From 9dc731a81a7718569428098e1c09ca26566a5419 Mon Sep 17 00:00:00 2001 From: peturgq Date: Thu, 14 Nov 2024 14:25:37 +0000 Subject: [PATCH 1/5] chore: Sync helm templates --- .../libs/api-template/templates/_helpers.tpl | 20 +-- .../api-template/templates/deployment.yaml | 15 +- .../helm/libs/api-template/templates/pdb.yaml | 22 +++ .../cronjob-template/templates/cronjob.yaml | 13 ++ infra/helm/libs/cronjob-template/values.yaml | 1 + infra/helm/libs/job-template/.helmignore | 23 +++ infra/helm/libs/job-template/Chart.yaml | 6 + .../libs/job-template/templates/_helpers.tpl | 63 +++++++++ .../helm/libs/job-template/templates/job.yaml | 133 ++++++++++++++++++ .../helm/libs/job-template/templates/pvc.yaml | 22 +++ .../libs/job-template/templates/secrets.yaml | 18 +++ .../templates/serviceaccount.yaml | 17 +++ infra/helm/libs/job-template/values.yaml | 33 +++++ 13 files changed, 377 insertions(+), 9 deletions(-) create mode 100644 infra/helm/libs/api-template/templates/pdb.yaml create mode 100644 infra/helm/libs/job-template/.helmignore create mode 100644 infra/helm/libs/job-template/Chart.yaml create mode 100644 infra/helm/libs/job-template/templates/_helpers.tpl create mode 100644 infra/helm/libs/job-template/templates/job.yaml create mode 100644 infra/helm/libs/job-template/templates/pvc.yaml create mode 100644 infra/helm/libs/job-template/templates/secrets.yaml create mode 100644 infra/helm/libs/job-template/templates/serviceaccount.yaml create mode 100644 infra/helm/libs/job-template/values.yaml diff --git a/infra/helm/libs/api-template/templates/_helpers.tpl b/infra/helm/libs/api-template/templates/_helpers.tpl index de39c681ba35..7e2591422b25 100644 --- a/infra/helm/libs/api-template/templates/_helpers.tpl +++ b/infra/helm/libs/api-template/templates/_helpers.tpl @@ -3,7 +3,11 @@ Expand the name of the chart. */}} {{- define "api-template.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- if .Values.name -}} + {{- .Values.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} {{- end -}} {{/* @@ -13,14 +17,14 @@ If release name contains chart name it will be used as a full name. */}} {{- define "api-template.fullname" -}} {{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} + {{- $name := .Values.name | default .Chart.Name .Values.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- end -}} {{- end -}} {{- end -}} diff --git a/infra/helm/libs/api-template/templates/deployment.yaml b/infra/helm/libs/api-template/templates/deployment.yaml index 81812e13abdd..e1ff2f6676a3 100644 --- a/infra/helm/libs/api-template/templates/deployment.yaml +++ b/infra/helm/libs/api-template/templates/deployment.yaml @@ -55,6 +55,15 @@ spec: {{- toYaml .Values.annotations | nindent 8 }} {{- end }} spec: + {{- if .Values.armBetaEnrolled }} + tolerations: + - key: "arm" + operator: "Equal" + value: "true" + effect: "NoSchedule" + nodeSelector: + nodetype: "arm" + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -175,6 +184,8 @@ spec: fieldPath: metadata.labels['tags.datadoghq.com/version'] - name: DD_LOGS_INJECTION value: "true" + - name: DD_DBM_PROPAGATION_MODE + value: "full" - name: DD_AGENT_HOST valueFrom: fieldRef: @@ -183,6 +194,8 @@ spec: value: "true" - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC value: "true" + - name: DD_PROFILING_ENABLED + value: "false" - name: DD_APM_REPLACE_TAGS value: '[ { @@ -232,4 +245,4 @@ spec: claimName: {{.name}} {{- end }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/infra/helm/libs/api-template/templates/pdb.yaml b/infra/helm/libs/api-template/templates/pdb.yaml new file mode 100644 index 000000000000..3b3534fd8eb4 --- /dev/null +++ b/infra/helm/libs/api-template/templates/pdb.yaml @@ -0,0 +1,22 @@ +{{- $labels := include "api-template.labels" . -}} +{{- $namespace := $.Values.namespace -}} +{{- $serviceName := include "api-template.name" . -}} +{{- if .Values.enabled }} +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ $serviceName }}-pdb + namespace: {{ $namespace }} +spec: +{{- if hasKey .Values.podDisruptionBudget "minAvailable" }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ $serviceName }} +{{- end }} +{{- end }} diff --git a/infra/helm/libs/cronjob-template/templates/cronjob.yaml b/infra/helm/libs/cronjob-template/templates/cronjob.yaml index ef17498097e4..a3892dce80ce 100644 --- a/infra/helm/libs/cronjob-template/templates/cronjob.yaml +++ b/infra/helm/libs/cronjob-template/templates/cronjob.yaml @@ -18,8 +18,21 @@ spec: failedJobsHistoryLimit: {{ .Values.failedJobsHistoryLimit | default 1 }} successfulJobsHistoryLimit: {{ .Values.successfulJobsHistoryLimit | default 3}} schedule: {{ .Values.schedule | quote }} + {{- if .Values.startingDeadlineSeconds }} + startingDeadlineSeconds: {{ .Values.startingDeadlineSeconds }} + {{- end }} jobTemplate: spec: + {{- if .Values.armBetaEnrolled }} + tolerations: + - key: "arm" + operator: "Equal" + value: "true" + effect: "NoSchedule" + nodeSelector: + nodetype: "arm" + {{- end }} + ttlSecondsAfterFinished: {{ .Values.ttlSecondsAfterFinished | default 600 }} template: metadata: annotations: diff --git a/infra/helm/libs/cronjob-template/values.yaml b/infra/helm/libs/cronjob-template/values.yaml index 4727071401ae..19c15349ef2f 100644 --- a/infra/helm/libs/cronjob-template/values.yaml +++ b/infra/helm/libs/cronjob-template/values.yaml @@ -9,6 +9,7 @@ serviceAccount: image: repository: defaultmissing schedule: '0 8 * * 1' +startingDeadlineSeconds: null resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/infra/helm/libs/job-template/.helmignore b/infra/helm/libs/job-template/.helmignore new file mode 100644 index 000000000000..0e8a0eb36f4c --- /dev/null +++ b/infra/helm/libs/job-template/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/infra/helm/libs/job-template/Chart.yaml b/infra/helm/libs/job-template/Chart.yaml new file mode 100644 index 000000000000..bcd9e96aec26 --- /dev/null +++ b/infra/helm/libs/job-template/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: job-template +description: A Helm chart template for Kubernetes jobs +type: application +version: 0.0.1 +appVersion: 1.16.0 diff --git a/infra/helm/libs/job-template/templates/_helpers.tpl b/infra/helm/libs/job-template/templates/_helpers.tpl new file mode 100644 index 000000000000..9fe56a76cd6c --- /dev/null +++ b/infra/helm/libs/job-template/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "job-template.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "job-template.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "job-template.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "job-template.labels" -}} +helm.sh/chart: {{ include "job-template.chart" . }} +{{ include "job-template.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "job-template.selectorLabels" -}} +app.kubernetes.io/name: {{ include "job-template.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "job-template.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "job-template.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/infra/helm/libs/job-template/templates/job.yaml b/infra/helm/libs/job-template/templates/job.yaml new file mode 100644 index 000000000000..303f3e362798 --- /dev/null +++ b/infra/helm/libs/job-template/templates/job.yaml @@ -0,0 +1,133 @@ +{{- if .Values.enabled }} +{{- $fullName := include "job-template.fullname" . -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ .Chart.Name }}-{{ now | unixEpoch }}" + {{- if $.Values.namespace }} + namespace: {{ $.Values.namespace }} + {{- end }} + labels: + {{- include "job-template.labels" . | nindent 4 }} + chart: "{{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}" + tags.datadoghq.com/env: {{ .Values.global.env.name }} + tags.datadoghq.com/service: {{ include "job-template.name" . }} + tags.datadoghq.com/version: {{ .Values.image.tag | default .Values.global.image.tag }} +spec: + ttlSecondsAfterFinished: {{ .Values.ttlSecondsAfterFinished | default 600 }} + template: + metadata: + annotations: + linkerd.io/inject: disabled + ad.datadoghq.com/{{ .Chart.Name }}.logs: >- + [{ + "log_processing_rules": [{ + "type": "mask_sequences", + "name": "mask_national_ids", + "replace_placeholder": "--MASKED--", + "pattern" : "\\b(?:[89]\\d{3}|(?:[012]\\d|3[01])(?:0\\d|1[012]))\\d\\d-?\\d{4}\\b" + }] + }] + labels: + {{- include "job-template.labels" . | nindent 8 }} + chart: "{{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}" + tags.datadoghq.com/env: {{ .Values.global.env.name }} + tags.datadoghq.com/service: {{ include "job-template.name" . }} + tags.datadoghq.com/version: {{ .Values.image.tag | default .Values.global.image.tag }} + spec: + {{- if .Values.armBetaEnrolled }} + tolerations: + - key: "arm" + operator: "Equal" + value: "true" + effect: "NoSchedule" + nodeSelector: + nodetype: "arm" + {{- end }} + serviceAccountName: {{ include "job-template.serviceAccountName" $ }} + securityContext: + {{- toYaml $.Values.podSecurityContext | nindent 12 }} + containers: + - image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default .Values.global.image.tag }}" + name: {{ .Chart.Name }} + securityContext: + {{- toYaml $.Values.securityContext | nindent 14 }} + volumeMounts: + {{- if not (empty .Values.pvcs) }} + {{- range .Values.pvcs}} + - mountPath: {{ .mountPath }} + name: {{ .name }} + {{- end}} + {{- end }} + {{- if not (empty .Values.files) }} + - name: config-volume + mountPath: /etc/config + {{- end }} + env: + {{- range $key, $value := .Values.global.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- range $key, $value := .Values.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- range $key, $value := .Values.secrets }} + - name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $fullName }} + key: {{ $key }} + {{- end }} + - name: APP_VERSION + value: {{ .Values.image.tag | default .Values.global.image.tag }} + - name: DD_ENV + valueFrom: + fieldRef: + fieldPath: metadata.labels['tags.datadoghq.com/env'] + - name: DD_SERVICE + valueFrom: + fieldRef: + fieldPath: metadata.labels['tags.datadoghq.com/service'] + - name: DD_VERSION + valueFrom: + fieldRef: + fieldPath: metadata.labels['tags.datadoghq.com/version'] + - name: DD_LOGS_INJECTION + value: "true" + - name: DD_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_APM_REPLACE_TAGS + value: '[ + { + "name": "*", + "pattern": "\\b(?:[89]\\d{3}|(?:[012]\\d|3[01])(?:0\\d|1[012]))\\d\\d-?\\d{4}\\b", + "repl": "--MASKED--" + }]' + {{- with .Values.command }} + command: {{ toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.args }} + args: {{ toYaml . | nindent 12 }} + {{- end }} + resources: + {{ toYaml $.Values.resources | nindent 14 }} + {{- if or (not (empty .Values.files)) (not (empty .Values.pvcs)) }} + volumes: + {{- end }} + {{- if not (empty .Values.files) }} + - name: config-volume + configMap: + name: {{ include "job-template.name" . }} + {{- end }} + {{- if not (empty .Values.pvcs) }} + {{- range .Values.pvcs }} + - name: {{ .name }} + persistentVolumeClaim: + claimName: {{ .name }} + {{- end }} + {{- end }} + restartPolicy: {{ .Values.restartPolicy | default "Never" }} +{{- end }} diff --git a/infra/helm/libs/job-template/templates/pvc.yaml b/infra/helm/libs/job-template/templates/pvc.yaml new file mode 100644 index 000000000000..93e9a6d60f89 --- /dev/null +++ b/infra/helm/libs/job-template/templates/pvc.yaml @@ -0,0 +1,22 @@ +{{- $labels := include "cronjob-template.labels" . -}} +{{- $namespace := $.Values.namespace -}} +{{- if .Values.enabled }} +{{- range .Values.pvcs }} +{{- if not .useExisting }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + {{- $labels | nindent 4 }} + name: {{ .name }} + namespace: {{ $namespace }} +spec: + accessModes: + - {{ .accessModes }} + resources: + requests: + storage: {{ .size }} + storageClassName: {{ .storageClass }} +{{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm/libs/job-template/templates/secrets.yaml b/infra/helm/libs/job-template/templates/secrets.yaml new file mode 100644 index 000000000000..7436eaa53a19 --- /dev/null +++ b/infra/helm/libs/job-template/templates/secrets.yaml @@ -0,0 +1,18 @@ +{{- if .Values.enabled }} +{{- if not (empty .Values.secrets) }} +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + {{- if .Values.namespace }} + namespace: {{ .Values.namespace }} + {{- end }} + name: {{ include "cronjob-template.fullname" . }} +spec: + backendType: systemManager + data: + {{- range $key, $value := .Values.secrets }} + - name: {{ $key }} + key: {{ $value | quote }} + {{- end }} +{{- end }} +{{- end }} diff --git a/infra/helm/libs/job-template/templates/serviceaccount.yaml b/infra/helm/libs/job-template/templates/serviceaccount.yaml new file mode 100644 index 000000000000..81bee6cbaacf --- /dev/null +++ b/infra/helm/libs/job-template/templates/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if .Values.enabled }} +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "cronjob-template.serviceAccountName" . }} + {{- if .Values.namespace }} + namespace: {{ .Values.namespace }} + {{- end }} + labels: + {{- include "cronjob-template.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} +{{- end }} diff --git a/infra/helm/libs/job-template/values.yaml b/infra/helm/libs/job-template/values.yaml new file mode 100644 index 000000000000..4fbfb611fb19 --- /dev/null +++ b/infra/helm/libs/job-template/values.yaml @@ -0,0 +1,33 @@ +global: + env: + name: dev + image: + tag: latest +enabled: false +serviceAccount: + create: true +image: + repository: defaultmissing +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 400m ## Research + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi +podSecurityContext: + {} + # fsGroup: 2000 + +securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: runner From 8f4ba6bf23d59fdbb03d54db81779413dee24fae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B3n=20Levy?= Date: Thu, 14 Nov 2024 14:20:27 +0000 Subject: [PATCH 2/5] fix: add global values to service values files --- infra/src/cli/generate-chart-values.ts | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/infra/src/cli/generate-chart-values.ts b/infra/src/cli/generate-chart-values.ts index 237c2a270615..ed6c3ed6439c 100755 --- a/infra/src/cli/generate-chart-values.ts +++ b/infra/src/cli/generate-chart-values.ts @@ -58,7 +58,6 @@ async function generateChartValues() { for (const [name, envs] of Object.entries(Deployments)) { for (const [envType, envName] of Object.entries(envs)) { console.log(`Processing ${name} ${envName} ${envType}`) - // Get rendered environment values and parse const renderedYaml = await renderEnv(envType as OpsEnv, name as ChartName) const renderedValues = yaml @@ -80,12 +79,12 @@ async function generateChartValues() { const services = Charts[name as ChartName][envType as OpsEnv] for (const service of services) { const serviceName = service.name() + console.log(`Processing ${serviceName} ${envName} ${envType}`) if (renderedValues[serviceName]) { const serviceValues = { - service: { - name: serviceName, - ...renderedValues[serviceName], - }, + global: renderedValues.global, + name: serviceName, + ...renderedValues[serviceName], } writeYamlFile( From 3a94986c597cfc41cc9d389cad06064bf73bce31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B3n=20Levy?= Date: Thu, 14 Nov 2024 14:51:41 +0000 Subject: [PATCH 3/5] fix: update helpers --- .../air-discount-scheme-api/values.dev.yaml | 162 ++--- .../air-discount-scheme-api/values.prod.yaml | 156 +++-- .../values.staging.yaml | 162 ++--- .../values.dev.yaml | 220 ++++--- .../values.prod.yaml | 210 +++--- .../values.staging.yaml | 220 ++++--- .../air-discount-scheme-web/values.dev.yaml | 156 +++-- .../air-discount-scheme-web/values.prod.yaml | 148 +++-- .../values.staging.yaml | 156 +++-- charts/services/api/values.dev.yaml | 622 +++++++++--------- charts/services/api/values.prod.yaml | 620 ++++++++--------- charts/services/api/values.staging.yaml | 614 ++++++++--------- .../values.dev.yaml | 212 +++--- .../values.prod.yaml | 212 +++--- .../values.staging.yaml | 212 +++--- .../application-system-api/values.dev.yaml | 496 +++++++------- .../application-system-api/values.prod.yaml | 496 +++++++------- .../values.staging.yaml | 496 +++++++------- .../application-system-form/values.dev.yaml | 144 ++-- .../application-system-form/values.prod.yaml | 150 +++-- .../values.staging.yaml | 144 ++-- .../services/auth-admin-web/values.dev.yaml | 148 +++-- .../services/auth-admin-web/values.prod.yaml | 144 ++-- .../auth-admin-web/values.staging.yaml | 148 +++-- .../consultation-portal/values.dev.yaml | 144 ++-- .../consultation-portal/values.prod.yaml | 150 +++-- .../consultation-portal/values.staging.yaml | 144 ++-- .../services/contentful-apps/values.dev.yaml | 134 ++-- .../services/contentful-apps/values.prod.yaml | 134 ++-- .../values.dev.yaml | 138 ++-- .../values.prod.yaml | 138 ++-- .../services/download-service/values.dev.yaml | 210 +++--- .../download-service/values.prod.yaml | 208 +++--- .../download-service/values.staging.yaml | 210 +++--- .../endorsement-system-api/values.dev.yaml | 218 +++--- .../endorsement-system-api/values.prod.yaml | 218 +++--- .../values.staging.yaml | 218 +++--- .../external-contracts-tests/values.dev.yaml | 122 ++-- .../github-actions-cache/values.dev.yaml | 150 +++-- .../values.dev.yaml | 176 ++--- .../values.prod.yaml | 176 ++--- .../values.staging.yaml | 176 ++--- .../services/identity-server/values.dev.yaml | 250 +++---- .../services/identity-server/values.prod.yaml | 248 +++---- .../identity-server/values.staging.yaml | 250 +++---- .../island-ui-storybook/values.dev.yaml | 124 ++-- .../island-ui-storybook/values.prod.yaml | 124 ++-- .../island-ui-storybook/values.staging.yaml | 124 ++-- .../judicial-system-api/values.dev.yaml | 180 ++--- .../judicial-system-api/values.prod.yaml | 180 ++--- .../judicial-system-api/values.staging.yaml | 180 ++--- .../judicial-system-backend/values.dev.yaml | 268 ++++---- .../judicial-system-backend/values.prod.yaml | 268 ++++---- .../values.staging.yaml | 270 ++++---- .../values.dev.yaml | 152 +++-- .../values.prod.yaml | 152 +++-- .../values.staging.yaml | 152 +++-- .../values.dev.yaml | 140 ++-- .../values.prod.yaml | 140 ++-- .../values.staging.yaml | 140 ++-- .../judicial-system-robot-api/values.dev.yaml | 148 +++-- .../values.prod.yaml | 148 +++-- .../values.staging.yaml | 148 +++-- .../judicial-system-scheduler/values.dev.yaml | 144 ++-- .../values.prod.yaml | 144 ++-- .../values.staging.yaml | 144 ++-- .../judicial-system-web/values.dev.yaml | 138 ++-- .../judicial-system-web/values.prod.yaml | 138 ++-- .../judicial-system-web/values.staging.yaml | 138 ++-- .../judicial-system-xrd-api/values.dev.yaml | 150 +++-- .../judicial-system-xrd-api/values.prod.yaml | 150 +++-- .../values.staging.yaml | 150 +++-- charts/services/license-api/values.dev.yaml | 198 +++--- charts/services/license-api/values.prod.yaml | 198 +++--- .../services/license-api/values.staging.yaml | 198 +++--- charts/services/portals-admin/values.dev.yaml | 142 ++-- .../services/portals-admin/values.prod.yaml | 148 +++-- .../portals-admin/values.staging.yaml | 142 ++-- .../regulations-admin-backend/values.dev.yaml | 184 +++--- .../values.prod.yaml | 184 +++--- .../values.staging.yaml | 184 +++--- .../search-indexer-service/values.dev.yaml | 250 +++---- .../search-indexer-service/values.prod.yaml | 248 +++---- .../values.staging.yaml | 250 +++---- .../service-portal-api/values.dev.yaml | 248 +++---- .../service-portal-api/values.prod.yaml | 248 +++---- .../service-portal-api/values.staging.yaml | 248 +++---- .../services/service-portal/values.dev.yaml | 150 +++-- .../services/service-portal/values.prod.yaml | 156 +++-- .../service-portal/values.staging.yaml | 150 +++-- .../services-auth-admin-api/values.dev.yaml | 194 +++--- .../services-auth-admin-api/values.prod.yaml | 194 +++--- .../values.staging.yaml | 194 +++--- .../values.dev.yaml | 192 +++--- .../values.prod.yaml | 192 +++--- .../values.staging.yaml | 192 +++--- .../values.dev.yaml | 134 ++-- .../values.prod.yaml | 134 ++-- .../values.staging.yaml | 134 ++-- .../services-auth-ids-api/values.dev.yaml | 262 ++++---- .../services-auth-ids-api/values.prod.yaml | 262 ++++---- .../services-auth-ids-api/values.staging.yaml | 262 ++++---- .../values.dev.yaml | 134 ++-- .../values.prod.yaml | 134 ++-- .../values.staging.yaml | 134 ++-- .../values.dev.yaml | 180 ++--- .../values.prod.yaml | 180 ++--- .../values.staging.yaml | 180 ++--- .../services-auth-public-api/values.dev.yaml | 212 +++--- .../services-auth-public-api/values.prod.yaml | 212 +++--- .../values.staging.yaml | 212 +++--- .../values.dev.yaml | 176 ++--- .../values.prod.yaml | 180 ++--- .../values.staging.yaml | 176 ++--- .../services-documents/values.dev.yaml | 152 +++-- .../services-documents/values.prod.yaml | 152 +++-- .../services-documents/values.staging.yaml | 152 +++-- .../services-sessions-cleanup/values.dev.yaml | 132 ++-- .../values.prod.yaml | 132 ++-- .../values.staging.yaml | 132 ++-- .../services-sessions-worker/values.dev.yaml | 184 +++--- .../services-sessions-worker/values.prod.yaml | 184 +++--- .../values.staging.yaml | 184 +++--- .../services-sessions/values.dev.yaml | 144 ++-- .../services-sessions/values.prod.yaml | 144 ++-- .../services-sessions/values.staging.yaml | 144 ++-- .../values.dev.yaml | 180 ++--- .../values.prod.yaml | 180 ++--- .../values.staging.yaml | 180 ++--- .../values.dev.yaml | 250 +++---- .../values.prod.yaml | 250 +++---- .../values.staging.yaml | 250 +++---- .../services/skilavottord-web/values.dev.yaml | 144 ++-- .../skilavottord-web/values.prod.yaml | 150 +++-- .../skilavottord-web/values.staging.yaml | 144 ++-- .../services/skilavottord-ws/values.dev.yaml | 188 +++--- .../services/skilavottord-ws/values.prod.yaml | 194 +++--- .../skilavottord-ws/values.staging.yaml | 188 +++--- .../values.dev.yaml | 180 ++--- .../values.prod.yaml | 180 ++--- .../values.staging.yaml | 180 ++--- .../user-notification-worker/values.dev.yaml | 234 +++---- .../user-notification-worker/values.prod.yaml | 234 +++---- .../values.staging.yaml | 234 +++---- .../user-notification/values.dev.yaml | 216 +++--- .../user-notification/values.prod.yaml | 216 +++--- .../user-notification/values.staging.yaml | 216 +++--- charts/services/web/values.dev.yaml | 152 +++-- charts/services/web/values.prod.yaml | 158 ++--- charts/services/web/values.staging.yaml | 154 +++-- .../services/xroad-collector/values.dev.yaml | 144 ++-- .../services/xroad-collector/values.prod.yaml | 144 ++-- .../xroad-collector/values.staging.yaml | 144 ++-- .../helm/libs/api-template/values.global.yaml | 3 + .../cronjob-template/templates/_helpers.tpl | 32 +- .../libs/cronjob-template/values.global.yaml | 3 + .../libs/job-template/templates/_helpers.tpl | 30 +- .../helm/libs/job-template/values.global.yaml | 3 + 158 files changed, 15557 insertions(+), 14010 deletions(-) create mode 100644 infra/helm/libs/api-template/values.global.yaml create mode 100644 infra/helm/libs/cronjob-template/values.global.yaml create mode 100644 infra/helm/libs/job-template/values.global.yaml diff --git a/charts/services/air-discount-scheme-api/values.dev.yaml b/charts/services/air-discount-scheme-api/values.dev.yaml index 2abd0492814c..899274367f69 100644 --- a/charts/services/air-discount-scheme-api/values.dev.yaml +++ b/charts/services/air-discount-scheme-api/values.dev.yaml @@ -5,81 +5,91 @@ # ##################################################################### -service: - name: 'air-discount-scheme-api' - enabled: true +global: env: - AUTH_AUDIENCE: 'loftbru.dev01.devland.is' - BACKEND_URL: 'http://web-air-discount-scheme-backend' - CONTENTFUL_HOST: 'preview.contentful.com' - ELASTIC_NODE: 'https://vpc-search-njkekqydiegezhr4vqpkfnw5la.eu-west-1.es.amazonaws.com' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 20 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'loftbru.dev01.devland.is' - paths: - - '/api/graphql' - - host: 'loftbru-cf.dev01.devland.is' - paths: - - '/api/graphql' - namespace: 'air-discount-scheme' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '50m' - memory: '256Mi' - secrets: - ADMINS: '/k8s/air-discount-scheme/api/ADMINS' - AUTH_JWT_SECRET: '/k8s/air-discount-scheme/api/AUTH_JWT_SECRET' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/air-discount-scheme/api/CONTENTFUL_ACCESS_TOKEN' - DEVELOPERS: '/k8s/air-discount-scheme/api/DEVELOPERS' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'air-discount-scheme-api' +enabled: true +env: + AUTH_AUDIENCE: 'loftbru.dev01.devland.is' + BACKEND_URL: 'http://web-air-discount-scheme-backend' + CONTENTFUL_HOST: 'preview.contentful.com' + ELASTIC_NODE: 'https://vpc-search-njkekqydiegezhr4vqpkfnw5la.eu-west-1.es.amazonaws.com' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 20 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/air-discount-scheme-api' - create: true - name: 'air-discount-scheme-api' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'loftbru.dev01.devland.is' + paths: + - '/api/graphql' + - host: 'loftbru-cf.dev01.devland.is' + paths: + - '/api/graphql' +namespace: 'air-discount-scheme' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + ADMINS: '/k8s/air-discount-scheme/api/ADMINS' + AUTH_JWT_SECRET: '/k8s/air-discount-scheme/api/AUTH_JWT_SECRET' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/air-discount-scheme/api/CONTENTFUL_ACCESS_TOKEN' + DEVELOPERS: '/k8s/air-discount-scheme/api/DEVELOPERS' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/air-discount-scheme-api' + create: true + name: 'air-discount-scheme-api' diff --git a/charts/services/air-discount-scheme-api/values.prod.yaml b/charts/services/air-discount-scheme-api/values.prod.yaml index b817389c689e..1557cd1d2b25 100644 --- a/charts/services/air-discount-scheme-api/values.prod.yaml +++ b/charts/services/air-discount-scheme-api/values.prod.yaml @@ -5,78 +5,88 @@ # ##################################################################### -service: - name: 'air-discount-scheme-api' - enabled: true +global: env: - AUTH_AUDIENCE: 'loftbru.island.is' - BACKEND_URL: 'http://web-air-discount-scheme-backend' - CONTENTFUL_HOST: 'cdn.contentful.com' - ELASTIC_NODE: 'https://vpc-search-mw4w5c2m2g5edjrtvwbpzhkw24.eu-west-1.es.amazonaws.com' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-external' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 20 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'loftbru.island.is' - paths: - - '/api/graphql' - namespace: 'air-discount-scheme' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '50m' - memory: '256Mi' - secrets: - ADMINS: '/k8s/air-discount-scheme/api/ADMINS' - AUTH_JWT_SECRET: '/k8s/air-discount-scheme/api/AUTH_JWT_SECRET' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/air-discount-scheme/api/CONTENTFUL_ACCESS_TOKEN' - DEVELOPERS: '/k8s/air-discount-scheme/api/DEVELOPERS' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'air-discount-scheme-api' +enabled: true +env: + AUTH_AUDIENCE: 'loftbru.island.is' + BACKEND_URL: 'http://web-air-discount-scheme-backend' + CONTENTFUL_HOST: 'cdn.contentful.com' + ELASTIC_NODE: 'https://vpc-search-mw4w5c2m2g5edjrtvwbpzhkw24.eu-west-1.es.amazonaws.com' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-external' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 20 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/air-discount-scheme-api' - create: true - name: 'air-discount-scheme-api' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'loftbru.island.is' + paths: + - '/api/graphql' +namespace: 'air-discount-scheme' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + ADMINS: '/k8s/air-discount-scheme/api/ADMINS' + AUTH_JWT_SECRET: '/k8s/air-discount-scheme/api/AUTH_JWT_SECRET' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/air-discount-scheme/api/CONTENTFUL_ACCESS_TOKEN' + DEVELOPERS: '/k8s/air-discount-scheme/api/DEVELOPERS' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/air-discount-scheme-api' + create: true + name: 'air-discount-scheme-api' diff --git a/charts/services/air-discount-scheme-api/values.staging.yaml b/charts/services/air-discount-scheme-api/values.staging.yaml index 0b7c0438900e..03dae66f38f1 100644 --- a/charts/services/air-discount-scheme-api/values.staging.yaml +++ b/charts/services/air-discount-scheme-api/values.staging.yaml @@ -5,81 +5,91 @@ # ##################################################################### -service: - name: 'air-discount-scheme-api' - enabled: true +global: env: - AUTH_AUDIENCE: 'loftbru.staging01.devland.is' - BACKEND_URL: 'http://web-air-discount-scheme-backend' - CONTENTFUL_HOST: 'cdn.contentful.com' - ELASTIC_NODE: 'https://vpc-search-q6hdtjcdlhkffyxvrnmzfwphuq.eu-west-1.es.amazonaws.com' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 20 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'loftbru.staging01.devland.is' - paths: - - '/api/graphql' - - host: 'loftbru-cf.staging01.devland.is' - paths: - - '/api/graphql' - namespace: 'air-discount-scheme' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '50m' - memory: '256Mi' - secrets: - ADMINS: '/k8s/air-discount-scheme/api/ADMINS' - AUTH_JWT_SECRET: '/k8s/air-discount-scheme/api/AUTH_JWT_SECRET' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/air-discount-scheme/api/CONTENTFUL_ACCESS_TOKEN' - DEVELOPERS: '/k8s/air-discount-scheme/api/DEVELOPERS' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'air-discount-scheme-api' +enabled: true +env: + AUTH_AUDIENCE: 'loftbru.staging01.devland.is' + BACKEND_URL: 'http://web-air-discount-scheme-backend' + CONTENTFUL_HOST: 'cdn.contentful.com' + ELASTIC_NODE: 'https://vpc-search-q6hdtjcdlhkffyxvrnmzfwphuq.eu-west-1.es.amazonaws.com' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 20 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/air-discount-scheme-api' - create: true - name: 'air-discount-scheme-api' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'loftbru.staging01.devland.is' + paths: + - '/api/graphql' + - host: 'loftbru-cf.staging01.devland.is' + paths: + - '/api/graphql' +namespace: 'air-discount-scheme' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + ADMINS: '/k8s/air-discount-scheme/api/ADMINS' + AUTH_JWT_SECRET: '/k8s/air-discount-scheme/api/AUTH_JWT_SECRET' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/air-discount-scheme/api/CONTENTFUL_ACCESS_TOKEN' + DEVELOPERS: '/k8s/air-discount-scheme/api/DEVELOPERS' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/air-discount-scheme-api' + create: true + name: 'air-discount-scheme-api' diff --git a/charts/services/air-discount-scheme-backend/values.dev.yaml b/charts/services/air-discount-scheme-backend/values.dev.yaml index a7bf4efcb972..7ef002972cb3 100644 --- a/charts/services/air-discount-scheme-backend/values.dev.yaml +++ b/charts/services/air-discount-scheme-backend/values.dev.yaml @@ -5,116 +5,126 @@ # ##################################################################### -service: - name: 'air-discount-scheme-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'air-discount-scheme-backend' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'air_discount_scheme_backend' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'air_discount_scheme_backend' + ENVIRONMENT: 'dev' + IDENTITY_SERVER_CLIENT_ID: '@vegagerdin.is/clients/air-discount-scheme' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: 'clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '10001' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' +grantNamespaces: + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 20 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-backend' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'loftbru.dev01.devland.is' + paths: + - '/api/swagger' + - '/api/public' + - host: 'loftbru-cf.dev01.devland.is' + paths: + - '/api/swagger' + - '/api/public' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'air_discount_scheme_backend' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'air_discount_scheme_backend' - ENVIRONMENT: 'dev' - IDENTITY_SERVER_CLIENT_ID: '@vegagerdin.is/clients/air-discount-scheme' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: 'clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379' SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '10001' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - grantNamespaces: - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 20 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-backend' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'loftbru.dev01.devland.is' - paths: - - '/api/swagger' - - '/api/public' - - host: 'loftbru-cf.dev01.devland.is' - paths: - - '/api/swagger' - - '/api/public' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'air_discount_scheme_backend' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'air_discount_scheme_backend' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/air-discount-scheme-backend/DB_PASSWORD' - namespace: 'air-discount-scheme' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '50m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/air-discount-scheme-backend/DB_PASSWORD' - ERNIR_API_KEY: '/k8s/air-discount-scheme/backend/ERNIR_API_KEY' - ICELANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/ICELANDAIR_API_KEY' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/air-discount-scheme-backend/VEGAGERDIN_IDS_CLIENTS_ADS_SECRET' - MYFLUG_API_KEY: '/k8s/air-discount-scheme/backend/MYFLUG_API_KEY' - NATIONAL_REGISTRY_PASSWORD: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_PASSWORD' - NATIONAL_REGISTRY_URL: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_URL' - NATIONAL_REGISTRY_USERNAME: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_USERNAME' - NORLANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/NORLANDAIR_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'air-discount-scheme' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/air-discount-scheme-backend/DB_PASSWORD' + ERNIR_API_KEY: '/k8s/air-discount-scheme/backend/ERNIR_API_KEY' + ICELANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/ICELANDAIR_API_KEY' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/air-discount-scheme-backend/VEGAGERDIN_IDS_CLIENTS_ADS_SECRET' + MYFLUG_API_KEY: '/k8s/air-discount-scheme/backend/MYFLUG_API_KEY' + NATIONAL_REGISTRY_PASSWORD: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_PASSWORD' + NATIONAL_REGISTRY_URL: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_URL' + NATIONAL_REGISTRY_USERNAME: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_USERNAME' + NORLANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/NORLANDAIR_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/air-discount-scheme-backend/values.prod.yaml b/charts/services/air-discount-scheme-backend/values.prod.yaml index 61bcabd949a8..b768eac9f0fb 100644 --- a/charts/services/air-discount-scheme-backend/values.prod.yaml +++ b/charts/services/air-discount-scheme-backend/values.prod.yaml @@ -5,111 +5,121 @@ # ##################################################################### -service: - name: 'air-discount-scheme-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'air-discount-scheme-backend' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'air_discount_scheme_backend' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'air_discount_scheme_backend' + ENVIRONMENT: 'prod' + IDENTITY_SERVER_CLIENT_ID: '@vegagerdin.is/clients/air-discount-scheme' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: 'clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' +grantNamespaces: + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 20 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-backend' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'loftbru.island.is' + paths: + - '/api/swagger' + - '/api/public' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'air_discount_scheme_backend' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'air_discount_scheme_backend' - ENVIRONMENT: 'prod' - IDENTITY_SERVER_CLIENT_ID: '@vegagerdin.is/clients/air-discount-scheme' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: 'clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - grantNamespaces: - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 20 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-backend' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'loftbru.island.is' - paths: - - '/api/swagger' - - '/api/public' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'air_discount_scheme_backend' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'air_discount_scheme_backend' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/air-discount-scheme-backend/DB_PASSWORD' - namespace: 'air-discount-scheme' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '50m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/air-discount-scheme-backend/DB_PASSWORD' - ERNIR_API_KEY: '/k8s/air-discount-scheme/backend/ERNIR_API_KEY' - ICELANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/ICELANDAIR_API_KEY' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/air-discount-scheme-backend/VEGAGERDIN_IDS_CLIENTS_ADS_SECRET' - MYFLUG_API_KEY: '/k8s/air-discount-scheme/backend/MYFLUG_API_KEY' - NATIONAL_REGISTRY_PASSWORD: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_PASSWORD' - NATIONAL_REGISTRY_URL: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_URL' - NATIONAL_REGISTRY_USERNAME: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_USERNAME' - NORLANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/NORLANDAIR_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'air-discount-scheme' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/air-discount-scheme-backend/DB_PASSWORD' + ERNIR_API_KEY: '/k8s/air-discount-scheme/backend/ERNIR_API_KEY' + ICELANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/ICELANDAIR_API_KEY' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/air-discount-scheme-backend/VEGAGERDIN_IDS_CLIENTS_ADS_SECRET' + MYFLUG_API_KEY: '/k8s/air-discount-scheme/backend/MYFLUG_API_KEY' + NATIONAL_REGISTRY_PASSWORD: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_PASSWORD' + NATIONAL_REGISTRY_URL: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_URL' + NATIONAL_REGISTRY_USERNAME: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_USERNAME' + NORLANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/NORLANDAIR_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/air-discount-scheme-backend/values.staging.yaml b/charts/services/air-discount-scheme-backend/values.staging.yaml index 315f3705dbdd..2e45fbac3401 100644 --- a/charts/services/air-discount-scheme-backend/values.staging.yaml +++ b/charts/services/air-discount-scheme-backend/values.staging.yaml @@ -5,116 +5,126 @@ # ##################################################################### -service: - name: 'air-discount-scheme-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'air-discount-scheme-backend' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'air_discount_scheme_backend' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'air_discount_scheme_backend' + ENVIRONMENT: 'staging' + IDENTITY_SERVER_CLIENT_ID: '@vegagerdin.is/clients/air-discount-scheme' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: 'clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' +grantNamespaces: + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 20 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-backend' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'loftbru.staging01.devland.is' + paths: + - '/api/swagger' + - '/api/public' + - host: 'loftbru-cf.staging01.devland.is' + paths: + - '/api/swagger' + - '/api/public' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'air_discount_scheme_backend' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'air_discount_scheme_backend' - ENVIRONMENT: 'staging' - IDENTITY_SERVER_CLIENT_ID: '@vegagerdin.is/clients/air-discount-scheme' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: 'clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379' SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - grantNamespaces: - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 20 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-backend' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'loftbru.staging01.devland.is' - paths: - - '/api/swagger' - - '/api/public' - - host: 'loftbru-cf.staging01.devland.is' - paths: - - '/api/swagger' - - '/api/public' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'air_discount_scheme_backend' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'air_discount_scheme_backend' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/air-discount-scheme-backend/DB_PASSWORD' - namespace: 'air-discount-scheme' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '50m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/air-discount-scheme-backend/DB_PASSWORD' - ERNIR_API_KEY: '/k8s/air-discount-scheme/backend/ERNIR_API_KEY' - ICELANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/ICELANDAIR_API_KEY' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/air-discount-scheme-backend/VEGAGERDIN_IDS_CLIENTS_ADS_SECRET' - MYFLUG_API_KEY: '/k8s/air-discount-scheme/backend/MYFLUG_API_KEY' - NATIONAL_REGISTRY_PASSWORD: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_PASSWORD' - NATIONAL_REGISTRY_URL: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_URL' - NATIONAL_REGISTRY_USERNAME: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_USERNAME' - NORLANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/NORLANDAIR_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'air-discount-scheme' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/air-discount-scheme-backend/DB_PASSWORD' + ERNIR_API_KEY: '/k8s/air-discount-scheme/backend/ERNIR_API_KEY' + ICELANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/ICELANDAIR_API_KEY' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/air-discount-scheme-backend/VEGAGERDIN_IDS_CLIENTS_ADS_SECRET' + MYFLUG_API_KEY: '/k8s/air-discount-scheme/backend/MYFLUG_API_KEY' + NATIONAL_REGISTRY_PASSWORD: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_PASSWORD' + NATIONAL_REGISTRY_URL: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_URL' + NATIONAL_REGISTRY_USERNAME: '/k8s/air-discount-scheme/backend/NATIONAL_REGISTRY_USERNAME' + NORLANDAIR_API_KEY: '/k8s/air-discount-scheme/backend/NORLANDAIR_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/air-discount-scheme-web/values.dev.yaml b/charts/services/air-discount-scheme-web/values.dev.yaml index ee6cb2ca81e9..6a5806125909 100644 --- a/charts/services/air-discount-scheme-web/values.dev.yaml +++ b/charts/services/air-discount-scheme-web/values.dev.yaml @@ -5,77 +5,87 @@ # ##################################################################### -service: - name: 'air-discount-scheme-web' - enabled: true +global: env: - API_URL: 'http://web-air-discount-scheme-api' - ENVIRONMENT: 'dev' - IDENTITY_SERVER_ISSUER_DOMAIN: 'identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NEXTAUTH_URL: 'https://loftbru.dev01.devland.is' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 20 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/configuration-snippet: 'rewrite /$ https://beta.dev01.devland.is/loftbru; rewrite /en$ https://beta.dev01.devland.is/en/lower-airfares-for-residents-in-rural-areas;' - nginx.ingress.kubernetes.io/proxy-buffer-size: '16k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/proxy-buffers-number: '4' - nginx.ingress.kubernetes.io/server-snippet: 'client_header_buffer_size 16k; large_client_header_buffers 4 16k;' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'loftbru.dev01.devland.is' - paths: - - '/' - - host: 'loftbru-cf.dev01.devland.is' - paths: - - '/' - namespace: 'air-discount-scheme' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - IDENTITY_SERVER_SECRET: '/k8s/air-discount-scheme/web/IDENTITY_SERVER_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'air-discount-scheme-web' +enabled: true +env: + API_URL: 'http://web-air-discount-scheme-api' + ENVIRONMENT: 'dev' + IDENTITY_SERVER_ISSUER_DOMAIN: 'identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NEXTAUTH_URL: 'https://loftbru.dev01.devland.is' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 20 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/configuration-snippet: 'rewrite /$ https://beta.dev01.devland.is/loftbru; rewrite /en$ https://beta.dev01.devland.is/en/lower-airfares-for-residents-in-rural-areas;' + nginx.ingress.kubernetes.io/proxy-buffer-size: '16k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/proxy-buffers-number: '4' + nginx.ingress.kubernetes.io/server-snippet: 'client_header_buffer_size 16k; large_client_header_buffers 4 16k;' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'loftbru.dev01.devland.is' + paths: + - '/' + - host: 'loftbru-cf.dev01.devland.is' + paths: + - '/' +namespace: 'air-discount-scheme' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' + IDENTITY_SERVER_SECRET: '/k8s/air-discount-scheme/web/IDENTITY_SERVER_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/air-discount-scheme-web/values.prod.yaml b/charts/services/air-discount-scheme-web/values.prod.yaml index ba913e97c085..7bde4829dbd8 100644 --- a/charts/services/air-discount-scheme-web/values.prod.yaml +++ b/charts/services/air-discount-scheme-web/values.prod.yaml @@ -5,73 +5,83 @@ # ##################################################################### -service: - name: 'air-discount-scheme-web' - enabled: true +global: env: - API_URL: 'http://web-air-discount-scheme-api' - ENVIRONMENT: 'prod' - IDENTITY_SERVER_ISSUER_DOMAIN: 'innskra.island.is' - LOG_LEVEL: 'info' - NEXTAUTH_URL: 'https://loftbru.island.is' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-external' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 20 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/configuration-snippet: 'rewrite /$ https://island.is/loftbru; rewrite /en$ https://island.is/en/lower-airfares-for-residents-in-rural-areas;' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'loftbru.island.is' - paths: - - '/' - namespace: 'air-discount-scheme' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - IDENTITY_SERVER_SECRET: '/k8s/air-discount-scheme/web/IDENTITY_SERVER_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'air-discount-scheme-web' +enabled: true +env: + API_URL: 'http://web-air-discount-scheme-api' + ENVIRONMENT: 'prod' + IDENTITY_SERVER_ISSUER_DOMAIN: 'innskra.island.is' + LOG_LEVEL: 'info' + NEXTAUTH_URL: 'https://loftbru.island.is' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-external' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 20 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/configuration-snippet: 'rewrite /$ https://island.is/loftbru; rewrite /en$ https://island.is/en/lower-airfares-for-residents-in-rural-areas;' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'loftbru.island.is' + paths: + - '/' +namespace: 'air-discount-scheme' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' + IDENTITY_SERVER_SECRET: '/k8s/air-discount-scheme/web/IDENTITY_SERVER_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/air-discount-scheme-web/values.staging.yaml b/charts/services/air-discount-scheme-web/values.staging.yaml index 4fefae269e5c..d160667b9dd5 100644 --- a/charts/services/air-discount-scheme-web/values.staging.yaml +++ b/charts/services/air-discount-scheme-web/values.staging.yaml @@ -5,77 +5,87 @@ # ##################################################################### -service: - name: 'air-discount-scheme-web' - enabled: true +global: env: - API_URL: 'http://web-air-discount-scheme-api' - ENVIRONMENT: 'staging' - IDENTITY_SERVER_ISSUER_DOMAIN: 'identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NEXTAUTH_URL: 'https://loftbru.staging01.devland.is' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 20 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/configuration-snippet: 'rewrite /$ https://beta.staging01.devland.is/loftbru; rewrite /en$ https://beta.staging01.devland.is/en/lower-airfares-for-residents-in-rural-areas;' - nginx.ingress.kubernetes.io/proxy-buffer-size: '16k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/proxy-buffers-number: '4' - nginx.ingress.kubernetes.io/server-snippet: 'client_header_buffer_size 16k; large_client_header_buffers 4 16k;' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'loftbru.staging01.devland.is' - paths: - - '/' - - host: 'loftbru-cf.staging01.devland.is' - paths: - - '/' - namespace: 'air-discount-scheme' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - IDENTITY_SERVER_SECRET: '/k8s/air-discount-scheme/web/IDENTITY_SERVER_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'air-discount-scheme-web' +enabled: true +env: + API_URL: 'http://web-air-discount-scheme-api' + ENVIRONMENT: 'staging' + IDENTITY_SERVER_ISSUER_DOMAIN: 'identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NEXTAUTH_URL: 'https://loftbru.staging01.devland.is' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 20 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/air-discount-scheme-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/configuration-snippet: 'rewrite /$ https://beta.staging01.devland.is/loftbru; rewrite /en$ https://beta.staging01.devland.is/en/lower-airfares-for-residents-in-rural-areas;' + nginx.ingress.kubernetes.io/proxy-buffer-size: '16k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/proxy-buffers-number: '4' + nginx.ingress.kubernetes.io/server-snippet: 'client_header_buffer_size 16k; large_client_header_buffers 4 16k;' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'loftbru.staging01.devland.is' + paths: + - '/' + - host: 'loftbru-cf.staging01.devland.is' + paths: + - '/' +namespace: 'air-discount-scheme' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' + IDENTITY_SERVER_SECRET: '/k8s/air-discount-scheme/web/IDENTITY_SERVER_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/api/values.dev.yaml b/charts/services/api/values.dev.yaml index 1e67aef791ee..76a8184fd6f2 100644 --- a/charts/services/api/values.dev.yaml +++ b/charts/services/api/values.dev.yaml @@ -5,311 +5,321 @@ # ##################################################################### -service: - name: 'api' - args: - - '--tls-min-v1.0' - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - AIR_DISCOUNT_SCHEME_BACKEND_URL: 'http://web-air-discount-scheme-backend.air-discount-scheme.svc.cluster.local' - AIR_DISCOUNT_SCHEME_CLIENT_TIMEOUT: '20000' - AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.dev01.devland.is' - APOLLO_CACHE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - APPLICATION_SYSTEM_API_URL: 'http://web-application-system-api.application-system.svc.cluster.local' - AUTH_ADMIN_API_PATH: 'https://identity-server.dev01.devland.is/backend' - AUTH_ADMIN_API_PATHS: '{"development":"https://identity-server.dev01.devland.is/backend"}' - AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' - AUTH_IDS_API_URL: 'https://identity-server.dev01.devland.is' - AUTH_PUBLIC_API_URL: 'https://identity-server.dev01.devland.is/api' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' - CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi-test.devland.is' - CONTACT_US_EMAIL: 's@kogk.is' - CONTENTFUL_HOST: 'preview.contentful.com' - DOWNLOAD_SERVICE_BASE_PATH: 'https://api.dev01.devland.is' - ELASTIC_NODE: 'https://vpc-search-njkekqydiegezhr4vqpkfnw5la.eu-west-1.es.amazonaws.com' - ELECTRONIC_REGISTRATION_STATISTICS_API_URL: 'https://api-staging.thinglysing.is/business/tolfraedi' - ENDORSEMENT_SYSTEM_BASE_API_URL: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' - FILE_DOWNLOAD_BUCKET: 'island-is-dev-download-cache-api' - FILE_STORAGE_UPLOAD_BUCKET: 'island-is-dev-upload-api' - FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://dev-re.crm4.dynamics.com/api/data/v9.1' - FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' - FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://dev-re.crm4.dynamics.com/.default' - FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' - FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10012/Fiskistofa-Protected/veidileyfi-v1' - FISKISTOFA_ZENTER_CLIENT_ID: '1114' - FORM_SYSTEM_API_BASE_PATH: 'https://profun.island.is/umsoknarkerfi' - HSN_WEB_FORM_ID: '1dimJFHLFYtnhoYEA3JxRK' - HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b' - ICELANDIC_NAMES_REGISTRY_BACKEND_URL: 'http://web-icelandic-names-registry-backend.icelandic-names-registry.svc.cluster.local' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - ISLYKILL_CERT: '/etc/config/islyklar.p12' - LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - LOG_LEVEL: 'info' - MUNICIPALITIES_FINANCIAL_AID_BACKEND_URL: 'http://web-financial-aid-backend' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=2880 -r dd-trace/init' - REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' - SEND_FROM_EMAIL: 'development@island.is' - SERVERSIDE_FEATURES_ON: '' - SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' - SESSIONS_API_URL: 'http://web-services-sessions.services-sessions.svc.cluster.local' - SYSLUMENN_TIMEOUT: '40000' - TELL_US_A_STORY_EMAIL: 's@kogk.is' - UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' - USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - WATSON_ASSISTANT_CHAT_FEEDBACK_DB_NAME: 'island-is-assistant-feedback' - XROAD_ADR_MACHINE_LICENSE_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/rettindi-token-v1' - XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10056/LBHI-Protected/brautskraning-v1' - XROAD_AIRCRAFT_REGISTRY_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Loftfaraskra-V1' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_BIFROST_UNIVERSITY_PATH: 'IS-DEV/EDU/10057/Bifrost-Protected/brautskraning-v1' - XROAD_CHARGE_FJS_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/chargeFJS_v2' - XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS-DEV/GOV/10019/Domstolasyslan/JusticePortal-v1' - XROAD_CRIMINAL_RECORD_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Sakavottord-PDF-v2' - XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Okuritar-V1' - XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS-DEV/GOV/10011/UTL-Protected/Utl-Umsokn-v1' - XROAD_DISABILITY_LICENSE_PATH: 'IS-DEV/GOV/10008/TR-Protected/oryrki-v1' - XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS-DEV/GOV/10016/Syslumenn-Protected/RettindiIslandis' - XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS-DEV/GOV/10016/Syslumenn-Protected/IslandMinarSidur' - XROAD_DRIVING_LICENSE_BOOK_TIMEOUT: '20000' - XROAD_DRIVING_LICENSE_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v1' - XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v2' - XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v4' - XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v5' - XROAD_ENERGY_FUNDS_PATH: 'IS-DEV/GOV/10021/FJS-Public/ElectricCarSubSidyService_v1' - XROAD_FINANCES_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeIsland' - XROAD_FINANCES_TIMEOUT: '20000' - XROAD_FINANCES_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeServicesFJS_v2' - XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS-DEV/MUN/10023/samband-sveitarfelaga/financial-aid-backend' - XROAD_FIREARM_LICENSE_PATH: 'IS-DEV/GOV/10005/Logreglan-Protected/island-api-v1' - XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/organ-donation-v1' - XROAD_HEALTH_DIRECTORATE_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/landlaeknir' - XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/vaccination-v1' - XROAD_HEALTH_INSURANCE_ID: 'IS-DEV/GOV/10007/SJUKRA-Protected' - XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-DEV/GOV/10007/SJUKRA-Protected/minarsidur' - XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' - XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/husbot-v1' - XROAD_HMS_LOANS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/libra-v1' - XROAD_HOLAR_UNIVERSITY_PATH: 'IS-DEV/EDU/10055/Holar-Protected/brautskraning-v1' - XROAD_HOUSING_BENEFIT_CALCULATOR_PATH: 'IS-DEV/GOV/10033/HMS-Protected/calc-v1' - XROAD_HUNTING_LICENSE_PATH: 'IS-DEV/GOV/10009/Umhverfisstofnun-Protected/api' - XROAD_ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PATH: 'IS-DEV/GOV/10021/FJS-Protected/recruitment-v1' - XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-DEV/EDU/10049/LHI-Protected/brautskraning-v1' - XROAD_INNA_PATH: 'IS-DEV/GOV/10066/MMS-Protected/inna-v1' - XROAD_INTELLECTUAL_PROPERTIES_PATH: 'IS-DEV/GOV/10030/WebAPI-Public/HUG-webAPI' - XROAD_JUDICIAL_SYSTEM_SP_PATH: 'IS-DEV/GOV/10014/Rettarvorslugatt-Private/judicial-system-mailbox-api' - XROAD_MMS_FRIGG_PATH: 'IS-DEV/GOV/10066/MMS-Protected/frigg-form-service' - XROAD_MMS_GRADE_SERVICE_ID: 'IS-DEV/GOV/10066/MMS-Protected/grade-api-v1' - XROAD_MMS_LICENSE_SERVICE_ID: 'IS-DEV/GOV/10066/MMS-Protected/license-api-v1' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' - XROAD_NATIONAL_REGISTRY_TIMEOUT: '20000' - XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS-DEV/GOV/10014/DMR-Protected/official-journal-application' - XROAD_OFFICIAL_JOURNAL_PATH: 'IS-DEV/GOV/10014/DMR-Protected/official-journal' - XROAD_PASSPORT_LICENSE_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Forskraning-V1' - XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' - XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS-DEV/GOV/10000/island-is/application-callback-v2/application-payment/' - XROAD_PAYMENT_PROVIDER_ID: 'IS-DEV/GOV/10021/FJS-Public' - XROAD_PAYMENT_SCHEDULE_PATH: 'IS-DEV/GOV/10021/FJS-Public/paymentSchedule_v1' - XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS-DEV/GOV/10033/HMS-Protected/Fasteignir-v1' - XROAD_PROPERTIES_TIMEOUT: '35000' - XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_RSK_PROCURING_SCOPE: '["@rsk.is/prokura","@rsk.is/prokura:admin"]' - XROAD_SHIP_REGISTRY_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/skipaskra-V1' - XROAD_SIGNATURE_COLLECTION_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Medmaeli-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '10001' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_TR_PATH: 'IS-DEV/GOV/10008/TR-Protected/external-v1' - XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-DEV/EDU/10054/UNAK-Protected/brautskraning-v1' - XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10010/HI-Protected/brautskraning-v1' - XROAD_VEHICLES_MILEAGE_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Mileagereading-V1' - XROAD_VEHICLES_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Mitt-Svaedi-V1' - XROAD_VEHICLE_CODETABLES_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Codetables-V1' - XROAD_VEHICLE_INFOLOCKS_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Infolocks-V1' - XROAD_VEHICLE_OPERATORS_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Operators-V3' - XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Ownerchange-V2' - XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' - XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' - XROAD_VEHICLE_PRINTING_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Printing-V1' - XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS-DEV/GOV/10021/FJS-Public/VehicleServiceFJS_v1' - XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' - XROAD_VMST_MEMBER_CODE: '10003' - XROAD_WORK_ACCIDENT_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/slysaskraning-token' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/vinnuvelar-token' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'stjanilofts' - files: - - 'islyklar.p12' - grantNamespaces: - - 'nginx-ingress-external' - - 'api-catalogue' - - 'application-system' - - 'consultation-portal' - - 'portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 50 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.dev01.devland.is' - paths: - - '/api' - - host: 'api-catalogue.dev01.devland.is' - paths: - - '/api' - namespace: 'islandis' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 50 - min: 2 - resources: - limits: - cpu: '1200m' - memory: '3200Mi' - requests: - cpu: '400m' - memory: '896Mi' - secrets: - ADR_LICENSE_FETCH_TIMEOUT: '/k8s/api/ADR_LICENSE_FETCH_TIMEOUT' - ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' - APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' - CHART_STATISTIC_CACHE_TTL: '/k8s/api/CHART_STATISTIC_CACHE_TTL' - CHART_STATISTIC_SOURCE_DATA_PATHS: '/k8s/api/CHART_STATISTIC_SOURCE_DATA_PATHS' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' - DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY' - DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY' - DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY' - DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' - DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' - DOCUMENT_PROVIDER_BASE_PATH: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH' - DOCUMENT_PROVIDER_BASE_PATH_TEST: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH_TEST' - DOCUMENT_PROVIDER_CLIENTID: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID' - DOCUMENT_PROVIDER_CLIENTID_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID_TEST' - DOCUMENT_PROVIDER_CLIENT_SECRET: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET' - DOCUMENT_PROVIDER_CLIENT_SECRET_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET_TEST' - DOCUMENT_PROVIDER_TOKEN_URL: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL' - DOCUMENT_PROVIDER_TOKEN_URL_TEST: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL_TEST' - DOMSYSLA_PASSWORD: '/k8s/api/DOMSYSLA_PASSWORD' - DOMSYSLA_USERNAME: '/k8s/api/DOMSYSLA_USERNAME' - DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/api/DRIVING_LICENSE_BOOK_PASSWORD' - DRIVING_LICENSE_BOOK_USERNAME: '/k8s/api/DRIVING_LICENSE_BOOK_USERNAME' - DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/api/DRIVING_LICENSE_BOOK_XROAD_PATH' - DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' - DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' - FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' - FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' - FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' - FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL' - FISKISTOFA_API_URL: '/k8s/api/FISKISTOFA_API_URL' - FISKISTOFA_POWERBI_CLIENT_ID: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_ID' - FISKISTOFA_POWERBI_CLIENT_SECRET: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_SECRET' - FISKISTOFA_POWERBI_TENANT_ID: '/k8s/api/FISKISTOFA_POWERBI_TENANT_ID' - FISKISTOFA_ZENTER_CLIENT_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_CLIENT_PASSWORD' - FISKISTOFA_ZENTER_EMAIL: '/k8s/api/FISKISTOFA_ZENTER_EMAIL' - FISKISTOFA_ZENTER_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_PASSWORD' - HOUSING_BENEFIT_CALCULATOR_PASSWORD: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_PASSWORD' - HOUSING_BENEFIT_CALCULATOR_USERNAME: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_USERNAME' - HSN_WEB_FORM_RESPONSE_SECRET: '/k8s/api/HSN_WEB_FORM_RESPONSE_SECRET' - HSN_WEB_FORM_RESPONSE_URL: '/k8s/api/HSN_WEB_FORM_RESPONSE_URL' - ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD' - ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/api/IDENTITY_SERVER_CLIENT_SECRET' - INTELLECTUAL_PROPERTY_API_KEY: '/k8s/api/IP_API_KEY' - ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' - ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' - LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' - MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' - PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' - PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' - PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' - PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' - PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' - POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' - POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' - POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' - POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' - REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' - REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' - REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' - REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' - RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' - SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' - SYSLUMENN_HOST: '/k8s/api/SYSLUMENN_HOST' - SYSLUMENN_PASSWORD: '/k8s/api/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/api/SYSLUMENN_USERNAME' - TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' - ULTRAVIOLET_RADIATION_API_KEY: '/k8s/api/ULTRAVIOLET_RADIATION_API_KEY' - UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL: '/k8s/api/UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL' - UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' - VEHICLES_ALLOW_CO_OWNERS: '/k8s/api/VEHICLES_ALLOW_CO_OWNERS' - VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' - VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY: '/k8s/api/VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY' - WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY' - WATSON_ASSISTANT_CHAT_FEEDBACK_URL: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_URL' - XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' - XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' - XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' - XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' - XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' - XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' - XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' - XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'api' +args: + - '--tls-min-v1.0' + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + AIR_DISCOUNT_SCHEME_BACKEND_URL: 'http://web-air-discount-scheme-backend.air-discount-scheme.svc.cluster.local' + AIR_DISCOUNT_SCHEME_CLIENT_TIMEOUT: '20000' + AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.dev01.devland.is' + APOLLO_CACHE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + APPLICATION_SYSTEM_API_URL: 'http://web-application-system-api.application-system.svc.cluster.local' + AUTH_ADMIN_API_PATH: 'https://identity-server.dev01.devland.is/backend' + AUTH_ADMIN_API_PATHS: '{"development":"https://identity-server.dev01.devland.is/backend"}' + AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' + AUTH_IDS_API_URL: 'https://identity-server.dev01.devland.is' + AUTH_PUBLIC_API_URL: 'https://identity-server.dev01.devland.is/api' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' + CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi-test.devland.is' + CONTACT_US_EMAIL: 's@kogk.is' + CONTENTFUL_HOST: 'preview.contentful.com' + DOWNLOAD_SERVICE_BASE_PATH: 'https://api.dev01.devland.is' + ELASTIC_NODE: 'https://vpc-search-njkekqydiegezhr4vqpkfnw5la.eu-west-1.es.amazonaws.com' + ELECTRONIC_REGISTRATION_STATISTICS_API_URL: 'https://api-staging.thinglysing.is/business/tolfraedi' + ENDORSEMENT_SYSTEM_BASE_API_URL: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' + FILE_DOWNLOAD_BUCKET: 'island-is-dev-download-cache-api' + FILE_STORAGE_UPLOAD_BUCKET: 'island-is-dev-upload-api' + FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://dev-re.crm4.dynamics.com/api/data/v9.1' + FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' + FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://dev-re.crm4.dynamics.com/.default' + FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' + FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10012/Fiskistofa-Protected/veidileyfi-v1' + FISKISTOFA_ZENTER_CLIENT_ID: '1114' + FORM_SYSTEM_API_BASE_PATH: 'https://profun.island.is/umsoknarkerfi' + HSN_WEB_FORM_ID: '1dimJFHLFYtnhoYEA3JxRK' + HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b' + ICELANDIC_NAMES_REGISTRY_BACKEND_URL: 'http://web-icelandic-names-registry-backend.icelandic-names-registry.svc.cluster.local' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + ISLYKILL_CERT: '/etc/config/islyklar.p12' + LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + LOG_LEVEL: 'info' + MUNICIPALITIES_FINANCIAL_AID_BACKEND_URL: 'http://web-financial-aid-backend' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=2880 -r dd-trace/init' + REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' + SEND_FROM_EMAIL: 'development@island.is' + SERVERSIDE_FEATURES_ON: '' + SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' + SESSIONS_API_URL: 'http://web-services-sessions.services-sessions.svc.cluster.local' + SYSLUMENN_TIMEOUT: '40000' + TELL_US_A_STORY_EMAIL: 's@kogk.is' + UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' + USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + WATSON_ASSISTANT_CHAT_FEEDBACK_DB_NAME: 'island-is-assistant-feedback' + XROAD_ADR_MACHINE_LICENSE_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/rettindi-token-v1' + XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10056/LBHI-Protected/brautskraning-v1' + XROAD_AIRCRAFT_REGISTRY_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Loftfaraskra-V1' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_BIFROST_UNIVERSITY_PATH: 'IS-DEV/EDU/10057/Bifrost-Protected/brautskraning-v1' + XROAD_CHARGE_FJS_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/chargeFJS_v2' + XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS-DEV/GOV/10019/Domstolasyslan/JusticePortal-v1' + XROAD_CRIMINAL_RECORD_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Sakavottord-PDF-v2' + XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Okuritar-V1' + XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS-DEV/GOV/10011/UTL-Protected/Utl-Umsokn-v1' + XROAD_DISABILITY_LICENSE_PATH: 'IS-DEV/GOV/10008/TR-Protected/oryrki-v1' + XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS-DEV/GOV/10016/Syslumenn-Protected/RettindiIslandis' + XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS-DEV/GOV/10016/Syslumenn-Protected/IslandMinarSidur' + XROAD_DRIVING_LICENSE_BOOK_TIMEOUT: '20000' + XROAD_DRIVING_LICENSE_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v1' + XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v2' + XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v4' + XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v5' + XROAD_ENERGY_FUNDS_PATH: 'IS-DEV/GOV/10021/FJS-Public/ElectricCarSubSidyService_v1' + XROAD_FINANCES_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeIsland' + XROAD_FINANCES_TIMEOUT: '20000' + XROAD_FINANCES_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeServicesFJS_v2' + XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS-DEV/MUN/10023/samband-sveitarfelaga/financial-aid-backend' + XROAD_FIREARM_LICENSE_PATH: 'IS-DEV/GOV/10005/Logreglan-Protected/island-api-v1' + XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/organ-donation-v1' + XROAD_HEALTH_DIRECTORATE_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/landlaeknir' + XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/vaccination-v1' + XROAD_HEALTH_INSURANCE_ID: 'IS-DEV/GOV/10007/SJUKRA-Protected' + XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-DEV/GOV/10007/SJUKRA-Protected/minarsidur' + XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' + XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/husbot-v1' + XROAD_HMS_LOANS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/libra-v1' + XROAD_HOLAR_UNIVERSITY_PATH: 'IS-DEV/EDU/10055/Holar-Protected/brautskraning-v1' + XROAD_HOUSING_BENEFIT_CALCULATOR_PATH: 'IS-DEV/GOV/10033/HMS-Protected/calc-v1' + XROAD_HUNTING_LICENSE_PATH: 'IS-DEV/GOV/10009/Umhverfisstofnun-Protected/api' + XROAD_ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PATH: 'IS-DEV/GOV/10021/FJS-Protected/recruitment-v1' + XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-DEV/EDU/10049/LHI-Protected/brautskraning-v1' + XROAD_INNA_PATH: 'IS-DEV/GOV/10066/MMS-Protected/inna-v1' + XROAD_INTELLECTUAL_PROPERTIES_PATH: 'IS-DEV/GOV/10030/WebAPI-Public/HUG-webAPI' + XROAD_JUDICIAL_SYSTEM_SP_PATH: 'IS-DEV/GOV/10014/Rettarvorslugatt-Private/judicial-system-mailbox-api' + XROAD_MMS_FRIGG_PATH: 'IS-DEV/GOV/10066/MMS-Protected/frigg-form-service' + XROAD_MMS_GRADE_SERVICE_ID: 'IS-DEV/GOV/10066/MMS-Protected/grade-api-v1' + XROAD_MMS_LICENSE_SERVICE_ID: 'IS-DEV/GOV/10066/MMS-Protected/license-api-v1' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' + XROAD_NATIONAL_REGISTRY_TIMEOUT: '20000' + XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS-DEV/GOV/10014/DMR-Protected/official-journal-application' + XROAD_OFFICIAL_JOURNAL_PATH: 'IS-DEV/GOV/10014/DMR-Protected/official-journal' + XROAD_PASSPORT_LICENSE_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Forskraning-V1' + XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' + XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS-DEV/GOV/10000/island-is/application-callback-v2/application-payment/' + XROAD_PAYMENT_PROVIDER_ID: 'IS-DEV/GOV/10021/FJS-Public' + XROAD_PAYMENT_SCHEDULE_PATH: 'IS-DEV/GOV/10021/FJS-Public/paymentSchedule_v1' + XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS-DEV/GOV/10033/HMS-Protected/Fasteignir-v1' + XROAD_PROPERTIES_TIMEOUT: '35000' + XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_RSK_PROCURING_SCOPE: '["@rsk.is/prokura","@rsk.is/prokura:admin"]' + XROAD_SHIP_REGISTRY_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/skipaskra-V1' + XROAD_SIGNATURE_COLLECTION_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Medmaeli-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '10001' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_TR_PATH: 'IS-DEV/GOV/10008/TR-Protected/external-v1' + XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-DEV/EDU/10054/UNAK-Protected/brautskraning-v1' + XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10010/HI-Protected/brautskraning-v1' + XROAD_VEHICLES_MILEAGE_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Mileagereading-V1' + XROAD_VEHICLES_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Mitt-Svaedi-V1' + XROAD_VEHICLE_CODETABLES_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Codetables-V1' + XROAD_VEHICLE_INFOLOCKS_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Infolocks-V1' + XROAD_VEHICLE_OPERATORS_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Operators-V3' + XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Ownerchange-V2' + XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' + XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' + XROAD_VEHICLE_PRINTING_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Printing-V1' + XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS-DEV/GOV/10021/FJS-Public/VehicleServiceFJS_v1' + XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' + XROAD_VMST_MEMBER_CODE: '10003' + XROAD_WORK_ACCIDENT_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/slysaskraning-token' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/vinnuvelar-token' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'stjanilofts' +files: + - 'islyklar.p12' +grantNamespaces: + - 'nginx-ingress-external' + - 'api-catalogue' + - 'application-system' + - 'consultation-portal' + - 'portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 50 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/api' - create: true - name: 'api' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.dev01.devland.is' + paths: + - '/api' + - host: 'api-catalogue.dev01.devland.is' + paths: + - '/api' +namespace: 'islandis' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 50 + min: 2 +resources: + limits: + cpu: '1200m' + memory: '3200Mi' + requests: + cpu: '400m' + memory: '896Mi' +secrets: + ADR_LICENSE_FETCH_TIMEOUT: '/k8s/api/ADR_LICENSE_FETCH_TIMEOUT' + ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' + APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' + CHART_STATISTIC_CACHE_TTL: '/k8s/api/CHART_STATISTIC_CACHE_TTL' + CHART_STATISTIC_SOURCE_DATA_PATHS: '/k8s/api/CHART_STATISTIC_SOURCE_DATA_PATHS' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' + DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY' + DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY' + DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY' + DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' + DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' + DOCUMENT_PROVIDER_BASE_PATH: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH' + DOCUMENT_PROVIDER_BASE_PATH_TEST: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH_TEST' + DOCUMENT_PROVIDER_CLIENTID: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID' + DOCUMENT_PROVIDER_CLIENTID_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID_TEST' + DOCUMENT_PROVIDER_CLIENT_SECRET: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET' + DOCUMENT_PROVIDER_CLIENT_SECRET_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET_TEST' + DOCUMENT_PROVIDER_TOKEN_URL: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL' + DOCUMENT_PROVIDER_TOKEN_URL_TEST: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL_TEST' + DOMSYSLA_PASSWORD: '/k8s/api/DOMSYSLA_PASSWORD' + DOMSYSLA_USERNAME: '/k8s/api/DOMSYSLA_USERNAME' + DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/api/DRIVING_LICENSE_BOOK_PASSWORD' + DRIVING_LICENSE_BOOK_USERNAME: '/k8s/api/DRIVING_LICENSE_BOOK_USERNAME' + DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/api/DRIVING_LICENSE_BOOK_XROAD_PATH' + DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' + DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' + FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' + FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' + FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' + FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL' + FISKISTOFA_API_URL: '/k8s/api/FISKISTOFA_API_URL' + FISKISTOFA_POWERBI_CLIENT_ID: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_ID' + FISKISTOFA_POWERBI_CLIENT_SECRET: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_SECRET' + FISKISTOFA_POWERBI_TENANT_ID: '/k8s/api/FISKISTOFA_POWERBI_TENANT_ID' + FISKISTOFA_ZENTER_CLIENT_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_CLIENT_PASSWORD' + FISKISTOFA_ZENTER_EMAIL: '/k8s/api/FISKISTOFA_ZENTER_EMAIL' + FISKISTOFA_ZENTER_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_PASSWORD' + HOUSING_BENEFIT_CALCULATOR_PASSWORD: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_PASSWORD' + HOUSING_BENEFIT_CALCULATOR_USERNAME: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_USERNAME' + HSN_WEB_FORM_RESPONSE_SECRET: '/k8s/api/HSN_WEB_FORM_RESPONSE_SECRET' + HSN_WEB_FORM_RESPONSE_URL: '/k8s/api/HSN_WEB_FORM_RESPONSE_URL' + ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD' + ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/api/IDENTITY_SERVER_CLIENT_SECRET' + INTELLECTUAL_PROPERTY_API_KEY: '/k8s/api/IP_API_KEY' + ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' + ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' + LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' + MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' + PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' + PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' + PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' + PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' + PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' + POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' + POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' + POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' + POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' + REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' + REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' + REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' + REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' + RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' + SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' + SYSLUMENN_HOST: '/k8s/api/SYSLUMENN_HOST' + SYSLUMENN_PASSWORD: '/k8s/api/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/api/SYSLUMENN_USERNAME' + TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' + ULTRAVIOLET_RADIATION_API_KEY: '/k8s/api/ULTRAVIOLET_RADIATION_API_KEY' + UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL: '/k8s/api/UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL' + UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' + VEHICLES_ALLOW_CO_OWNERS: '/k8s/api/VEHICLES_ALLOW_CO_OWNERS' + VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' + VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY: '/k8s/api/VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY' + WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY' + WATSON_ASSISTANT_CHAT_FEEDBACK_URL: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_URL' + XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' + XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' + XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' + XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' + XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' + XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' + XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' + XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/api' + create: true + name: 'api' diff --git a/charts/services/api/values.prod.yaml b/charts/services/api/values.prod.yaml index b2d0e2e5c7b8..92341f753f38 100644 --- a/charts/services/api/values.prod.yaml +++ b/charts/services/api/values.prod.yaml @@ -5,310 +5,320 @@ # ##################################################################### -service: - name: 'api' - args: - - '--tls-min-v1.0' - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - AIR_DISCOUNT_SCHEME_BACKEND_URL: 'http://web-air-discount-scheme-backend.air-discount-scheme.svc.cluster.local' - AIR_DISCOUNT_SCHEME_CLIENT_TIMEOUT: '20000' - AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.island.is' - APOLLO_CACHE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - APPLICATION_SYSTEM_API_URL: 'http://web-application-system-api.application-system.svc.cluster.local' - AUTH_ADMIN_API_PATH: 'https://innskra.island.is/backend' - AUTH_ADMIN_API_PATHS: '{"development":"https://identity-server.dev01.devland.is/backend","staging":"https://identity-server.staging01.devland.is/backend","production":"https://innskra.island.is/backend"}' - AUTH_DELEGATION_API_URL: 'https://auth-delegation-api.internal.innskra.island.is' - AUTH_IDS_API_URL: 'https://innskra.island.is' - AUTH_PUBLIC_API_URL: 'https://innskra.island.is/api' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' - CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi.island.is' - CONTACT_US_EMAIL: 'island@island.is' - CONTENTFUL_HOST: 'cdn.contentful.com' - DOWNLOAD_SERVICE_BASE_PATH: 'https://api.island.is' - ELASTIC_NODE: 'https://vpc-search-mw4w5c2m2g5edjrtvwbpzhkw24.eu-west-1.es.amazonaws.com/' - ELECTRONIC_REGISTRATION_STATISTICS_API_URL: 'https://api.thinglysing.is/business/tolfraedi' - ENDORSEMENT_SYSTEM_BASE_API_URL: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' - FILE_DOWNLOAD_BUCKET: 'island-is-prod-download-cache-api' - FILE_STORAGE_UPLOAD_BUCKET: 'island-is-prod-upload-api' - FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://star-re.crm4.dynamics.com/api/data/v9.1' - FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' - FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://star-re.crm4.dynamics.com/.default' - FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' - FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS/GOV/6608922069/Fiskistofa-Protected/veidileyfi-v1' - FISKISTOFA_ZENTER_CLIENT_ID: '1114' - HSN_WEB_FORM_ID: '1dimJFHLFYtnhoYEA3JxRK' - HUNTING_LICENSE_PASS_TEMPLATE_ID: '5f42f942-d8d6-40bf-a186-5a9e12619d9f' - ICELANDIC_NAMES_REGISTRY_BACKEND_URL: 'http://web-icelandic-names-registry-backend.icelandic-names-registry.svc.cluster.local' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/api' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - ISLYKILL_CERT: '/etc/config/islyklar.p12' - LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - LOG_LEVEL: 'info' - MUNICIPALITIES_FINANCIAL_AID_BACKEND_URL: 'http://web-financial-aid-backend' - NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=2880 -r dd-trace/init' - REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' - SEND_FROM_EMAIL: 'island@island.is' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' - SESSIONS_API_URL: 'http://web-services-sessions.services-sessions.svc.cluster.local' - SYSLUMENN_TIMEOUT: '40000' - TELL_US_A_STORY_EMAIL: 'sogur@island.is' - UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' - USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - WATSON_ASSISTANT_CHAT_FEEDBACK_DB_NAME: 'island-is-assistant-feedback' - XROAD_ADR_MACHINE_LICENSE_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/rettindi-token-v1' - XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/4112043590/LBHI-Protected/brautskraning-v1' - XROAD_AIRCRAFT_REGISTRY_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Loftfaraskra-V1' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_BIFROST_UNIVERSITY_PATH: 'IS/EDU/5502690239/Bifrost-Protected/brautskraning-v1' - XROAD_CHARGE_FJS_V2_PATH: 'IS/GOV/5402697509/FJS-Public/chargeFJS_v2' - XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS/GOV/4707171140/Domstolasyslan/JusticePortal-v1' - XROAD_CRIMINAL_RECORD_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Sakaskra-v1' - XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Okuritar-V1' - XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS/GOV/6702696399/UTL-Protected/Utl-Umsokn-v1' - XROAD_DISABILITY_LICENSE_PATH: 'IS/GOV/5012130120/TR-Protected/oryrki-v1' - XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS/GOV/5512201410/Syslumenn-Protected/RettindiIslandis' - XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS/GOV/5512201410/Syslumenn-Protected/IslandMinarSidur' - XROAD_DRIVING_LICENSE_BOOK_TIMEOUT: '20000' - XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' - XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' - XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' - XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' - XROAD_ENERGY_FUNDS_PATH: 'IS/GOV/5402697509/FJS-Public/ElectricCarSubSidyService_v1' - XROAD_FINANCES_PATH: 'IS/GOV/5402697509/FJS-Public/financeIsland' - XROAD_FINANCES_TIMEOUT: '20000' - XROAD_FINANCES_V2_PATH: 'IS/GOV/5402697509/FJS-Public/financeServicesFJS_v2' - XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS/MUN/5502694739/samband-sveitarfelaga/financial-aid-backend' - XROAD_FIREARM_LICENSE_PATH: 'IS/GOV/5309672079/Logreglan-Protected/island-api-v1' - XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/organ-donation-v1' - XROAD_HEALTH_DIRECTORATE_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/landlaeknir' - XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/vaccination-v1' - XROAD_HEALTH_INSURANCE_ID: 'IS/GOV/4804080550/SJUKRA-Protected' - XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS/GOV/4804080550/SJUKRA-Protected/minarsidur' - XROAD_HEALTH_INSURANCE_WSDLURL: 'https://huld.sjukra.is/islandrg?wsdl' - XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/husbot-v1' - XROAD_HMS_LOANS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/libra-v1' - XROAD_HOLAR_UNIVERSITY_PATH: 'IS/EDU/5001694359/Holar-Protected/brautskraning-v1' - XROAD_HOUSING_BENEFIT_CALCULATOR_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/calc-v1' - XROAD_HUNTING_LICENSE_PATH: 'IS/GOV/7010022880/Umhverfisstofnun-Protected/api' - XROAD_ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PATH: 'IS/GOV/5402697509/FJS-Protected/recruitment-v1' - XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS/EDU/4210984099/LHI-Protected/brautskraning-v1' - XROAD_INNA_PATH: 'IS/GOV/6601241280/MMS-Protected/inna-v1' - XROAD_INTELLECTUAL_PROPERTIES_PATH: 'IS/GOV/6501912189/WebAPI-Public/HUG-webAPI' - XROAD_JUDICIAL_SYSTEM_SP_PATH: 'IS/GOV/5804170510/Rettarvorslugatt-Private/judicial-system-mailbox-api' - XROAD_MMS_FRIGG_PATH: 'IS/GOV/10066/MMS-Protected/frigg-form-service' - XROAD_MMS_GRADE_SERVICE_ID: 'IS/GOV/6601241280/MMS-Protected/grade-api-v1' - XROAD_MMS_LICENSE_SERVICE_ID: 'IS/GOV/6601241280/MMS-Protected/license-api-v1' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_NATIONAL_REGISTRY_TIMEOUT: '20000' - XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS/GOV/10014/DMR-Protected/official-journal-application' - XROAD_OFFICIAL_JOURNAL_PATH: 'IS/GOV/10014/DMR-Protected/official-journal' - XROAD_PASSPORT_LICENSE_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Forskraning-V1' - XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' - XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS/GOV/5501692829/island-is/application-callback-v2/application-payment/' - XROAD_PAYMENT_PROVIDER_ID: 'IS/GOV/5402697509/FJS-Public' - XROAD_PAYMENT_SCHEDULE_PATH: 'IS/GOV/5402697509/FJS-Public/paymentSchedule_v1' - XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/Fasteignir-v1' - XROAD_PROPERTIES_TIMEOUT: '35000' - XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - XROAD_RSK_PROCURING_SCOPE: '["@rsk.is/prokura","@rsk.is/prokura:admin"]' - XROAD_SHIP_REGISTRY_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/skipaskra-V1' - XROAD_SIGNATURE_COLLECTION_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Medmaeli-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - XROAD_TR_PATH: 'IS/GOV/5012130120/TR-Protected/external-v1' - XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS/EDU/5206871229/UNAK-Protected/brautskraning-v1' - XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/6001692039/HI-Protected/brautskraning-v1' - XROAD_VEHICLES_MILEAGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Mileagereading-V1' - XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' - XROAD_VEHICLE_CODETABLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Codetables-V1' - XROAD_VEHICLE_INFOLOCKS_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Infolocks-V1' - XROAD_VEHICLE_OPERATORS_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Operators-V3' - XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Ownerchange-V2' - XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' - XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' - XROAD_VEHICLE_PRINTING_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Printing-V1' - XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS/GOV/5402697509/FJS-Public/VehicleServiceFJS_v1' - XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' - XROAD_VMST_MEMBER_CODE: '7005942039' - XROAD_WORK_ACCIDENT_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/slysaskraning-token' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - files: - - 'islyklar.p12' - grantNamespaces: - - 'nginx-ingress-external' - - 'api-catalogue' - - 'application-system' - - 'consultation-portal' - - 'portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 50 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'island.is' - paths: - - '/api' - - host: 'www.island.is' - paths: - - '/api' - namespace: 'islandis' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 50 - min: 2 - resources: - limits: - cpu: '1200m' - memory: '3200Mi' - requests: - cpu: '400m' - memory: '896Mi' - secrets: - ADR_LICENSE_FETCH_TIMEOUT: '/k8s/api/ADR_LICENSE_FETCH_TIMEOUT' - ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' - APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' - CHART_STATISTIC_CACHE_TTL: '/k8s/api/CHART_STATISTIC_CACHE_TTL' - CHART_STATISTIC_SOURCE_DATA_PATHS: '/k8s/api/CHART_STATISTIC_SOURCE_DATA_PATHS' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' - DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY' - DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY' - DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY' - DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' - DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' - DOCUMENT_PROVIDER_BASE_PATH: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH' - DOCUMENT_PROVIDER_BASE_PATH_TEST: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH_TEST' - DOCUMENT_PROVIDER_CLIENTID: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID' - DOCUMENT_PROVIDER_CLIENTID_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID_TEST' - DOCUMENT_PROVIDER_CLIENT_SECRET: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET' - DOCUMENT_PROVIDER_CLIENT_SECRET_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET_TEST' - DOCUMENT_PROVIDER_TOKEN_URL: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL' - DOCUMENT_PROVIDER_TOKEN_URL_TEST: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL_TEST' - DOMSYSLA_PASSWORD: '/k8s/api/DOMSYSLA_PASSWORD' - DOMSYSLA_USERNAME: '/k8s/api/DOMSYSLA_USERNAME' - DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/api/DRIVING_LICENSE_BOOK_PASSWORD' - DRIVING_LICENSE_BOOK_USERNAME: '/k8s/api/DRIVING_LICENSE_BOOK_USERNAME' - DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/api/DRIVING_LICENSE_BOOK_XROAD_PATH' - DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' - DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' - FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' - FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' - FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' - FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL' - FISKISTOFA_API_URL: '/k8s/api/FISKISTOFA_API_URL' - FISKISTOFA_POWERBI_CLIENT_ID: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_ID' - FISKISTOFA_POWERBI_CLIENT_SECRET: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_SECRET' - FISKISTOFA_POWERBI_TENANT_ID: '/k8s/api/FISKISTOFA_POWERBI_TENANT_ID' - FISKISTOFA_ZENTER_CLIENT_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_CLIENT_PASSWORD' - FISKISTOFA_ZENTER_EMAIL: '/k8s/api/FISKISTOFA_ZENTER_EMAIL' - FISKISTOFA_ZENTER_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_PASSWORD' - HOUSING_BENEFIT_CALCULATOR_PASSWORD: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_PASSWORD' - HOUSING_BENEFIT_CALCULATOR_USERNAME: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_USERNAME' - HSN_WEB_FORM_RESPONSE_SECRET: '/k8s/api/HSN_WEB_FORM_RESPONSE_SECRET' - HSN_WEB_FORM_RESPONSE_URL: '/k8s/api/HSN_WEB_FORM_RESPONSE_URL' - ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD' - ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/api/IDENTITY_SERVER_CLIENT_SECRET' - INTELLECTUAL_PROPERTY_API_KEY: '/k8s/api/IP_API_KEY' - ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' - ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' - LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' - MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' - PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' - PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' - PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' - PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' - PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' - POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' - POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' - POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' - POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' - REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' - REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' - REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' - REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' - RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' - SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' - SYSLUMENN_HOST: '/k8s/api/SYSLUMENN_HOST' - SYSLUMENN_PASSWORD: '/k8s/api/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/api/SYSLUMENN_USERNAME' - TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' - ULTRAVIOLET_RADIATION_API_KEY: '/k8s/api/ULTRAVIOLET_RADIATION_API_KEY' - UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL: '/k8s/api/UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL' - UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' - VEHICLES_ALLOW_CO_OWNERS: '/k8s/api/VEHICLES_ALLOW_CO_OWNERS' - VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' - VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY: '/k8s/api/VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY' - WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY' - WATSON_ASSISTANT_CHAT_FEEDBACK_URL: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_URL' - XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' - XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' - XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' - XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' - XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' - XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' - XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' - XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'api' +args: + - '--tls-min-v1.0' + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + AIR_DISCOUNT_SCHEME_BACKEND_URL: 'http://web-air-discount-scheme-backend.air-discount-scheme.svc.cluster.local' + AIR_DISCOUNT_SCHEME_CLIENT_TIMEOUT: '20000' + AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.island.is' + APOLLO_CACHE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + APPLICATION_SYSTEM_API_URL: 'http://web-application-system-api.application-system.svc.cluster.local' + AUTH_ADMIN_API_PATH: 'https://innskra.island.is/backend' + AUTH_ADMIN_API_PATHS: '{"development":"https://identity-server.dev01.devland.is/backend","staging":"https://identity-server.staging01.devland.is/backend","production":"https://innskra.island.is/backend"}' + AUTH_DELEGATION_API_URL: 'https://auth-delegation-api.internal.innskra.island.is' + AUTH_IDS_API_URL: 'https://innskra.island.is' + AUTH_PUBLIC_API_URL: 'https://innskra.island.is/api' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' + CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi.island.is' + CONTACT_US_EMAIL: 'island@island.is' + CONTENTFUL_HOST: 'cdn.contentful.com' + DOWNLOAD_SERVICE_BASE_PATH: 'https://api.island.is' + ELASTIC_NODE: 'https://vpc-search-mw4w5c2m2g5edjrtvwbpzhkw24.eu-west-1.es.amazonaws.com/' + ELECTRONIC_REGISTRATION_STATISTICS_API_URL: 