familie-tilbake

Author: arcuri82

jdk_17_maven/cs/rest/familie-tilbake/.deploy/azurerator/azure-ad-app-lokal.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: nais.io/v1
+kind: AzureAdApplication
+metadata:
+  name: familie-tilbake-lokal
+  namespace: teamfamilie
+  labels:
+    team: teamfamilie
+spec:
+  claims:
+    extra:
+      - "NAVident"
+    groups:
+      - id: d21e00a4-969d-4b28-8782-dc818abfae65 # 0000-GA-Barnetrygd
+      - id: 9449c153-5a1e-44a7-84c6-7cc7a8867233 # 0000-GA-Barnetrygd-Beslutter
+      - id: 93a26831-9866-4410-927b-74ff51a9107c # 0000-GA-Barnetrygd-Veileder
+      - id: ee5e0b5e-454c-4612-b931-1fe363df7c2c # 0000-GA-Enslig-Forsorger-Saksbehandler
+      - id: 01166863-22f1-4e16-9785-d7a05a22df74 # 0000-GA-Enslig-Forsorger-Beslutter
+      - id: 19dcbfde-4cdb-4c64-a1ea-ac9802b03339 # 0000-GA-Enslig-Forsorger-Veileder
+      - id: c62e908a-cf20-4ad0-b7b3-3ff6ca4bf38b # teamfamilie-forvaltning
+      - id: 928636f4-fd0d-4149-978e-a6fb68bb19de # 0000-GA-STDAPPS - tilgang til prosessering
+  preAuthorizedApplications:
+    - application: familie-tilbake-frontend-lokal
+      cluster: dev-gcp
+      namespace: teamfamilie
+    - application: familie-ba-sak
+      cluster: dev-gcp
+    - application: familie-ks-sak
+      cluster: dev-gcp
+    - application: familie-ba-sak-lokal
+      cluster: dev-gcp
+      namespace: teamfamilie
+    - application: familie-ef-sak-lokal
+      cluster: dev-gcp
+      namespace: teamfamilie
+    - application: familie-ks-sak-lokal
+      cluster: dev-gcp
+      namespace: teamfamilie
+    - application: familie-ef-iverksett-lokal
+      cluster: dev-gcp
+      namespace: teamfamilie
+    - application: ida
+      cluster: prod-fss
+      namespace: traktor
+  replyUrls:
+    - url: "http://localhost:8030/swagger-ui/oauth2-redirect.html"
+  tenant: trygdeetaten.no
+  secretName: azuread-familie-tilbake-lokal
+  singlePageApplication: true
+
+# secret kan hentes fra cluster med "kubectl -n teamfamilie get secret azuread-familie-tilbake-lokal -o json | jq '.data | map_values(@base64d)'"

