:
cpu: 200m
memory: 1024Mi
replicas:
min: 2
max: 4
cpuThresholdPercentage: 75
secureLogs:
enabled: true
azure:
application:
enabled: true
allowAllUsers: true
claims:
extra:
- "NAVident"
accessPolicy:
inbound:
rules:
- application: veilarbpersonflate
namespace: poao
cluster: prod-gcp
- application: veilarbvedtaksstotte
namespace: obo
- application: veilarbvedtaksstotte
namespace: pto
cluster: prod-fss
- application: veilarboppgave
namespace: obo
cluster: prod-gcp
- application: arbeidssokerregistrering-for-veileder
namespace: paw
cluster: prod-gcp
outbound:
rules:
- application: kodeverk-api
namespace: team-rocket
- application: digdir-krr-proxy
namespace: team-rocket
- application: poao-tilgang
namespace: poao
- application: paw-arbeidssoekerregisteret-api-oppslag
namespace: paw
- application: skjermede-personer-pip
namespace: nom
- application: norg2
namespace: org
- application: veilarboppfolging
namespace: poao
- application: repr-api
namespace: repr
external:
- host: pdl-api.prod-fss-pub.nais.io
- host: veilarboppfolging.prod-fss-pub.nais.io
- host: regoppslag.prod-fss-pub.nais.io
- host: pam-cv-api-gcp.intern.nav.no
env:
- name: KODEVERK_URL
value: http://kodeverk-api.team-rocket
- name: KODEVERK_SCOPE
value: api://prod-gcp.team-rocket.kodeverk-api/.default
- name: KONTAKT_OG_RESERVASJONSREGISTERET_API_URL
value: http://digdir-krr-proxy.team-rocket
- name: KONTAKT_OG_RESERVASJONSREGISTERET_SCOPE
value: api://prod-gcp.team-rocket.digdir-krr-proxy/.default
- name: PAM_CV_API_SCOPE
value: api://prod-gcp.teampam.pam-cv-api-gcp/.default
- name: PAM_CV_API_URL
value: https://pam-cv-api-gcp.intern.nav.no/pam-cv-api
- name: REPR_API_SCOPE
value: api://prod-gcp.repr.repr-api/.default
- name: REPR_API_URL
value: http://repr-api.repr
- name: PDL_API_SCOPE
value: api://prod-fss.pdl.pdl-api/.default
- name: PDL_API_URL
value: https://pdl-api.prod-fss-pub.nais.io
- name: POAO_TILGANG_URL
value: http://poao-tilgang.poao
- name: POAO_TILGANG_SCOPE
value: api://prod-gcp.poao.poao-tilgang/.default
- name: REGOPPSLAG_SCOPE
value: api://prod-fss.teamdokumenthandtering.regoppslag/.default
- name: REGOPPSLAG_URL
value: https://regoppslag.prod-fss-pub.nais.io
- name: SKJERMEDE_PERSONER_PIP_SCOPE
value: api://prod-gcp.nom.skjermede-personer-pip/.default
- name: SKJERMEDE_PERSONER_PIP_URL
value: http://skjermede-personer-pip.nom
- name: VEILARBOPPFOLGING_SCOPE
value: api://prod-gcp.poao.veilarboppfolging/.default
- name: VEILARBOPPFOLGING_URL
value: http://veilarboppfolging.poao/veilarboppfolging
- name: OPPSLAG_ARBEIDSSOEKERREGISTERET_URL
value: http://paw-arbeidssoekerregisteret-api-oppslag.paw
- name: OPPSLAG_ARBEIDSSOEKERREGISTERET_SCOPE
value: api://prod-gcp.paw.paw-arbeidssoekerregisteret-api-oppslag/.default
- name: NORG2_URL
value: http://norg2.org/norg2
- name: NORG2_SCOPE
value: api://prod-gcp.org.norg2/.default