'https://api.thinglysing.is/business/tolfraedi' + ENDORSEMENT_SYSTEM_BASE_API_URL: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' + FILE_DOWNLOAD_BUCKET: 'island-is-prod-download-cache-api' + FILE_STORAGE_UPLOAD_BUCKET: 'island-is-prod-upload-api' + FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://star-re.crm4.dynamics.com/api/data/v9.1' + FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' + FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://star-re.crm4.dynamics.com/.default' + FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' + FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS/GOV/6608922069/Fiskistofa-Protected/veidileyfi-v1' + FISKISTOFA_ZENTER_CLIENT_ID: '1114' + HSN_WEB_FORM_ID: '1dimJFHLFYtnhoYEA3JxRK' + HUNTING_LICENSE_PASS_TEMPLATE_ID: '5f42f942-d8d6-40bf-a186-5a9e12619d9f' + ICELANDIC_NAMES_REGISTRY_BACKEND_URL: 'http://web-icelandic-names-registry-backend.icelandic-names-registry.svc.cluster.local' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/api' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + ISLYKILL_CERT: '/etc/config/islyklar.p12' + LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + LOG_LEVEL: 'info' + MUNICIPALITIES_FINANCIAL_AID_BACKEND_URL: 'http://web-financial-aid-backend' + NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=2880 -r dd-trace/init' + REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' + SEND_FROM_EMAIL: 'island@island.is' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' + SESSIONS_API_URL: 'http://web-services-sessions.services-sessions.svc.cluster.local' + SYSLUMENN_TIMEOUT: '40000' + TELL_US_A_STORY_EMAIL: 'sogur@island.is' + UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' + USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + WATSON_ASSISTANT_CHAT_FEEDBACK_DB_NAME: 'island-is-assistant-feedback' + XROAD_ADR_MACHINE_LICENSE_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/rettindi-token-v1' + XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/4112043590/LBHI-Protected/brautskraning-v1' + XROAD_AIRCRAFT_REGISTRY_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Loftfaraskra-V1' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_BIFROST_UNIVERSITY_PATH: 'IS/EDU/5502690239/Bifrost-Protected/brautskraning-v1' + XROAD_CHARGE_FJS_V2_PATH: 'IS/GOV/5402697509/FJS-Public/chargeFJS_v2' + XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS/GOV/4707171140/Domstolasyslan/JusticePortal-v1' + XROAD_CRIMINAL_RECORD_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Sakaskra-v1' + XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Okuritar-V1' + XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS/GOV/6702696399/UTL-Protected/Utl-Umsokn-v1' + XROAD_DISABILITY_LICENSE_PATH: 'IS/GOV/5012130120/TR-Protected/oryrki-v1' + XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS/GOV/5512201410/Syslumenn-Protected/RettindiIslandis' + XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS/GOV/5512201410/Syslumenn-Protected/IslandMinarSidur' + XROAD_DRIVING_LICENSE_BOOK_TIMEOUT: '20000' + XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' + XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' + XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' + XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' + XROAD_ENERGY_FUNDS_PATH: 'IS/GOV/5402697509/FJS-Public/ElectricCarSubSidyService_v1' + XROAD_FINANCES_PATH: 'IS/GOV/5402697509/FJS-Public/financeIsland' + XROAD_FINANCES_TIMEOUT: '20000' + XROAD_FINANCES_V2_PATH: 'IS/GOV/5402697509/FJS-Public/financeServicesFJS_v2' + XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS/MUN/5502694739/samband-sveitarfelaga/financial-aid-backend' + XROAD_FIREARM_LICENSE_PATH: 'IS/GOV/5309672079/Logreglan-Protected/island-api-v1' + XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/organ-donation-v1' + XROAD_HEALTH_DIRECTORATE_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/landlaeknir' + XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/vaccination-v1' + XROAD_HEALTH_INSURANCE_ID: 'IS/GOV/4804080550/SJUKRA-Protected' + XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS/GOV/4804080550/SJUKRA-Protected/minarsidur' + XROAD_HEALTH_INSURANCE_WSDLURL: 'https://huld.sjukra.is/islandrg?wsdl' + XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/husbot-v1' + XROAD_HMS_LOANS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/libra-v1' + XROAD_HOLAR_UNIVERSITY_PATH: 'IS/EDU/5001694359/Holar-Protected/brautskraning-v1' + XROAD_HOUSING_BENEFIT_CALCULATOR_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/calc-v1' + XROAD_HUNTING_LICENSE_PATH: 'IS/GOV/7010022880/Umhverfisstofnun-Protected/api' + XROAD_ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PATH: 'IS/GOV/5402697509/FJS-Protected/recruitment-v1' + XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS/EDU/4210984099/LHI-Protected/brautskraning-v1' + XROAD_INNA_PATH: 'IS/GOV/6601241280/MMS-Protected/inna-v1' + XROAD_INTELLECTUAL_PROPERTIES_PATH: 'IS/GOV/6501912189/WebAPI-Public/HUG-webAPI' + XROAD_JUDICIAL_SYSTEM_SP_PATH: 'IS/GOV/5804170510/Rettarvorslugatt-Private/judicial-system-mailbox-api' + XROAD_MMS_FRIGG_PATH: 'IS/GOV/10066/MMS-Protected/frigg-form-service' + XROAD_MMS_GRADE_SERVICE_ID: 'IS/GOV/6601241280/MMS-Protected/grade-api-v1' + XROAD_MMS_LICENSE_SERVICE_ID: 'IS/GOV/6601241280/MMS-Protected/license-api-v1' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_NATIONAL_REGISTRY_TIMEOUT: '20000' + XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS/GOV/10014/DMR-Protected/official-journal-application' + XROAD_OFFICIAL_JOURNAL_PATH: 'IS/GOV/10014/DMR-Protected/official-journal' + XROAD_PASSPORT_LICENSE_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Forskraning-V1' + XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' + XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS/GOV/5501692829/island-is/application-callback-v2/application-payment/' + XROAD_PAYMENT_PROVIDER_ID: 'IS/GOV/5402697509/FJS-Public' + XROAD_PAYMENT_SCHEDULE_PATH: 'IS/GOV/5402697509/FJS-Public/paymentSchedule_v1' + XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/Fasteignir-v1' + XROAD_PROPERTIES_TIMEOUT: '35000' + XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + XROAD_RSK_PROCURING_SCOPE: '["@rsk.is/prokura","@rsk.is/prokura:admin"]' + XROAD_SHIP_REGISTRY_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/skipaskra-V1' + XROAD_SIGNATURE_COLLECTION_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Medmaeli-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + XROAD_TR_PATH: 'IS/GOV/5012130120/TR-Protected/external-v1' + XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS/EDU/5206871229/UNAK-Protected/brautskraning-v1' + XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/6001692039/HI-Protected/brautskraning-v1' + XROAD_VEHICLES_MILEAGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Mileagereading-V1' + XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' + XROAD_VEHICLE_CODETABLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Codetables-V1' + XROAD_VEHICLE_INFOLOCKS_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Infolocks-V1' + XROAD_VEHICLE_OPERATORS_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Operators-V3' + XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Ownerchange-V2' + XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' + XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' + XROAD_VEHICLE_PRINTING_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Printing-V1' + XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS/GOV/5402697509/FJS-Public/VehicleServiceFJS_v1' + XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' + XROAD_VMST_MEMBER_CODE: '7005942039' + XROAD_WORK_ACCIDENT_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/slysaskraning-token' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +files: + - 'islyklar.p12' +grantNamespaces: + - 'nginx-ingress-external' + - 'api-catalogue' + - 'application-system' + - 'consultation-portal' + - 'portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 50 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/api' - create: true - name: 'api' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'island.is' + paths: + - '/api' + - host: 'www.island.is' + paths: + - '/api' +namespace: 'islandis' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 50 + min: 2 +resources: + limits: + cpu: '1200m' + memory: '3200Mi' + requests: + cpu: '400m' + memory: '896Mi' +secrets: + ADR_LICENSE_FETCH_TIMEOUT: '/k8s/api/ADR_LICENSE_FETCH_TIMEOUT' + ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' + APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' + CHART_STATISTIC_CACHE_TTL: '/k8s/api/CHART_STATISTIC_CACHE_TTL' + CHART_STATISTIC_SOURCE_DATA_PATHS: '/k8s/api/CHART_STATISTIC_SOURCE_DATA_PATHS' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' + DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY' + DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY' + DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY' + DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' + DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' + DOCUMENT_PROVIDER_BASE_PATH: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH' + DOCUMENT_PROVIDER_BASE_PATH_TEST: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH_TEST' + DOCUMENT_PROVIDER_CLIENTID: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID' + DOCUMENT_PROVIDER_CLIENTID_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID_TEST' + DOCUMENT_PROVIDER_CLIENT_SECRET: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET' + DOCUMENT_PROVIDER_CLIENT_SECRET_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET_TEST' + DOCUMENT_PROVIDER_TOKEN_URL: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL' + DOCUMENT_PROVIDER_TOKEN_URL_TEST: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL_TEST' + DOMSYSLA_PASSWORD: '/k8s/api/DOMSYSLA_PASSWORD' + DOMSYSLA_USERNAME: '/k8s/api/DOMSYSLA_USERNAME' + DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/api/DRIVING_LICENSE_BOOK_PASSWORD' + DRIVING_LICENSE_BOOK_USERNAME: '/k8s/api/DRIVING_LICENSE_BOOK_USERNAME' + DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/api/DRIVING_LICENSE_BOOK_XROAD_PATH' + DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' + DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' + FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' + FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' + FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' + FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL' + FISKISTOFA_API_URL: '/k8s/api/FISKISTOFA_API_URL' + FISKISTOFA_POWERBI_CLIENT_ID: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_ID' + FISKISTOFA_POWERBI_CLIENT_SECRET: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_SECRET' + FISKISTOFA_POWERBI_TENANT_ID: '/k8s/api/FISKISTOFA_POWERBI_TENANT_ID' + FISKISTOFA_ZENTER_CLIENT_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_CLIENT_PASSWORD' + FISKISTOFA_ZENTER_EMAIL: '/k8s/api/FISKISTOFA_ZENTER_EMAIL' + FISKISTOFA_ZENTER_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_PASSWORD' + HOUSING_BENEFIT_CALCULATOR_PASSWORD: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_PASSWORD' + HOUSING_BENEFIT_CALCULATOR_USERNAME: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_USERNAME' + HSN_WEB_FORM_RESPONSE_SECRET: '/k8s/api/HSN_WEB_FORM_RESPONSE_SECRET' + HSN_WEB_FORM_RESPONSE_URL: '/k8s/api/HSN_WEB_FORM_RESPONSE_URL' + ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD' + ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/api/IDENTITY_SERVER_CLIENT_SECRET' + INTELLECTUAL_PROPERTY_API_KEY: '/k8s/api/IP_API_KEY' + ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' + ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' + LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' + MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' + PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' + PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' + PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' + PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' + PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' + POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' + POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' + POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' + POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' + REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' + REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' + REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' + REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' + RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' + SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' + SYSLUMENN_HOST: '/k8s/api/SYSLUMENN_HOST' + SYSLUMENN_PASSWORD: '/k8s/api/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/api/SYSLUMENN_USERNAME' + TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' + ULTRAVIOLET_RADIATION_API_KEY: '/k8s/api/ULTRAVIOLET_RADIATION_API_KEY' + UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL: '/k8s/api/UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL' + UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' + VEHICLES_ALLOW_CO_OWNERS: '/k8s/api/VEHICLES_ALLOW_CO_OWNERS' + VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' + VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY: '/k8s/api/VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY' + WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY' + WATSON_ASSISTANT_CHAT_FEEDBACK_URL: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_URL' + XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' + XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' + XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' + XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' + XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' + XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' + XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' + XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/api' + create: true + name: 'api' diff --git a/charts/services/api/values.staging.yaml b/charts/services/api/values.staging.yaml index deeb73bf28f4..5fb2afa022c3 100644 --- a/charts/services/api/values.staging.yaml +++ b/charts/services/api/values.staging.yaml @@ -5,307 +5,317 @@ # ##################################################################### -service: - name: 'api' - args: - - '--tls-min-v1.0' - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - AIR_DISCOUNT_SCHEME_BACKEND_URL: 'http://web-air-discount-scheme-backend.air-discount-scheme.svc.cluster.local' - AIR_DISCOUNT_SCHEME_CLIENT_TIMEOUT: '20000' - AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.staging01.devland.is' - APOLLO_CACHE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - APPLICATION_SYSTEM_API_URL: 'http://web-application-system-api.application-system.svc.cluster.local' - AUTH_ADMIN_API_PATH: 'https://identity-server.staging01.devland.is/backend' - AUTH_ADMIN_API_PATHS: '{"development":"https://identity-server.dev01.devland.is/backend","staging":"https://identity-server.staging01.devland.is/backend"}' - AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' - AUTH_IDS_API_URL: 'https://identity-server.staging01.devland.is' - AUTH_PUBLIC_API_URL: 'https://identity-server.staging01.devland.is/api' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' - CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi-test.devland.is' - CONTACT_US_EMAIL: 'island@island.is' - CONTENTFUL_HOST: 'cdn.contentful.com' - DOWNLOAD_SERVICE_BASE_PATH: 'https://api.staging01.devland.is' - ELASTIC_NODE: 'https://vpc-search-q6hdtjcdlhkffyxvrnmzfwphuq.eu-west-1.es.amazonaws.com/' - ELECTRONIC_REGISTRATION_STATISTICS_API_URL: 'https://api-staging.thinglysing.is/business/tolfraedi' - ENDORSEMENT_SYSTEM_BASE_API_URL: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' - FILE_DOWNLOAD_BUCKET: 'island-is-staging-download-cache-api' - FILE_STORAGE_UPLOAD_BUCKET: 'island-is-staging-upload-api' - FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://dev-re.crm4.dynamics.com/api/data/v9.1' - FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' - FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://dev-re.crm4.dynamics.com/.default' - FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' - FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS-TEST/GOV/6608922069/Fiskistofa-Protected/veidileyfi-v1' - FISKISTOFA_ZENTER_CLIENT_ID: '1114' - HSN_WEB_FORM_ID: '1dimJFHLFYtnhoYEA3JxRK' - HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b' - ICELANDIC_NAMES_REGISTRY_BACKEND_URL: 'http://web-icelandic-names-registry-backend.icelandic-names-registry.svc.cluster.local' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - ISLYKILL_CERT: '/etc/config/islyklar.p12' - LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - LOG_LEVEL: 'info' - MUNICIPALITIES_FINANCIAL_AID_BACKEND_URL: 'http://web-financial-aid-backend' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=2880 -r dd-trace/init' - REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' - SEND_FROM_EMAIL: 'development@island.is' - SERVERSIDE_FEATURES_ON: '' - SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' - SESSIONS_API_URL: 'http://web-services-sessions.services-sessions.svc.cluster.local' - SYSLUMENN_TIMEOUT: '40000' - TELL_US_A_STORY_EMAIL: 'sogur@island.is' - UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' - USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - WATSON_ASSISTANT_CHAT_FEEDBACK_DB_NAME: 'island-is-assistant-feedback' - XROAD_ADR_MACHINE_LICENSE_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/rettindi-token-v1' - XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10056/LBHI-Protected/brautskraning-v1' - XROAD_AIRCRAFT_REGISTRY_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Loftfaraskra-V1' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_BIFROST_UNIVERSITY_PATH: 'IS-TEST/EDU/10057/Bifrost-Protected/brautskraning-v1' - XROAD_CHARGE_FJS_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/chargeFJS_v2' - XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS-TEST/GOV/10019/Domstolasyslan/JusticePortal-v1' - XROAD_CRIMINAL_RECORD_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Sakaskra-v1' - XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Okuritar-V1' - XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS-TEST/GOV/10011/UTL-Protected/Utl-Umsokn-v1' - XROAD_DISABILITY_LICENSE_PATH: 'IS-TEST/GOV/5012130120/TR-Protected/oryrki-v1' - XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS-TEST/GOV/10016/Syslumenn-Protected/RettindiIslandis' - XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS-TEST/GOV/10016/Syslumenn-Protected/IslandMinarSidur' - XROAD_DRIVING_LICENSE_BOOK_TIMEOUT: '20000' - XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v1' - XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v2' - XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' - XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' - XROAD_ENERGY_FUNDS_PATH: 'IS-TEST/GOV/10021/FJS-Public/ElectricCarSubSidyService_v1' - XROAD_FINANCES_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeIsland' - XROAD_FINANCES_TIMEOUT: '20000' - XROAD_FINANCES_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeServicesFJS_v2' - XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS-TEST/MUN/5502694739/samband-sveitarfelaga/financial-aid-backend' - XROAD_FIREARM_LICENSE_PATH: 'IS/GOV/5309672079/Logreglan-Protected/island-api-v1' - XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/organ-donation-v1' - XROAD_HEALTH_DIRECTORATE_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/landlaeknir' - XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/vaccination-v1' - XROAD_HEALTH_INSURANCE_ID: 'IS-TEST/GOV/4804080550/SJUKRA-Protected' - XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-TEST/GOV/4804080550/SJUKRA-Protected/minarsidur' - XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' - XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/husbot-v1' - XROAD_HMS_LOANS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/libra-v1' - XROAD_HOLAR_UNIVERSITY_PATH: 'IS-TEST/EDU/10055/Holar-Protected/brautskraning-v1' - XROAD_HOUSING_BENEFIT_CALCULATOR_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/calc-v1' - XROAD_HUNTING_LICENSE_PATH: 'IS-TEST/GOV/10009/Umhverfisstofnun-Protected/api' - XROAD_ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PATH: 'IS-TEST/GOV/10021/FJS-Protected/recruitment-v1' - XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-TEST/EDU/10049/LHI-Protected/brautskraning-v1' - XROAD_INNA_PATH: 'IS-TEST/GOV/6601241280/MMS-Protected/inna-v1' - XROAD_INTELLECTUAL_PROPERTIES_PATH: 'IS-TEST/GOV/6501912189/WebAPI-Public/HUG-webAPI' - XROAD_JUDICIAL_SYSTEM_SP_PATH: 'IS-TEST/GOV/10014/Rettarvorslugatt-Private/judicial-system-mailbox-api' - XROAD_MMS_FRIGG_PATH: 'IS-TEST/GOV/10066/MMS-Protected/frigg-form-service' - XROAD_MMS_GRADE_SERVICE_ID: 'IS-TEST/GOV/6601241280/MMS-Protected/grade-api-v1' - XROAD_MMS_LICENSE_SERVICE_ID: 'IS-TEST/GOV/6601241280/MMS-Protected/license-api-v1' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_NATIONAL_REGISTRY_TIMEOUT: '20000' - XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS-TEST/GOV/10014/DMR-Protected/official-journal-application' - XROAD_OFFICIAL_JOURNAL_PATH: 'IS-TEST/GOV/10014/DMR-Protected/official-journal' - XROAD_PASSPORT_LICENSE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Forskraning-V1' - XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' - XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:' - XROAD_PAYMENT_PROVIDER_ID: 'IS-TEST/GOV/10021/FJS-DEV-Public' - XROAD_PAYMENT_SCHEDULE_PATH: 'IS-TEST/GOV/10021/FJS-Public/paymentSchedule_v1' - XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/Fasteignir-v1' - XROAD_PROPERTIES_TIMEOUT: '35000' - XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_RSK_PROCURING_SCOPE: '["@rsk.is/prokura","@rsk.is/prokura:admin"]' - XROAD_SHIP_REGISTRY_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/skipaskra-V1' - XROAD_SIGNATURE_COLLECTION_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Medmaeli-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_TR_PATH: 'IS-TEST/GOV/5012130120/TR-Protected/external-v1' - XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-TEST/EDU/10054/UNAK-Protected/brautskraning-v1' - XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10010/HI-Protected/brautskraning-v1' - XROAD_VEHICLES_MILEAGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Mileagereading-V1' - XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' - XROAD_VEHICLE_CODETABLES_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Codetables-V1' - XROAD_VEHICLE_INFOLOCKS_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Infolocks-V1' - XROAD_VEHICLE_OPERATORS_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Operators-V3' - XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Ownerchange-V2' - XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' - XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' - XROAD_VEHICLE_PRINTING_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Printing-V1' - XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS-TEST/GOV/10021/FJS-Public/VehicleServiceFJS_v1' - XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' - XROAD_VMST_MEMBER_CODE: '7005942039' - XROAD_WORK_ACCIDENT_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/slysaskraning-token' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - files: - - 'islyklar.p12' - grantNamespaces: - - 'nginx-ingress-external' - - 'api-catalogue' - - 'application-system' - - 'consultation-portal' - - 'portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 50 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.staging01.devland.is' - paths: - - '/api' - namespace: 'islandis' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 50 - min: 2 - resources: - limits: - cpu: '1200m' - memory: '3200Mi' - requests: - cpu: '400m' - memory: '896Mi' - secrets: - ADR_LICENSE_FETCH_TIMEOUT: '/k8s/api/ADR_LICENSE_FETCH_TIMEOUT' - ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' - APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' - CHART_STATISTIC_CACHE_TTL: '/k8s/api/CHART_STATISTIC_CACHE_TTL' - CHART_STATISTIC_SOURCE_DATA_PATHS: '/k8s/api/CHART_STATISTIC_SOURCE_DATA_PATHS' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' - DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY' - DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY' - DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY' - DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' - DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' - DOCUMENT_PROVIDER_BASE_PATH: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH' - DOCUMENT_PROVIDER_BASE_PATH_TEST: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH_TEST' - DOCUMENT_PROVIDER_CLIENTID: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID' - DOCUMENT_PROVIDER_CLIENTID_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID_TEST' - DOCUMENT_PROVIDER_CLIENT_SECRET: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET' - DOCUMENT_PROVIDER_CLIENT_SECRET_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET_TEST' - DOCUMENT_PROVIDER_TOKEN_URL: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL' - DOCUMENT_PROVIDER_TOKEN_URL_TEST: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL_TEST' - DOMSYSLA_PASSWORD: '/k8s/api/DOMSYSLA_PASSWORD' - DOMSYSLA_USERNAME: '/k8s/api/DOMSYSLA_USERNAME' - DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/api/DRIVING_LICENSE_BOOK_PASSWORD' - DRIVING_LICENSE_BOOK_USERNAME: '/k8s/api/DRIVING_LICENSE_BOOK_USERNAME' - DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/api/DRIVING_LICENSE_BOOK_XROAD_PATH' - DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' - DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' - FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' - FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' - FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' - FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET' - FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL' - FISKISTOFA_API_URL: '/k8s/api/FISKISTOFA_API_URL' - FISKISTOFA_POWERBI_CLIENT_ID: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_ID' - FISKISTOFA_POWERBI_CLIENT_SECRET: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_SECRET' - FISKISTOFA_POWERBI_TENANT_ID: '/k8s/api/FISKISTOFA_POWERBI_TENANT_ID' - FISKISTOFA_ZENTER_CLIENT_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_CLIENT_PASSWORD' - FISKISTOFA_ZENTER_EMAIL: '/k8s/api/FISKISTOFA_ZENTER_EMAIL' - FISKISTOFA_ZENTER_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_PASSWORD' - HOUSING_BENEFIT_CALCULATOR_PASSWORD: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_PASSWORD' - HOUSING_BENEFIT_CALCULATOR_USERNAME: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_USERNAME' - HSN_WEB_FORM_RESPONSE_SECRET: '/k8s/api/HSN_WEB_FORM_RESPONSE_SECRET' - HSN_WEB_FORM_RESPONSE_URL: '/k8s/api/HSN_WEB_FORM_RESPONSE_URL' - ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD' - ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/api/IDENTITY_SERVER_CLIENT_SECRET' - INTELLECTUAL_PROPERTY_API_KEY: '/k8s/api/IP_API_KEY' - ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' - ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' - LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' - MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' - PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' - PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' - PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' - PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' - PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' - POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' - POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' - POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' - POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' - REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' - REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' - REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' - REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' - RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' - SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' - SYSLUMENN_HOST: '/k8s/api/SYSLUMENN_HOST' - SYSLUMENN_PASSWORD: '/k8s/api/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/api/SYSLUMENN_USERNAME' - TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' - ULTRAVIOLET_RADIATION_API_KEY: '/k8s/api/ULTRAVIOLET_RADIATION_API_KEY' - UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL: '/k8s/api/UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL' - UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' - VEHICLES_ALLOW_CO_OWNERS: '/k8s/api/VEHICLES_ALLOW_CO_OWNERS' - VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' - VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY: '/k8s/api/VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY' - WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY' - WATSON_ASSISTANT_CHAT_FEEDBACK_URL: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_URL' - XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' - XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' - XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' - XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' - XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' - XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' - XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' - XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'api' +args: + - '--tls-min-v1.0' + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + AIR_DISCOUNT_SCHEME_BACKEND_URL: 'http://web-air-discount-scheme-backend.air-discount-scheme.svc.cluster.local' + AIR_DISCOUNT_SCHEME_CLIENT_TIMEOUT: '20000' + AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.staging01.devland.is' + APOLLO_CACHE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + APPLICATION_SYSTEM_API_URL: 'http://web-application-system-api.application-system.svc.cluster.local' + AUTH_ADMIN_API_PATH: 'https://identity-server.staging01.devland.is/backend' + AUTH_ADMIN_API_PATHS: '{"development":"https://identity-server.dev01.devland.is/backend","staging":"https://identity-server.staging01.devland.is/backend"}' + AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' + AUTH_IDS_API_URL: 'https://identity-server.staging01.devland.is' + AUTH_PUBLIC_API_URL: 'https://identity-server.staging01.devland.is/api' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' + CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi-test.devland.is' + CONTACT_US_EMAIL: 'island@island.is' + CONTENTFUL_HOST: 'cdn.contentful.com' + DOWNLOAD_SERVICE_BASE_PATH: 'https://api.staging01.devland.is' + ELASTIC_NODE: 'https://vpc-search-q6hdtjcdlhkffyxvrnmzfwphuq.eu-west-1.es.amazonaws.com/' + ELECTRONIC_REGISTRATION_STATISTICS_API_URL: 'https://api-staging.thinglysing.is/business/tolfraedi' + ENDORSEMENT_SYSTEM_BASE_API_URL: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' + FILE_DOWNLOAD_BUCKET: 'island-is-staging-download-cache-api' + FILE_STORAGE_UPLOAD_BUCKET: 'island-is-staging-upload-api' + FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://dev-re.crm4.dynamics.com/api/data/v9.1' + FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' + FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://dev-re.crm4.dynamics.com/.default' + FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' + FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS-TEST/GOV/6608922069/Fiskistofa-Protected/veidileyfi-v1' + FISKISTOFA_ZENTER_CLIENT_ID: '1114' + HSN_WEB_FORM_ID: '1dimJFHLFYtnhoYEA3JxRK' + HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b' + ICELANDIC_NAMES_REGISTRY_BACKEND_URL: 'http://web-icelandic-names-registry-backend.icelandic-names-registry.svc.cluster.local' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + ISLYKILL_CERT: '/etc/config/islyklar.p12' + LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + LOG_LEVEL: 'info' + MUNICIPALITIES_FINANCIAL_AID_BACKEND_URL: 'http://web-financial-aid-backend' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=2880 -r dd-trace/init' + REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' + SEND_FROM_EMAIL: 'development@island.is' + SERVERSIDE_FEATURES_ON: '' + SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' + SESSIONS_API_URL: 'http://web-services-sessions.services-sessions.svc.cluster.local' + SYSLUMENN_TIMEOUT: '40000' + TELL_US_A_STORY_EMAIL: 'sogur@island.is' + UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' + USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + WATSON_ASSISTANT_CHAT_FEEDBACK_DB_NAME: 'island-is-assistant-feedback' + XROAD_ADR_MACHINE_LICENSE_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/rettindi-token-v1' + XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10056/LBHI-Protected/brautskraning-v1' + XROAD_AIRCRAFT_REGISTRY_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Loftfaraskra-V1' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_BIFROST_UNIVERSITY_PATH: 'IS-TEST/EDU/10057/Bifrost-Protected/brautskraning-v1' + XROAD_CHARGE_FJS_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/chargeFJS_v2' + XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS-TEST/GOV/10019/Domstolasyslan/JusticePortal-v1' + XROAD_CRIMINAL_RECORD_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Sakaskra-v1' + XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Okuritar-V1' + XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS-TEST/GOV/10011/UTL-Protected/Utl-Umsokn-v1' + XROAD_DISABILITY_LICENSE_PATH: 'IS-TEST/GOV/5012130120/TR-Protected/oryrki-v1' + XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS-TEST/GOV/10016/Syslumenn-Protected/RettindiIslandis' + XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS-TEST/GOV/10016/Syslumenn-Protected/IslandMinarSidur' + XROAD_DRIVING_LICENSE_BOOK_TIMEOUT: '20000' + XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v1' + XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v2' + XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' + XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' + XROAD_ENERGY_FUNDS_PATH: 'IS-TEST/GOV/10021/FJS-Public/ElectricCarSubSidyService_v1' + XROAD_FINANCES_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeIsland' + XROAD_FINANCES_TIMEOUT: '20000' + XROAD_FINANCES_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeServicesFJS_v2' + XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS-TEST/MUN/5502694739/samband-sveitarfelaga/financial-aid-backend' + XROAD_FIREARM_LICENSE_PATH: 'IS/GOV/5309672079/Logreglan-Protected/island-api-v1' + XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/organ-donation-v1' + XROAD_HEALTH_DIRECTORATE_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/landlaeknir' + XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/vaccination-v1' + XROAD_HEALTH_INSURANCE_ID: 'IS-TEST/GOV/4804080550/SJUKRA-Protected' + XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-TEST/GOV/4804080550/SJUKRA-Protected/minarsidur' + XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' + XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/husbot-v1' + XROAD_HMS_LOANS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/libra-v1' + XROAD_HOLAR_UNIVERSITY_PATH: 'IS-TEST/EDU/10055/Holar-Protected/brautskraning-v1' + XROAD_HOUSING_BENEFIT_CALCULATOR_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/calc-v1' + XROAD_HUNTING_LICENSE_PATH: 'IS-TEST/GOV/10009/Umhverfisstofnun-Protected/api' + XROAD_ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PATH: 'IS-TEST/GOV/10021/FJS-Protected/recruitment-v1' + XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-TEST/EDU/10049/LHI-Protected/brautskraning-v1' + XROAD_INNA_PATH: 'IS-TEST/GOV/6601241280/MMS-Protected/inna-v1' + XROAD_INTELLECTUAL_PROPERTIES_PATH: 'IS-TEST/GOV/6501912189/WebAPI-Public/HUG-webAPI' + XROAD_JUDICIAL_SYSTEM_SP_PATH: 'IS-TEST/GOV/10014/Rettarvorslugatt-Private/judicial-system-mailbox-api' + XROAD_MMS_FRIGG_PATH: 'IS-TEST/GOV/10066/MMS-Protected/frigg-form-service' + XROAD_MMS_GRADE_SERVICE_ID: 'IS-TEST/GOV/6601241280/MMS-Protected/grade-api-v1' + XROAD_MMS_LICENSE_SERVICE_ID: 'IS-TEST/GOV/6601241280/MMS-Protected/license-api-v1' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_NATIONAL_REGISTRY_TIMEOUT: '20000' + XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS-TEST/GOV/10014/DMR-Protected/official-journal-application' + XROAD_OFFICIAL_JOURNAL_PATH: 'IS-TEST/GOV/10014/DMR-Protected/official-journal' + XROAD_PASSPORT_LICENSE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Forskraning-V1' + XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' + XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:' + XROAD_PAYMENT_PROVIDER_ID: 'IS-TEST/GOV/10021/FJS-DEV-Public' + XROAD_PAYMENT_SCHEDULE_PATH: 'IS-TEST/GOV/10021/FJS-Public/paymentSchedule_v1' + XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/Fasteignir-v1' + XROAD_PROPERTIES_TIMEOUT: '35000' + XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_RSK_PROCURING_SCOPE: '["@rsk.is/prokura","@rsk.is/prokura:admin"]' + XROAD_SHIP_REGISTRY_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/skipaskra-V1' + XROAD_SIGNATURE_COLLECTION_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Medmaeli-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_TR_PATH: 'IS-TEST/GOV/5012130120/TR-Protected/external-v1' + XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-TEST/EDU/10054/UNAK-Protected/brautskraning-v1' + XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10010/HI-Protected/brautskraning-v1' + XROAD_VEHICLES_MILEAGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Mileagereading-V1' + XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' + XROAD_VEHICLE_CODETABLES_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Codetables-V1' + XROAD_VEHICLE_INFOLOCKS_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Infolocks-V1' + XROAD_VEHICLE_OPERATORS_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Operators-V3' + XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Ownerchange-V2' + XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' + XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' + XROAD_VEHICLE_PRINTING_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Printing-V1' + XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS-TEST/GOV/10021/FJS-Public/VehicleServiceFJS_v1' + XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' + XROAD_VMST_MEMBER_CODE: '7005942039' + XROAD_WORK_ACCIDENT_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/slysaskraning-token' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +files: + - 'islyklar.p12' +grantNamespaces: + - 'nginx-ingress-external' + - 'api-catalogue' + - 'application-system' + - 'consultation-portal' + - 'portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 50 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/api' - create: true - name: 'api' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.staging01.devland.is' + paths: + - '/api' +namespace: 'islandis' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 50 + min: 2 +resources: + limits: + cpu: '1200m' + memory: '3200Mi' + requests: + cpu: '400m' + memory: '896Mi' +secrets: + ADR_LICENSE_FETCH_TIMEOUT: '/k8s/api/ADR_LICENSE_FETCH_TIMEOUT' + ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' + APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' + CHART_STATISTIC_CACHE_TTL: '/k8s/api/CHART_STATISTIC_CACHE_TTL' + CHART_STATISTIC_SOURCE_DATA_PATHS: '/k8s/api/CHART_STATISTIC_SOURCE_DATA_PATHS' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' + DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PRIVATE_RSA_KEY' + DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_IBM_KEY' + DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY: '/k8s/api/DIRECTORATE_OF_IMMIGRATION_WATSON_ASSISTANT_CHAT_PUBLIC_RSA_KEY' + DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' + DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' + DOCUMENT_PROVIDER_BASE_PATH: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH' + DOCUMENT_PROVIDER_BASE_PATH_TEST: '/k8s/api/DOCUMENT_PROVIDER_BASE_PATH_TEST' + DOCUMENT_PROVIDER_CLIENTID: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID' + DOCUMENT_PROVIDER_CLIENTID_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENTID_TEST' + DOCUMENT_PROVIDER_CLIENT_SECRET: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET' + DOCUMENT_PROVIDER_CLIENT_SECRET_TEST: '/k8s/documentprovider/DOCUMENT_PROVIDER_CLIENT_SECRET_TEST' + DOCUMENT_PROVIDER_TOKEN_URL: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL' + DOCUMENT_PROVIDER_TOKEN_URL_TEST: '/k8s/api/DOCUMENT_PROVIDER_TOKEN_URL_TEST' + DOMSYSLA_PASSWORD: '/k8s/api/DOMSYSLA_PASSWORD' + DOMSYSLA_USERNAME: '/k8s/api/DOMSYSLA_USERNAME' + DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/api/DRIVING_LICENSE_BOOK_PASSWORD' + DRIVING_LICENSE_BOOK_USERNAME: '/k8s/api/DRIVING_LICENSE_BOOK_USERNAME' + DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/api/DRIVING_LICENSE_BOOK_XROAD_PATH' + DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' + DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' + FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' + FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' + FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' + FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_AUDIENCE' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_ID' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_CLIENT_SECRET' + FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL: '/k8s/api/FISKISTOFA_API_ACCESS_TOKEN_SERVICE_URL' + FISKISTOFA_API_URL: '/k8s/api/FISKISTOFA_API_URL' + FISKISTOFA_POWERBI_CLIENT_ID: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_ID' + FISKISTOFA_POWERBI_CLIENT_SECRET: '/k8s/api/FISKISTOFA_POWERBI_CLIENT_SECRET' + FISKISTOFA_POWERBI_TENANT_ID: '/k8s/api/FISKISTOFA_POWERBI_TENANT_ID' + FISKISTOFA_ZENTER_CLIENT_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_CLIENT_PASSWORD' + FISKISTOFA_ZENTER_EMAIL: '/k8s/api/FISKISTOFA_ZENTER_EMAIL' + FISKISTOFA_ZENTER_PASSWORD: '/k8s/api/FISKISTOFA_ZENTER_PASSWORD' + HOUSING_BENEFIT_CALCULATOR_PASSWORD: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_PASSWORD' + HOUSING_BENEFIT_CALCULATOR_USERNAME: '/k8s/xroad/client/HOUSING_BENEFIT_CALCULATOR_USERNAME' + HSN_WEB_FORM_RESPONSE_SECRET: '/k8s/api/HSN_WEB_FORM_RESPONSE_SECRET' + HSN_WEB_FORM_RESPONSE_URL: '/k8s/api/HSN_WEB_FORM_RESPONSE_URL' + ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_PASSWORD' + ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME: '/k8s/xroad/client/ICELANDIC_GOVERNMENT_INSTITUTION_VACANCIES_USERNAME' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/api/IDENTITY_SERVER_CLIENT_SECRET' + INTELLECTUAL_PROPERTY_API_KEY: '/k8s/api/IP_API_KEY' + ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' + ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' + LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' + MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' + PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' + PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' + PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' + PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' + PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' + POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' + POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' + POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' + POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' + REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' + REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' + REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' + REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' + RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' + SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' + SYSLUMENN_HOST: '/k8s/api/SYSLUMENN_HOST' + SYSLUMENN_PASSWORD: '/k8s/api/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/api/SYSLUMENN_USERNAME' + TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' + ULTRAVIOLET_RADIATION_API_KEY: '/k8s/api/ULTRAVIOLET_RADIATION_API_KEY' + UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL: '/k8s/api/UMBODSMADUR_SKULDARA_COST_OF_LIVING_CALCULATOR_API_URL' + UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' + VEHICLES_ALLOW_CO_OWNERS: '/k8s/api/VEHICLES_ALLOW_CO_OWNERS' + VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' + VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY: '/k8s/api/VINNUEFTIRLITID_CAMPAIGN_MONITOR_API_KEY' + WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_API_KEY' + WATSON_ASSISTANT_CHAT_FEEDBACK_URL: '/k8s/api/WATSON_ASSISTANT_CHAT_FEEDBACK_URL' + XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' + XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' + XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' + XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' + XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' + XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' + XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' + XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/api' + create: true + name: 'api' diff --git a/charts/services/application-system-api-worker/values.dev.yaml b/charts/services/application-system-api-worker/values.dev.yaml index 38a91f889d37..ff4bd2d0ebb0 100644 --- a/charts/services/application-system-api-worker/values.dev.yaml +++ b/charts/services/application-system-api-worker/values.dev.yaml @@ -5,105 +5,115 @@ # ##################################################################### -service: - name: 'application-system-api-worker' - args: - - 'main.js' - - '--job' - - 'worker' - command: - - 'node' - enabled: true +global: env: - APPLICATION_ATTACHMENT_BUCKET: 'island-is-dev-storage-application-system' - CLIENT_LOCATION_ORIGIN: 'https://beta.dev01.devland.is/umsoknir' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'application_system_api' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'application_system_api' - EHIC_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10007/SJUKRA-Protected/ehic' - FILE_SERVICE_PRESIGN_BUCKET: 'island-is-dev-fs-presign-bucket' - FILE_STORAGE_UPLOAD_BUCKET: 'island-is-dev-upload-api' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CHARGE_FJS_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/chargeFJS_v2' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_INNA_PATH: 'IS-DEV/GOV/10066/MMS-Protected/inna-v1' - XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' - XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS-DEV/GOV/10000/island-is/application-callback-v2/application-payment/' - XROAD_PAYMENT_PROVIDER_ID: 'IS-DEV/GOV/10021/FJS-Public' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/vinnuvelar-token' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' - namespace: 'application-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '768Mi' - requests: - cpu: '150m' - memory: '384Mi' - schedule: '*/30 * * * *' - secrets: - ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/application-system-api/DB_PASSWORD' - DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' - DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' - DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' - DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' - DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' - DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' - DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' - SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' - SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' - XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' - XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/application-system-api-worker' - create: true - name: 'application-system-api-worker' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'application-system-api-worker' +args: + - 'main.js' + - '--job' + - 'worker' +command: + - 'node' +enabled: true +env: + APPLICATION_ATTACHMENT_BUCKET: 'island-is-dev-storage-application-system' + CLIENT_LOCATION_ORIGIN: 'https://beta.dev01.devland.is/umsoknir' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'application_system_api' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'application_system_api' + EHIC_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10007/SJUKRA-Protected/ehic' + FILE_SERVICE_PRESIGN_BUCKET: 'island-is-dev-fs-presign-bucket' + FILE_STORAGE_UPLOAD_BUCKET: 'island-is-dev-upload-api' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CHARGE_FJS_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/chargeFJS_v2' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_INNA_PATH: 