jdk_17_maven/cs/rest/familie-tilbake/.deploy/nais/app-dev-gcp.yaml

@@ -0,0 +1,119 @@
+apiVersion: "nais.io/v1alpha1"
+kind: "Application"
+metadata:
+  name: familie-tilbake
+  namespace: teamfamilie
+  labels:
+    team: teamfamilie
+
+spec:
+  envFrom:
+    - secret: familie-tilbake
+    - secret: familie-tilbake-unleash-api-token
+  image: {{ image }}
+  port: 8030
+  leaderElection: true
+  liveness:
+    path: /internal/status/isAlive
+    initialDelay: 30
+    failureThreshold: 10
+  readiness:
+    path: /internal/status/isAlive
+    initialDelay: 30
+    failureThreshold: 10
+  prometheus:
+    enabled: true
+    path: /internal/prometheus
+  vault:
+    enabled: false
+  gcp: # Database
+    sqlInstances:
+      - type: POSTGRES_14
+        tier: db-custom-1-3840
+        name: familie-tilbake
+        autoBackupTime: "03:00"
+        databases:
+          - name: familie-tilbake
+            envVarPrefix: DB
+  azure:
+    application:
+      claims:
+        extra:
+          - "NAVident"
+        groups:
+          - id: d21e00a4-969d-4b28-8782-dc818abfae65 # 0000-GA-Barnetrygd
+          - id: 9449c153-5a1e-44a7-84c6-7cc7a8867233 # 0000-GA-Barnetrygd-Beslutter
+          - id: 93a26831-9866-4410-927b-74ff51a9107c # 0000-GA-Barnetrygd-Veileder
+          - id: ee5e0b5e-454c-4612-b931-1fe363df7c2c # 0000-GA-Enslig-Forsorger-Saksbehandler
+          - id: 01166863-22f1-4e16-9785-d7a05a22df74 # 0000-GA-Enslig-Forsorger-Beslutter
+          - id: 19dcbfde-4cdb-4c64-a1ea-ac9802b03339 # 0000-GA-Enslig-Forsorger-Veileder
+          - id: 71f503a2-c28f-4394-a05a-8da263ceca4a  # 0000-GA-Kontantstøtte-Veilder
+          - id: c7e0b108-7ae6-432c-9ab4-946174c240c0  # 0000-GA-Kontantstøtte
+          - id: 52fe1bef-224f-49df-a40a-29f92d4520f8  # 0000-GA-Kontantstøtte-Beslutter
+          - id: c62e908a-cf20-4ad0-b7b3-3ff6ca4bf38b # teamfamilie-forvaltning
+          - id: 928636f4-fd0d-4149-978e-a6fb68bb19de # 0000-GA-STDAPPS - tilgang til prosessering
+      enabled: true
+      tenant: trygdeetaten.no
+      replyURLs:
+        - "https://familie-tilbake.intern.dev.nav.no/swagger-ui/oauth2-redirect.html"
+      singlePageApplication: true
+  accessPolicy:
+    inbound:
+      rules:
+        - application: familie-ba-sak
+          namespace: teamfamilie
+          cluster: dev-gcp
+        - application: familie-ks-sak
+          namespace: teamfamilie
+          cluster: dev-gcp
+        - application: familie-ef-sak
+          namespace: teamfamilie
+          cluster: dev-gcp
+        - application: familie-ef-iverksett
+          namespace: teamfamilie
+          cluster: dev-gcp
+        - application: familie-ks-sak
+          namespace: teamfamilie
+          cluster: dev-gcp
+        - application: familie-tilbake-frontend
+          namespace: teamfamilie
+          cluster: dev-gcp
+        - application: ida
+          namespace: traktor
+          cluster: prod-fss
+        - application: familie-prosessering
+          namespace: teamfamilie
+          cluster: dev-gcp
+        - application: familie-prosessering-lokal
+          namespace: teamfamilie
+          cluster: dev-gcp
+    outbound:
+      rules:
+        - application: familie-historikk
+      external:
+        - host: teamfamilie-unleash-api.nav.cloud.nais.io
+        - host: familie-integrasjoner.dev-fss-pub.nais.io
+        - host: pdl-api.dev-fss-pub.nais.io
+        - host: b27apvl220.preprod.local
+          ports:
+            - name: mq
+              port: 1413
+              protocol: TCP
+  replicas:
+    min: 2
+    max: 4
+  resources:
+    limits:
+      memory: 1024Mi
+    requests:
+      memory: 512Mi
+      cpu: 500m
+  ingresses:
+    - https://familie-tilbake.intern.dev.nav.no
+  secureLogs:
+    enabled: true
+  env:
+    - name: SPRING_PROFILES_ACTIVE
+      value: dev
+  kafka:
+    pool: nav-dev