'IS-DEV/GOV/10066/MMS-Protected/inna-v1' + XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' + XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS-DEV/GOV/10000/island-is/application-callback-v2/application-payment/' + XROAD_PAYMENT_PROVIDER_ID: 'IS-DEV/GOV/10021/FJS-Public' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/vinnuvelar-token' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' +namespace: 'application-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '768Mi' + requests: + cpu: '150m' + memory: '384Mi' +schedule: '*/30 * * * *' +secrets: + ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/application-system-api/DB_PASSWORD' + DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' + DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' + DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' + DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' + DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' + DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' + DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' + SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' + SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' + XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' + XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/application-system-api-worker' + create: true + name: 'application-system-api-worker' diff --git a/charts/services/application-system-api-worker/values.prod.yaml b/charts/services/application-system-api-worker/values.prod.yaml index 45c19e3afc3a..c03336214cd1 100644 --- a/charts/services/application-system-api-worker/values.prod.yaml +++ b/charts/services/application-system-api-worker/values.prod.yaml @@ -5,105 +5,115 @@ # ##################################################################### -service: - name: 'application-system-api-worker' - args: - - 'main.js' - - '--job' - - 'worker' - command: - - 'node' - enabled: true +global: env: - APPLICATION_ATTACHMENT_BUCKET: 'island-is-prod-storage-application-system' - CLIENT_LOCATION_ORIGIN: 'https://island.is/umsoknir' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'application_system_api' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'application_system_api' - EHIC_XROAD_PROVIDER_ID: 'IS/GOV/4804080550/SJUKRA-Protected/ehic' - FILE_SERVICE_PRESIGN_BUCKET: 'island-is-prod-fs-presign-bucket' - FILE_STORAGE_UPLOAD_BUCKET: 'island-is-prod-upload-api' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CHARGE_FJS_V2_PATH: 'IS/GOV/5402697509/FJS-Public/chargeFJS_v2' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_INNA_PATH: 'IS/GOV/6601241280/MMS-Protected/inna-v1' - XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' - XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS/GOV/5501692829/island-is/application-callback-v2/application-payment/' - XROAD_PAYMENT_PROVIDER_ID: 'IS/GOV/5402697509/FJS-Public' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' - namespace: 'application-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '400m' - memory: '768Mi' - requests: - cpu: '150m' - memory: '384Mi' - schedule: '*/30 * * * *' - secrets: - ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/application-system-api/DB_PASSWORD' - DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' - DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' - DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' - DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' - DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' - DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' - DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' - SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' - SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' - XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' - XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/application-system-api-worker' - create: true - name: 'application-system-api-worker' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'application-system-api-worker' +args: + - 'main.js' + - '--job' + - 'worker' +command: + - 'node' +enabled: true +env: + APPLICATION_ATTACHMENT_BUCKET: 'island-is-prod-storage-application-system' + CLIENT_LOCATION_ORIGIN: 'https://island.is/umsoknir' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'application_system_api' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'application_system_api' + EHIC_XROAD_PROVIDER_ID: 'IS/GOV/4804080550/SJUKRA-Protected/ehic' + FILE_SERVICE_PRESIGN_BUCKET: 'island-is-prod-fs-presign-bucket' + FILE_STORAGE_UPLOAD_BUCKET: 'island-is-prod-upload-api' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CHARGE_FJS_V2_PATH: 'IS/GOV/5402697509/FJS-Public/chargeFJS_v2' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_INNA_PATH: 'IS/GOV/6601241280/MMS-Protected/inna-v1' + XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' + XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS/GOV/5501692829/island-is/application-callback-v2/application-payment/' + XROAD_PAYMENT_PROVIDER_ID: 'IS/GOV/5402697509/FJS-Public' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' +namespace: 'application-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '400m' + memory: '768Mi' + requests: + cpu: '150m' + memory: '384Mi' +schedule: '*/30 * * * *' +secrets: + ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/application-system-api/DB_PASSWORD' + DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' + DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' + DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' + DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' + DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' + DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' + DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' + SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' + SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' + XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' + XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/application-system-api-worker' + create: true + name: 'application-system-api-worker' diff --git a/charts/services/application-system-api-worker/values.staging.yaml b/charts/services/application-system-api-worker/values.staging.yaml index 99b4e6ab9dba..c45d550e4db3 100644 --- a/charts/services/application-system-api-worker/values.staging.yaml +++ b/charts/services/application-system-api-worker/values.staging.yaml @@ -5,105 +5,115 @@ # ##################################################################### -service: - name: 'application-system-api-worker' - args: - - 'main.js' - - '--job' - - 'worker' - command: - - 'node' - enabled: true +global: env: - APPLICATION_ATTACHMENT_BUCKET: 'island-is-staging-storage-application-system' - CLIENT_LOCATION_ORIGIN: 'https://beta.staging01.devland.is/umsoknir' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'application_system_api' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'application_system_api' - EHIC_XROAD_PROVIDER_ID: 'IS-TEST/GOV/4804080550/SJUKRA-Protected/ehic' - FILE_SERVICE_PRESIGN_BUCKET: 'island-is-staging-fs-presign-bucket' - FILE_STORAGE_UPLOAD_BUCKET: 'island-is-staging-upload-api' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CHARGE_FJS_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/chargeFJS_v2' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_INNA_PATH: 'IS-TEST/GOV/6601241280/MMS-Protected/inna-v1' - XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' - XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:' - XROAD_PAYMENT_PROVIDER_ID: 'IS-TEST/GOV/10021/FJS-DEV-Public' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' - namespace: 'application-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '768Mi' - requests: - cpu: '150m' - memory: '384Mi' - schedule: '*/30 * * * *' - secrets: - ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/application-system-api/DB_PASSWORD' - DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' - DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' - DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' - DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' - DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' - DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' - DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' - SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' - SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' - XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' - XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/application-system-api-worker' - create: true - name: 'application-system-api-worker' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'application-system-api-worker' +args: + - 'main.js' + - '--job' + - 'worker' +command: + - 'node' +enabled: true +env: + APPLICATION_ATTACHMENT_BUCKET: 'island-is-staging-storage-application-system' + CLIENT_LOCATION_ORIGIN: 'https://beta.staging01.devland.is/umsoknir' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'application_system_api' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'application_system_api' + EHIC_XROAD_PROVIDER_ID: 'IS-TEST/GOV/4804080550/SJUKRA-Protected/ehic' + FILE_SERVICE_PRESIGN_BUCKET: 'island-is-staging-fs-presign-bucket' + FILE_STORAGE_UPLOAD_BUCKET: 'island-is-staging-upload-api' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CHARGE_FJS_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/chargeFJS_v2' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_INNA_PATH: 'IS-TEST/GOV/6601241280/MMS-Protected/inna-v1' + XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' + XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:' + XROAD_PAYMENT_PROVIDER_ID: 'IS-TEST/GOV/10021/FJS-DEV-Public' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' +namespace: 'application-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '768Mi' + requests: + cpu: '150m' + memory: '384Mi' +schedule: '*/30 * * * *' +secrets: + ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/application-system-api/DB_PASSWORD' + DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' + DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' + DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' + DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' + DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' + DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' + DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' + SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' + SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' + XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' + XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/application-system-api-worker' + create: true + name: 'application-system-api-worker' diff --git a/charts/services/application-system-api/values.dev.yaml b/charts/services/application-system-api/values.dev.yaml index be93a4cdd346..1afae5cc210e 100644 --- a/charts/services/application-system-api/values.dev.yaml +++ b/charts/services/application-system-api/values.dev.yaml @@ -5,254 +5,264 @@ # ##################################################################### -service: - name: 'application-system-api' - args: - - 'main.js' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'application-system-api' +args: + - 'main.js' +command: + - 'node' +enabled: true +env: + APPLICATION_ATTACHMENT_BUCKET: 'island-is-dev-storage-application-system' + AUTH_PUBLIC_API_URL: 'https://identity-server.dev01.devland.is/api' + CLIENT_LOCATION_ORIGIN: 'https://beta.dev01.devland.is/umsoknir' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' + CONTENTFUL_HOST: 'preview.contentful.com' + DATA_PROTECTION_COMPLAINT_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10026/gopro/kvortun-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'application_system_api' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'application_system_api' + EHIC_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10007/SJUKRA-Protected/ehic' + EMAIL_REGION: 'eu-west-1' + ENDORSEMENTS_API_BASE_PATH: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' + FILE_SERVICE_PRESIGN_BUCKET: 'island-is-dev-fs-presign-bucket' + FILE_STORAGE_UPLOAD_BUCKET: 'island-is-dev-upload-api' + FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://dev-re.crm4.dynamics.com/api/data/v9.1' + FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' + FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://dev-re.crm4.dynamics.com/.default' + FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' + FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10012/Fiskistofa-Protected/veidileyfi-v1' + FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' + FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' + GRAPHQL_API_URL: 'http://web-api.islandis.svc.cluster.local' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + INSTITUTION_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' + INSTITUTION_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' + ISLYKILL_CERT: '/etc/config/islyklar.p12' + LOGIN_SERVICE_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' + LOGIN_SERVICE_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'true' + NOVA_USERNAME: 'IslandIs_User_Development' + RECYCLING_FUND_GQL_BASE_PATH: 'http://web-skilavottord-ws.skilavottord.svc.cluster.local/app/skilavottord/api/graphql' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' + SERVICE_USER_PROFILE_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' + USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' + WORKPOINT_ARBORG_SERVICE_PATH: 'IS-DEV/MUN/10036/Arborg-Protected/tengill-application-v1' + XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10056/LBHI-Protected/brautskraning-v1' + XROAD_ALTHINGI_OMBUDSMAN_SERVICE_PATH: 'IS-DEV/GOV/10047/UA-Protected/kvortun-v1/' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_BIFROST_UNIVERSITY_PATH: 'IS-DEV/EDU/10057/Bifrost-Protected/brautskraning-v1' + XROAD_CHARGE_FJS_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/chargeFJS_v2' + XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS-DEV/GOV/10019/Domstolasyslan/JusticePortal-v1' + XROAD_CRIMINAL_RECORD_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Sakavottord-PDF-v2' + XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Okuritar-V1' + XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS-DEV/GOV/10011/UTL-Protected/Utl-Umsokn-v1' + XROAD_DRIVING_LICENSE_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v1' + XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v2' + XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v4' + XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v5' + XROAD_ENERGY_FUNDS_PATH: 'IS-DEV/GOV/10021/FJS-Public/ElectricCarSubSidyService_v1' + XROAD_FINANCES_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeIsland' + XROAD_FINANCES_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeServicesFJS_v2' + XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS-DEV/MUN/10023/samband-sveitarfelaga/financial-aid-backend' + XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/organ-donation-v1' + XROAD_HEALTH_DIRECTORATE_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/landlaeknir' + XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/vaccination-v1' + XROAD_HEALTH_INSURANCE_ID: 'IS-DEV/GOV/10007/SJUKRA-Protected' + XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-DEV/GOV/10007/SJUKRA-Protected/minarsidur' + XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' + XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/husbot-v1' + XROAD_HMS_LOANS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/libra-v1' + XROAD_HOLAR_UNIVERSITY_PATH: 'IS-DEV/EDU/10055/Holar-Protected/brautskraning-v1' + XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-DEV/EDU/10049/LHI-Protected/brautskraning-v1' + XROAD_INNA_PATH: 'IS-DEV/GOV/10066/MMS-Protected/inna-v1' + XROAD_MMS_FRIGG_PATH: 'IS-DEV/GOV/10066/MMS-Protected/frigg-form-service' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' + XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS-DEV/GOV/10014/DMR-Protected/official-journal-application' + XROAD_OFFICIAL_JOURNAL_PATH: 'IS-DEV/GOV/10014/DMR-Protected/official-journal' + XROAD_PASSPORT_LICENSE_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Forskraning-V1' + XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' + XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS-DEV/GOV/10000/island-is/application-callback-v2/application-payment/' + XROAD_PAYMENT_PROVIDER_ID: 'IS-DEV/GOV/10021/FJS-Public' + XROAD_PAYMENT_SCHEDULE_PATH: 'IS-DEV/GOV/10021/FJS-Public/paymentSchedule_v1' + XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS-DEV/GOV/10033/HMS-Protected/Fasteignir-v1' + XROAD_SIGNATURE_COLLECTION_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Medmaeli-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '10001' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_TR_PATH: 'IS-DEV/GOV/10008/TR-Protected/external-v1' + XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-DEV/EDU/10054/UNAK-Protected/brautskraning-v1' + XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10010/HI-Protected/brautskraning-v1' + XROAD_VEHICLES_MILEAGE_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Mileagereading-V1' + XROAD_VEHICLES_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Mitt-Svaedi-V1' + XROAD_VEHICLE_CODETABLES_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Codetables-V1' + XROAD_VEHICLE_INFOLOCKS_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Infolocks-V1' + XROAD_VEHICLE_OPERATORS_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Operators-V3' + XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Ownerchange-V2' + XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' + XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' + XROAD_VEHICLE_PRINTING_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Printing-V1' + XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS-DEV/GOV/10021/FJS-Public/VehicleServiceFJS_v1' + XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' + XROAD_VMST_MEMBER_CODE: '10003' + XROAD_WORK_ACCIDENT_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/slysaskraning-token' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/vinnuvelar-token' +files: + - 'islyklar.p12' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 60 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'application-payment-callback-xrd.internal.dev01.devland.is' + paths: + - '/application-payment' + - '/applications' + - host: 'application-callback-xrd.internal.dev01.devland.is' + paths: + - '/application-payment' + - '/applications' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - APPLICATION_ATTACHMENT_BUCKET: 'island-is-dev-storage-application-system' - AUTH_PUBLIC_API_URL: 'https://identity-server.dev01.devland.is/api' - CLIENT_LOCATION_ORIGIN: 'https://beta.dev01.devland.is/umsoknir' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' - CONTENTFUL_HOST: 'preview.contentful.com' - DATA_PROTECTION_COMPLAINT_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10026/gopro/kvortun-v1' DB_HOST: 'postgres-applications.internal' DB_NAME: 'application_system_api' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'application_system_api' - EHIC_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10007/SJUKRA-Protected/ehic' - EMAIL_REGION: 'eu-west-1' - ENDORSEMENTS_API_BASE_PATH: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' - FILE_SERVICE_PRESIGN_BUCKET: 'island-is-dev-fs-presign-bucket' - FILE_STORAGE_UPLOAD_BUCKET: 'island-is-dev-upload-api' - FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://dev-re.crm4.dynamics.com/api/data/v9.1' - FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' - FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://dev-re.crm4.dynamics.com/.default' - FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' - FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10012/Fiskistofa-Protected/veidileyfi-v1' - FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' - FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' - GRAPHQL_API_URL: 'http://web-api.islandis.svc.cluster.local' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - INSTITUTION_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' - INSTITUTION_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' - ISLYKILL_CERT: '/etc/config/islyklar.p12' - LOGIN_SERVICE_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' - LOGIN_SERVICE_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'true' - NOVA_USERNAME: 'IslandIs_User_Development' - RECYCLING_FUND_GQL_BASE_PATH: 'http://web-skilavottord-ws.skilavottord.svc.cluster.local/app/skilavottord/api/graphql' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' SERVERSIDE_FEATURES_ON: '' - SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' - SERVICE_USER_PROFILE_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' - USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' - WORKPOINT_ARBORG_SERVICE_PATH: 'IS-DEV/MUN/10036/Arborg-Protected/tengill-application-v1' - XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10056/LBHI-Protected/brautskraning-v1' - XROAD_ALTHINGI_OMBUDSMAN_SERVICE_PATH: 'IS-DEV/GOV/10047/UA-Protected/kvortun-v1/' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_BIFROST_UNIVERSITY_PATH: 'IS-DEV/EDU/10057/Bifrost-Protected/brautskraning-v1' - XROAD_CHARGE_FJS_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/chargeFJS_v2' - XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS-DEV/GOV/10019/Domstolasyslan/JusticePortal-v1' - XROAD_CRIMINAL_RECORD_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Sakavottord-PDF-v2' - XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Okuritar-V1' - XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS-DEV/GOV/10011/UTL-Protected/Utl-Umsokn-v1' - XROAD_DRIVING_LICENSE_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v1' - XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v2' - XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v4' - XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v5' - XROAD_ENERGY_FUNDS_PATH: 'IS-DEV/GOV/10021/FJS-Public/ElectricCarSubSidyService_v1' - XROAD_FINANCES_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeIsland' - XROAD_FINANCES_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeServicesFJS_v2' - XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS-DEV/MUN/10023/samband-sveitarfelaga/financial-aid-backend' - XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/organ-donation-v1' - XROAD_HEALTH_DIRECTORATE_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/landlaeknir' - XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS-DEV/GOV/10015/EmbaettiLandlaeknis-Protected/vaccination-v1' - XROAD_HEALTH_INSURANCE_ID: 'IS-DEV/GOV/10007/SJUKRA-Protected' - XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-DEV/GOV/10007/SJUKRA-Protected/minarsidur' - XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' - XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/husbot-v1' - XROAD_HMS_LOANS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/libra-v1' - XROAD_HOLAR_UNIVERSITY_PATH: 'IS-DEV/EDU/10055/Holar-Protected/brautskraning-v1' - XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-DEV/EDU/10049/LHI-Protected/brautskraning-v1' - XROAD_INNA_PATH: 'IS-DEV/GOV/10066/MMS-Protected/inna-v1' - XROAD_MMS_FRIGG_PATH: 'IS-DEV/GOV/10066/MMS-Protected/frigg-form-service' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' - XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS-DEV/GOV/10014/DMR-Protected/official-journal-application' - XROAD_OFFICIAL_JOURNAL_PATH: 'IS-DEV/GOV/10014/DMR-Protected/official-journal' - XROAD_PASSPORT_LICENSE_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Forskraning-V1' - XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' - XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS-DEV/GOV/10000/island-is/application-callback-v2/application-payment/' - XROAD_PAYMENT_PROVIDER_ID: 'IS-DEV/GOV/10021/FJS-Public' - XROAD_PAYMENT_SCHEDULE_PATH: 'IS-DEV/GOV/10021/FJS-Public/paymentSchedule_v1' - XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS-DEV/GOV/10033/HMS-Protected/Fasteignir-v1' - XROAD_SIGNATURE_COLLECTION_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Medmaeli-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '10001' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_TR_PATH: 'IS-DEV/GOV/10008/TR-Protected/external-v1' - XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-DEV/EDU/10054/UNAK-Protected/brautskraning-v1' - XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10010/HI-Protected/brautskraning-v1' - XROAD_VEHICLES_MILEAGE_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Mileagereading-V1' - XROAD_VEHICLES_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Mitt-Svaedi-V1' - XROAD_VEHICLE_CODETABLES_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Codetables-V1' - XROAD_VEHICLE_INFOLOCKS_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Infolocks-V1' - XROAD_VEHICLE_OPERATORS_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Operators-V3' - XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Ownerchange-V2' - XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' - XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' - XROAD_VEHICLE_PRINTING_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Vehicle-Printing-V1' - XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS-DEV/GOV/10021/FJS-Public/VehicleServiceFJS_v1' - XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' - XROAD_VMST_MEMBER_CODE: '10003' - XROAD_WORK_ACCIDENT_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/slysaskraning-token' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/vinnuvelar-token' - files: - - 'islyklar.p12' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 60 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'application-payment-callback-xrd.internal.dev01.devland.is' - paths: - - '/application-payment' - - '/applications' - - host: 'application-callback-xrd.internal.dev01.devland.is' - paths: - - '/application-payment' - - '/applications' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'application_system_api' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'application_system_api' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/application-system-api/DB_PASSWORD' - namespace: 'application-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 60 - min: 2 - resources: - limits: - cpu: '400m' - memory: '1024Mi' - requests: - cpu: '75m' - memory: '512Mi' secrets: - ALTHINGI_OMBUDSMAN_XROAD_PASSWORD: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_PASSWORD' - ALTHINGI_OMBUDSMAN_XROAD_USERNAME: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_USERNAME' - ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' - AUTH_JWT_SECRET: '/k8s/application-system/api/AUTH_JWT_SECRET' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' - DATA_PROTECTION_COMPLAINT_API_PASSWORD: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_PASSWORD' - DATA_PROTECTION_COMPLAINT_API_USERNAME: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_USERNAME' DB_PASS: '/k8s/application-system-api/DB_PASSWORD' - DOCUMENT_PROVIDER_ONBOARDING_REVIEWER: '/k8s/application-system/api/DOCUMENT_PROVIDER_ONBOARDING_REVIEWER' - DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' - DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' - DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' - DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' - DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' - DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' - DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' - EMAIL_FROM: '/k8s/application-system/api/EMAIL_FROM' - EMAIL_FROM_NAME: '/k8s/application-system/api/EMAIL_FROM_NAME' - EMAIL_REPLY_TO: '/k8s/application-system/api/EMAIL_REPLY_TO' - EMAIL_REPLY_TO_NAME: '/k8s/application-system/api/EMAIL_REPLY_TO_NAME' - FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' - FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' - ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' - ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - NOVA_PASSWORD: '/k8s/application-system/api/NOVA_PASSWORD' - NOVA_URL: '/k8s/application-system-api/NOVA_URL' - SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' - SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' - VMST_ID: '/k8s/application-system/VMST_ID' - XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' - XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' - XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' - XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' - XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' - XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' - XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' - XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/application-system-api' - create: true - name: 'application-system-api' +namespace: 'application-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 60 + min: 2 +resources: + limits: + cpu: '400m' + memory: '1024Mi' + requests: + cpu: '75m' + memory: '512Mi' +secrets: + ALTHINGI_OMBUDSMAN_XROAD_PASSWORD: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_PASSWORD' + ALTHINGI_OMBUDSMAN_XROAD_USERNAME: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_USERNAME' + ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' + AUTH_JWT_SECRET: '/k8s/application-system/api/AUTH_JWT_SECRET' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' + DATA_PROTECTION_COMPLAINT_API_PASSWORD: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_PASSWORD' + DATA_PROTECTION_COMPLAINT_API_USERNAME: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_USERNAME' + DB_PASS: '/k8s/application-system-api/DB_PASSWORD' + DOCUMENT_PROVIDER_ONBOARDING_REVIEWER: '/k8s/application-system/api/DOCUMENT_PROVIDER_ONBOARDING_REVIEWER' + DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' + DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' + DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' + DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' + DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' + DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' + DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' + EMAIL_FROM: '/k8s/application-system/api/EMAIL_FROM' + EMAIL_FROM_NAME: '/k8s/application-system/api/EMAIL_FROM_NAME' + EMAIL_REPLY_TO: '/k8s/application-system/api/EMAIL_REPLY_TO' + EMAIL_REPLY_TO_NAME: '/k8s/application-system/api/EMAIL_REPLY_TO_NAME' + FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' + FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' + ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' + ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + NOVA_PASSWORD: '/k8s/application-system/api/NOVA_PASSWORD' + NOVA_URL: '/k8s/application-system-api/NOVA_URL' + SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' + SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' + VMST_ID: '/k8s/application-system/VMST_ID' + XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' + XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' + XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' + XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' + XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' + XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' + XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' + XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/application-system-api' + create: true + name: 'application-system-api' diff --git a/charts/services/application-system-api/values.prod.yaml b/charts/services/application-system-api/values.prod.yaml index 62a265292785..d38991ed8318 100644 --- a/charts/services/application-system-api/values.prod.yaml +++ b/charts/services/application-system-api/values.prod.yaml @@ -5,254 +5,264 @@ # ##################################################################### -service: - name: 'application-system-api' - args: - - 'main.js' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'application-system-api' +args: + - 'main.js' +command: + - 'node' +enabled: true +env: + APPLICATION_ATTACHMENT_BUCKET: 'island-is-prod-storage-application-system' + AUTH_PUBLIC_API_URL: 'https://innskra.island.is/api' + CLIENT_LOCATION_ORIGIN: 'https://island.is/umsoknir' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' + CONTENTFUL_HOST: 'cdn.contentful.com' + DATA_PROTECTION_COMPLAINT_XROAD_PROVIDER_ID: 'IS/GOV/5608002820/gopro/kvortun-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'application_system_api' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'application_system_api' + EHIC_XROAD_PROVIDER_ID: 'IS/GOV/4804080550/SJUKRA-Protected/ehic' + EMAIL_REGION: 'eu-west-1' + ENDORSEMENTS_API_BASE_PATH: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' + FILE_SERVICE_PRESIGN_BUCKET: 'island-is-prod-fs-presign-bucket' + FILE_STORAGE_UPLOAD_BUCKET: 'island-is-prod-upload-api' + FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://star-re.crm4.dynamics.com/api/data/v9.1' + FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' + FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://star-re.crm4.dynamics.com/.default' + FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' + FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS/GOV/6608922069/Fiskistofa-Protected/veidileyfi-v1' + FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'island@island.is' + FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_NAME: 'Stafrænt Ísland' + GRAPHQL_API_URL: 'http://web-api.islandis.svc.cluster.local' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + INSTITUTION_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'island@island.is' + INSTITUTION_APPLICATION_RECIPIENT_NAME: 'Stafrænt Ísland' + ISLYKILL_CERT: '/etc/config/islyklar.p12' + LOGIN_SERVICE_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'island@island.is' + LOGIN_SERVICE_APPLICATION_RECIPIENT_NAME: 'Stafrænt Ísland' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'false' + NOVA_USERNAME: 'IslandIs_User_Production' + RECYCLING_FUND_GQL_BASE_PATH: 'http://web-skilavottord-ws.skilavottord.svc.cluster.local/app/skilavottord/api/graphql' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' + SERVICE_USER_PROFILE_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' + USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' + WORKPOINT_ARBORG_SERVICE_PATH: 'IS/MUN/10036/Arborg-Protected/tengill-application-v1' + XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/4112043590/LBHI-Protected/brautskraning-v1' + XROAD_ALTHINGI_OMBUDSMAN_SERVICE_PATH: 'IS/GOV/5605882089/UA-Protected/kvortun-v1' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_BIFROST_UNIVERSITY_PATH: 'IS/EDU/5502690239/Bifrost-Protected/brautskraning-v1' + XROAD_CHARGE_FJS_V2_PATH: 'IS/GOV/5402697509/FJS-Public/chargeFJS_v2' + XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS/GOV/4707171140/Domstolasyslan/JusticePortal-v1' + XROAD_CRIMINAL_RECORD_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Sakaskra-v1' + XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Okuritar-V1' + XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS/GOV/6702696399/UTL-Protected/Utl-Umsokn-v1' + XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' + XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' + XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' + XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' + XROAD_ENERGY_FUNDS_PATH: 'IS/GOV/5402697509/FJS-Public/ElectricCarSubSidyService_v1' + XROAD_FINANCES_PATH: 'IS/GOV/5402697509/FJS-Public/financeIsland' + XROAD_FINANCES_V2_PATH: 'IS/GOV/5402697509/FJS-Public/financeServicesFJS_v2' + XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS/MUN/5502694739/samband-sveitarfelaga/financial-aid-backend' + XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/organ-donation-v1' + XROAD_HEALTH_DIRECTORATE_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/landlaeknir' + XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/vaccination-v1' + XROAD_HEALTH_INSURANCE_ID: 'IS/GOV/4804080550/SJUKRA-Protected' + XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS/GOV/4804080550/SJUKRA-Protected/minarsidur' + XROAD_HEALTH_INSURANCE_WSDLURL: 'https://huld.sjukra.is/islandrg?wsdl' + XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/husbot-v1' + XROAD_HMS_LOANS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/libra-v1' + XROAD_HOLAR_UNIVERSITY_PATH: 'IS/EDU/5001694359/Holar-Protected/brautskraning-v1' + XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS/EDU/4210984099/LHI-Protected/brautskraning-v1' + XROAD_INNA_PATH: 'IS/GOV/6601241280/MMS-Protected/inna-v1' + XROAD_MMS_FRIGG_PATH: 'IS/GOV/10066/MMS-Protected/frigg-form-service' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS/GOV/10014/DMR-Protected/official-journal-application' + XROAD_OFFICIAL_JOURNAL_PATH: 'IS/GOV/10014/DMR-Protected/official-journal' + XROAD_PASSPORT_LICENSE_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Forskraning-V1' + XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' + XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS/GOV/5501692829/island-is/application-callback-v2/application-payment/' + XROAD_PAYMENT_PROVIDER_ID: 'IS/GOV/5402697509/FJS-Public' + XROAD_PAYMENT_SCHEDULE_PATH: 'IS/GOV/5402697509/FJS-Public/paymentSchedule_v1' + XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/Fasteignir-v1' + XROAD_SIGNATURE_COLLECTION_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Medmaeli-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + XROAD_TR_PATH: 'IS/GOV/5012130120/TR-Protected/external-v1' + XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS/EDU/5206871229/UNAK-Protected/brautskraning-v1' + XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/6001692039/HI-Protected/brautskraning-v1' + XROAD_VEHICLES_MILEAGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Mileagereading-V1' + XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' + XROAD_VEHICLE_CODETABLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Codetables-V1' + XROAD_VEHICLE_INFOLOCKS_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Infolocks-V1' + XROAD_VEHICLE_OPERATORS_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Operators-V3' + XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Ownerchange-V2' + XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' + XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' + XROAD_VEHICLE_PRINTING_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Printing-V1' + XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS/GOV/5402697509/FJS-Public/VehicleServiceFJS_v1' + XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' + XROAD_VMST_MEMBER_CODE: '7005942039' + XROAD_WORK_ACCIDENT_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/slysaskraning-token' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' +files: + - 'islyklar.p12' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 60 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'application-payment-callback-xrd.internal.island.is' + paths: + - '/application-payment' + - '/applications' + - host: 'application-callback-xrd.internal.island.is' + paths: + - '/application-payment' + - '/applications' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - APPLICATION_ATTACHMENT_BUCKET: 'island-is-prod-storage-application-system' - AUTH_PUBLIC_API_URL: 'https://innskra.island.is/api' - CLIENT_LOCATION_ORIGIN: 'https://island.is/umsoknir' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' - CONTENTFUL_HOST: 'cdn.contentful.com' - DATA_PROTECTION_COMPLAINT_XROAD_PROVIDER_ID: 'IS/GOV/5608002820/gopro/kvortun-v1' DB_HOST: 'postgres-applications.internal' DB_NAME: 'application_system_api' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'application_system_api' - EHIC_XROAD_PROVIDER_ID: 'IS/GOV/4804080550/SJUKRA-Protected/ehic' - EMAIL_REGION: 'eu-west-1' - ENDORSEMENTS_API_BASE_PATH: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' - FILE_SERVICE_PRESIGN_BUCKET: 'island-is-prod-fs-presign-bucket' - FILE_STORAGE_UPLOAD_BUCKET: 'island-is-prod-upload-api' - FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://star-re.crm4.dynamics.com/api/data/v9.1' - FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' - FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://star-re.crm4.dynamics.com/.default' - FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' - FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS/GOV/6608922069/Fiskistofa-Protected/veidileyfi-v1' - FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'island@island.is' - FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_NAME: 'Stafrænt Ísland' - GRAPHQL_API_URL: 'http://web-api.islandis.svc.cluster.local' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - INSTITUTION_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'island@island.is' - INSTITUTION_APPLICATION_RECIPIENT_NAME: 'Stafrænt Ísland' - ISLYKILL_CERT: '/etc/config/islyklar.p12' - LOGIN_SERVICE_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'island@island.is' - LOGIN_SERVICE_APPLICATION_RECIPIENT_NAME: 'Stafrænt Ísland' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'false' - NOVA_USERNAME: 'IslandIs_User_Production' - RECYCLING_FUND_GQL_BASE_PATH: 'http://web-skilavottord-ws.skilavottord.svc.cluster.local/app/skilavottord/api/graphql' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' - SERVICE_USER_PROFILE_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' - USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' - WORKPOINT_ARBORG_SERVICE_PATH: 'IS/MUN/10036/Arborg-Protected/tengill-application-v1' - XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/4112043590/LBHI-Protected/brautskraning-v1' - XROAD_ALTHINGI_OMBUDSMAN_SERVICE_PATH: 'IS/GOV/5605882089/UA-Protected/kvortun-v1' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_BIFROST_UNIVERSITY_PATH: 'IS/EDU/5502690239/Bifrost-Protected/brautskraning-v1' - XROAD_CHARGE_FJS_V2_PATH: 'IS/GOV/5402697509/FJS-Public/chargeFJS_v2' - XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS/GOV/4707171140/Domstolasyslan/JusticePortal-v1' - XROAD_CRIMINAL_RECORD_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Sakaskra-v1' - XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Okuritar-V1' - XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS/GOV/6702696399/UTL-Protected/Utl-Umsokn-v1' - XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' - XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' - XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' - XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' - XROAD_ENERGY_FUNDS_PATH: 'IS/GOV/5402697509/FJS-Public/ElectricCarSubSidyService_v1' - XROAD_FINANCES_PATH: 'IS/GOV/5402697509/FJS-Public/financeIsland' - XROAD_FINANCES_V2_PATH: 'IS/GOV/5402697509/FJS-Public/financeServicesFJS_v2' - XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS/MUN/5502694739/samband-sveitarfelaga/financial-aid-backend' - XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/organ-donation-v1' - XROAD_HEALTH_DIRECTORATE_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/landlaeknir' - XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS/GOV/7101695009/EmbaettiLandlaeknis-Protected/vaccination-v1' - XROAD_HEALTH_INSURANCE_ID: 'IS/GOV/4804080550/SJUKRA-Protected' - XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS/GOV/4804080550/SJUKRA-Protected/minarsidur' - XROAD_HEALTH_INSURANCE_WSDLURL: 'https://huld.sjukra.is/islandrg?wsdl' - XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/husbot-v1' - XROAD_HMS_LOANS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/libra-v1' - XROAD_HOLAR_UNIVERSITY_PATH: 'IS/EDU/5001694359/Holar-Protected/brautskraning-v1' - XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS/EDU/4210984099/LHI-Protected/brautskraning-v1' - XROAD_INNA_PATH: 'IS/GOV/6601241280/MMS-Protected/inna-v1' - XROAD_MMS_FRIGG_PATH: 'IS/GOV/10066/MMS-Protected/frigg-form-service' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS/GOV/10014/DMR-Protected/official-journal-application' - XROAD_OFFICIAL_JOURNAL_PATH: 'IS/GOV/10014/DMR-Protected/official-journal' - XROAD_PASSPORT_LICENSE_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Forskraning-V1' - XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' - XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:/IS/GOV/5501692829/island-is/application-callback-v2/application-payment/' - XROAD_PAYMENT_PROVIDER_ID: 'IS/GOV/5402697509/FJS-Public' - XROAD_PAYMENT_SCHEDULE_PATH: 'IS/GOV/5402697509/FJS-Public/paymentSchedule_v1' - XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/Fasteignir-v1' - XROAD_SIGNATURE_COLLECTION_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Medmaeli-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - XROAD_TR_PATH: 'IS/GOV/5012130120/TR-Protected/external-v1' - XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS/EDU/5206871229/UNAK-Protected/brautskraning-v1' - XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/6001692039/HI-Protected/brautskraning-v1' - XROAD_VEHICLES_MILEAGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Mileagereading-V1' - XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' - XROAD_VEHICLE_CODETABLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Codetables-V1' - XROAD_VEHICLE_INFOLOCKS_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Infolocks-V1' - XROAD_VEHICLE_OPERATORS_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Operators-V3' - XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Ownerchange-V2' - XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' - XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' - XROAD_VEHICLE_PRINTING_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Printing-V1' - XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS/GOV/5402697509/FJS-Public/VehicleServiceFJS_v1' - XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' - XROAD_VMST_MEMBER_CODE: '7005942039' - XROAD_WORK_ACCIDENT_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/slysaskraning-token' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' - files: - - 'islyklar.p12' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 60 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'application-payment-callback-xrd.internal.island.is' - paths: - - '/application-payment' - - '/applications' - - host: 'application-callback-xrd.internal.island.is' - paths: - - '/application-payment' - - '/applications' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'application_system_api' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'application_system_api' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/application-system-api/DB_PASSWORD' - namespace: 'application-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 60 - min: 2 - resources: - limits: - cpu: '400m' - memory: '1024Mi' - requests: - cpu: '75m' - memory: '512Mi' secrets: - ALTHINGI_OMBUDSMAN_XROAD_PASSWORD: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_PASSWORD' - ALTHINGI_OMBUDSMAN_XROAD_USERNAME: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_USERNAME' - ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' - AUTH_JWT_SECRET: '/k8s/application-system/api/AUTH_JWT_SECRET' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' - DATA_PROTECTION_COMPLAINT_API_PASSWORD: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_PASSWORD' - DATA_PROTECTION_COMPLAINT_API_USERNAME: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_USERNAME' DB_PASS: '/k8s/application-system-api/DB_PASSWORD' - DOCUMENT_PROVIDER_ONBOARDING_REVIEWER: '/k8s/application-system/api/DOCUMENT_PROVIDER_ONBOARDING_REVIEWER' - DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' - DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' - DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' - DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' - DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' - DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' - DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' - EMAIL_FROM: '/k8s/application-system/api/EMAIL_FROM' - EMAIL_FROM_NAME: '/k8s/application-system/api/EMAIL_FROM_NAME' - EMAIL_REPLY_TO: '/k8s/application-system/api/EMAIL_REPLY_TO' - EMAIL_REPLY_TO_NAME: '/k8s/application-system/api/EMAIL_REPLY_TO_NAME' - FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' - FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' - ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' - ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - NOVA_PASSWORD: '/k8s/application-system/api/NOVA_PASSWORD' - NOVA_URL: '/k8s/application-system-api/NOVA_URL' - SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' - SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' - VMST_ID: '/k8s/application-system/VMST_ID' - XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' - XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' - XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' - XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' - XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' - XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' - XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' - XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/application-system-api' - create: true - name: 'application-system-api' +namespace: 'application-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 60 + min: 2 +resources: + limits: + cpu: '400m' + memory: '1024Mi' + requests: + cpu: '75m' + memory: '512Mi' +secrets: + ALTHINGI_OMBUDSMAN_XROAD_PASSWORD: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_PASSWORD' + ALTHINGI_OMBUDSMAN_XROAD_USERNAME: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_USERNAME' + ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' + AUTH_JWT_SECRET: '/k8s/application-system/api/AUTH_JWT_SECRET' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' + DATA_PROTECTION_COMPLAINT_API_PASSWORD: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_PASSWORD' + DATA_PROTECTION_COMPLAINT_API_USERNAME: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_USERNAME' + DB_PASS: '/k8s/application-system-api/DB_PASSWORD' + DOCUMENT_PROVIDER_ONBOARDING_REVIEWER: '/k8s/application-system/api/DOCUMENT_PROVIDER_ONBOARDING_REVIEWER' + DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' + DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' + DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' + DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' + DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' + DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' + DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' + EMAIL_FROM: '/k8s/application-system/api/EMAIL_FROM' + EMAIL_FROM_NAME: '/k8s/application-system/api/EMAIL_FROM_NAME' + EMAIL_REPLY_TO: '/k8s/application-system/api/EMAIL_REPLY_TO' + EMAIL_REPLY_TO_NAME: '/k8s/application-system/api/EMAIL_REPLY_TO_NAME' + FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' + FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' + ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' + ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + NOVA_PASSWORD: '/k8s/application-system/api/NOVA_PASSWORD' + NOVA_URL: '/k8s/application-system-api/NOVA_URL' + SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' + SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' + VMST_ID: '/k8s/application-system/VMST_ID' + XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' + XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' + XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' + XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' + XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' + XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' + XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' + XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/application-system-api' + create: true + name: 'application-system-api' diff --git a/charts/services/application-system-api/values.staging.yaml b/charts/services/application-system-api/values.staging.yaml index 47128a9278b4..c1b6c19b7099 100644 --- a/charts/services/application-system-api/values.staging.yaml +++ b/charts/services/application-system-api/values.staging.yaml @@ -5,254 +5,264 @@ # ##################################################################### -service: - name: 'application-system-api' - args: - - 'main.js' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'application-system-api' +args: + - 'main.js' +command: + - 'node' +enabled: true +env: + APPLICATION_ATTACHMENT_BUCKET: 'island-is-staging-storage-application-system' + AUTH_PUBLIC_API_URL: 'https://identity-server.staging01.devland.is/api' + CLIENT_LOCATION_ORIGIN: 'https://beta.staging01.devland.is/umsoknir' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' + CONTENTFUL_HOST: 'cdn.contentful.com' + DATA_PROTECTION_COMPLAINT_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5608002820/gopro/kvortun-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'application_system_api' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'application_system_api' + EHIC_XROAD_PROVIDER_ID: 'IS-TEST/GOV/4804080550/SJUKRA-Protected/ehic' + EMAIL_REGION: 'eu-west-1' + ENDORSEMENTS_API_BASE_PATH: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' + FILE_SERVICE_PRESIGN_BUCKET: 'island-is-staging-fs-presign-bucket' + FILE_STORAGE_UPLOAD_BUCKET: 'island-is-staging-upload-api' + FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://dev-re.crm4.dynamics.com/api/data/v9.1' + FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' + FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://dev-re.crm4.dynamics.com/.default' + FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' + FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS-TEST/GOV/6608922069/Fiskistofa-Protected/veidileyfi-v1' + FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' + FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' + GRAPHQL_API_URL: 'http://web-api.islandis.svc.cluster.local' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + INSTITUTION_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' + INSTITUTION_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' + ISLYKILL_CERT: '/etc/config/islyklar.p12' + LOGIN_SERVICE_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' + LOGIN_SERVICE_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'false' + NOVA_USERNAME: 'IslandIs_User_Development' + RECYCLING_FUND_GQL_BASE_PATH: 'http://web-skilavottord-ws.skilavottord.svc.cluster.local/app/skilavottord/api/graphql' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' + SERVICE_USER_PROFILE_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' + USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' + WORKPOINT_ARBORG_SERVICE_PATH: 'IS-TEST/MUN/10036/Arborg-Protected/tengill-application-v1' + XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10056/LBHI-Protected/brautskraning-v1' + XROAD_ALTHINGI_OMBUDSMAN_SERVICE_PATH: 'IS-TEST/GOV/10047/UA-Protected/kvortun-v1/' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_BIFROST_UNIVERSITY_PATH: 'IS-TEST/EDU/10057/Bifrost-Protected/brautskraning-v1' + XROAD_CHARGE_FJS_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/chargeFJS_v2' + XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS-TEST/GOV/10019/Domstolasyslan/JusticePortal-v1' + XROAD_CRIMINAL_RECORD_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Sakaskra-v1' + XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Okuritar-V1' + XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS-TEST/GOV/10011/UTL-Protected/Utl-Umsokn-v1' + XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v1' + XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v2' + XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' + XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' + XROAD_ENERGY_FUNDS_PATH: 'IS-TEST/GOV/10021/FJS-Public/ElectricCarSubSidyService_v1' + XROAD_FINANCES_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeIsland' + XROAD_FINANCES_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeServicesFJS_v2' + XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS-TEST/MUN/5502694739/samband-sveitarfelaga/financial-aid-backend' + XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/organ-donation-v1' + XROAD_HEALTH_DIRECTORATE_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/landlaeknir' + XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/vaccination-v1' + XROAD_HEALTH_INSURANCE_ID: 'IS-TEST/GOV/4804080550/SJUKRA-Protected' + XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-TEST/GOV/4804080550/SJUKRA-Protected/minarsidur' + XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' + XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/husbot-v1' + XROAD_HMS_LOANS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/libra-v1' + XROAD_HOLAR_UNIVERSITY_PATH: 'IS-TEST/EDU/10055/Holar-Protected/brautskraning-v1' + XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-TEST/EDU/10049/LHI-Protected/brautskraning-v1' + XROAD_INNA_PATH: 'IS-TEST/GOV/6601241280/MMS-Protected/inna-v1' + XROAD_MMS_FRIGG_PATH: 'IS-TEST/GOV/10066/MMS-Protected/frigg-form-service' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS-TEST/GOV/10014/DMR-Protected/official-journal-application' + XROAD_OFFICIAL_JOURNAL_PATH: 'IS-TEST/GOV/10014/DMR-Protected/official-journal' + XROAD_PASSPORT_LICENSE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Forskraning-V1' + XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' + XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:' + XROAD_PAYMENT_PROVIDER_ID: 'IS-TEST/GOV/10021/FJS-DEV-Public' + XROAD_PAYMENT_SCHEDULE_PATH: 'IS-TEST/GOV/10021/FJS-Public/paymentSchedule_v1' + XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/Fasteignir-v1' + XROAD_SIGNATURE_COLLECTION_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Medmaeli-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_TR_PATH: 'IS-TEST/GOV/5012130120/TR-Protected/external-v1' + XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-TEST/EDU/10054/UNAK-Protected/brautskraning-v1' + XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10010/HI-Protected/brautskraning-v1' + XROAD_VEHICLES_MILEAGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Mileagereading-V1' + XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' + XROAD_VEHICLE_CODETABLES_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Codetables-V1' + XROAD_VEHICLE_INFOLOCKS_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Infolocks-V1' + XROAD_VEHICLE_OPERATORS_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Operators-V3' + XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Ownerchange-V2' + XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' + XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' + XROAD_VEHICLE_PRINTING_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Printing-V1' + XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS-TEST/GOV/10021/FJS-Public/VehicleServiceFJS_v1' + XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' + XROAD_VMST_MEMBER_CODE: '7005942039' + XROAD_WORK_ACCIDENT_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/slysaskraning-token' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' +files: + - 'islyklar.p12' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 60 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'application-payment-callback-xrd.internal.staging01.devland.is' + paths: + - '/application-payment' + - '/applications' + - host: 'application-callback-xrd.internal.staging01.devland.is' + paths: + - '/application-payment' + - '/applications' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - APPLICATION_ATTACHMENT_BUCKET: 'island-is-staging-storage-application-system' - AUTH_PUBLIC_API_URL: 'https://identity-server.staging01.devland.is/api' - CLIENT_LOCATION_ORIGIN: 'https://beta.staging01.devland.is/umsoknir' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' - CONTENTFUL_HOST: 'cdn.contentful.com' - DATA_PROTECTION_COMPLAINT_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5608002820/gopro/kvortun-v1' DB_HOST: 'postgres-applications.internal' DB_NAME: 'application_system_api' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'application_system_api' - EHIC_XROAD_PROVIDER_ID: 'IS-TEST/GOV/4804080550/SJUKRA-Protected/ehic' - EMAIL_REGION: 'eu-west-1' - ENDORSEMENTS_API_BASE_PATH: 'http://web-endorsement-system-api.endorsement-system.svc.cluster.local' - FILE_SERVICE_PRESIGN_BUCKET: 'island-is-staging-fs-presign-bucket' - FILE_STORAGE_UPLOAD_BUCKET: 'island-is-staging-upload-api' - FINANCIAL_STATEMENTS_INAO_BASE_PATH: 'https://dev-re.crm4.dynamics.com/api/data/v9.1' - FINANCIAL_STATEMENTS_INAO_ISSUER: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/v2.0' - FINANCIAL_STATEMENTS_INAO_SCOPE: 'https://dev-re.crm4.dynamics.com/.default' - FINANCIAL_STATEMENTS_INAO_TOKEN_ENDPOINT: 'https://login.microsoftonline.com/05a20268-aaea-4bb5-bb78-960b0462185e/oauth2/v2.0/token' - FISHING_LICENSE_XROAD_PROVIDER_ID: 'IS-TEST/GOV/6608922069/Fiskistofa-Protected/veidileyfi-v1' - FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' - FUNDING_GOVERNMENT_PROJECTS_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' - GRAPHQL_API_URL: 'http://web-api.islandis.svc.cluster.local' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/application-system' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - INSTITUTION_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' - INSTITUTION_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' - ISLYKILL_CERT: '/etc/config/islyklar.p12' - LOGIN_SERVICE_APPLICATION_RECIPIENT_EMAIL_ADDRESS: 'gunnar.ingi@fjr.is' - LOGIN_SERVICE_APPLICATION_RECIPIENT_NAME: 'Gunnar Ingi' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'false' - NOVA_USERNAME: 'IslandIs_User_Development' - RECYCLING_FUND_GQL_BASE_PATH: 'http://web-skilavottord-ws.skilavottord.svc.cluster.local/app/skilavottord/api/graphql' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' SERVERSIDE_FEATURES_ON: '' - SERVICE_DOCUMENTS_BASEPATH: 'http://web-services-documents.services-documents.svc.cluster.local' - SERVICE_USER_PROFILE_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - UNIVERSITY_GATEWAY_API_URL: 'http://web-services-university-gateway.services-university-gateway.svc.cluster.local' - USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' - WORKPOINT_ARBORG_SERVICE_PATH: 'IS-TEST/MUN/10036/Arborg-Protected/tengill-application-v1' - XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10056/LBHI-Protected/brautskraning-v1' - XROAD_ALTHINGI_OMBUDSMAN_SERVICE_PATH: 'IS-TEST/GOV/10047/UA-Protected/kvortun-v1/' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_BIFROST_UNIVERSITY_PATH: 'IS-TEST/EDU/10057/Bifrost-Protected/brautskraning-v1' - XROAD_CHARGE_FJS_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/chargeFJS_v2' - XROAD_CHARGE_FJS_V2_TIMEOUT: '20000' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_COURT_BANKRUPTCY_CERT_PATH: 'IS-TEST/GOV/10019/Domstolasyslan/JusticePortal-v1' - XROAD_CRIMINAL_RECORD_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Sakaskra-v1' - XROAD_DIGITAL_TACHOGRAPH_DRIVERS_CARD_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Okuritar-V1' - XROAD_DIRECTORATE_OF_IMMIGRATION_PATH: 'IS-TEST/GOV/10011/UTL-Protected/Utl-Umsokn-v1' - XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v1' - XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v2' - XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' - XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' - XROAD_ENERGY_FUNDS_PATH: 'IS-TEST/GOV/10021/FJS-Public/ElectricCarSubSidyService_v1' - XROAD_FINANCES_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeIsland' - XROAD_FINANCES_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeServicesFJS_v2' - XROAD_FINANCIAL_AID_BACKEND_PATH: 'IS-TEST/MUN/5502694739/samband-sveitarfelaga/financial-aid-backend' - XROAD_HEALTH_DIRECTORATE_ORGAN_DONATION_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/organ-donation-v1' - XROAD_HEALTH_DIRECTORATE_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/landlaeknir' - XROAD_HEALTH_DIRECTORATE_VACCINATION_PATH: 'IS-TEST/GOV/10015/EmbaettiLandlaeknis-Protected/vaccination-v1' - XROAD_HEALTH_INSURANCE_ID: 'IS-TEST/GOV/4804080550/SJUKRA-Protected' - XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-TEST/GOV/4804080550/SJUKRA-Protected/minarsidur' - XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' - XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/husbot-v1' - XROAD_HMS_LOANS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/libra-v1' - XROAD_HOLAR_UNIVERSITY_PATH: 'IS-TEST/EDU/10055/Holar-Protected/brautskraning-v1' - XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-TEST/EDU/10049/LHI-Protected/brautskraning-v1' - XROAD_INNA_PATH: 'IS-TEST/GOV/6601241280/MMS-Protected/inna-v1' - XROAD_MMS_FRIGG_PATH: 'IS-TEST/GOV/10066/MMS-Protected/frigg-form-service' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_OFFICIAL_JOURNAL_APPLICATION_PATH: 'IS-TEST/GOV/10014/DMR-Protected/official-journal-application' - XROAD_OFFICIAL_JOURNAL_PATH: 'IS-TEST/GOV/10014/DMR-Protected/official-journal' - XROAD_PASSPORT_LICENSE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Forskraning-V1' - XROAD_PAYMENT_ADDITION_CALLBACK_URL: '/' - XROAD_PAYMENT_BASE_CALLBACK_URL: 'XROAD:' - XROAD_PAYMENT_PROVIDER_ID: 'IS-TEST/GOV/10021/FJS-DEV-Public' - XROAD_PAYMENT_SCHEDULE_PATH: 'IS-TEST/GOV/10021/FJS-Public/paymentSchedule_v1' - XROAD_PROPERTIES_SERVICE_V2_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/Fasteignir-v1' - XROAD_SIGNATURE_COLLECTION_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Medmaeli-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_TR_PATH: 'IS-TEST/GOV/5012130120/TR-Protected/external-v1' - XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-TEST/EDU/10054/UNAK-Protected/brautskraning-v1' - XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10010/HI-Protected/brautskraning-v1' - XROAD_VEHICLES_MILEAGE_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Vehicle-Mileagereading-V1' - XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' - XROAD_VEHICLE_CODETABLES_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Codetables-V1' - XROAD_VEHICLE_INFOLOCKS_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Infolocks-V1' - XROAD_VEHICLE_OPERATORS_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Operators-V3' - XROAD_VEHICLE_OWNER_CHANGE_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Ownerchange-V2' - XROAD_VEHICLE_PLATE_ORDERING_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOrdering-V1' - XROAD_VEHICLE_PLATE_RENEWAL_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-PlateOwnership-V1' - XROAD_VEHICLE_PRINTING_PATH: 'IS-TEST/GOV/10017/Samgongustofa-Protected/Vehicle-Printing-V1' - XROAD_VEHICLE_SERVICE_FJS_V1_PATH: 'IS-TEST/GOV/10021/FJS-Public/VehicleServiceFJS_v1' - XROAD_VMST_API_PATH: '/VMST-ParentalLeave-Protected/ParentalLeaveApplication-v1' - XROAD_VMST_MEMBER_CODE: '7005942039' - XROAD_WORK_ACCIDENT_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/slysaskraning-token' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' - files: - - 'islyklar.p12' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 60 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'application-payment-callback-xrd.internal.staging01.devland.is' - paths: - - '/application-payment' - - '/applications' - - host: 'application-callback-xrd.internal.staging01.devland.is' - paths: - - '/application-payment' - - '/applications' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'application_system_api' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'application_system_api' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/application-system-api/DB_PASSWORD' - namespace: 'application-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 60 - min: 2 - resources: - limits: - cpu: '400m' - memory: '1024Mi' - requests: - cpu: '75m' - memory: '512Mi' secrets: - ALTHINGI_OMBUDSMAN_XROAD_PASSWORD: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_PASSWORD' - ALTHINGI_OMBUDSMAN_XROAD_USERNAME: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_USERNAME' - ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' - AUTH_JWT_SECRET: '/k8s/application-system/api/AUTH_JWT_SECRET' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' - DATA_PROTECTION_COMPLAINT_API_PASSWORD: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_PASSWORD' - DATA_PROTECTION_COMPLAINT_API_USERNAME: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_USERNAME' DB_PASS: '/k8s/application-system-api/DB_PASSWORD' - DOCUMENT_PROVIDER_ONBOARDING_REVIEWER: '/k8s/application-system/api/DOCUMENT_PROVIDER_ONBOARDING_REVIEWER' - DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' - DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' - DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' - DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' - DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' - DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' - DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' - EMAIL_FROM: '/k8s/application-system/api/EMAIL_FROM' - EMAIL_FROM_NAME: '/k8s/application-system/api/EMAIL_FROM_NAME' - EMAIL_REPLY_TO: '/k8s/application-system/api/EMAIL_REPLY_TO' - EMAIL_REPLY_TO_NAME: '/k8s/application-system/api/EMAIL_REPLY_TO_NAME' - FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' - FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' - ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' - ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - NOVA_PASSWORD: '/k8s/application-system/api/NOVA_PASSWORD' - NOVA_URL: '/k8s/application-system-api/NOVA_URL' - SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' - SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' - VMST_ID: '/k8s/application-system/VMST_ID' - XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' - XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' - XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' - XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' - XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' - XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' - XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' - XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/application-system-api' - create: true - name: 'application-system-api' +namespace: 'application-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 60 + min: 2 +resources: + limits: + cpu: '400m' + memory: '1024Mi' + requests: + cpu: '75m' + memory: '512Mi' +secrets: + ALTHINGI_OMBUDSMAN_XROAD_PASSWORD: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_PASSWORD' + ALTHINGI_OMBUDSMAN_XROAD_USERNAME: '/k8s/api/ALTHINGI_OMBUDSMAN_XROAD_USERNAME' + ARK_BASE_URL: '/k8s/application-system-api/ARK_BASE_URL' + AUTH_JWT_SECRET: '/k8s/application-system/api/AUTH_JWT_SECRET' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/api/CONTENTFUL_ACCESS_TOKEN' + DATA_PROTECTION_COMPLAINT_API_PASSWORD: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_PASSWORD' + DATA_PROTECTION_COMPLAINT_API_USERNAME: '/k8s/xroad/client/DATA_PROTECTION_COMPLAINT_API_USERNAME' + DB_PASS: '/k8s/application-system-api/DB_PASSWORD' + DOCUMENT_PROVIDER_ONBOARDING_REVIEWER: '/k8s/application-system/api/DOCUMENT_PROVIDER_ONBOARDING_REVIEWER' + DOKOBIT_ACCESS_TOKEN: '/k8s/application-system/api/DOKOBIT_ACCESS_TOKEN' + DOKOBIT_URL: '/k8s/application-system-api/DOKOBIT_URL' + DOMSYSLA_PASSWORD: '/k8s/application-system-api/DOMSYSLA_PASSWORD' + DOMSYSLA_USERNAME: '/k8s/application-system-api/DOMSYSLA_USERNAME' + DRIVING_LICENSE_BOOK_PASSWORD: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_PASSWORD' + DRIVING_LICENSE_BOOK_USERNAME: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_USERNAME' + DRIVING_LICENSE_BOOK_XROAD_PATH: '/k8s/application-system-api/DRIVING_LICENSE_BOOK_XROAD_PATH' + EMAIL_FROM: '/k8s/application-system/api/EMAIL_FROM' + EMAIL_FROM_NAME: '/k8s/application-system/api/EMAIL_FROM_NAME' + EMAIL_REPLY_TO: '/k8s/application-system/api/EMAIL_REPLY_TO' + EMAIL_REPLY_TO_NAME: '/k8s/application-system/api/EMAIL_REPLY_TO_NAME' + FINANCIAL_STATEMENTS_INAO_CLIENT_ID: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_ID' + FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET: '/k8s/api/FINANCIAL_STATEMENTS_INAO_CLIENT_SECRET' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/application-system/api/IDENTITY_SERVER_CLIENT_SECRET' + ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' + ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + NOVA_PASSWORD: '/k8s/application-system/api/NOVA_PASSWORD' + NOVA_URL: '/k8s/application-system-api/NOVA_URL' + SYSLUMENN_HOST: '/k8s/application-system-api/SYSLUMENN_HOST' + SYSLUMENN_PASSWORD: '/k8s/application-system/api/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/application-system/api/SYSLUMENN_USERNAME' + VMST_ID: '/k8s/application-system/VMST_ID' + XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' + XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' + XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' + XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' + XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' + XROAD_PAYMENT_PASSWORD: '/k8s/application-system-api/PAYMENT_PASSWORD' + XROAD_PAYMENT_USER: '/k8s/application-system-api/PAYMENT_USER' + XROAD_PROPERTIES_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + XROAD_VMST_API_KEY: '/k8s/vmst-client/VMST_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/application-system-api' + create: true + name: 'application-system-api' diff --git a/charts/services/application-system-form/values.dev.yaml b/charts/services/application-system-form/values.dev.yaml index c6b386d221ed..b95ee8c8a5b2 100644 --- a/charts/services/application-system-form/values.dev.yaml +++ b/charts/services/application-system-form/values.dev.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'application-system-form' - enabled: true +global: env: - BASEPATH: '/umsoknir' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230' - SERVERSIDE_FEATURES_ON: '' - SI_PUBLIC_ENVIRONMENT: 'dev' - SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - grantNamespaces: - - 'nginx-ingress-internal' - - 'nginx-ingress-external' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-form' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.dev01.devland.is' - paths: - - '/umsoknir' - namespace: 'application-system' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '10m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'application-system-form' +enabled: true +env: + BASEPATH: '/umsoknir' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230' + SERVERSIDE_FEATURES_ON: '' + SI_PUBLIC_ENVIRONMENT: 'dev' + SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' +grantNamespaces: + - 'nginx-ingress-internal' + - 'nginx-ingress-external' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-form' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.dev01.devland.is' + paths: + - '/umsoknir' +namespace: 'application-system' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '10m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/application-system-form/values.prod.yaml b/charts/services/application-system-form/values.prod.yaml index 1d7a33c722ca..c51d0191fb64 100644 --- a/charts/services/application-system-form/values.prod.yaml +++ b/charts/services/application-system-form/values.prod.yaml @@ -5,74 +5,84 @@ # ##################################################################### -service: - name: 'application-system-form' - enabled: true +global: env: - BASEPATH: '/umsoknir' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SI_PUBLIC_ENVIRONMENT: 'prod' - SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - grantNamespaces: - - 'nginx-ingress-internal' - - 'nginx-ingress-external' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-form' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'island.is' - paths: - - '/umsoknir' - - host: 'www.island.is' - paths: - - '/umsoknir' - namespace: 'application-system' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '10m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'application-system-form' +enabled: true +env: + BASEPATH: '/umsoknir' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SI_PUBLIC_ENVIRONMENT: 'prod' + SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' +grantNamespaces: + - 'nginx-ingress-internal' + - 'nginx-ingress-external' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-form' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'island.is' + paths: + - '/umsoknir' + - host: 'www.island.is' + paths: + - '/umsoknir' +namespace: 'application-system' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '10m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/application-system-form/values.staging.yaml b/charts/services/application-system-form/values.staging.yaml index 973a40c31acd..2d99f2954335 100644 --- a/charts/services/application-system-form/values.staging.yaml +++ b/charts/services/application-system-form/values.staging.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'application-system-form' - enabled: true +global: env: - BASEPATH: '/umsoknir' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230' - SERVERSIDE_FEATURES_ON: '' - SI_PUBLIC_ENVIRONMENT: 'staging' - SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - grantNamespaces: - - 'nginx-ingress-internal' - - 'nginx-ingress-external' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-form' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.staging01.devland.is' - paths: - - '/umsoknir' - namespace: 'application-system' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '10m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'application-system-form' +enabled: true +env: + BASEPATH: '/umsoknir' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230' + SERVERSIDE_FEATURES_ON: '' + SI_PUBLIC_ENVIRONMENT: 'staging' + SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' +grantNamespaces: + - 'nginx-ingress-internal' + - 'nginx-ingress-external' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/application-system-form' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.staging01.devland.is' + paths: + - '/umsoknir' +namespace: 'application-system' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '10m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/auth-admin-web/values.dev.yaml b/charts/services/auth-admin-web/values.dev.yaml index 51bb8799bbd4..5c3eb4b36803 100644 --- a/charts/services/auth-admin-web/values.dev.yaml +++ b/charts/services/auth-admin-web/values.dev.yaml @@ -5,73 +5,83 @@ # ##################################################################### -service: - name: 'auth-admin-web' - enabled: true +global: env: - BASE_URL: 'https://identity-server.dev01.devland.is/admin' - IDENTITYSERVER_DOMAIN: 'identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NEXTAUTH_URL: 'https://identity-server.dev01.devland.is/admin/api/auth' - NEXT_PUBLIC_BACKEND_URL: '/backend' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/auth-admin-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '16k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/proxy-buffers-number: '4' - nginx.ingress.kubernetes.io/server-snippet: 'client_header_buffer_size 16k; large_client_header_buffers 4 16k;' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'identity-server.dev01.devland.is' - paths: - - '/admin' - namespace: 'identity-server-admin' - podDisruptionBudget: - maxUnavailable: 1 - progressDeadlineSeconds: 1200 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '256Mi' - requests: - cpu: '200m' - memory: '192Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IDENTITYSERVER_SECRET: '/k8s/auth-admin-web/IDENTITYSERVER_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'auth-admin-web' +enabled: true +env: + BASE_URL: 'https://identity-server.dev01.devland.is/admin' + IDENTITYSERVER_DOMAIN: 'identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NEXTAUTH_URL: 'https://identity-server.dev01.devland.is/admin/api/auth' + NEXT_PUBLIC_BACKEND_URL: '/backend' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/auth-admin-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '16k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/proxy-buffers-number: '4' + nginx.ingress.kubernetes.io/server-snippet: 'client_header_buffer_size 16k; large_client_header_buffers 4 16k;' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'identity-server.dev01.devland.is' + paths: + - '/admin' +namespace: 'identity-server-admin' +podDisruptionBudget: + maxUnavailable: 1 +progressDeadlineSeconds: 1200 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '256Mi' + requests: + cpu: '200m' + memory: '192Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IDENTITYSERVER_SECRET: '/k8s/auth-admin-web/IDENTITYSERVER_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/auth-admin-web/values.prod.yaml b/charts/services/auth-admin-web/values.prod.yaml index e42b3715da61..556bdfda6dc3 100644 --- a/charts/services/auth-admin-web/values.prod.yaml +++ b/charts/services/auth-admin-web/values.prod.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'auth-admin-web' - enabled: true +global: env: - BASE_URL: 'https://innskra.island.is/admin' - IDENTITYSERVER_DOMAIN: 'innskra.island.is' - LOG_LEVEL: 'info' - NEXTAUTH_URL: 'https://innskra.island.is/admin/api/auth' - NEXT_PUBLIC_BACKEND_URL: '/backend' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-external' - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/auth-admin-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'innskra.island.is' - paths: - - '/admin' - namespace: 'identity-server-admin' - podDisruptionBudget: - maxUnavailable: 1 - progressDeadlineSeconds: 1200 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '256Mi' - requests: - cpu: '200m' - memory: '192Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IDENTITYSERVER_SECRET: '/k8s/auth-admin-web/IDENTITYSERVER_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'auth-admin-web' +enabled: true +env: + BASE_URL: 'https://innskra.island.is/admin' + IDENTITYSERVER_DOMAIN: 'innskra.island.is' + LOG_LEVEL: 'info' + NEXTAUTH_URL: 'https://innskra.island.is/admin/api/auth' + NEXT_PUBLIC_BACKEND_URL: '/backend' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-external' + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/auth-admin-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'innskra.island.is' + paths: + - '/admin' +namespace: 'identity-server-admin' +podDisruptionBudget: + maxUnavailable: 1 +progressDeadlineSeconds: 1200 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '256Mi' + requests: + cpu: '200m' + memory: '192Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IDENTITYSERVER_SECRET: '/k8s/auth-admin-web/IDENTITYSERVER_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/auth-admin-web/values.staging.yaml b/charts/services/auth-admin-web/values.staging.yaml index e254d8338bcc..203226a74c77 100644 --- a/charts/services/auth-admin-web/values.staging.yaml +++ b/charts/services/auth-admin-web/values.staging.yaml @@ -5,73 +5,83 @@ # ##################################################################### -service: - name: 'auth-admin-web' - enabled: true +global: env: - BASE_URL: 'https://identity-server.staging01.devland.is/admin' - IDENTITYSERVER_DOMAIN: 'identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NEXTAUTH_URL: 'https://identity-server.staging01.devland.is/admin/api/auth' - NEXT_PUBLIC_BACKEND_URL: '/backend' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/auth-admin-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '16k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/proxy-buffers-number: '4' - nginx.ingress.kubernetes.io/server-snippet: 'client_header_buffer_size 16k; large_client_header_buffers 4 16k;' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'identity-server.staging01.devland.is' - paths: - - '/admin' - namespace: 'identity-server-admin' - podDisruptionBudget: - maxUnavailable: 1 - progressDeadlineSeconds: 1200 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '256Mi' - requests: - cpu: '200m' - memory: '192Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IDENTITYSERVER_SECRET: '/k8s/auth-admin-web/IDENTITYSERVER_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'auth-admin-web' +enabled: true +env: + BASE_URL: 'https://identity-server.staging01.devland.is/admin' + IDENTITYSERVER_DOMAIN: 'identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NEXTAUTH_URL: 'https://identity-server.staging01.devland.is/admin/api/auth' + NEXT_PUBLIC_BACKEND_URL: '/backend' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/auth-admin-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '16k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/proxy-buffers-number: '4' + nginx.ingress.kubernetes.io/server-snippet: 'client_header_buffer_size 16k; large_client_header_buffers 4 16k;' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'identity-server.staging01.devland.is' + paths: + - '/admin' +namespace: 'identity-server-admin' +podDisruptionBudget: + maxUnavailable: 1 +progressDeadlineSeconds: 1200 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '256Mi' + requests: + cpu: '200m' + memory: '192Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IDENTITYSERVER_SECRET: '/k8s/auth-admin-web/IDENTITYSERVER_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/consultation-portal/values.dev.yaml b/charts/services/consultation-portal/values.dev.yaml index a88cbba1c6df..4a88058fbef2 100644 --- a/charts/services/consultation-portal/values.dev.yaml +++ b/charts/services/consultation-portal/values.dev.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'consultation-portal' - enabled: true +global: env: - API_URL: 'http://web-api.islandis.svc.cluster.local' - BACKEND_DL_URL: 'https://samradapi-test.devland.is/api/Documents/' - BASEPATH: '/consultation-portal' - ENVIRONMENT: 'dev' - IDENTITY_SERVER_ISSUER_DOMAIN: 'identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NEXTAUTH_URL: 'https://beta.dev01.devland.is/samradsgatt/api/auth' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/consultation-portal' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.dev01.devland.is' - paths: - - '/samradsgatt' - namespace: 'consultation-portal' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '200m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - IDENTITY_SERVER_SECRET: '/k8s/consultation-portal/IDENTITY_SERVER_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'consultation-portal' +enabled: true +env: + API_URL: 'http://web-api.islandis.svc.cluster.local' + BACKEND_DL_URL: 'https://samradapi-test.devland.is/api/Documents/' + BASEPATH: '/consultation-portal' + ENVIRONMENT: 'dev' + IDENTITY_SERVER_ISSUER_DOMAIN: 'identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NEXTAUTH_URL: 'https://beta.dev01.devland.is/samradsgatt/api/auth' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/consultation-portal' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.dev01.devland.is' + paths: + - '/samradsgatt' +namespace: 'consultation-portal' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '200m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' + IDENTITY_SERVER_SECRET: '/k8s/consultation-portal/IDENTITY_SERVER_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/consultation-portal/values.prod.yaml b/charts/services/consultation-portal/values.prod.yaml index 1ae958b9a1e1..1079e249d7ea 100644 --- a/charts/services/consultation-portal/values.prod.yaml +++ b/charts/services/consultation-portal/values.prod.yaml @@ -5,74 +5,84 @@ # ##################################################################### -service: - name: 'consultation-portal' - enabled: true +global: env: - API_URL: 'http://web-api.islandis.svc.cluster.local' - BACKEND_DL_URL: 'https://samradapi.island.is/api/Documents/' - BASEPATH: '/consultation-portal' - ENVIRONMENT: 'prod' - IDENTITY_SERVER_ISSUER_DOMAIN: 'innskra.island.is' - LOG_LEVEL: 'info' - NEXTAUTH_URL: 'https://island.is/samradsgatt/api/auth' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/consultation-portal' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'island.is' - paths: - - '/samradsgatt' - - host: 'www.island.is' - paths: - - '/samradsgatt' - namespace: 'consultation-portal' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '200m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - IDENTITY_SERVER_SECRET: '/k8s/consultation-portal/IDENTITY_SERVER_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'consultation-portal' +enabled: true +env: + API_URL: 'http://web-api.islandis.svc.cluster.local' + BACKEND_DL_URL: 'https://samradapi.island.is/api/Documents/' + BASEPATH: '/consultation-portal' + ENVIRONMENT: 'prod' + IDENTITY_SERVER_ISSUER_DOMAIN: 'innskra.island.is' + LOG_LEVEL: 'info' + NEXTAUTH_URL: 'https://island.is/samradsgatt/api/auth' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/consultation-portal' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'island.is' + paths: + - '/samradsgatt' + - host: 'www.island.is' + paths: + - '/samradsgatt' +namespace: 'consultation-portal' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '200m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' + IDENTITY_SERVER_SECRET: '/k8s/consultation-portal/IDENTITY_SERVER_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/consultation-portal/values.staging.yaml b/charts/services/consultation-portal/values.staging.yaml index 4fde6ad5a01c..ab669a620d94 100644 --- a/charts/services/consultation-portal/values.staging.yaml +++ b/charts/services/consultation-portal/values.staging.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'consultation-portal' - enabled: true +global: env: - API_URL: 'http://web-api.islandis.svc.cluster.local' - BACKEND_DL_URL: 'https://samradapi-test.devland.is/api/Documents/' - BASEPATH: '/consultation-portal' - ENVIRONMENT: 'staging' - IDENTITY_SERVER_ISSUER_DOMAIN: 'identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NEXTAUTH_URL: 'https://beta.staging01.devland.is/samradsgatt/api/auth' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/consultation-portal' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.staging01.devland.is' - paths: - - '/samradsgatt' - namespace: 'consultation-portal' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '200m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - IDENTITY_SERVER_SECRET: '/k8s/consultation-portal/IDENTITY_SERVER_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'consultation-portal' +enabled: true +env: + API_URL: 'http://web-api.islandis.svc.cluster.local' + BACKEND_DL_URL: 'https://samradapi-test.devland.is/api/Documents/' + BASEPATH: '/consultation-portal' + ENVIRONMENT: 'staging' + IDENTITY_SERVER_ISSUER_DOMAIN: 'identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NEXTAUTH_URL: 'https://beta.staging01.devland.is/samradsgatt/api/auth' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/consultation-portal' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.staging01.devland.is' + paths: + - '/samradsgatt' +namespace: 'consultation-portal' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '200m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' + IDENTITY_SERVER_SECRET: '/k8s/consultation-portal/IDENTITY_SERVER_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/contentful-apps/values.dev.yaml b/charts/services/contentful-apps/values.dev.yaml index dbdeb2a5a29e..f0f6a3f51f45 100644 --- a/charts/services/contentful-apps/values.dev.yaml +++ b/charts/services/contentful-apps/values.dev.yaml @@ -5,67 +5,77 @@ # ##################################################################### -service: - name: 'contentful-apps' - enabled: true +global: env: - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/contentful-apps' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'contentful-apps.dev01.devland.is' - paths: - - '/' - namespace: 'contentful-apps' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 10 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'contentful-apps' +enabled: true +env: + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/contentful-apps' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/contentful-apps' - create: true - name: 'contentful-apps' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'contentful-apps.dev01.devland.is' + paths: + - '/' +namespace: 'contentful-apps' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 10 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/contentful-apps' + create: true + name: 'contentful-apps' diff --git a/charts/services/contentful-apps/values.prod.yaml b/charts/services/contentful-apps/values.prod.yaml index c34dcf99ca9a..54a6d8aa6af3 100644 --- a/charts/services/contentful-apps/values.prod.yaml +++ b/charts/services/contentful-apps/values.prod.yaml @@ -5,67 +5,77 @@ # ##################################################################### -service: - name: 'contentful-apps' - enabled: true +global: env: - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/contentful-apps' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'contentful-apps.island.is' - paths: - - '/' - namespace: 'contentful-apps' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 10 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'contentful-apps' +enabled: true +env: + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/contentful-apps' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/contentful-apps' - create: true - name: 'contentful-apps' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'contentful-apps.island.is' + paths: + - '/' +namespace: 'contentful-apps' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 10 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/contentful-apps' + create: true + name: 'contentful-apps' diff --git a/charts/services/contentful-entry-tagger-service/values.dev.yaml b/charts/services/contentful-entry-tagger-service/values.dev.yaml index 144559d22525..cab248f7516a 100644 --- a/charts/services/contentful-entry-tagger-service/values.dev.yaml +++ b/charts/services/contentful-entry-tagger-service/values.dev.yaml @@ -5,69 +5,79 @@ # ##################################################################### -service: - name: 'contentful-entry-tagger-service' - enabled: true +global: env: - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-contentful-entry-tagger' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'contentful-entry-tagger-service.dev01.devland.is' - paths: - - '/' - namespace: 'contentful-entry-tagger' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_MANAGEMENT_ACCESS_TOKEN: '/k8s/contentful-entry-tagger/CONTENTFUL_MANAGEMENT_ACCESS_TOKEN' - CONTENTFUL_REQUEST_TOKEN: '/k8s/contentful-entry-tagger/CONTENTFUL_REQUEST_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'contentful-entry-tagger-service' +enabled: true +env: + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-contentful-entry-tagger' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/contentful-entry-tagger' - create: true - name: 'contentful-entry-tagger' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'contentful-entry-tagger-service.dev01.devland.is' + paths: + - '/' +namespace: 'contentful-entry-tagger' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_MANAGEMENT_ACCESS_TOKEN: '/k8s/contentful-entry-tagger/CONTENTFUL_MANAGEMENT_ACCESS_TOKEN' + CONTENTFUL_REQUEST_TOKEN: '/k8s/contentful-entry-tagger/CONTENTFUL_REQUEST_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/contentful-entry-tagger' + create: true + name: 'contentful-entry-tagger' diff --git a/charts/services/contentful-entry-tagger-service/values.prod.yaml b/charts/services/contentful-entry-tagger-service/values.prod.yaml index 47f903a47951..e8384918cc65 100644 --- a/charts/services/contentful-entry-tagger-service/values.prod.yaml +++ b/charts/services/contentful-entry-tagger-service/values.prod.yaml @@ -5,69 +5,79 @@ # ##################################################################### -service: - name: 'contentful-entry-tagger-service' - enabled: true +global: env: - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-contentful-entry-tagger' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'contentful-entry-tagger-service.devland.is' - paths: - - '/' - namespace: 'contentful-entry-tagger' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_MANAGEMENT_ACCESS_TOKEN: '/k8s/contentful-entry-tagger/CONTENTFUL_MANAGEMENT_ACCESS_TOKEN' - CONTENTFUL_REQUEST_TOKEN: '/k8s/contentful-entry-tagger/CONTENTFUL_REQUEST_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'contentful-entry-tagger-service' +enabled: true +env: + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-contentful-entry-tagger' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/contentful-entry-tagger' - create: true - name: 'contentful-entry-tagger' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'contentful-entry-tagger-service.devland.is' + paths: + - '/' +namespace: 'contentful-entry-tagger' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_MANAGEMENT_ACCESS_TOKEN: '/k8s/contentful-entry-tagger/CONTENTFUL_MANAGEMENT_ACCESS_TOKEN' + CONTENTFUL_REQUEST_TOKEN: '/k8s/contentful-entry-tagger/CONTENTFUL_REQUEST_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/contentful-entry-tagger' + create: true + name: 'contentful-entry-tagger' diff --git a/charts/services/download-service/values.dev.yaml b/charts/services/download-service/values.dev.yaml index 214f7ac435b1..ce8a3e572a11 100644 --- a/charts/services/download-service/values.dev.yaml +++ b/charts/services/download-service/values.dev.yaml @@ -5,104 +5,114 @@ # ##################################################################### -service: - name: 'download-service' - enabled: true +global: env: - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/download-service' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' - SERVERSIDE_FEATURES_ON: '' - XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10056/LBHI-Protected/brautskraning-v1' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_BIFROST_UNIVERSITY_PATH: 'IS-DEV/EDU/10057/Bifrost-Protected/brautskraning-v1' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS-DEV/GOV/10016/Syslumenn-Protected/RettindiIslandis' - XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS-DEV/GOV/10016/Syslumenn-Protected/IslandMinarSidur' - XROAD_FINANCES_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeIsland' - XROAD_FINANCES_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeServicesFJS_v2' - XROAD_HEALTH_INSURANCE_ID: 'IS-DEV/GOV/10007/SJUKRA-Protected' - XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-DEV/GOV/10007/SJUKRA-Protected/minarsidur' - XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' - XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/husbot-v1' - XROAD_HMS_LOANS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/libra-v1' - XROAD_HOLAR_UNIVERSITY_PATH: 'IS-DEV/EDU/10055/Holar-Protected/brautskraning-v1' - XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-DEV/EDU/10049/LHI-Protected/brautskraning-v1' - XROAD_MMS_GRADE_SERVICE_ID: 'IS-DEV/GOV/10066/MMS-Protected/grade-api-v1' - XROAD_MMS_LICENSE_SERVICE_ID: 'IS-DEV/GOV/10066/MMS-Protected/license-api-v1' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-DEV/EDU/10054/UNAK-Protected/brautskraning-v1' - XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10010/HI-Protected/brautskraning-v1' - XROAD_VEHICLES_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Mitt-Svaedi-V1' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/vinnuvelar-token' - grantNamespaces: - - 'islandis' - - 'nginx-ingress-external' - - 'services-bff-portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: 'download/v1/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: 'download/v1/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/download-service' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'api.dev01.devland.is' - paths: - - '/download' - namespace: 'download-service' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '200m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/download-service/IDENTITY_SERVER_CLIENT_SECRET' - POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' - POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' - POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' - POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' - REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' - REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' - REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' - REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' - XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' - XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' - XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' - XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'download-service' +enabled: true +env: + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/download-service' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' + SERVERSIDE_FEATURES_ON: '' + XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10056/LBHI-Protected/brautskraning-v1' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_BIFROST_UNIVERSITY_PATH: 'IS-DEV/EDU/10057/Bifrost-Protected/brautskraning-v1' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS-DEV/GOV/10016/Syslumenn-Protected/RettindiIslandis' + XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS-DEV/GOV/10016/Syslumenn-Protected/IslandMinarSidur' + XROAD_FINANCES_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeIsland' + XROAD_FINANCES_V2_PATH: 'IS-DEV/GOV/10021/FJS-Public/financeServicesFJS_v2' + XROAD_HEALTH_INSURANCE_ID: 'IS-DEV/GOV/10007/SJUKRA-Protected' + XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-DEV/GOV/10007/SJUKRA-Protected/minarsidur' + XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' + XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/husbot-v1' + XROAD_HMS_LOANS_PATH: 'IS-DEV/GOV/10033/HMS-Protected/libra-v1' + XROAD_HOLAR_UNIVERSITY_PATH: 'IS-DEV/EDU/10055/Holar-Protected/brautskraning-v1' + XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-DEV/EDU/10049/LHI-Protected/brautskraning-v1' + XROAD_MMS_GRADE_SERVICE_ID: 'IS-DEV/GOV/10066/MMS-Protected/grade-api-v1' + XROAD_MMS_LICENSE_SERVICE_ID: 'IS-DEV/GOV/10066/MMS-Protected/license-api-v1' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-DEV/EDU/10054/UNAK-Protected/brautskraning-v1' + XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10010/HI-Protected/brautskraning-v1' + XROAD_VEHICLES_PATH: 'IS-DEV/GOV/10017/Samgongustofa-Protected/Mitt-Svaedi-V1' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-DEV/GOV/10013/Vinnueftirlitid-Protected/vinnuvelar-token' +grantNamespaces: + - 'islandis' + - 'nginx-ingress-external' + - 'services-bff-portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: 'download/v1/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: 'download/v1/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/download-service' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'api.dev01.devland.is' + paths: + - '/download' +namespace: 'download-service' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '200m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/download-service/IDENTITY_SERVER_CLIENT_SECRET' + POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' + POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' + POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' + POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' + REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' + REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' + REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' + REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' + XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' + XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' + XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' + XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/download-service/values.prod.yaml b/charts/services/download-service/values.prod.yaml index 15a17f936c7d..b403f415868d 100644 --- a/charts/services/download-service/values.prod.yaml +++ b/charts/services/download-service/values.prod.yaml @@ -5,103 +5,113 @@ # ##################################################################### -service: - name: 'download-service' - enabled: true +global: env: - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/download-service' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/4112043590/LBHI-Protected/brautskraning-v1' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_BIFROST_UNIVERSITY_PATH: 'IS/EDU/5502690239/Bifrost-Protected/brautskraning-v1' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS/GOV/5512201410/Syslumenn-Protected/RettindiIslandis' - XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS/GOV/5512201410/Syslumenn-Protected/IslandMinarSidur' - XROAD_FINANCES_PATH: 'IS/GOV/5402697509/FJS-Public/financeIsland' - XROAD_FINANCES_V2_PATH: 'IS/GOV/5402697509/FJS-Public/financeServicesFJS_v2' - XROAD_HEALTH_INSURANCE_ID: 'IS/GOV/4804080550/SJUKRA-Protected' - XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS/GOV/4804080550/SJUKRA-Protected/minarsidur' - XROAD_HEALTH_INSURANCE_WSDLURL: 'https://huld.sjukra.is/islandrg?wsdl' - XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/husbot-v1' - XROAD_HMS_LOANS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/libra-v1' - XROAD_HOLAR_UNIVERSITY_PATH: 'IS/EDU/5001694359/Holar-Protected/brautskraning-v1' - XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS/EDU/4210984099/LHI-Protected/brautskraning-v1' - XROAD_MMS_GRADE_SERVICE_ID: 'IS/GOV/6601241280/MMS-Protected/grade-api-v1' - XROAD_MMS_LICENSE_SERVICE_ID: 'IS/GOV/6601241280/MMS-Protected/license-api-v1' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS/EDU/5206871229/UNAK-Protected/brautskraning-v1' - XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/6001692039/HI-Protected/brautskraning-v1' - XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' - grantNamespaces: - - 'islandis' - - 'nginx-ingress-external' - - 'services-bff-portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: 'download/v1/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: 'download/v1/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/download-service' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'api.island.is' - paths: - - '/download' - namespace: 'download-service' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '200m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/download-service/IDENTITY_SERVER_CLIENT_SECRET' - POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' - POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' - POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' - POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' - REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' - REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' - REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' - REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' - XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' - XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' - XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' - XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'download-service' +enabled: true +env: + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/download-service' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/4112043590/LBHI-Protected/brautskraning-v1' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_BIFROST_UNIVERSITY_PATH: 'IS/EDU/5502690239/Bifrost-Protected/brautskraning-v1' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS/GOV/5512201410/Syslumenn-Protected/RettindiIslandis' + XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS/GOV/5512201410/Syslumenn-Protected/IslandMinarSidur' + XROAD_FINANCES_PATH: 'IS/GOV/5402697509/FJS-Public/financeIsland' + XROAD_FINANCES_V2_PATH: 'IS/GOV/5402697509/FJS-Public/financeServicesFJS_v2' + XROAD_HEALTH_INSURANCE_ID: 'IS/GOV/4804080550/SJUKRA-Protected' + XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS/GOV/4804080550/SJUKRA-Protected/minarsidur' + XROAD_HEALTH_INSURANCE_WSDLURL: 'https://huld.sjukra.is/islandrg?wsdl' + XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/husbot-v1' + XROAD_HMS_LOANS_PATH: 'IS/GOV/5812191480/Husnaeds-og-mannvirkjastofnun-Protected/libra-v1' + XROAD_HOLAR_UNIVERSITY_PATH: 'IS/EDU/5001694359/Holar-Protected/brautskraning-v1' + XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS/EDU/4210984099/LHI-Protected/brautskraning-v1' + XROAD_MMS_GRADE_SERVICE_ID: 'IS/GOV/6601241280/MMS-Protected/grade-api-v1' + XROAD_MMS_LICENSE_SERVICE_ID: 'IS/GOV/6601241280/MMS-Protected/license-api-v1' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS/EDU/5206871229/UNAK-Protected/brautskraning-v1' + XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/6001692039/HI-Protected/brautskraning-v1' + XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' +grantNamespaces: + - 'islandis' + - 'nginx-ingress-external' + - 'services-bff-portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: 'download/v1/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: 'download/v1/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/download-service' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'api.island.is' + paths: + - '/download' +namespace: 'download-service' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '200m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/download-service/IDENTITY_SERVER_CLIENT_SECRET' + POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' + POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' + POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' + POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' + REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' + REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' + REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' + REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' + XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' + XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' + XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' + XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/download-service/values.staging.yaml b/charts/services/download-service/values.staging.yaml index df0072bcec48..4d41437ac9bf 100644 --- a/charts/services/download-service/values.staging.yaml +++ b/charts/services/download-service/values.staging.yaml @@ -5,104 +5,114 @@ # ##################################################################### -service: - name: 'download-service' - enabled: true +global: env: - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/download-service' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' - SERVERSIDE_FEATURES_ON: '' - XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10056/LBHI-Protected/brautskraning-v1' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_BIFROST_UNIVERSITY_PATH: 'IS-TEST/EDU/10057/Bifrost-Protected/brautskraning-v1' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS-TEST/GOV/10016/Syslumenn-Protected/RettindiIslandis' - XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS-TEST/GOV/10016/Syslumenn-Protected/IslandMinarSidur' - XROAD_FINANCES_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeIsland' - XROAD_FINANCES_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeServicesFJS_v2' - XROAD_HEALTH_INSURANCE_ID: 'IS-TEST/GOV/4804080550/SJUKRA-Protected' - XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-TEST/GOV/4804080550/SJUKRA-Protected/minarsidur' - XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' - XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/husbot-v1' - XROAD_HMS_LOANS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/libra-v1' - XROAD_HOLAR_UNIVERSITY_PATH: 'IS-TEST/EDU/10055/Holar-Protected/brautskraning-v1' - XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-TEST/EDU/10049/LHI-Protected/brautskraning-v1' - XROAD_MMS_GRADE_SERVICE_ID: 'IS-TEST/GOV/6601241280/MMS-Protected/grade-api-v1' - XROAD_MMS_LICENSE_SERVICE_ID: 'IS-TEST/GOV/6601241280/MMS-Protected/license-api-v1' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-TEST/EDU/10054/UNAK-Protected/brautskraning-v1' - XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10010/HI-Protected/brautskraning-v1' - XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' - XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' - grantNamespaces: - - 'islandis' - - 'nginx-ingress-external' - - 'services-bff-portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: 'download/v1/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: 'download/v1/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/download-service' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'api.staging01.devland.is' - paths: - - '/download' - namespace: 'download-service' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '200m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/download-service/IDENTITY_SERVER_CLIENT_SECRET' - POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' - POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' - POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' - POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' - REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' - REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' - REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' - REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' - XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' - XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' - XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' - XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'download-service' +enabled: true +env: + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/download-service' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REGULATIONS_ADMIN_URL: 'http://web-regulations-admin-backend.regulations-admin.svc.cluster.local' + SERVERSIDE_FEATURES_ON: '' + XROAD_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10056/LBHI-Protected/brautskraning-v1' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_BIFROST_UNIVERSITY_PATH: 'IS-TEST/EDU/10057/Bifrost-Protected/brautskraning-v1' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_DISTRICT_COMMISSIONERS_LICENSES_PATH: 'IS-TEST/GOV/10016/Syslumenn-Protected/RettindiIslandis' + XROAD_DISTRICT_COMMISSIONERS_P_CARD_PATH: 'IS-TEST/GOV/10016/Syslumenn-Protected/IslandMinarSidur' + XROAD_FINANCES_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeIsland' + XROAD_FINANCES_V2_PATH: 'IS-TEST/GOV/10021/FJS-Public/financeServicesFJS_v2' + XROAD_HEALTH_INSURANCE_ID: 'IS-TEST/GOV/4804080550/SJUKRA-Protected' + XROAD_HEALTH_INSURANCE_MY_PAGES_PATH: 'IS-TEST/GOV/4804080550/SJUKRA-Protected/minarsidur' + XROAD_HEALTH_INSURANCE_WSDLURL: 'https://test-huld.sjukra.is/islandrg?wsdl' + XROAD_HMS_HOUSING_BENEFITS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/husbot-v1' + XROAD_HMS_LOANS_PATH: 'IS-TEST/GOV/5812191480/HMS-Protected/libra-v1' + XROAD_HOLAR_UNIVERSITY_PATH: 'IS-TEST/EDU/10055/Holar-Protected/brautskraning-v1' + XROAD_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-TEST/EDU/10049/LHI-Protected/brautskraning-v1' + XROAD_MMS_GRADE_SERVICE_ID: 'IS-TEST/GOV/6601241280/MMS-Protected/grade-api-v1' + XROAD_MMS_LICENSE_SERVICE_ID: 'IS-TEST/GOV/6601241280/MMS-Protected/license-api-v1' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-TEST/EDU/10054/UNAK-Protected/brautskraning-v1' + XROAD_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10010/HI-Protected/brautskraning-v1' + XROAD_VEHICLES_PATH: 'IS/GOV/5405131040/Samgongustofa-Protected/Mitt-Svaedi-V1' + XROAD_WORK_MACHINE_LICENSE_PATH: 'IS-TEST/GOV/4201810439/Vinnueftirlitid-Protected/vinnuvelar-token' +grantNamespaces: + - 'islandis' + - 'nginx-ingress-external' + - 'services-bff-portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: 'download/v1/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: 'download/v1/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/download-service' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'api.staging01.devland.is' + paths: + - '/download' +namespace: 'download-service' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '200m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/download-service/IDENTITY_SERVER_CLIENT_SECRET' + POSTHOLF_BASE_PATH: '/k8s/documents/POSTHOLF_BASE_PATH' + POSTHOLF_CLIENTID: '/k8s/documents/POSTHOLF_CLIENTID' + POSTHOLF_CLIENT_SECRET: '/k8s/documents/POSTHOLF_CLIENT_SECRET' + POSTHOLF_TOKEN_URL: '/k8s/documents/POSTHOLF_TOKEN_URL' + REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' + REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' + REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' + REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' + XROAD_HEALTH_INSURANCE_PASSWORD: '/k8s/health-insurance/XROAD-PASSWORD' + XROAD_HEALTH_INSURANCE_USERNAME: '/k8s/health-insurance/XROAD-USER' + XROAD_HEALTH_INSURANCE_V2_XROAD_PASSWORD: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_PASSWORD' + XROAD_HEALTH_INSURANCE_V2_XROAD_USERNAME: '/k8s/api/HEALTH_INSURANCE_V2_XROAD_USERNAME' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/endorsement-system-api/values.dev.yaml b/charts/services/endorsement-system-api/values.dev.yaml index c86d4629ff42..df8da5be9bc2 100644 --- a/charts/services/endorsement-system-api/values.dev.yaml +++ b/charts/services/endorsement-system-api/values.dev.yaml @@ -5,115 +5,125 @@ # ##################################################################### -service: - name: 'endorsement-system-api' - args: - - '--tls-min-v1.0' - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'endorsement-system-api' +args: + - '--tls-min-v1.0' + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_endorsements_api' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'services_endorsements_api' + EMAIL_FROM_ADDRESS: 'development@island.is' + EMAIL_FROM_NAME: 'devland.is' + EMAIL_REGION: 'eu-west-1' + ENDORSEMENT_SYSTEM_EXPORTS_BUCKET_NAME: 'island-is-dev-exports-endorsement-system' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/endorsement' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '10001' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' +grantNamespaces: + - 'islandis' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-endorsements-api' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_endorsements_api' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'services_endorsements_api' - EMAIL_FROM_ADDRESS: 'development@island.is' - EMAIL_FROM_NAME: 'devland.is' - EMAIL_REGION: 'eu-west-1' - ENDORSEMENT_SYSTEM_EXPORTS_BUCKET_NAME: 'island-is-dev-exports-endorsement-system' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/endorsement' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '10001' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - grantNamespaces: - - 'islandis' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-endorsements-api' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_endorsements_api' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'services_endorsements_api' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/services-endorsements-api/DB_PASSWORD' - namespace: 'endorsement-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-endorsements-api/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/endorsement-system-api/IDS-shared-secret' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/endorsement-system-api' - create: true - name: 'endorsement-system-api' +namespace: 'endorsement-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-endorsements-api/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/endorsement-system-api/IDS-shared-secret' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/endorsement-system-api' + create: true + name: 'endorsement-system-api' diff --git a/charts/services/endorsement-system-api/values.prod.yaml b/charts/services/endorsement-system-api/values.prod.yaml index c464ea45fd05..da5c42fcc716 100644 --- a/charts/services/endorsement-system-api/values.prod.yaml +++ b/charts/services/endorsement-system-api/values.prod.yaml @@ -5,115 +5,125 @@ # ##################################################################### -service: - name: 'endorsement-system-api' - args: - - '--tls-min-v1.0' - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'endorsement-system-api' +args: + - '--tls-min-v1.0' + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_endorsements_api' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_endorsements_api' + EMAIL_FROM_ADDRESS: 'noreply@island.is' + EMAIL_FROM_NAME: 'island.is' + EMAIL_REGION: 'eu-west-1' + ENDORSEMENT_SYSTEM_EXPORTS_BUCKET_NAME: 'island-is-prod-exports-endorsement-system' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/endorsement' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' +grantNamespaces: + - 'islandis' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-endorsements-api' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_endorsements_api' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'services_endorsements_api' - EMAIL_FROM_ADDRESS: 'noreply@island.is' - EMAIL_FROM_NAME: 'island.is' - EMAIL_REGION: 'eu-west-1' - ENDORSEMENT_SYSTEM_EXPORTS_BUCKET_NAME: 'island-is-prod-exports-endorsement-system' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/endorsement' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - grantNamespaces: - - 'islandis' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-endorsements-api' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_endorsements_api' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_endorsements_api' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/services-endorsements-api/DB_PASSWORD' - namespace: 'endorsement-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-endorsements-api/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/endorsement-system-api/IDS-shared-secret' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/endorsement-system-api' - create: true - name: 'endorsement-system-api' +namespace: 'endorsement-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-endorsements-api/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/endorsement-system-api/IDS-shared-secret' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/endorsement-system-api' + create: true + name: 'endorsement-system-api' diff --git a/charts/services/endorsement-system-api/values.staging.yaml b/charts/services/endorsement-system-api/values.staging.yaml index b4e50fa90d4c..f4b5b1cc659f 100644 --- a/charts/services/endorsement-system-api/values.staging.yaml +++ b/charts/services/endorsement-system-api/values.staging.yaml @@ -5,115 +5,125 @@ # ##################################################################### -service: - name: 'endorsement-system-api' - args: - - '--tls-min-v1.0' - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'endorsement-system-api' +args: + - '--tls-min-v1.0' + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_endorsements_api' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_endorsements_api' + EMAIL_FROM_ADDRESS: 'development@island.is' + EMAIL_FROM_NAME: 'devland.is' + EMAIL_REGION: 'eu-west-1' + ENDORSEMENT_SYSTEM_EXPORTS_BUCKET_NAME: 'island-is-staging-exports-endorsement-system' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/endorsement' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' +grantNamespaces: + - 'islandis' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-endorsements-api' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_endorsements_api' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'services_endorsements_api' - EMAIL_FROM_ADDRESS: 'development@island.is' - EMAIL_FROM_NAME: 'devland.is' - EMAIL_REGION: 'eu-west-1' - ENDORSEMENT_SYSTEM_EXPORTS_BUCKET_NAME: 'island-is-staging-exports-endorsement-system' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/endorsement' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - grantNamespaces: - - 'islandis' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-endorsements-api' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_endorsements_api' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_endorsements_api' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/services-endorsements-api/DB_PASSWORD' - namespace: 'endorsement-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-endorsements-api/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/endorsement-system-api/IDS-shared-secret' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/endorsement-system-api' - create: true - name: 'endorsement-system-api' +namespace: 'endorsement-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-endorsements-api/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/endorsement-system-api/IDS-shared-secret' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/endorsement-system-api' + create: true + name: 'endorsement-system-api' diff --git a/charts/services/external-contracts-tests/values.dev.yaml b/charts/services/external-contracts-tests/values.dev.yaml index e21662c8da75..a15566ac5da0 100644 --- a/charts/services/external-contracts-tests/values.dev.yaml +++ b/charts/services/external-contracts-tests/values.dev.yaml @@ -5,60 +5,70 @@ # ##################################################################### -service: - name: 'external-contracts-tests' - enabled: true +global: env: - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '10001' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/external-contracts-tests' - namespace: 'external-contracts-tests' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '1' - memory: '1024Mi' - requests: - cpu: '500m' - memory: '512Mi' - schedule: '0 11 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'external-contracts-tests' +enabled: true +env: + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '10001' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/external-contracts-tests' +namespace: 'external-contracts-tests' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '1' + memory: '1024Mi' + requests: + cpu: '500m' + memory: '512Mi' +schedule: '0 11 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/github-actions-cache/values.dev.yaml b/charts/services/github-actions-cache/values.dev.yaml index 86bcc7465281..9df74a78ec73 100644 --- a/charts/services/github-actions-cache/values.dev.yaml +++ b/charts/services/github-actions-cache/values.dev.yaml @@ -5,75 +5,85 @@ # ##################################################################### -service: - name: 'github-actions-cache' - args: - - '--tls-min-v1.0' - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460' - REDIS_NODES: 'clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 8 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/github-actions-cache' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'cache.dev01.devland.is' - paths: - - '/' - namespace: 'github-actions-cache' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 5 - max: 8 - min: 3 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'github-actions-cache' +args: + - '--tls-min-v1.0' + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460' + REDIS_NODES: 'clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 8 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/github-actions-cache' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/github-actions-cache' - create: true - name: 'github-actions-cache' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'cache.dev01.devland.is' + paths: + - '/' +namespace: 'github-actions-cache' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 5 + max: 8 + min: 3 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/github-actions-cache' + create: true + name: 'github-actions-cache' diff --git a/charts/services/icelandic-names-registry-backend/values.dev.yaml b/charts/services/icelandic-names-registry-backend/values.dev.yaml index 0309a8d6874c..30ab74c44c9b 100644 --- a/charts/services/icelandic-names-registry-backend/values.dev.yaml +++ b/charts/services/icelandic-names-registry-backend/values.dev.yaml @@ -5,94 +5,104 @@ # ##################################################################### -service: - name: 'icelandic-names-registry-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'icelandic-names-registry-backend' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'icelandic_names_registry_backend' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'icelandic_names_registry_backend' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/icelandic-names-registry-backend' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' + - args: + - 'sequelize-cli' + - 'db:seed:all' + command: + - 'npx' + name: 'seed' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'icelandic_names_registry_backend' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'icelandic_names_registry_backend' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/icelandic-names-registry-backend' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - - args: - - 'sequelize-cli' - - 'db:seed:all' - command: - - 'npx' - name: 'seed' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'icelandic_names_registry_backend' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'icelandic_names_registry_backend' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/icelandic-names-registry-backend/DB_PASSWORD' - namespace: 'icelandic-names-registry' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/icelandic-names-registry-backend/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'icelandic-names-registry' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/icelandic-names-registry-backend/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/icelandic-names-registry-backend/values.prod.yaml b/charts/services/icelandic-names-registry-backend/values.prod.yaml index 2f109550ceec..901da70b33e9 100644 --- a/charts/services/icelandic-names-registry-backend/values.prod.yaml +++ b/charts/services/icelandic-names-registry-backend/values.prod.yaml @@ -5,94 +5,104 @@ # ##################################################################### -service: - name: 'icelandic-names-registry-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'icelandic-names-registry-backend' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'icelandic_names_registry_backend' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'icelandic_names_registry_backend' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/icelandic-names-registry-backend' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' + - args: + - 'sequelize-cli' + - 'db:seed:all' + command: + - 'npx' + name: 'seed' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'icelandic_names_registry_backend' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'icelandic_names_registry_backend' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/icelandic-names-registry-backend' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - - args: - - 'sequelize-cli' - - 'db:seed:all' - command: - - 'npx' - name: 'seed' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'icelandic_names_registry_backend' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'icelandic_names_registry_backend' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/icelandic-names-registry-backend/DB_PASSWORD' - namespace: 'icelandic-names-registry' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/icelandic-names-registry-backend/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'icelandic-names-registry' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/icelandic-names-registry-backend/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/icelandic-names-registry-backend/values.staging.yaml b/charts/services/icelandic-names-registry-backend/values.staging.yaml index e43ee438fc86..3ccbd946ad06 100644 --- a/charts/services/icelandic-names-registry-backend/values.staging.yaml +++ b/charts/services/icelandic-names-registry-backend/values.staging.yaml @@ -5,94 +5,104 @@ # ##################################################################### -service: - name: 'icelandic-names-registry-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'icelandic-names-registry-backend' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'icelandic_names_registry_backend' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'icelandic_names_registry_backend' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/icelandic-names-registry-backend' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' + - args: + - 'sequelize-cli' + - 'db:seed:all' + command: + - 'npx' + name: 'seed' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'icelandic_names_registry_backend' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'icelandic_names_registry_backend' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/icelandic-names-registry-backend' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - - args: - - 'sequelize-cli' - - 'db:seed:all' - command: - - 'npx' - name: 'seed' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'icelandic_names_registry_backend' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'icelandic_names_registry_backend' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/icelandic-names-registry-backend/DB_PASSWORD' - namespace: 'icelandic-names-registry' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/icelandic-names-registry-backend/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'icelandic-names-registry' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/icelandic-names-registry-backend/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/identity-server/values.dev.yaml b/charts/services/identity-server/values.dev.yaml index 70311119a643..ea8cd4ed5200 100644 --- a/charts/services/identity-server/values.dev.yaml +++ b/charts/services/identity-server/values.dev.yaml @@ -5,126 +5,136 @@ # ##################################################################### -service: - name: 'identity-server' - annotations: - ad.datadoghq.com/identity-server.check_names: '["openmetrics"]' - ad.datadoghq.com/identity-server.init_configs: '[{}]' - ad.datadoghq.com/identity-server.instances: '[{"prometheus_url": "http://%%host%%:5003/metrics","namespace": "identity-server","metrics":["*"]}]' - ad.datadoghq.com/identity-server.logs: '[{"service": "identity-server", "source": "csharp"}]' - enabled: true +global: env: - ASPNETCORE_URLS: 'http://*:5000' - AWS__CloudWatch__AuditLogGroup: '/identity-server/audit-log' - AWS__SystemsManager__ParameterStore__DataProtectionPrefix: '/k8s/identity-server/DataProtectionSecret' - Application__AllowedRedirectUris: 'https://beta.dev01.devland.is/minarsidur,https://beta.dev01.devland.is/umsoknir,http://localhost:4200/minarsidur,http://localhost:4242/umsoknir' - Application__MinCompletionPortThreads: '10' - AudkenniSettings__Retries: '24' - CORECLR_ENABLE_PROFILING: '1' - CORECLR_PROFILER: '{846F5F1C-F9AE-4B07-969E-05C26BC060D8}' - CORECLR_PROFILER_PATH: '/opt/datadog/Datadog.Trace.ClrProfiler.Native.so' - CacheSettings__Enabled: 'true' - ContentfulSettings__BaseAddress: 'https://preview.contentful.com' - DD_DOTNET_TRACER_HOME: '/opt/datadog' - DD_INTEGRATIONS: '/opt/datadog/integrations.json' - DD_TRACE_DEBUG: 'true' - Datadog__Metrics__Port: '5003' - IdentityServer__ConsentsScope: '@island.is/auth/consents' - IdentityServer__EnableFakeLogin: 'true' - IdentityServer__EnableFeatureDeploymentWildcards: 'true' - IdentityServer__KeyManagement__Enabled: 'true' - IdentityServer__SigningCertificate__Path: '/etc/config/ids-signing.pfx' - LOG_LEVEL: 'info' - MeUserProfileApiSettings__BaseAddress: 'http://web-service-portal-api.service-portal.svc.cluster.local' - NODE_OPTIONS: '--max-old-space-size=1843 -r dd-trace/init' - PersistenceSettings__BaseAddress: 'http://web-services-auth-ids-api' - PersistenceSettings__DelegationsCacheEnabled: 'false' - RedisSettings__Address: 'clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com' - RedisSettings__Port: '6379' - SERVERSIDE_FEATURES_ON: '' - SessionsApiSettings__BaseAddress: 'http://web-services-sessions.services-sessions.svc.cluster.local' - files: - - 'ids-signing.pfx' - grantNamespaces: - - 'nginx-ingress-external' - - 'user-notification' - - 'portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - port: 5010 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/identity-server' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'identity-server.dev01.devland.is' - paths: - - '/' - namespace: 'identity-server' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: - - accessModes: 'ReadWriteMany' - mountPath: '/keys' - name: 'identity-server' - size: '1Gi' - storageClass: 'efs-csi' - useExisting: false - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '4000m' - memory: '2048Mi' - requests: - cpu: '1000m' - memory: '1024Mi' - secrets: - AudkenniSettings__ClientId: '/k8s/identity-server/AudkenniClientId' - AudkenniSettings__ClientSecret: '/k8s/identity-server/AudkenniClientSecret' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ContentfulSettings__AccessToken: '/k8s/identity-server/CONTENTFUL_ACCESS_TOKEN' - FeatureFlags__ConfigCatSdkKey: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IdentityServer__FakePersons: '/k8s/identity-server/FakePersons' - IdentityServer__LicenseKey: '/k8s/identity-server/LicenseKey' - IdentityServer__SigningCertificate__Passphrase: '/k8s/identity-server/SigningCertificatePassphrase' - PersistenceSettings__AccessTokenManagementSettings__ClientSecret: '/k8s/identity-server/ClientSecret' - Redaction__UserIdentifiers__Key: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY' - Redaction__UserIdentifiers__KeyId: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY_ID' - Scopes__Admin__RootAccessList: '/k8s/identity-server/AdminRootAccessList' - securityContext: - allowPrivilegeEscalation: false - privileged: false - service: - targetPort: 5000 - serviceAccount: + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'identity-server' +annotations: + ad.datadoghq.com/identity-server.check_names: '["openmetrics"]' + ad.datadoghq.com/identity-server.init_configs: '[{}]' + ad.datadoghq.com/identity-server.instances: '[{"prometheus_url": "http://%%host%%:5003/metrics","namespace": "identity-server","metrics":["*"]}]' + ad.datadoghq.com/identity-server.logs: '[{"service": "identity-server", "source": "csharp"}]' +enabled: true +env: + ASPNETCORE_URLS: 'http://*:5000' + AWS__CloudWatch__AuditLogGroup: '/identity-server/audit-log' + AWS__SystemsManager__ParameterStore__DataProtectionPrefix: '/k8s/identity-server/DataProtectionSecret' + Application__AllowedRedirectUris: 'https://beta.dev01.devland.is/minarsidur,https://beta.dev01.devland.is/umsoknir,http://localhost:4200/minarsidur,http://localhost:4242/umsoknir' + Application__MinCompletionPortThreads: '10' + AudkenniSettings__Retries: '24' + CORECLR_ENABLE_PROFILING: '1' + CORECLR_PROFILER: '{846F5F1C-F9AE-4B07-969E-05C26BC060D8}' + CORECLR_PROFILER_PATH: '/opt/datadog/Datadog.Trace.ClrProfiler.Native.so' + CacheSettings__Enabled: 'true' + ContentfulSettings__BaseAddress: 'https://preview.contentful.com' + DD_DOTNET_TRACER_HOME: '/opt/datadog' + DD_INTEGRATIONS: '/opt/datadog/integrations.json' + DD_TRACE_DEBUG: 'true' + Datadog__Metrics__Port: '5003' + IdentityServer__ConsentsScope: '@island.is/auth/consents' + IdentityServer__EnableFakeLogin: 'true' + IdentityServer__EnableFeatureDeploymentWildcards: 'true' + IdentityServer__KeyManagement__Enabled: 'true' + IdentityServer__SigningCertificate__Path: '/etc/config/ids-signing.pfx' + LOG_LEVEL: 'info' + MeUserProfileApiSettings__BaseAddress: 'http://web-service-portal-api.service-portal.svc.cluster.local' + NODE_OPTIONS: '--max-old-space-size=1843 -r dd-trace/init' + PersistenceSettings__BaseAddress: 'http://web-services-auth-ids-api' + PersistenceSettings__DelegationsCacheEnabled: 'false' + RedisSettings__Address: 'clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com' + RedisSettings__Port: '6379' + SERVERSIDE_FEATURES_ON: '' + SessionsApiSettings__BaseAddress: 'http://web-services-sessions.services-sessions.svc.cluster.local' +files: + - 'ids-signing.pfx' +grantNamespaces: + - 'nginx-ingress-external' + - 'user-notification' + - 'portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + port: 5010 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/identity-server' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/identity-server' - create: true + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'identity-server.dev01.devland.is' + paths: + - '/' +namespace: 'identity-server' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: + - accessModes: 'ReadWriteMany' + mountPath: '/keys' name: 'identity-server' + size: '1Gi' + storageClass: 'efs-csi' + useExisting: false +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '4000m' + memory: '2048Mi' + requests: + cpu: '1000m' + memory: '1024Mi' +secrets: + AudkenniSettings__ClientId: '/k8s/identity-server/AudkenniClientId' + AudkenniSettings__ClientSecret: '/k8s/identity-server/AudkenniClientSecret' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ContentfulSettings__AccessToken: '/k8s/identity-server/CONTENTFUL_ACCESS_TOKEN' + FeatureFlags__ConfigCatSdkKey: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IdentityServer__FakePersons: '/k8s/identity-server/FakePersons' + IdentityServer__LicenseKey: '/k8s/identity-server/LicenseKey' + IdentityServer__SigningCertificate__Passphrase: '/k8s/identity-server/SigningCertificatePassphrase' + PersistenceSettings__AccessTokenManagementSettings__ClientSecret: '/k8s/identity-server/ClientSecret' + Redaction__UserIdentifiers__Key: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY' + Redaction__UserIdentifiers__KeyId: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY_ID' + Scopes__Admin__RootAccessList: '/k8s/identity-server/AdminRootAccessList' +securityContext: + allowPrivilegeEscalation: false + privileged: false +service: + targetPort: 5000 +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/identity-server' + create: true + name: 'identity-server' diff --git a/charts/services/identity-server/values.prod.yaml b/charts/services/identity-server/values.prod.yaml index f26f3a86b7c0..d086237e7757 100644 --- a/charts/services/identity-server/values.prod.yaml +++ b/charts/services/identity-server/values.prod.yaml @@ -5,125 +5,135 @@ # ##################################################################### -service: - name: 'identity-server' - annotations: - ad.datadoghq.com/identity-server.check_names: '["openmetrics"]' - ad.datadoghq.com/identity-server.init_configs: '[{}]' - ad.datadoghq.com/identity-server.instances: '[{"prometheus_url": "http://%%host%%:5003/metrics","namespace": "identity-server","metrics":["*"]}]' - ad.datadoghq.com/identity-server.logs: '[{"service": "identity-server", "source": "csharp"}]' - enabled: true +global: env: - ASPNETCORE_URLS: 'http://*:5000' - AWS__CloudWatch__AuditLogGroup: '/identity-server/audit-log' - AWS__SystemsManager__ParameterStore__DataProtectionPrefix: '/k8s/identity-server/DataProtectionSecret' - Application__AllowedRedirectUris: 'https://island.is/minarsidur,https://island.is/umsoknir' - Application__MinCompletionPortThreads: '10' - AudkenniSettings__Retries: '24' - CORECLR_ENABLE_PROFILING: '1' - CORECLR_PROFILER: '{846F5F1C-F9AE-4B07-969E-05C26BC060D8}' - CORECLR_PROFILER_PATH: '/opt/datadog/Datadog.Trace.ClrProfiler.Native.so' - CacheSettings__Enabled: 'true' - ContentfulSettings__BaseAddress: 'https://cdn.contentful.com' - DD_DOTNET_TRACER_HOME: '/opt/datadog' - DD_INTEGRATIONS: '/opt/datadog/integrations.json' - DD_TRACE_DEBUG: 'true' - Datadog__Metrics__Port: '5003' - IdentityServer__ConsentsScope: '@island.is/auth/consents' - IdentityServer__EnableFakeLogin: 'true' - IdentityServer__EnableFeatureDeploymentWildcards: 'false' - IdentityServer__KeyManagement__Enabled: 'true' - IdentityServer__SigningCertificate__Path: '/etc/config/ids-signing.pfx' - LOG_LEVEL: 'info' - MeUserProfileApiSettings__BaseAddress: 'https://service-portal-api.internal.island.is' - NODE_OPTIONS: '--max-old-space-size=1843 -r dd-trace/init' - PersistenceSettings__BaseAddress: 'http://web-services-auth-ids-api' - PersistenceSettings__DelegationsCacheEnabled: 'true' - RedisSettings__Address: 'clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com' - RedisSettings__Port: '6379' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SessionsApiSettings__BaseAddress: 'https://sessions-api.internal.island.is' - files: - - 'ids-signing.pfx' - grantNamespaces: - - 'nginx-ingress-external' - - 'user-notification' - - 'portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - port: 5010 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/identity-server' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'innskra.island.is' - paths: - - '/' - namespace: 'identity-server' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: - - accessModes: 'ReadWriteMany' - mountPath: '/keys' - name: 'identity-server' - size: '1Gi' - storageClass: 'efs-csi' - useExisting: false - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '4000m' - memory: '2048Mi' - requests: - cpu: '1000m' - memory: '1024Mi' - secrets: - AudkenniSettings__ClientId: '/k8s/identity-server/AudkenniClientId' - AudkenniSettings__ClientSecret: '/k8s/identity-server/AudkenniClientSecret' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ContentfulSettings__AccessToken: '/k8s/identity-server/CONTENTFUL_ACCESS_TOKEN' - FeatureFlags__ConfigCatSdkKey: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IdentityServer__FakePersons: '/k8s/identity-server/FakePersons' - IdentityServer__LicenseKey: '/k8s/identity-server/LicenseKey' - IdentityServer__SigningCertificate__Passphrase: '/k8s/identity-server/SigningCertificatePassphrase' - PersistenceSettings__AccessTokenManagementSettings__ClientSecret: '/k8s/identity-server/ClientSecret' - Redaction__UserIdentifiers__Key: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY' - Redaction__UserIdentifiers__KeyId: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY_ID' - Scopes__Admin__RootAccessList: '/k8s/identity-server/AdminRootAccessList' - securityContext: - allowPrivilegeEscalation: false - privileged: false - service: - targetPort: 5000 - serviceAccount: + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'identity-server' +annotations: + ad.datadoghq.com/identity-server.check_names: '["openmetrics"]' + ad.datadoghq.com/identity-server.init_configs: '[{}]' + ad.datadoghq.com/identity-server.instances: '[{"prometheus_url": "http://%%host%%:5003/metrics","namespace": "identity-server","metrics":["*"]}]' + ad.datadoghq.com/identity-server.logs: '[{"service": "identity-server", "source": "csharp"}]' +enabled: true +env: + ASPNETCORE_URLS: 'http://*:5000' + AWS__CloudWatch__AuditLogGroup: '/identity-server/audit-log' + AWS__SystemsManager__ParameterStore__DataProtectionPrefix: '/k8s/identity-server/DataProtectionSecret' + Application__AllowedRedirectUris: 'https://island.is/minarsidur,https://island.is/umsoknir' + Application__MinCompletionPortThreads: '10' + AudkenniSettings__Retries: '24' + CORECLR_ENABLE_PROFILING: '1' + CORECLR_PROFILER: '{846F5F1C-F9AE-4B07-969E-05C26BC060D8}' + CORECLR_PROFILER_PATH: '/opt/datadog/Datadog.Trace.ClrProfiler.Native.so' + CacheSettings__Enabled: 'true' + ContentfulSettings__BaseAddress: 'https://cdn.contentful.com' + DD_DOTNET_TRACER_HOME: '/opt/datadog' + DD_INTEGRATIONS: '/opt/datadog/integrations.json' + DD_TRACE_DEBUG: 'true' + Datadog__Metrics__Port: '5003' + IdentityServer__ConsentsScope: '@island.is/auth/consents' + IdentityServer__EnableFakeLogin: 'true' + IdentityServer__EnableFeatureDeploymentWildcards: 'false' + IdentityServer__KeyManagement__Enabled: 'true' + IdentityServer__SigningCertificate__Path: '/etc/config/ids-signing.pfx' + LOG_LEVEL: 'info' + MeUserProfileApiSettings__BaseAddress: 'https://service-portal-api.internal.island.is' + NODE_OPTIONS: '--max-old-space-size=1843 -r dd-trace/init' + PersistenceSettings__BaseAddress: 'http://web-services-auth-ids-api' + PersistenceSettings__DelegationsCacheEnabled: 'true' + RedisSettings__Address: 'clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com' + RedisSettings__Port: '6379' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SessionsApiSettings__BaseAddress: 'https://sessions-api.internal.island.is' +files: + - 'ids-signing.pfx' +grantNamespaces: + - 'nginx-ingress-external' + - 'user-notification' + - 'portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + port: 5010 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/identity-server' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::567113216315:role/identity-server' - create: true + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'innskra.island.is' + paths: + - '/' +namespace: 'identity-server' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: + - accessModes: 'ReadWriteMany' + mountPath: '/keys' name: 'identity-server' + size: '1Gi' + storageClass: 'efs-csi' + useExisting: false +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '4000m' + memory: '2048Mi' + requests: + cpu: '1000m' + memory: '1024Mi' +secrets: + AudkenniSettings__ClientId: '/k8s/identity-server/AudkenniClientId' + AudkenniSettings__ClientSecret: '/k8s/identity-server/AudkenniClientSecret' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ContentfulSettings__AccessToken: '/k8s/identity-server/CONTENTFUL_ACCESS_TOKEN' + FeatureFlags__ConfigCatSdkKey: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IdentityServer__FakePersons: '/k8s/identity-server/FakePersons' + IdentityServer__LicenseKey: '/k8s/identity-server/LicenseKey' + IdentityServer__SigningCertificate__Passphrase: '/k8s/identity-server/SigningCertificatePassphrase' + PersistenceSettings__AccessTokenManagementSettings__ClientSecret: '/k8s/identity-server/ClientSecret' + Redaction__UserIdentifiers__Key: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY' + Redaction__UserIdentifiers__KeyId: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY_ID' + Scopes__Admin__RootAccessList: '/k8s/identity-server/AdminRootAccessList' +securityContext: + allowPrivilegeEscalation: false + privileged: false +service: + targetPort: 5000 +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::567113216315:role/identity-server' + create: true + name: 'identity-server' diff --git a/charts/services/identity-server/values.staging.yaml b/charts/services/identity-server/values.staging.yaml index 7854f38db94e..aa4536101391 100644 --- a/charts/services/identity-server/values.staging.yaml +++ b/charts/services/identity-server/values.staging.yaml @@ -5,126 +5,136 @@ # ##################################################################### -service: - name: 'identity-server' - annotations: - ad.datadoghq.com/identity-server.check_names: '["openmetrics"]' - ad.datadoghq.com/identity-server.init_configs: '[{}]' - ad.datadoghq.com/identity-server.instances: '[{"prometheus_url": "http://%%host%%:5003/metrics","namespace": "identity-server","metrics":["*"]}]' - ad.datadoghq.com/identity-server.logs: '[{"service": "identity-server", "source": "csharp"}]' - enabled: true +global: env: - ASPNETCORE_URLS: 'http://*:5000' - AWS__CloudWatch__AuditLogGroup: '/identity-server/audit-log' - AWS__SystemsManager__ParameterStore__DataProtectionPrefix: '/k8s/identity-server/DataProtectionSecret' - Application__AllowedRedirectUris: 'https://beta.staging01.devland.is/minarsidur,https://beta.staging01.devland.is/umsoknir' - Application__MinCompletionPortThreads: '10' - AudkenniSettings__Retries: '24' - CORECLR_ENABLE_PROFILING: '1' - CORECLR_PROFILER: '{846F5F1C-F9AE-4B07-969E-05C26BC060D8}' - CORECLR_PROFILER_PATH: '/opt/datadog/Datadog.Trace.ClrProfiler.Native.so' - CacheSettings__Enabled: 'true' - ContentfulSettings__BaseAddress: 'https://cdn.contentful.com' - DD_DOTNET_TRACER_HOME: '/opt/datadog' - DD_INTEGRATIONS: '/opt/datadog/integrations.json' - DD_TRACE_DEBUG: 'true' - Datadog__Metrics__Port: '5003' - IdentityServer__ConsentsScope: '@island.is/auth/consents' - IdentityServer__EnableFakeLogin: 'true' - IdentityServer__EnableFeatureDeploymentWildcards: 'true' - IdentityServer__KeyManagement__Enabled: 'true' - IdentityServer__SigningCertificate__Path: '/etc/config/ids-signing.pfx' - LOG_LEVEL: 'info' - MeUserProfileApiSettings__BaseAddress: 'http://web-service-portal-api.service-portal.svc.cluster.local' - NODE_OPTIONS: '--max-old-space-size=1843 -r dd-trace/init' - PersistenceSettings__BaseAddress: 'http://web-services-auth-ids-api' - PersistenceSettings__DelegationsCacheEnabled: 'false' - RedisSettings__Address: 'clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com' - RedisSettings__Port: '6379' - SERVERSIDE_FEATURES_ON: '' - SessionsApiSettings__BaseAddress: 'http://web-services-sessions.services-sessions.svc.cluster.local' - files: - - 'ids-signing.pfx' - grantNamespaces: - - 'nginx-ingress-external' - - 'user-notification' - - 'portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - port: 5010 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/identity-server' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'identity-server.staging01.devland.is' - paths: - - '/' - namespace: 'identity-server' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: - - accessModes: 'ReadWriteMany' - mountPath: '/keys' - name: 'identity-server' - size: '1Gi' - storageClass: 'efs-csi' - useExisting: false - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '4000m' - memory: '2048Mi' - requests: - cpu: '1000m' - memory: '1024Mi' - secrets: - AudkenniSettings__ClientId: '/k8s/identity-server/AudkenniClientId' - AudkenniSettings__ClientSecret: '/k8s/identity-server/AudkenniClientSecret' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ContentfulSettings__AccessToken: '/k8s/identity-server/CONTENTFUL_ACCESS_TOKEN' - FeatureFlags__ConfigCatSdkKey: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IdentityServer__FakePersons: '/k8s/identity-server/FakePersons' - IdentityServer__LicenseKey: '/k8s/identity-server/LicenseKey' - IdentityServer__SigningCertificate__Passphrase: '/k8s/identity-server/SigningCertificatePassphrase' - PersistenceSettings__AccessTokenManagementSettings__ClientSecret: '/k8s/identity-server/ClientSecret' - Redaction__UserIdentifiers__Key: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY' - Redaction__UserIdentifiers__KeyId: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY_ID' - Scopes__Admin__RootAccessList: '/k8s/identity-server/AdminRootAccessList' - securityContext: - allowPrivilegeEscalation: false - privileged: false - service: - targetPort: 5000 - serviceAccount: + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'identity-server' +annotations: + ad.datadoghq.com/identity-server.check_names: '["openmetrics"]' + ad.datadoghq.com/identity-server.init_configs: '[{}]' + ad.datadoghq.com/identity-server.instances: '[{"prometheus_url": "http://%%host%%:5003/metrics","namespace": "identity-server","metrics":["*"]}]' + ad.datadoghq.com/identity-server.logs: '[{"service": "identity-server", "source": "csharp"}]' +enabled: true +env: + ASPNETCORE_URLS: 'http://*:5000' + AWS__CloudWatch__AuditLogGroup: '/identity-server/audit-log' + AWS__SystemsManager__ParameterStore__DataProtectionPrefix: '/k8s/identity-server/DataProtectionSecret' + Application__AllowedRedirectUris: 'https://beta.staging01.devland.is/minarsidur,https://beta.staging01.devland.is/umsoknir' + Application__MinCompletionPortThreads: '10' + AudkenniSettings__Retries: '24' + CORECLR_ENABLE_PROFILING: '1' + CORECLR_PROFILER: '{846F5F1C-F9AE-4B07-969E-05C26BC060D8}' + CORECLR_PROFILER_PATH: '/opt/datadog/Datadog.Trace.ClrProfiler.Native.so' + CacheSettings__Enabled: 'true' + ContentfulSettings__BaseAddress: 'https://cdn.contentful.com' + DD_DOTNET_TRACER_HOME: '/opt/datadog' + DD_INTEGRATIONS: '/opt/datadog/integrations.json' + DD_TRACE_DEBUG: 'true' + Datadog__Metrics__Port: '5003' + IdentityServer__ConsentsScope: '@island.is/auth/consents' + IdentityServer__EnableFakeLogin: 'true' + IdentityServer__EnableFeatureDeploymentWildcards: 'true' + IdentityServer__KeyManagement__Enabled: 'true' + IdentityServer__SigningCertificate__Path: '/etc/config/ids-signing.pfx' + LOG_LEVEL: 'info' + MeUserProfileApiSettings__BaseAddress: 'http://web-service-portal-api.service-portal.svc.cluster.local' + NODE_OPTIONS: '--max-old-space-size=1843 -r dd-trace/init' + PersistenceSettings__BaseAddress: 'http://web-services-auth-ids-api' + PersistenceSettings__DelegationsCacheEnabled: 'false' + RedisSettings__Address: 'clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com' + RedisSettings__Port: '6379' + SERVERSIDE_FEATURES_ON: '' + SessionsApiSettings__BaseAddress: 'http://web-services-sessions.services-sessions.svc.cluster.local' +files: + - 'ids-signing.pfx' +grantNamespaces: + - 'nginx-ingress-external' + - 'user-notification' + - 'portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + port: 5010 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/identity-server' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/identity-server' - create: true + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'identity-server.staging01.devland.is' + paths: + - '/' +namespace: 'identity-server' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: + - accessModes: 'ReadWriteMany' + mountPath: '/keys' name: 'identity-server' + size: '1Gi' + storageClass: 'efs-csi' + useExisting: false +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '4000m' + memory: '2048Mi' + requests: + cpu: '1000m' + memory: '1024Mi' +secrets: + AudkenniSettings__ClientId: '/k8s/identity-server/AudkenniClientId' + AudkenniSettings__ClientSecret: '/k8s/identity-server/AudkenniClientSecret' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ContentfulSettings__AccessToken: '/k8s/identity-server/CONTENTFUL_ACCESS_TOKEN' + FeatureFlags__ConfigCatSdkKey: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IdentityServer__FakePersons: '/k8s/identity-server/FakePersons' + IdentityServer__LicenseKey: '/k8s/identity-server/LicenseKey' + IdentityServer__SigningCertificate__Passphrase: '/k8s/identity-server/SigningCertificatePassphrase' + PersistenceSettings__AccessTokenManagementSettings__ClientSecret: '/k8s/identity-server/ClientSecret' + Redaction__UserIdentifiers__Key: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY' + Redaction__UserIdentifiers__KeyId: '/k8s/identity-server/redaction/USER_IDENTIFIERS_KEY_ID' + Scopes__Admin__RootAccessList: '/k8s/identity-server/AdminRootAccessList' +securityContext: + allowPrivilegeEscalation: false + privileged: false +service: + targetPort: 5000 +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/identity-server' + create: true + name: 'identity-server' diff --git a/charts/services/island-ui-storybook/values.dev.yaml b/charts/services/island-ui-storybook/values.dev.yaml index 008d92091347..56d678d31374 100644 --- a/charts/services/island-ui-storybook/values.dev.yaml +++ b/charts/services/island-ui-storybook/values.dev.yaml @@ -5,61 +5,71 @@ # ##################################################################### -service: - name: 'island-ui-storybook' - enabled: true +global: env: - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/island-ui-storybook' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'ui.dev01.devland.is' - paths: - - '/' - namespace: 'storybook' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '10m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'island-ui-storybook' +enabled: true +env: + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/island-ui-storybook' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'ui.dev01.devland.is' + paths: + - '/' +namespace: 'storybook' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '10m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/island-ui-storybook/values.prod.yaml b/charts/services/island-ui-storybook/values.prod.yaml index 49cc05b33aa3..791becea125c 100644 --- a/charts/services/island-ui-storybook/values.prod.yaml +++ b/charts/services/island-ui-storybook/values.prod.yaml @@ -5,61 +5,71 @@ # ##################################################################### -service: - name: 'island-ui-storybook' - enabled: true +global: env: - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/island-ui-storybook' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'ui.devland.is' - paths: - - '/' - namespace: 'storybook' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '10m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'island-ui-storybook' +enabled: true +env: + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/island-ui-storybook' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'ui.devland.is' + paths: + - '/' +namespace: 'storybook' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '10m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/island-ui-storybook/values.staging.yaml b/charts/services/island-ui-storybook/values.staging.yaml index 6415e07e2966..c87574ded2bd 100644 --- a/charts/services/island-ui-storybook/values.staging.yaml +++ b/charts/services/island-ui-storybook/values.staging.yaml @@ -5,61 +5,71 @@ # ##################################################################### -service: - name: 'island-ui-storybook' - enabled: true +global: env: - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/island-ui-storybook' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'ui.staging01.devland.is' - paths: - - '/' - namespace: 'storybook' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '10m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'island-ui-storybook' +enabled: true +env: + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/island-ui-storybook' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'ui.staging01.devland.is' + paths: + - '/' +namespace: 'storybook' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '10m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/judicial-system-api/values.dev.yaml b/charts/services/judicial-system-api/values.dev.yaml index 247138664310..e75e315ee73f 100644 --- a/charts/services/judicial-system-api/values.dev.yaml +++ b/charts/services/judicial-system-api/values.dev.yaml @@ -5,90 +5,100 @@ # ##################################################################### -service: - name: 'judicial-system-api' - enabled: true +global: env: - ALLOW_AUTH_BYPASS: 'true' - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - AUTH_IDS_CLIENT_ID: '@rettarvorslugatt.island.is/web' - AUTH_IDS_LOGOUT_REDIRECT_URI: 'https://judicial-system.dev01.devland.is' - AUTH_IDS_REDIRECT_URI: 'https://judicial-system.dev01.devland.is/api/auth/callback/identity-server' - AUTH_IDS_SCOPE: 'openid profile' - BACKEND_URL: 'http://web-judicial-system-backend' - CONTENTFUL_ENVIRONMENT: 'test' - CONTENTFUL_HOST: 'preview.contentful.com' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 8 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system.dev01.devland.is' - paths: - - '/api/graphql' - - '/api/auth' - - '/api/case' - - '/api/feature' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '350m' - memory: '512Mi' - requests: - cpu: '200m' - memory: '256Mi' - secrets: - AUTH_IDS_SECRET: '/k8s/judicial-system/AUTH_IDS_SECRET' - AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-api' +enabled: true +env: + ALLOW_AUTH_BYPASS: 'true' + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + AUTH_IDS_CLIENT_ID: '@rettarvorslugatt.island.is/web' + AUTH_IDS_LOGOUT_REDIRECT_URI: 'https://judicial-system.dev01.devland.is' + AUTH_IDS_REDIRECT_URI: 'https://judicial-system.dev01.devland.is/api/auth/callback/identity-server' + AUTH_IDS_SCOPE: 'openid profile' + BACKEND_URL: 'http://web-judicial-system-backend' + CONTENTFUL_ENVIRONMENT: 'test' + CONTENTFUL_HOST: 'preview.contentful.com' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 8 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-api' - create: true - name: 'judicial-system-api' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system.dev01.devland.is' + paths: + - '/api/graphql' + - '/api/auth' + - '/api/case' + - '/api/feature' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '350m' + memory: '512Mi' + requests: + cpu: '200m' + memory: '256Mi' +secrets: + AUTH_IDS_SECRET: '/k8s/judicial-system/AUTH_IDS_SECRET' + AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-api' + create: true + name: 'judicial-system-api' diff --git a/charts/services/judicial-system-api/values.prod.yaml b/charts/services/judicial-system-api/values.prod.yaml index b1c2f8200a09..ab1715803fe2 100644 --- a/charts/services/judicial-system-api/values.prod.yaml +++ b/charts/services/judicial-system-api/values.prod.yaml @@ -5,90 +5,100 @@ # ##################################################################### -service: - name: 'judicial-system-api' - enabled: true +global: env: - ALLOW_AUTH_BYPASS: 'false' - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - AUTH_IDS_CLIENT_ID: '@rettarvorslugatt.island.is/web' - AUTH_IDS_LOGOUT_REDIRECT_URI: 'https://rettarvorslugatt.island.is' - AUTH_IDS_REDIRECT_URI: 'https://rettarvorslugatt.island.is/api/auth/callback/identity-server' - AUTH_IDS_SCOPE: 'openid profile' - BACKEND_URL: 'http://web-judicial-system-backend' - CONTENTFUL_ENVIRONMENT: 'master' - CONTENTFUL_HOST: 'cdn.contentful.com' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 8 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'rettarvorslugatt.island.is' - paths: - - '/api/graphql' - - '/api/auth' - - '/api/case' - - '/api/feature' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '350m' - memory: '512Mi' - requests: - cpu: '200m' - memory: '256Mi' - secrets: - AUTH_IDS_SECRET: '/k8s/judicial-system/AUTH_IDS_SECRET' - AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-api' +enabled: true +env: + ALLOW_AUTH_BYPASS: 'false' + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + AUTH_IDS_CLIENT_ID: '@rettarvorslugatt.island.is/web' + AUTH_IDS_LOGOUT_REDIRECT_URI: 'https://rettarvorslugatt.island.is' + AUTH_IDS_REDIRECT_URI: 'https://rettarvorslugatt.island.is/api/auth/callback/identity-server' + AUTH_IDS_SCOPE: 'openid profile' + BACKEND_URL: 'http://web-judicial-system-backend' + CONTENTFUL_ENVIRONMENT: 'master' + CONTENTFUL_HOST: 'cdn.contentful.com' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 8 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-api' - create: true - name: 'judicial-system-api' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'rettarvorslugatt.island.is' + paths: + - '/api/graphql' + - '/api/auth' + - '/api/case' + - '/api/feature' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '350m' + memory: '512Mi' + requests: + cpu: '200m' + memory: '256Mi' +secrets: + AUTH_IDS_SECRET: '/k8s/judicial-system/AUTH_IDS_SECRET' + AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-api' + create: true + name: 'judicial-system-api' diff --git a/charts/services/judicial-system-api/values.staging.yaml b/charts/services/judicial-system-api/values.staging.yaml index 16fda6b774fd..a583ab3662e8 100644 --- a/charts/services/judicial-system-api/values.staging.yaml +++ b/charts/services/judicial-system-api/values.staging.yaml @@ -5,90 +5,100 @@ # ##################################################################### -service: - name: 'judicial-system-api' - enabled: true +global: env: - ALLOW_AUTH_BYPASS: 'true' - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - AUTH_IDS_CLIENT_ID: '@rettarvorslugatt.island.is/web' - AUTH_IDS_LOGOUT_REDIRECT_URI: 'https://judicial-system.staging01.devland.is' - AUTH_IDS_REDIRECT_URI: 'https://judicial-system.staging01.devland.is/api/auth/callback/identity-server' - AUTH_IDS_SCOPE: 'openid profile' - BACKEND_URL: 'http://web-judicial-system-backend' - CONTENTFUL_ENVIRONMENT: 'test' - CONTENTFUL_HOST: 'cdn.contentful.com' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 8 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system.staging01.devland.is' - paths: - - '/api/graphql' - - '/api/auth' - - '/api/case' - - '/api/feature' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '350m' - memory: '512Mi' - requests: - cpu: '200m' - memory: '256Mi' - secrets: - AUTH_IDS_SECRET: '/k8s/judicial-system/AUTH_IDS_SECRET' - AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-api' +enabled: true +env: + ALLOW_AUTH_BYPASS: 'true' + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + AUTH_IDS_CLIENT_ID: '@rettarvorslugatt.island.is/web' + AUTH_IDS_LOGOUT_REDIRECT_URI: 'https://judicial-system.staging01.devland.is' + AUTH_IDS_REDIRECT_URI: 'https://judicial-system.staging01.devland.is/api/auth/callback/identity-server' + AUTH_IDS_SCOPE: 'openid profile' + BACKEND_URL: 'http://web-judicial-system-backend' + CONTENTFUL_ENVIRONMENT: 'test' + CONTENTFUL_HOST: 'cdn.contentful.com' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 8 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-api' - create: true - name: 'judicial-system-api' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system.staging01.devland.is' + paths: + - '/api/graphql' + - '/api/auth' + - '/api/case' + - '/api/feature' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '350m' + memory: '512Mi' + requests: + cpu: '200m' + memory: '256Mi' +secrets: + AUTH_IDS_SECRET: '/k8s/judicial-system/AUTH_IDS_SECRET' + AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-api' + create: true + name: 'judicial-system-api' diff --git a/charts/services/judicial-system-backend/values.dev.yaml b/charts/services/judicial-system-backend/values.dev.yaml index d655530e832d..a465bbe63300 100644 --- a/charts/services/judicial-system-backend/values.dev.yaml +++ b/charts/services/judicial-system-backend/values.dev.yaml @@ -5,140 +5,150 @@ # ##################################################################### -service: - name: 'judicial-system-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-backend' +enabled: true +env: + CLIENT_URL: 'https://judicial-system.dev01.devland.is' + CONTENTFUL_ENVIRONMENT: 'test' + CONTENTFUL_HOST: 'preview.contentful.com' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'judicial_system' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'judicial_system' + DOKOBIT_URL: 'https://developers.dokobit.com' + EMAIL_REGION: 'eu-west-1' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'true' + S3_BUCKET: 'island-is-dev-upload-judicial-system' + S3_REGION: 'eu-west-1' + S3_TIME_TO_LIVE_GET: '5' + S3_TIME_TO_LIVE_POST: '15' + SERVERSIDE_FEATURES_ON: '' + SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' + SQS_QUEUE_NAME: 'sqs-judicial-system' + SQS_REGION: 'eu-west-1' + USE_MICROSOFT_GRAPH_API_FOR_COURT_ROBOT: 'false' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10014/Rettarvorslugatt-Client' + XROAD_COURT_API_PATH: '/Domstolasyslan/JusticePortal-v1' + XROAD_COURT_MEMBER_CODE: '10019' + XROAD_POLICE_API_PATH: '/Logreglan-Private/rettarvarsla-v1' + XROAD_POLICE_MEMBER_CODE: '10005' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-backend' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - CLIENT_URL: 'https://judicial-system.dev01.devland.is' - CONTENTFUL_ENVIRONMENT: 'test' - CONTENTFUL_HOST: 'preview.contentful.com' DB_HOST: 'postgres-applications.internal' DB_NAME: 'judicial_system' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'judicial_system' - DOKOBIT_URL: 'https://developers.dokobit.com' - EMAIL_REGION: 'eu-west-1' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'true' - S3_BUCKET: 'island-is-dev-upload-judicial-system' - S3_REGION: 'eu-west-1' - S3_TIME_TO_LIVE_GET: '5' - S3_TIME_TO_LIVE_POST: '15' SERVERSIDE_FEATURES_ON: '' - SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' - SQS_QUEUE_NAME: 'sqs-judicial-system' - SQS_REGION: 'eu-west-1' - USE_MICROSOFT_GRAPH_API_FOR_COURT_ROBOT: 'false' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10014/Rettarvorslugatt-Client' - XROAD_COURT_API_PATH: '/Domstolasyslan/JusticePortal-v1' - XROAD_COURT_MEMBER_CODE: '10019' - XROAD_POLICE_API_PATH: '/Logreglan-Private/rettarvarsla-v1' - XROAD_POLICE_MEMBER_CODE: '10005' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-backend' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'judicial_system' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'judicial_system' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/judicial-system/DB_PASSWORD' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '1024Mi' - requests: - cpu: '100m' - memory: '512Mi' secrets: - ADMIN_USERS: '/k8s/judicial-system/ADMIN_USERS' - ARCHIVE_ENCRYPTION_KEY: '/k8s/judicial-system/ARCHIVE_ENCRYPTION_KEY' - AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' - COURTS_ASSISTANT_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_ASSISTANT_MOBILE_NUMBERS' - COURTS_EMAILS: '/k8s/judicial-system/COURTS_EMAILS' - COURTS_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_MOBILE_NUMBERS' - COURT_ROBOT_CLIENT_ID: '/k8s/judicial-system/COURT_ROBOT_CLIENT_ID' - COURT_ROBOT_CLIENT_SECRET: '/k8s/judicial-system/COURT_ROBOT_CLIENT_SECRET' - COURT_ROBOT_EMAIL: '/k8s/judicial-system/COURT_ROBOT_EMAIL' - COURT_ROBOT_TENANT_ID: '/k8s/judicial-system/COURT_ROBOT_TENANT_ID' - COURT_ROBOT_USER: '/k8s/judicial-system/COURT_ROBOT_USER' DB_PASS: '/k8s/judicial-system/DB_PASSWORD' - DOKOBIT_ACCESS_TOKEN: '/k8s/judicial-system/DOKOBIT_ACCESS_TOKEN' - EMAIL_FROM: '/k8s/judicial-system/EMAIL_FROM' - EMAIL_FROM_NAME: '/k8s/judicial-system/EMAIL_FROM_NAME' - EMAIL_REPLY_TO: '/k8s/judicial-system/EMAIL_REPLY_TO' - EMAIL_REPLY_TO_NAME: '/k8s/judicial-system/EMAIL_REPLY_TO_NAME' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - EVENT_URL: '/k8s/judicial-system/EVENT_URL' - NOVA_PASSWORD: '/k8s/judicial-system/NOVA_PASSWORD' - NOVA_URL: '/k8s/judicial-system/NOVA_URL' - NOVA_USERNAME: '/k8s/judicial-system/NOVA_USERNAME' - PRISON_ADMIN_EMAIL: '/k8s/judicial-system/PRISON_ADMIN_EMAIL' - PRISON_EMAIL: '/k8s/judicial-system/PRISON_EMAIL' - XROAD_CLIENT_CERT: '/k8s/judicial-system/XROAD_CLIENT_CERT' - XROAD_CLIENT_KEY: '/k8s/judicial-system/XROAD_CLIENT_KEY' - XROAD_CLIENT_PEM: '/k8s/judicial-system/XROAD_CLIENT_PEM' - XROAD_COURTS_CREDENTIALS: '/k8s/judicial-system/COURTS_CREDENTIALS' - XROAD_POLICE_API_KEY: '/k8s/judicial-system/XROAD_POLICE_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-backend' - create: true - name: 'judicial-system-backend' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '1024Mi' + requests: + cpu: '100m' + memory: '512Mi' +secrets: + ADMIN_USERS: '/k8s/judicial-system/ADMIN_USERS' + ARCHIVE_ENCRYPTION_KEY: '/k8s/judicial-system/ARCHIVE_ENCRYPTION_KEY' + AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' + COURTS_ASSISTANT_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_ASSISTANT_MOBILE_NUMBERS' + COURTS_EMAILS: '/k8s/judicial-system/COURTS_EMAILS' + COURTS_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_MOBILE_NUMBERS' + COURT_ROBOT_CLIENT_ID: '/k8s/judicial-system/COURT_ROBOT_CLIENT_ID' + COURT_ROBOT_CLIENT_SECRET: '/k8s/judicial-system/COURT_ROBOT_CLIENT_SECRET' + COURT_ROBOT_EMAIL: '/k8s/judicial-system/COURT_ROBOT_EMAIL' + COURT_ROBOT_TENANT_ID: '/k8s/judicial-system/COURT_ROBOT_TENANT_ID' + COURT_ROBOT_USER: '/k8s/judicial-system/COURT_ROBOT_USER' + DB_PASS: '/k8s/judicial-system/DB_PASSWORD' + DOKOBIT_ACCESS_TOKEN: '/k8s/judicial-system/DOKOBIT_ACCESS_TOKEN' + EMAIL_FROM: '/k8s/judicial-system/EMAIL_FROM' + EMAIL_FROM_NAME: '/k8s/judicial-system/EMAIL_FROM_NAME' + EMAIL_REPLY_TO: '/k8s/judicial-system/EMAIL_REPLY_TO' + EMAIL_REPLY_TO_NAME: '/k8s/judicial-system/EMAIL_REPLY_TO_NAME' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' + EVENT_URL: '/k8s/judicial-system/EVENT_URL' + NOVA_PASSWORD: '/k8s/judicial-system/NOVA_PASSWORD' + NOVA_URL: '/k8s/judicial-system/NOVA_URL' + NOVA_USERNAME: '/k8s/judicial-system/NOVA_USERNAME' + PRISON_ADMIN_EMAIL: '/k8s/judicial-system/PRISON_ADMIN_EMAIL' + PRISON_EMAIL: '/k8s/judicial-system/PRISON_EMAIL' + XROAD_CLIENT_CERT: '/k8s/judicial-system/XROAD_CLIENT_CERT' + XROAD_CLIENT_KEY: '/k8s/judicial-system/XROAD_CLIENT_KEY' + XROAD_CLIENT_PEM: '/k8s/judicial-system/XROAD_CLIENT_PEM' + XROAD_COURTS_CREDENTIALS: '/k8s/judicial-system/COURTS_CREDENTIALS' + XROAD_POLICE_API_KEY: '/k8s/judicial-system/XROAD_POLICE_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-backend' + create: true + name: 'judicial-system-backend' diff --git a/charts/services/judicial-system-backend/values.prod.yaml b/charts/services/judicial-system-backend/values.prod.yaml index 6c8344cf116f..e3d753ba6d81 100644 --- a/charts/services/judicial-system-backend/values.prod.yaml +++ b/charts/services/judicial-system-backend/values.prod.yaml @@ -5,140 +5,150 @@ # ##################################################################### -service: - name: 'judicial-system-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-backend' +enabled: true +env: + CLIENT_URL: 'https://rettarvorslugatt.island.is' + CONTENTFUL_ENVIRONMENT: 'master' + CONTENTFUL_HOST: 'cdn.contentful.com' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'judicial_system' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'judicial_system' + DOKOBIT_URL: 'https://ws.dokobit.com' + EMAIL_REGION: 'eu-west-1' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'false' + S3_BUCKET: 'island-is-prod-upload-judicial-system' + S3_REGION: 'eu-west-1' + S3_TIME_TO_LIVE_GET: '5' + S3_TIME_TO_LIVE_POST: '15' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' + SQS_QUEUE_NAME: 'sqs-judicial-system' + SQS_REGION: 'eu-west-1' + USE_MICROSOFT_GRAPH_API_FOR_COURT_ROBOT: 'true' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5804170510/Rettarvorslugatt-Client' + XROAD_COURT_API_PATH: '/Domstolasyslan/JusticePortal-v1' + XROAD_COURT_MEMBER_CODE: '4707171140' + XROAD_POLICE_API_PATH: '/Logreglan-Private/rettarvarsla-v1' + XROAD_POLICE_MEMBER_CODE: '5309672079' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-backend' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - CLIENT_URL: 'https://rettarvorslugatt.island.is' - CONTENTFUL_ENVIRONMENT: 'master' - CONTENTFUL_HOST: 'cdn.contentful.com' DB_HOST: 'postgres-applications.internal' DB_NAME: 'judicial_system' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'judicial_system' - DOKOBIT_URL: 'https://ws.dokobit.com' - EMAIL_REGION: 'eu-west-1' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'false' - S3_BUCKET: 'island-is-prod-upload-judicial-system' - S3_REGION: 'eu-west-1' - S3_TIME_TO_LIVE_GET: '5' - S3_TIME_TO_LIVE_POST: '15' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' - SQS_QUEUE_NAME: 'sqs-judicial-system' - SQS_REGION: 'eu-west-1' - USE_MICROSOFT_GRAPH_API_FOR_COURT_ROBOT: 'true' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5804170510/Rettarvorslugatt-Client' - XROAD_COURT_API_PATH: '/Domstolasyslan/JusticePortal-v1' - XROAD_COURT_MEMBER_CODE: '4707171140' - XROAD_POLICE_API_PATH: '/Logreglan-Private/rettarvarsla-v1' - XROAD_POLICE_MEMBER_CODE: '5309672079' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-backend' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'judicial_system' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'judicial_system' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/judicial-system/DB_PASSWORD' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '1024Mi' - requests: - cpu: '100m' - memory: '512Mi' secrets: - ADMIN_USERS: '/k8s/judicial-system/ADMIN_USERS' - ARCHIVE_ENCRYPTION_KEY: '/k8s/judicial-system/ARCHIVE_ENCRYPTION_KEY' - AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' - COURTS_ASSISTANT_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_ASSISTANT_MOBILE_NUMBERS' - COURTS_EMAILS: '/k8s/judicial-system/COURTS_EMAILS' - COURTS_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_MOBILE_NUMBERS' - COURT_ROBOT_CLIENT_ID: '/k8s/judicial-system/COURT_ROBOT_CLIENT_ID' - COURT_ROBOT_CLIENT_SECRET: '/k8s/judicial-system/COURT_ROBOT_CLIENT_SECRET' - COURT_ROBOT_EMAIL: '/k8s/judicial-system/COURT_ROBOT_EMAIL' - COURT_ROBOT_TENANT_ID: '/k8s/judicial-system/COURT_ROBOT_TENANT_ID' - COURT_ROBOT_USER: '/k8s/judicial-system/COURT_ROBOT_USER' DB_PASS: '/k8s/judicial-system/DB_PASSWORD' - DOKOBIT_ACCESS_TOKEN: '/k8s/judicial-system/DOKOBIT_ACCESS_TOKEN' - EMAIL_FROM: '/k8s/judicial-system/EMAIL_FROM' - EMAIL_FROM_NAME: '/k8s/judicial-system/EMAIL_FROM_NAME' - EMAIL_REPLY_TO: '/k8s/judicial-system/EMAIL_REPLY_TO' - EMAIL_REPLY_TO_NAME: '/k8s/judicial-system/EMAIL_REPLY_TO_NAME' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - EVENT_URL: '/k8s/judicial-system/EVENT_URL' - NOVA_PASSWORD: '/k8s/judicial-system/NOVA_PASSWORD' - NOVA_URL: '/k8s/judicial-system/NOVA_URL' - NOVA_USERNAME: '/k8s/judicial-system/NOVA_USERNAME' - PRISON_ADMIN_EMAIL: '/k8s/judicial-system/PRISON_ADMIN_EMAIL' - PRISON_EMAIL: '/k8s/judicial-system/PRISON_EMAIL' - XROAD_CLIENT_CERT: '/k8s/judicial-system/XROAD_CLIENT_CERT' - XROAD_CLIENT_KEY: '/k8s/judicial-system/XROAD_CLIENT_KEY' - XROAD_CLIENT_PEM: '/k8s/judicial-system/XROAD_CLIENT_PEM' - XROAD_COURTS_CREDENTIALS: '/k8s/judicial-system/COURTS_CREDENTIALS' - XROAD_POLICE_API_KEY: '/k8s/judicial-system/XROAD_POLICE_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-backend' - create: true - name: 'judicial-system-backend' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '1024Mi' + requests: + cpu: '100m' + memory: '512Mi' +secrets: + ADMIN_USERS: '/k8s/judicial-system/ADMIN_USERS' + ARCHIVE_ENCRYPTION_KEY: '/k8s/judicial-system/ARCHIVE_ENCRYPTION_KEY' + AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' + COURTS_ASSISTANT_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_ASSISTANT_MOBILE_NUMBERS' + COURTS_EMAILS: '/k8s/judicial-system/COURTS_EMAILS' + COURTS_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_MOBILE_NUMBERS' + COURT_ROBOT_CLIENT_ID: '/k8s/judicial-system/COURT_ROBOT_CLIENT_ID' + COURT_ROBOT_CLIENT_SECRET: '/k8s/judicial-system/COURT_ROBOT_CLIENT_SECRET' + COURT_ROBOT_EMAIL: '/k8s/judicial-system/COURT_ROBOT_EMAIL' + COURT_ROBOT_TENANT_ID: '/k8s/judicial-system/COURT_ROBOT_TENANT_ID' + COURT_ROBOT_USER: '/k8s/judicial-system/COURT_ROBOT_USER' + DB_PASS: '/k8s/judicial-system/DB_PASSWORD' + DOKOBIT_ACCESS_TOKEN: '/k8s/judicial-system/DOKOBIT_ACCESS_TOKEN' + EMAIL_FROM: '/k8s/judicial-system/EMAIL_FROM' + EMAIL_FROM_NAME: '/k8s/judicial-system/EMAIL_FROM_NAME' + EMAIL_REPLY_TO: '/k8s/judicial-system/EMAIL_REPLY_TO' + EMAIL_REPLY_TO_NAME: '/k8s/judicial-system/EMAIL_REPLY_TO_NAME' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' + EVENT_URL: '/k8s/judicial-system/EVENT_URL' + NOVA_PASSWORD: '/k8s/judicial-system/NOVA_PASSWORD' + NOVA_URL: '/k8s/judicial-system/NOVA_URL' + NOVA_USERNAME: '/k8s/judicial-system/NOVA_USERNAME' + PRISON_ADMIN_EMAIL: '/k8s/judicial-system/PRISON_ADMIN_EMAIL' + PRISON_EMAIL: '/k8s/judicial-system/PRISON_EMAIL' + XROAD_CLIENT_CERT: '/k8s/judicial-system/XROAD_CLIENT_CERT' + XROAD_CLIENT_KEY: '/k8s/judicial-system/XROAD_CLIENT_KEY' + XROAD_CLIENT_PEM: '/k8s/judicial-system/XROAD_CLIENT_PEM' + XROAD_COURTS_CREDENTIALS: '/k8s/judicial-system/COURTS_CREDENTIALS' + XROAD_POLICE_API_KEY: '/k8s/judicial-system/XROAD_POLICE_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-backend' + create: true + name: 'judicial-system-backend' diff --git a/charts/services/judicial-system-backend/values.staging.yaml b/charts/services/judicial-system-backend/values.staging.yaml index 408a7caac2d0..57039508f4ca 100644 --- a/charts/services/judicial-system-backend/values.staging.yaml +++ b/charts/services/judicial-system-backend/values.staging.yaml @@ -5,141 +5,151 @@ # ##################################################################### -service: - name: 'judicial-system-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-backend' +enabled: true +env: + BLOCKED_API_INTEGRATION: 'COURT,POLICE_CASE' + CLIENT_URL: 'https://judicial-system.staging01.devland.is' + CONTENTFUL_ENVIRONMENT: 'test' + CONTENTFUL_HOST: 'cdn.contentful.com' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'judicial_system' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'judicial_system' + DOKOBIT_URL: 'https://developers.dokobit.com' + EMAIL_REGION: 'eu-west-1' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'false' + S3_BUCKET: 'island-is-staging-upload-judicial-system' + S3_REGION: 'eu-west-1' + S3_TIME_TO_LIVE_GET: '5' + S3_TIME_TO_LIVE_POST: '15' + SERVERSIDE_FEATURES_ON: '' + SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' + SQS_QUEUE_NAME: 'sqs-judicial-system' + SQS_REGION: 'eu-west-1' + USE_MICROSOFT_GRAPH_API_FOR_COURT_ROBOT: 'true' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5804170510/Rettarvorslugatt-Client' + XROAD_COURT_API_PATH: '/Domstolasyslan/JusticePortal-v1' + XROAD_COURT_MEMBER_CODE: '4707171140' + XROAD_POLICE_API_PATH: '/Logreglan-Private/rettarvarsla-v1' + XROAD_POLICE_MEMBER_CODE: '5309672079' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-backend' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - BLOCKED_API_INTEGRATION: 'COURT,POLICE_CASE' - CLIENT_URL: 'https://judicial-system.staging01.devland.is' - CONTENTFUL_ENVIRONMENT: 'test' - CONTENTFUL_HOST: 'cdn.contentful.com' DB_HOST: 'postgres-applications.internal' DB_NAME: 'judicial_system' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'judicial_system' - DOKOBIT_URL: 'https://developers.dokobit.com' - EMAIL_REGION: 'eu-west-1' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'false' - S3_BUCKET: 'island-is-staging-upload-judicial-system' - S3_REGION: 'eu-west-1' - S3_TIME_TO_LIVE_GET: '5' - S3_TIME_TO_LIVE_POST: '15' SERVERSIDE_FEATURES_ON: '' - SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' - SQS_QUEUE_NAME: 'sqs-judicial-system' - SQS_REGION: 'eu-west-1' - USE_MICROSOFT_GRAPH_API_FOR_COURT_ROBOT: 'true' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5804170510/Rettarvorslugatt-Client' - XROAD_COURT_API_PATH: '/Domstolasyslan/JusticePortal-v1' - XROAD_COURT_MEMBER_CODE: '4707171140' - XROAD_POLICE_API_PATH: '/Logreglan-Private/rettarvarsla-v1' - XROAD_POLICE_MEMBER_CODE: '5309672079' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-backend' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'judicial_system' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'judicial_system' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/judicial-system/DB_PASSWORD' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '1024Mi' - requests: - cpu: '100m' - memory: '512Mi' secrets: - ADMIN_USERS: '/k8s/judicial-system/ADMIN_USERS' - ARCHIVE_ENCRYPTION_KEY: '/k8s/judicial-system/ARCHIVE_ENCRYPTION_KEY' - AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' - COURTS_ASSISTANT_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_ASSISTANT_MOBILE_NUMBERS' - COURTS_EMAILS: '/k8s/judicial-system/COURTS_EMAILS' - COURTS_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_MOBILE_NUMBERS' - COURT_ROBOT_CLIENT_ID: '/k8s/judicial-system/COURT_ROBOT_CLIENT_ID' - COURT_ROBOT_CLIENT_SECRET: '/k8s/judicial-system/COURT_ROBOT_CLIENT_SECRET' - COURT_ROBOT_EMAIL: '/k8s/judicial-system/COURT_ROBOT_EMAIL' - COURT_ROBOT_TENANT_ID: '/k8s/judicial-system/COURT_ROBOT_TENANT_ID' - COURT_ROBOT_USER: '/k8s/judicial-system/COURT_ROBOT_USER' DB_PASS: '/k8s/judicial-system/DB_PASSWORD' - DOKOBIT_ACCESS_TOKEN: '/k8s/judicial-system/DOKOBIT_ACCESS_TOKEN' - EMAIL_FROM: '/k8s/judicial-system/EMAIL_FROM' - EMAIL_FROM_NAME: '/k8s/judicial-system/EMAIL_FROM_NAME' - EMAIL_REPLY_TO: '/k8s/judicial-system/EMAIL_REPLY_TO' - EMAIL_REPLY_TO_NAME: '/k8s/judicial-system/EMAIL_REPLY_TO_NAME' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - EVENT_URL: '/k8s/judicial-system/EVENT_URL' - NOVA_PASSWORD: '/k8s/judicial-system/NOVA_PASSWORD' - NOVA_URL: '/k8s/judicial-system/NOVA_URL' - NOVA_USERNAME: '/k8s/judicial-system/NOVA_USERNAME' - PRISON_ADMIN_EMAIL: '/k8s/judicial-system/PRISON_ADMIN_EMAIL' - PRISON_EMAIL: '/k8s/judicial-system/PRISON_EMAIL' - XROAD_CLIENT_CERT: '/k8s/judicial-system/XROAD_CLIENT_CERT' - XROAD_CLIENT_KEY: '/k8s/judicial-system/XROAD_CLIENT_KEY' - XROAD_CLIENT_PEM: '/k8s/judicial-system/XROAD_CLIENT_PEM' - XROAD_COURTS_CREDENTIALS: '/k8s/judicial-system/COURTS_CREDENTIALS' - XROAD_POLICE_API_KEY: '/k8s/judicial-system/XROAD_POLICE_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-backend' - create: true - name: 'judicial-system-backend' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '1024Mi' + requests: + cpu: '100m' + memory: '512Mi' +secrets: + ADMIN_USERS: '/k8s/judicial-system/ADMIN_USERS' + ARCHIVE_ENCRYPTION_KEY: '/k8s/judicial-system/ARCHIVE_ENCRYPTION_KEY' + AUTH_JWT_SECRET: '/k8s/judicial-system/AUTH_JWT_SECRET' + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/judicial-system/CONTENTFUL_ACCESS_TOKEN' + COURTS_ASSISTANT_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_ASSISTANT_MOBILE_NUMBERS' + COURTS_EMAILS: '/k8s/judicial-system/COURTS_EMAILS' + COURTS_MOBILE_NUMBERS: '/k8s/judicial-system/COURTS_MOBILE_NUMBERS' + COURT_ROBOT_CLIENT_ID: '/k8s/judicial-system/COURT_ROBOT_CLIENT_ID' + COURT_ROBOT_CLIENT_SECRET: '/k8s/judicial-system/COURT_ROBOT_CLIENT_SECRET' + COURT_ROBOT_EMAIL: '/k8s/judicial-system/COURT_ROBOT_EMAIL' + COURT_ROBOT_TENANT_ID: '/k8s/judicial-system/COURT_ROBOT_TENANT_ID' + COURT_ROBOT_USER: '/k8s/judicial-system/COURT_ROBOT_USER' + DB_PASS: '/k8s/judicial-system/DB_PASSWORD' + DOKOBIT_ACCESS_TOKEN: '/k8s/judicial-system/DOKOBIT_ACCESS_TOKEN' + EMAIL_FROM: '/k8s/judicial-system/EMAIL_FROM' + EMAIL_FROM_NAME: '/k8s/judicial-system/EMAIL_FROM_NAME' + EMAIL_REPLY_TO: '/k8s/judicial-system/EMAIL_REPLY_TO' + EMAIL_REPLY_TO_NAME: '/k8s/judicial-system/EMAIL_REPLY_TO_NAME' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' + EVENT_URL: '/k8s/judicial-system/EVENT_URL' + NOVA_PASSWORD: '/k8s/judicial-system/NOVA_PASSWORD' + NOVA_URL: '/k8s/judicial-system/NOVA_URL' + NOVA_USERNAME: '/k8s/judicial-system/NOVA_USERNAME' + PRISON_ADMIN_EMAIL: '/k8s/judicial-system/PRISON_ADMIN_EMAIL' + PRISON_EMAIL: '/k8s/judicial-system/PRISON_EMAIL' + XROAD_CLIENT_CERT: '/k8s/judicial-system/XROAD_CLIENT_CERT' + XROAD_CLIENT_KEY: '/k8s/judicial-system/XROAD_CLIENT_KEY' + XROAD_CLIENT_PEM: '/k8s/judicial-system/XROAD_CLIENT_PEM' + XROAD_COURTS_CREDENTIALS: '/k8s/judicial-system/COURTS_CREDENTIALS' + XROAD_POLICE_API_KEY: '/k8s/judicial-system/XROAD_POLICE_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-backend' + create: true + name: 'judicial-system-backend' diff --git a/charts/services/judicial-system-digital-mailbox-api/values.dev.yaml b/charts/services/judicial-system-digital-mailbox-api/values.dev.yaml index 33d8167d5b57..ba3d31c98e71 100644 --- a/charts/services/judicial-system-digital-mailbox-api/values.dev.yaml +++ b/charts/services/judicial-system-digital-mailbox-api/values.dev.yaml @@ -5,76 +5,86 @@ # ##################################################################### -service: - name: 'judicial-system-digital-mailbox-api' - enabled: true +global: env: - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - BACKEND_URL: 'http://web-judicial-system-backend' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-digital-mailbox-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system-digital-mailbox-api-xrd.internal.dev01.devland.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-digital-mailbox-api' +enabled: true +env: + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + BACKEND_URL: 'http://web-judicial-system-backend' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-digital-mailbox-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-digital-mailbox-api' - create: true - name: 'judicial-system-digital-mailbox-api' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system-digital-mailbox-api-xrd.internal.dev01.devland.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-digital-mailbox-api' + create: true + name: 'judicial-system-digital-mailbox-api' diff --git a/charts/services/judicial-system-digital-mailbox-api/values.prod.yaml b/charts/services/judicial-system-digital-mailbox-api/values.prod.yaml index 5621658fa829..f51841f8686b 100644 --- a/charts/services/judicial-system-digital-mailbox-api/values.prod.yaml +++ b/charts/services/judicial-system-digital-mailbox-api/values.prod.yaml @@ -5,76 +5,86 @@ # ##################################################################### -service: - name: 'judicial-system-digital-mailbox-api' - enabled: true +global: env: - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - BACKEND_URL: 'http://web-judicial-system-backend' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-digital-mailbox-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system-digital-mailbox-api-xrd.internal.island.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-digital-mailbox-api' +enabled: true +env: + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + BACKEND_URL: 'http://web-judicial-system-backend' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-digital-mailbox-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-digital-mailbox-api' - create: true - name: 'judicial-system-digital-mailbox-api' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system-digital-mailbox-api-xrd.internal.island.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-digital-mailbox-api' + create: true + name: 'judicial-system-digital-mailbox-api' diff --git a/charts/services/judicial-system-digital-mailbox-api/values.staging.yaml b/charts/services/judicial-system-digital-mailbox-api/values.staging.yaml index bd3726572d29..15b571c01c4f 100644 --- a/charts/services/judicial-system-digital-mailbox-api/values.staging.yaml +++ b/charts/services/judicial-system-digital-mailbox-api/values.staging.yaml @@ -5,76 +5,86 @@ # ##################################################################### -service: - name: 'judicial-system-digital-mailbox-api' - enabled: true +global: env: - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - BACKEND_URL: 'http://web-judicial-system-backend' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-digital-mailbox-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system-digital-mailbox-api-xrd.internal.staging01.devland.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-digital-mailbox-api' +enabled: true +env: + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + BACKEND_URL: 'http://web-judicial-system-backend' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-digital-mailbox-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-digital-mailbox-api' - create: true - name: 'judicial-system-digital-mailbox-api' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system-digital-mailbox-api-xrd.internal.staging01.devland.