jdk_17_maven/cs/rest/familie-tilbake/.deploy/nais/app-prod-gcp.yaml

@@ -0,0 +1,116 @@
+apiVersion: "nais.io/v1alpha1"
+kind: "Application"
+metadata:
+  name: familie-tilbake
+  namespace: teamfamilie
+  labels:
+    team: teamfamilie
+
+spec:
+  image: {{ image }}
+  port: 8030
+  leaderElection: true
+  liveness:
+    path: /internal/status/isAlive
+    initialDelay: 30
+    failureThreshold: 10
+  readiness:
+    path: /internal/status/isAlive
+    initialDelay: 30
+    failureThreshold: 10
+  prometheus:
+    enabled: true
+    path: /internal/prometheus
+  vault:
+    enabled: false
+  gcp: # Database
+    sqlInstances:
+      - type: POSTGRES_14
+        tier: db-custom-1-3840
+        name: familie-tilbake
+        diskAutoresize: true
+        highAvailability: true
+        autoBackupTime: "03:00"
+        databases:
+          - name: familie-tilbake
+            envVarPrefix: DB
+  azure:
+    application:
+      claims:
+        extra:
+          - "NAVident"
+        groups:
+          - id: 847e3d72-9dc1-41c3-80ff-f5d4acdd5d46 # 0000-GA-Barnetrygd
+          - id: 7a271f87-39fb-468b-a9ee-6cf3c070f548 # 0000-GA-Barnetrygd-Beslutter
+          - id: 199c2b39-e535-4ae8-ac59-8ccbee7991ae # 0000-GA-Barnetrygd-Veileder
+          - id: e40090eb-c2fb-400e-b412-e9084019a73b # 0000-GA-Kontantstøtte
+          - id: 54cd86b8-2e23-48b2-8852-b05b5827bb0f # 0000-GA-Kontantstøtte-Veileder
+          - id: 3d718ae5-f25e-47a4-b4b3-084a97604c1d # teamfamilie-forvaltning
+          - id: 87190cf3-b278-457d-8ab7-1a5c55a9edd7 # Group_87190cf3-b278-457d-8ab7-1a5c55a9edd7 tilgang til prosessering
+          - id: 31778fd8-3b71-4867-8db6-a81235fbe001 # 0000-GA-Enslig-Forsorger-Veileder
+          - id: 6406aba2-b930-41d3-a85b-dd13731bc974 # 0000-GA-Enslig-Forsorger-Saksbehandler
+          - id: 5fcc0e1d-a4c2-49f0-93dc-27c9fea41e54 # 0000-GA-Enslig-Forsorger-Beslutter
+          - id: 54cd86b8-2e23-48b2-8852-b05b5827bb0f # 0000-GA-Kontantstøtte-Veileder
+          - id: e40090eb-c2fb-400e-b412-e9084019a73b # 0000-GA-Kontantstøtte
+          - id: 4e7f23d9-5db1-45c0-acec-89c86a9ec678 # 0000-GA-Kontantstøtte-Beslutter
+      enabled: true
+      replyURLs:
+        - "https://familie-tilbake.intern.nav.no/swagger-ui/oauth2-redirect.html"
+      singlePageApplication: true
+  accessPolicy:
+    inbound:
+      rules:
+        - application: familie-ba-sak
+          namespace: teamfamilie
+          cluster: prod-gcp
+        - application: familie-ks-sak
+          namespace: teamfamilie
+          cluster: prod-gcp
+        - application: familie-ef-sak
+          namespace: teamfamilie
+          cluster: prod-gcp
+        - application: familie-ef-iverksett
+          namespace: teamfamilie
+          cluster: prod-gcp
+        - application: familie-ks-sak
+          namespace: teamfamilie
+          cluster: prod-gcp
+        - application: familie-tilbake-frontend
+          namespace: teamfamilie
+          cluster: prod-gcp
+        - application: familie-prosessering
+          namespace: teamfamilie
+          cluster: prod-gcp
+    outbound:
+      rules:
+        - application: familie-historikk
+      external:
+        - host: teamfamilie-unleash-api.nav.cloud.nais.io
+        - host: familie-integrasjoner.prod-fss-pub.nais.io
+        - host: pdl-api.prod-fss-pub.nais.io
+        - host: mpls02.adeo.no
+          ports:
+            - name: mq
+              port: 1414
+              protocol: TCP
+  replicas:
+    min: 2
+    max: 4
+  resources:
+    limits:
+      memory: 1024Mi
+    requests:
+      memory: 512Mi
+      cpu: 500m
+  secureLogs:
+    enabled: true
+  ingresses: # Optional. List of ingress URLs that will route HTTP traffic to the application.
+    - https://familie-tilbake.intern.nav.no
+  env:
+    - name: SPRING_PROFILES_ACTIVE
+      value: prod
+  envFrom:
+    - secret: familie-tilbake
+    - secret: familie-tilbake-unleash-api-token
+  kafka:
+    pool: nav-prod

jdk_17_maven/cs/rest/familie-tilbake/.deploy/nais/kafka/dvh_sak_topic.yaml

@@ -0,0 +1,29 @@
+apiVersion: kafka.nais.io/v1
+kind: Topic
+metadata:
+  name: aapen-tbk-datavarehus-sak-topic
+  namespace: teamfamilie
+  labels:
+    team: teamfamilie
+spec:
+  pool: nav-dev
+  config: # optional; all fields are optional too; defaults shown
+    cleanupPolicy: delete  # delete, compact
+    minimumInSyncReplicas: 2
+    partitions: 1
+    replication: 3  # see min/max requirements
+    retentionBytes: -1  # -1 means unlimited
+    retentionHours: -1  # -1 means unlimited
+  acl:
+    - team: teamfamilie
+      application: familie-tilbake #owner
+      access: readwrite   # readwrite
+    - team: ptsak
+      application: pt-sak-famtilbake-dev
+      access: read
+    - team: ptsak
+      application: pt-sak-famtilbake-preprod
+      access: read
+    - team: teamfamilie
+      application: familie-tilbake-kafka-manager #forvalter
+      access: read   # read

jdk_17_maven/cs/rest/familie-tilbake/.deploy/nais/kafka/dvh_vedtak_topic.yaml

@@ -0,0 +1,29 @@
+apiVersion: kafka.nais.io/v1
+kind: Topic
+metadata:
+  name: aapen-tbk-datavarehus-vedtak-topic
+  namespace: teamfamilie
+  labels:
+    team: teamfamilie
+spec:
+  pool: nav-dev
+  config: # optional; all fields are optional too; defaults shown
+    cleanupPolicy: delete  # delete, compact
+    minimumInSyncReplicas: 2
+    partitions: 1
+    replication: 3  # see min/max requirements
+    retentionBytes: -1  # -1 means unlimited
+    retentionHours: -1  # -1 means unlimited
+  acl:
+    - team: teamfamilie
+      application: familie-tilbake #owner
+      access: readwrite   # readwrite
+    - team: ptsak
+      application: pt-sak-famtilbake-dev
+      access: read
+    - team: ptsak
+      application: pt-sak-famtilbake-preprod
+      access: read
+    - team: teamfamilie
+      application: familie-tilbake-kafka-manager #forvalter
+      access: read   # read

jdk_17_maven/cs/rest/familie-tilbake/.deploy/nais/kafka/hentfagsystemsbehandling_request_topic.yaml

@@ -0,0 +1,32 @@
+apiVersion: kafka.nais.io/v1
+kind: Topic
+metadata:
+  name: privat-tbk-hentfagsystemsbehandling-request-topic
+  namespace: teamfamilie
+  labels:
+    team: teamfamilie
+spec:
+  pool: nav-dev
+  config: # optional; all fields are optional too; defaults shown
+    cleanupPolicy: delete  # delete, compact
+    minimumInSyncReplicas: 2
+    partitions: 1
+    replication: 3  # see min/max requirements
+    retentionBytes: -1  # -1 means unlimited
+    retentionHours: 72  # -1 means unlimited
+  acl:
+    - team: teamfamilie
+      application: familie-tilbake #owner
+      access: readwrite   # readwrite
+    - team: teamfamilie
+      application: familie-ba-sak #owner
+      access: read   # readwrite
+    - team: teamfamilie
+      application: familie-ks-sak
+      access: read # read
+    - team: teamfamilie
+      application: familie-ef-iverksett #owner
+      access: read   # readwrite
+    - team: teamfamilie
+      application: familie-tilbake-kafka-manager #forvalter
+      access: read   # read