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-digital-mailbox-api' + create: true + name: 'judicial-system-digital-mailbox-api' diff --git a/charts/services/judicial-system-message-handler/values.dev.yaml b/charts/services/judicial-system-message-handler/values.dev.yaml index ef0196592951..3362bf7c5e13 100644 --- a/charts/services/judicial-system-message-handler/values.dev.yaml +++ b/charts/services/judicial-system-message-handler/values.dev.yaml @@ -5,69 +5,79 @@ # ##################################################################### -service: - name: 'judicial-system-message-handler' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' - SQS_QUEUE_NAME: 'sqs-judicial-system' - SQS_REGION: 'eu-west-1' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-message-handler' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-message-handler' - create: true - name: 'judicial-system-message-handler' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-message-handler' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' + SQS_QUEUE_NAME: 'sqs-judicial-system' + SQS_REGION: 'eu-west-1' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-message-handler' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-message-handler' + create: true + name: 'judicial-system-message-handler' diff --git a/charts/services/judicial-system-message-handler/values.prod.yaml b/charts/services/judicial-system-message-handler/values.prod.yaml index ebd1ae5b9625..15a7ef653b0b 100644 --- a/charts/services/judicial-system-message-handler/values.prod.yaml +++ b/charts/services/judicial-system-message-handler/values.prod.yaml @@ -5,69 +5,79 @@ # ##################################################################### -service: - name: 'judicial-system-message-handler' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' - SQS_QUEUE_NAME: 'sqs-judicial-system' - SQS_REGION: 'eu-west-1' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-message-handler' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-message-handler' - create: true - name: 'judicial-system-message-handler' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-message-handler' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' + SQS_QUEUE_NAME: 'sqs-judicial-system' + SQS_REGION: 'eu-west-1' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-message-handler' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-message-handler' + create: true + name: 'judicial-system-message-handler' diff --git a/charts/services/judicial-system-message-handler/values.staging.yaml b/charts/services/judicial-system-message-handler/values.staging.yaml index afc6f4877ba8..05e2968e1c94 100644 --- a/charts/services/judicial-system-message-handler/values.staging.yaml +++ b/charts/services/judicial-system-message-handler/values.staging.yaml @@ -5,69 +5,79 @@ # ##################################################################### -service: - name: 'judicial-system-message-handler' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' - SQS_QUEUE_NAME: 'sqs-judicial-system' - SQS_REGION: 'eu-west-1' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-message-handler' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-message-handler' - create: true - name: 'judicial-system-message-handler' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-message-handler' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' + SQS_QUEUE_NAME: 'sqs-judicial-system' + SQS_REGION: 'eu-west-1' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-message-handler' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-message-handler' + create: true + name: 'judicial-system-message-handler' diff --git a/charts/services/judicial-system-robot-api/values.dev.yaml b/charts/services/judicial-system-robot-api/values.dev.yaml index 4750bf74ff44..9ba024a384cd 100644 --- a/charts/services/judicial-system-robot-api/values.dev.yaml +++ b/charts/services/judicial-system-robot-api/values.dev.yaml @@ -5,74 +5,84 @@ # ##################################################################### -service: - name: 'judicial-system-robot-api' - enabled: true +global: env: - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-robot-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system-robot-api-xrd.internal.dev01.devland.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-robot-api' +enabled: true +env: + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-robot-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-robot-api' - create: true - name: 'judicial-system-robot-api' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system-robot-api-xrd.internal.dev01.devland.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-robot-api' + create: true + name: 'judicial-system-robot-api' diff --git a/charts/services/judicial-system-robot-api/values.prod.yaml b/charts/services/judicial-system-robot-api/values.prod.yaml index 2f177abcf6e2..41e9e020df36 100644 --- a/charts/services/judicial-system-robot-api/values.prod.yaml +++ b/charts/services/judicial-system-robot-api/values.prod.yaml @@ -5,74 +5,84 @@ # ##################################################################### -service: - name: 'judicial-system-robot-api' - enabled: true +global: env: - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-robot-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system-robot-api-xrd.internal.island.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-robot-api' +enabled: true +env: + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-robot-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-robot-api' - create: true - name: 'judicial-system-robot-api' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system-robot-api-xrd.internal.island.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-robot-api' + create: true + name: 'judicial-system-robot-api' diff --git a/charts/services/judicial-system-robot-api/values.staging.yaml b/charts/services/judicial-system-robot-api/values.staging.yaml index 444a59ee9eea..08f7b9314a61 100644 --- a/charts/services/judicial-system-robot-api/values.staging.yaml +++ b/charts/services/judicial-system-robot-api/values.staging.yaml @@ -5,74 +5,84 @@ # ##################################################################### -service: - name: 'judicial-system-robot-api' - enabled: true +global: env: - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-robot-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system-robot-api-xrd.internal.staging01.devland.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-robot-api' +enabled: true +env: + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-robot-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-robot-api' - create: true - name: 'judicial-system-robot-api' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system-robot-api-xrd.internal.staging01.devland.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-robot-api' + create: true + name: 'judicial-system-robot-api' diff --git a/charts/services/judicial-system-scheduler/values.dev.yaml b/charts/services/judicial-system-scheduler/values.dev.yaml index f5c20f8f5dbb..26165e7ee776 100644 --- a/charts/services/judicial-system-scheduler/values.dev.yaml +++ b/charts/services/judicial-system-scheduler/values.dev.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'judicial-system-scheduler' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' - SQS_QUEUE_NAME: 'sqs-judicial-system' - SQS_REGION: 'eu-west-1' - TIME_TO_LIVE_MINUTES: '30' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 1 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-scheduler' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 1 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - schedule: '0 2 * * *' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-scheduler' - create: true - name: 'judicial-system-scheduler' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-scheduler' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' + SQS_QUEUE_NAME: 'sqs-judicial-system' + SQS_REGION: 'eu-west-1' + TIME_TO_LIVE_MINUTES: '30' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 1 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-scheduler' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 1 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +schedule: '0 2 * * *' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-scheduler' + create: true + name: 'judicial-system-scheduler' diff --git a/charts/services/judicial-system-scheduler/values.prod.yaml b/charts/services/judicial-system-scheduler/values.prod.yaml index d028b565e247..c215df3352a0 100644 --- a/charts/services/judicial-system-scheduler/values.prod.yaml +++ b/charts/services/judicial-system-scheduler/values.prod.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'judicial-system-scheduler' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' - SQS_QUEUE_NAME: 'sqs-judicial-system' - SQS_REGION: 'eu-west-1' - TIME_TO_LIVE_MINUTES: '30' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 1 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-scheduler' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 1 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - schedule: '0 2 * * *' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-scheduler' - create: true - name: 'judicial-system-scheduler' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-scheduler' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' + SQS_QUEUE_NAME: 'sqs-judicial-system' + SQS_REGION: 'eu-west-1' + TIME_TO_LIVE_MINUTES: '30' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 1 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-scheduler' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 1 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +schedule: '0 2 * * *' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-scheduler' + create: true + name: 'judicial-system-scheduler' diff --git a/charts/services/judicial-system-scheduler/values.staging.yaml b/charts/services/judicial-system-scheduler/values.staging.yaml index 5ac7b3b823a7..b62035e69488 100644 --- a/charts/services/judicial-system-scheduler/values.staging.yaml +++ b/charts/services/judicial-system-scheduler/values.staging.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'judicial-system-scheduler' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' - SQS_QUEUE_NAME: 'sqs-judicial-system' - SQS_REGION: 'eu-west-1' - TIME_TO_LIVE_MINUTES: '30' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 1 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-scheduler' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 1 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - schedule: '0 2 * * *' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-scheduler' - create: true - name: 'judicial-system-scheduler' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-scheduler' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + SQS_DEAD_LETTER_QUEUE_NAME: 'sqs-judicial-system-dlq' + SQS_QUEUE_NAME: 'sqs-judicial-system' + SQS_REGION: 'eu-west-1' + TIME_TO_LIVE_MINUTES: '30' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 1 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-scheduler' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 1 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +schedule: '0 2 * * *' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-scheduler' + create: true + name: 'judicial-system-scheduler' diff --git a/charts/services/judicial-system-web/values.dev.yaml b/charts/services/judicial-system-web/values.dev.yaml index 41691d00362b..65f320857fb0 100644 --- a/charts/services/judicial-system-web/values.dev.yaml +++ b/charts/services/judicial-system-web/values.dev.yaml @@ -5,68 +5,78 @@ # ##################################################################### -service: - name: 'judicial-system-web' - enabled: true +global: env: - API_URL: 'https://judicial-system.dev01.devland.is' - INTERNAL_API_URL: 'http://web-judicial-system-api' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 10 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system.dev01.devland.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '15m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - NATIONAL_REGISTRY_API_KEY: '/k8s/judicial-system/NATIONAL_REGISTRY_API_KEY' - SUPPORT_EMAIL: '/k8s/judicial-system/SUPPORT_EMAIL' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-web' +enabled: true +env: + API_URL: 'https://judicial-system.dev01.devland.is' + INTERNAL_API_URL: 'http://web-judicial-system-api' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 10 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system.dev01.devland.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '15m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' + NATIONAL_REGISTRY_API_KEY: '/k8s/judicial-system/NATIONAL_REGISTRY_API_KEY' + SUPPORT_EMAIL: '/k8s/judicial-system/SUPPORT_EMAIL' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/judicial-system-web/values.prod.yaml b/charts/services/judicial-system-web/values.prod.yaml index 9a6b14bbbcaf..15fea4372540 100644 --- a/charts/services/judicial-system-web/values.prod.yaml +++ b/charts/services/judicial-system-web/values.prod.yaml @@ -5,68 +5,78 @@ # ##################################################################### -service: - name: 'judicial-system-web' - enabled: true +global: env: - API_URL: 'https://rettarvorslugatt.island.is' - INTERNAL_API_URL: 'http://web-judicial-system-api' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 10 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'rettarvorslugatt.island.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '15m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - NATIONAL_REGISTRY_API_KEY: '/k8s/judicial-system/NATIONAL_REGISTRY_API_KEY' - SUPPORT_EMAIL: '/k8s/judicial-system/SUPPORT_EMAIL' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-web' +enabled: true +env: + API_URL: 'https://rettarvorslugatt.island.is' + INTERNAL_API_URL: 'http://web-judicial-system-api' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 10 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'rettarvorslugatt.island.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '15m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' + NATIONAL_REGISTRY_API_KEY: '/k8s/judicial-system/NATIONAL_REGISTRY_API_KEY' + SUPPORT_EMAIL: '/k8s/judicial-system/SUPPORT_EMAIL' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/judicial-system-web/values.staging.yaml b/charts/services/judicial-system-web/values.staging.yaml index 0a429df2ee49..c88dc0b5bc0d 100644 --- a/charts/services/judicial-system-web/values.staging.yaml +++ b/charts/services/judicial-system-web/values.staging.yaml @@ -5,68 +5,78 @@ # ##################################################################### -service: - name: 'judicial-system-web' - enabled: true +global: env: - API_URL: 'https://judicial-system.staging01.devland.is' - INTERNAL_API_URL: 'http://web-judicial-system-api' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 10 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system.staging01.devland.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '15m' - memory: '128Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - NATIONAL_REGISTRY_API_KEY: '/k8s/judicial-system/NATIONAL_REGISTRY_API_KEY' - SUPPORT_EMAIL: '/k8s/judicial-system/SUPPORT_EMAIL' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-web' +enabled: true +env: + API_URL: 'https://judicial-system.staging01.devland.is' + INTERNAL_API_URL: 'http://web-judicial-system-api' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 10 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system.staging01.devland.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '15m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' + NATIONAL_REGISTRY_API_KEY: '/k8s/judicial-system/NATIONAL_REGISTRY_API_KEY' + SUPPORT_EMAIL: '/k8s/judicial-system/SUPPORT_EMAIL' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/judicial-system-xrd-api/values.dev.yaml b/charts/services/judicial-system-xrd-api/values.dev.yaml index e5b48dd1f60c..f37c818403a0 100644 --- a/charts/services/judicial-system-xrd-api/values.dev.yaml +++ b/charts/services/judicial-system-xrd-api/values.dev.yaml @@ -5,75 +5,85 @@ # ##################################################################### -service: - name: 'judicial-system-xrd-api' - enabled: true +global: env: - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-xrd-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system-xrd-api.internal.dev01.devland.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-xrd-api' +enabled: true +env: + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-xrd-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-xrd-api' - create: true - name: 'judicial-system-xrd-api' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system-xrd-api.internal.dev01.devland.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/judicial-system-xrd-api' + create: true + name: 'judicial-system-xrd-api' diff --git a/charts/services/judicial-system-xrd-api/values.prod.yaml b/charts/services/judicial-system-xrd-api/values.prod.yaml index b70e8678dfcf..ad7c66f5f846 100644 --- a/charts/services/judicial-system-xrd-api/values.prod.yaml +++ b/charts/services/judicial-system-xrd-api/values.prod.yaml @@ -5,75 +5,85 @@ # ##################################################################### -service: - name: 'judicial-system-xrd-api' - enabled: true +global: env: - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-xrd-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system-xrd-api.internal.island.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-xrd-api' +enabled: true +env: + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-xrd-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-xrd-api' - create: true - name: 'judicial-system-xrd-api' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system-xrd-api.internal.island.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/judicial-system-xrd-api' + create: true + name: 'judicial-system-xrd-api' diff --git a/charts/services/judicial-system-xrd-api/values.staging.yaml b/charts/services/judicial-system-xrd-api/values.staging.yaml index e29ca8b3356a..0b759861409b 100644 --- a/charts/services/judicial-system-xrd-api/values.staging.yaml +++ b/charts/services/judicial-system-xrd-api/values.staging.yaml @@ -5,75 +5,85 @@ # ##################################################################### -service: - name: 'judicial-system-xrd-api' - enabled: true +global: env: - AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' - AUDIT_TRAIL_REGION: 'eu-west-1' - AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' - BACKEND_URL: 'http://web-judicial-system-backend' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-xrd-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'judicial-system-xrd-api.internal.staging01.devland.is' - paths: - - '/' - namespace: 'judicial-system' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - secrets: - BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' - LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'judicial-system-xrd-api' +enabled: true +env: + AUDIT_TRAIL_GROUP_NAME: 'k8s/judicial-system/audit-log' + AUDIT_TRAIL_REGION: 'eu-west-1' + AUDIT_TRAIL_USE_GENERIC_LOGGER: 'false' + BACKEND_URL: 'http://web-judicial-system-backend' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/judicial-system-xrd-api' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-xrd-api' - create: true - name: 'judicial-system-xrd-api' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'judicial-system-xrd-api.internal.staging01.devland.is' + paths: + - '/' +namespace: 'judicial-system' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + BACKEND_ACCESS_TOKEN: '/k8s/judicial-system/BACKEND_ACCESS_TOKEN' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + ERROR_EVENT_URL: '/k8s/judicial-system/ERROR_EVENT_URL' + LAWYERS_ICELAND_API_KEY: '/k8s/judicial-system/LAWYERS_ICELAND_API_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/judicial-system-xrd-api' + create: true + name: 'judicial-system-xrd-api' diff --git a/charts/services/license-api/values.dev.yaml b/charts/services/license-api/values.dev.yaml index 7b9401982efe..525b0341c608 100644 --- a/charts/services/license-api/values.dev.yaml +++ b/charts/services/license-api/values.dev.yaml @@ -5,98 +5,108 @@ # ##################################################################### -service: - name: 'license-api' - enabled: true +global: env: - HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_DISABILITY_LICENSE_PATH: 'IS-DEV/GOV/10008/TR-Protected/oryrki-v1' - XROAD_DRIVING_LICENSE_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v1' - XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v2' - XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v4' - XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v5' - XROAD_FIREARM_LICENSE_PATH: 'IS-DEV/GOV/10005/Logreglan-Protected/island-api-v1' - XROAD_HUNTING_LICENSE_PATH: 'IS-DEV/GOV/10009/Umhverfisstofnun-Protected/api' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/license-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'license-api-xrd.internal.dev01.devland.is' - paths: - - '/' - namespace: 'license-api' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '50m' - memory: '256Mi' - secrets: - ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' - DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' - DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' - DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' - FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' - FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' - LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' - MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' - PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' - PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' - PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' - PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' - PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' - PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' - RLS_OPEN_LOOKUP_API_KEY: '/k8s/api/RLS_OPEN_LOOKUP_API_KEY' - RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' - SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' - TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' - UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' - VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' - XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'license-api' +enabled: true +env: + HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_DISABILITY_LICENSE_PATH: 'IS-DEV/GOV/10008/TR-Protected/oryrki-v1' + XROAD_DRIVING_LICENSE_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v1' + XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/RafraentOkuskirteini-v2' + XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v4' + XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS-DEV/GOV/10005/Logreglan-Protected/Okuskirteini-v5' + XROAD_FIREARM_LICENSE_PATH: 'IS-DEV/GOV/10005/Logreglan-Protected/island-api-v1' + XROAD_HUNTING_LICENSE_PATH: 'IS-DEV/GOV/10009/Umhverfisstofnun-Protected/api' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/license-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'license-api-xrd.internal.dev01.devland.is' + paths: + - '/' +namespace: 'license-api' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' + DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' + DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' + DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' + FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' + FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' + LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' + MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' + PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' + PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' + PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' + PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' + PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' + PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' + RLS_OPEN_LOOKUP_API_KEY: '/k8s/api/RLS_OPEN_LOOKUP_API_KEY' + RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' + SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' + TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' + UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' + VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' + XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/license-api/values.prod.yaml b/charts/services/license-api/values.prod.yaml index eca45cf8dbfa..2f003504d184 100644 --- a/charts/services/license-api/values.prod.yaml +++ b/charts/services/license-api/values.prod.yaml @@ -5,98 +5,108 @@ # ##################################################################### -service: - name: 'license-api' - enabled: true +global: env: - HUNTING_LICENSE_PASS_TEMPLATE_ID: 'd4ecf781-3764-4063-a4e1-9c3e17cebfba' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_DISABILITY_LICENSE_PATH: 'IS/GOV/5012130120/TR-Protected/oryrki-v1' - XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' - XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' - XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' - XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' - XROAD_FIREARM_LICENSE_PATH: 'IS/GOV/5309672079/Logreglan-Protected/island-api-v1' - XROAD_HUNTING_LICENSE_PATH: 'IS/GOV/7010022880/Umhverfisstofnun-Protected/api' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/license-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'license-api-xrd.internal.island.is' - paths: - - '/' - namespace: 'license-api' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '50m' - memory: '256Mi' - secrets: - ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' - DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' - DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' - DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' - FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' - FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' - LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' - MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' - PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' - PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' - PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' - PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' - PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' - PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' - RLS_OPEN_LOOKUP_API_KEY: '/k8s/api/RLS_OPEN_LOOKUP_API_KEY' - RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' - SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' - TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' - UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' - VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' - XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'license-api' +enabled: true +env: + HUNTING_LICENSE_PASS_TEMPLATE_ID: 'd4ecf781-3764-4063-a4e1-9c3e17cebfba' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_DISABILITY_LICENSE_PATH: 'IS/GOV/5012130120/TR-Protected/oryrki-v1' + XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' + XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v1' + XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' + XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' + XROAD_FIREARM_LICENSE_PATH: 'IS/GOV/5309672079/Logreglan-Protected/island-api-v1' + XROAD_HUNTING_LICENSE_PATH: 'IS/GOV/7010022880/Umhverfisstofnun-Protected/api' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/license-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'license-api-xrd.internal.island.is' + paths: + - '/' +namespace: 'license-api' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' + DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' + DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' + DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' + FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' + FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' + LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' + MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' + PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' + PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' + PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' + PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' + PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' + PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' + RLS_OPEN_LOOKUP_API_KEY: '/k8s/api/RLS_OPEN_LOOKUP_API_KEY' + RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' + SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' + TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' + UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' + VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' + XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/license-api/values.staging.yaml b/charts/services/license-api/values.staging.yaml index dbd5dad1fa18..d85276d6d82b 100644 --- a/charts/services/license-api/values.staging.yaml +++ b/charts/services/license-api/values.staging.yaml @@ -5,98 +5,108 @@ # ##################################################################### -service: - name: 'license-api' - enabled: true +global: env: - HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_DISABILITY_LICENSE_PATH: 'IS-TEST/GOV/5012130120/TR-Protected/oryrki-v1' - XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v1' - XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v2' - XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' - XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' - XROAD_FIREARM_LICENSE_PATH: 'IS/GOV/5309672079/Logreglan-Protected/island-api-v1' - XROAD_HUNTING_LICENSE_PATH: 'IS-TEST/GOV/10009/Umhverfisstofnun-Protected/api' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - grantNamespaces: - - 'nginx-ingress-internal' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/license-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'license-api-xrd.internal.staging01.devland.is' - paths: - - '/' - namespace: 'license-api' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '50m' - memory: '256Mi' - secrets: - ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' - DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' - DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' - DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' - FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' - FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' - LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' - MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' - PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' - PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' - PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' - PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' - PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' - PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' - RLS_OPEN_LOOKUP_API_KEY: '/k8s/api/RLS_OPEN_LOOKUP_API_KEY' - RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' - SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' - TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' - UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' - VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' - XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'license-api' +enabled: true +env: + HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LICENSE_SERVICE_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_DISABILITY_LICENSE_PATH: 'IS-TEST/GOV/5012130120/TR-Protected/oryrki-v1' + XROAD_DRIVING_LICENSE_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v1' + XROAD_DRIVING_LICENSE_V2_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/RafraentOkuskirteini-v2' + XROAD_DRIVING_LICENSE_V4_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v4' + XROAD_DRIVING_LICENSE_V5_PATH: 'r1/IS/GOV/5309672079/Logreglan-Protected/Okuskirteini-v5' + XROAD_FIREARM_LICENSE_PATH: 'IS/GOV/5309672079/Logreglan-Protected/island-api-v1' + XROAD_HUNTING_LICENSE_PATH: 'IS-TEST/GOV/10009/Umhverfisstofnun-Protected/api' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' +grantNamespaces: + - 'nginx-ingress-internal' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/license-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'license-api-xrd.internal.staging01.devland.is' + paths: + - '/' +namespace: 'license-api' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + ADR_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/ADR_LICENSE_PASS_TEMPLATE_ID' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DISABILITY_LICENSE_FETCH_TIMEOUT: '/k8s/api/DISABILITY_LICENSE_FETCH_TIMEOUT' + DISABILITY_LICENSE_PASS_TEMPLATE_ID: '/k8s/DISABILITY_LICENSE_PASS_TEMPLATE_ID' + DRIVING_LICENSE_FETCH_TIMEOUT: '/k8s/api/DRIVING_LICENSE_FETCH_TIMEOUT' + DRIVING_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/DRIVING_LICENSE_PASS_TEMPLATE_ID' + FIREARM_LICENSE_FETCH_TIMEOUT: '/k8s/api/FIREARM_LICENSE_FETCH_TIMEOUT' + FIREARM_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/FIREARM_LICENSE_PASS_TEMPLATE_ID' + LICENSE_SERVICE_BARCODE_SECRET_KEY: '/k8s/api/LICENSE_SERVICE_BARCODE_SECRET_KEY' + MACHINE_LICENSE_PASS_TEMPLATE_ID: '/k8s/api/MACHINE_LICENSE_PASS_TEMPLATE_ID' + PKPASS_API_KEY: '/k8s/api/PKPASS_API_KEY' + PKPASS_API_URL: '/k8s/api/PKPASS_API_URL' + PKPASS_AUTH_RETRIES: '/k8s/api/PKPASS_AUTH_RETRIES' + PKPASS_CACHE_KEY: '/k8s/api/PKPASS_CACHE_KEY' + PKPASS_CACHE_TOKEN_EXPIRY_DELTA: '/k8s/api/PKPASS_CACHE_TOKEN_EXPIRY_DELTA' + PKPASS_SECRET_KEY: '/k8s/api/PKPASS_SECRET_KEY' + RLS_OPEN_LOOKUP_API_KEY: '/k8s/api/RLS_OPEN_LOOKUP_API_KEY' + RLS_PKPASS_API_KEY: '/k8s/api/RLS_PKPASS_API_KEY' + SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL' + TR_PKPASS_API_KEY: '/k8s/api/TR_PKPASS_API_KEY' + UST_PKPASS_API_KEY: '/k8s/api/UST_PKPASS_API_KEY' + VE_PKPASS_API_KEY: '/k8s/api/VE_PKPASS_API_KEY' + XROAD_DRIVING_LICENSE_SECRET: '/k8s/api/DRIVING_LICENSE_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/portals-admin/values.dev.yaml b/charts/services/portals-admin/values.dev.yaml index 2d42430f5d75..faa53d46dd89 100644 --- a/charts/services/portals-admin/values.dev.yaml +++ b/charts/services/portals-admin/values.dev.yaml @@ -5,70 +5,80 @@ # ##################################################################### -service: - name: 'portals-admin' - enabled: true +global: env: - BASEPATH: '/stjornbord' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460' - SERVERSIDE_FEATURES_ON: '' - SI_PUBLIC_ENVIRONMENT: 'dev' - SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - grantNamespaces: - - 'nginx-ingress-external' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 8 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/portals-admin' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.dev01.devland.is' - paths: - - '/stjornbord' - namespace: 'portals-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '25m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'portals-admin' +enabled: true +env: + BASEPATH: '/stjornbord' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460' + SERVERSIDE_FEATURES_ON: '' + SI_PUBLIC_ENVIRONMENT: 'dev' + SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' +grantNamespaces: + - 'nginx-ingress-external' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 8 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/portals-admin' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.dev01.devland.is' + paths: + - '/stjornbord' +namespace: 'portals-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '25m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/portals-admin/values.prod.yaml b/charts/services/portals-admin/values.prod.yaml index a35a54cf7a4f..192966e8f623 100644 --- a/charts/services/portals-admin/values.prod.yaml +++ b/charts/services/portals-admin/values.prod.yaml @@ -5,73 +5,83 @@ # ##################################################################### -service: - name: 'portals-admin' - enabled: true +global: env: - BASEPATH: '/stjornbord' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SI_PUBLIC_ENVIRONMENT: 'prod' - SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - grantNamespaces: - - 'nginx-ingress-external' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 8 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/portals-admin' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'island.is' - paths: - - '/stjornbord' - - host: 'www.island.is' - paths: - - '/stjornbord' - namespace: 'portals-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '25m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'portals-admin' +enabled: true +env: + BASEPATH: '/stjornbord' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SI_PUBLIC_ENVIRONMENT: 'prod' + SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' +grantNamespaces: + - 'nginx-ingress-external' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 8 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/portals-admin' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'island.is' + paths: + - '/stjornbord' + - host: 'www.island.is' + paths: + - '/stjornbord' +namespace: 'portals-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '25m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/portals-admin/values.staging.yaml b/charts/services/portals-admin/values.staging.yaml index 1e16d3a5d2a3..1f527f1c28a0 100644 --- a/charts/services/portals-admin/values.staging.yaml +++ b/charts/services/portals-admin/values.staging.yaml @@ -5,70 +5,80 @@ # ##################################################################### -service: - name: 'portals-admin' - enabled: true +global: env: - BASEPATH: '/stjornbord' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460' - SERVERSIDE_FEATURES_ON: '' - SI_PUBLIC_ENVIRONMENT: 'staging' - SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - grantNamespaces: - - 'nginx-ingress-external' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 8 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/portals-admin' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.staging01.devland.is' - paths: - - '/stjornbord' - namespace: 'portals-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '25m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'portals-admin' +enabled: true +env: + BASEPATH: '/stjornbord' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460' + SERVERSIDE_FEATURES_ON: '' + SI_PUBLIC_ENVIRONMENT: 'staging' + SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' +grantNamespaces: + - 'nginx-ingress-external' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 8 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/portals-admin' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.staging01.devland.is' + paths: + - '/stjornbord' +namespace: 'portals-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '25m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/regulations-admin-backend/values.dev.yaml b/charts/services/regulations-admin-backend/values.dev.yaml index 2fd79c6e02bf..d0fb60d1bca9 100644 --- a/charts/services/regulations-admin-backend/values.dev.yaml +++ b/charts/services/regulations-admin-backend/values.dev.yaml @@ -5,98 +5,108 @@ # ##################################################################### -service: - name: 'regulations-admin-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'regulations-admin-backend' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'regulations_admin_backend' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'regulations_admin_backend' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/regulations-admin-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' +grantNamespaces: + - 'islandis' + - 'download-service' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/regulations-admin-backend' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'regulations_admin_backend' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'regulations_admin_backend' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/regulations-admin-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - grantNamespaces: - - 'islandis' - - 'download-service' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/regulations-admin-backend' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'regulations_admin_backend' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'regulations_admin_backend' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/regulations-admin-backend/DB_PASSWORD' - namespace: 'regulations-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/regulations-admin-backend/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-regulations-admin/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' - REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' - REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' - REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'regulations-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/regulations-admin-backend/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-regulations-admin/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' + REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' + REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' + REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/regulations-admin-backend/values.prod.yaml b/charts/services/regulations-admin-backend/values.prod.yaml index e3773df46c1e..1a1eb25213a8 100644 --- a/charts/services/regulations-admin-backend/values.prod.yaml +++ b/charts/services/regulations-admin-backend/values.prod.yaml @@ -5,98 +5,108 @@ # ##################################################################### -service: - name: 'regulations-admin-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'regulations-admin-backend' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'regulations_admin_backend' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'regulations_admin_backend' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/regulations-admin-api' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' +grantNamespaces: + - 'islandis' + - 'download-service' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/regulations-admin-backend' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'regulations_admin_backend' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'regulations_admin_backend' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/regulations-admin-api' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - grantNamespaces: - - 'islandis' - - 'download-service' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/regulations-admin-backend' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'regulations_admin_backend' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'regulations_admin_backend' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/regulations-admin-backend/DB_PASSWORD' - namespace: 'regulations-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/regulations-admin-backend/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-regulations-admin/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' - REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' - REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' - REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'regulations-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/regulations-admin-backend/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-regulations-admin/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' + REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' + REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' + REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/regulations-admin-backend/values.staging.yaml b/charts/services/regulations-admin-backend/values.staging.yaml index 26c8cbf559c9..af8acd3ba0f4 100644 --- a/charts/services/regulations-admin-backend/values.staging.yaml +++ b/charts/services/regulations-admin-backend/values.staging.yaml @@ -5,98 +5,108 @@ # ##################################################################### -service: - name: 'regulations-admin-backend' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'regulations-admin-backend' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'regulations_admin_backend' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'regulations_admin_backend' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/regulations-admin-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' +grantNamespaces: + - 'islandis' + - 'download-service' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/regulations-admin-backend' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'regulations_admin_backend' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'regulations_admin_backend' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/regulations-admin-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - grantNamespaces: - - 'islandis' - - 'download-service' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/regulations-admin-backend' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'regulations_admin_backend' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'regulations_admin_backend' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/regulations-admin-backend/DB_PASSWORD' - namespace: 'regulations-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/regulations-admin-backend/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-regulations-admin/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' - REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' - REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' - REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'regulations-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/regulations-admin-backend/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-regulations-admin/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + REGULATIONS_API_URL: '/k8s/api/REGULATIONS_API_URL' + REGULATIONS_FILE_UPLOAD_KEY_DRAFT: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_DRAFT' + REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PRESIGNED' + REGULATIONS_FILE_UPLOAD_KEY_PUBLISH: '/k8s/api/REGULATIONS_FILE_UPLOAD_KEY_PUBLISH' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/search-indexer-service/values.dev.yaml b/charts/services/search-indexer-service/values.dev.yaml index a4a7c37b147e..6ecb31864bdf 100644 --- a/charts/services/search-indexer-service/values.dev.yaml +++ b/charts/services/search-indexer-service/values.dev.yaml @@ -5,9 +5,101 @@ # ##################################################################### -service: - name: 'search-indexer-service' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'search-indexer-service' +enabled: true +env: + AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.dev01.devland.is' + APPLICATION_URL: 'http://search-indexer-service' + CONTENTFUL_ENTRY_FETCH_CHUNK_SIZE: '40' + CONTENTFUL_ENVIRONMENT: 'master' + CONTENTFUL_HOST: 'preview.contentful.com' + CONTENTFUL_SPACE: '8k0h54kbe6bj' + ELASTIC_INDEX: 'island-is' + ELASTIC_NODE: 'https://vpc-search-njkekqydiegezhr4vqpkfnw5la.eu-west-1.es.amazonaws.com' + ENVIRONMENT: 'dev' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=3686 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 1 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-search-indexer' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'search-indexer-service.dev01.devland.is' + paths: + - '/' +initContainer: + containers: + - args: + - '/webapp/migrateAws.js' + command: + - '/usr/local/bin/node' + name: 'migrate-aws' + resources: + limits: + cpu: '400m' + memory: '2048Mi' + requests: + cpu: '100m' + memory: '512Mi' + - args: + - '/webapp/migrateElastic.js' + command: + - '/usr/local/bin/node' + name: 'migrate-elastic' + resources: + limits: + cpu: '700m' + memory: '4096Mi' + requests: + cpu: '300m' + memory: '3072Mi' + - args: + - '/webapp/migrateKibana.js' + command: + - '/usr/local/bin/node' + name: 'migrate-kibana' + resources: + limits: + cpu: '400m' + memory: '2048Mi' + requests: + cpu: '100m' + memory: '512Mi' env: AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.dev01.devland.is' APPLICATION_URL: 'http://search-indexer-service' @@ -15,127 +107,45 @@ service: CONTENTFUL_ENVIRONMENT: 'master' CONTENTFUL_HOST: 'preview.contentful.com' CONTENTFUL_SPACE: '8k0h54kbe6bj' + ELASTIC_DOMAIN: 'search' ELASTIC_INDEX: 'island-is' ELASTIC_NODE: 'https://vpc-search-njkekqydiegezhr4vqpkfnw5la.eu-west-1.es.amazonaws.com' ENVIRONMENT: 'dev' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=3686 -r dd-trace/init' + NODE_OPTIONS: '--max-old-space-size=2048' + S3_BUCKET: 'dev-es-custom-packages' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 1 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-search-indexer' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'search-indexer-service.dev01.devland.is' - paths: - - '/' - initContainer: - containers: - - args: - - '/webapp/migrateAws.js' - command: - - '/usr/local/bin/node' - name: 'migrate-aws' - resources: - limits: - cpu: '400m' - memory: '2048Mi' - requests: - cpu: '100m' - memory: '512Mi' - - args: - - '/webapp/migrateElastic.js' - command: - - '/usr/local/bin/node' - name: 'migrate-elastic' - resources: - limits: - cpu: '700m' - memory: '4096Mi' - requests: - cpu: '300m' - memory: '3072Mi' - - args: - - '/webapp/migrateKibana.js' - command: - - '/usr/local/bin/node' - name: 'migrate-kibana' - resources: - limits: - cpu: '400m' - memory: '2048Mi' - requests: - cpu: '100m' - memory: '512Mi' - env: - AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.dev01.devland.is' - APPLICATION_URL: 'http://search-indexer-service' - CONTENTFUL_ENTRY_FETCH_CHUNK_SIZE: '40' - CONTENTFUL_ENVIRONMENT: 'master' - CONTENTFUL_HOST: 'preview.contentful.com' - CONTENTFUL_SPACE: '8k0h54kbe6bj' - ELASTIC_DOMAIN: 'search' - ELASTIC_INDEX: 'island-is' - ELASTIC_NODE: 'https://vpc-search-njkekqydiegezhr4vqpkfnw5la.eu-west-1.es.amazonaws.com' - ENVIRONMENT: 'dev' - NODE_OPTIONS: '--max-old-space-size=2048' - S3_BUCKET: 'dev-es-custom-packages' - SERVERSIDE_FEATURES_ON: '' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/search-indexer/CONTENTFUL_ACCESS_TOKEN' - namespace: 'search-indexer' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - progressDeadlineSeconds: 1500 - pvcs: [] - replicaCount: - default: 1 - max: 1 - min: 1 - resources: - limits: - cpu: '800m' - memory: '4096Mi' - requests: - cpu: '400m' - memory: '3072Mi' secrets: - API_CMS_DELETION_TOKEN: '/k8s/search-indexer/API_CMS_DELETION_TOKEN' - API_CMS_SYNC_TOKEN: '/k8s/search-indexer/API_CMS_SYNC_TOKEN' - APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' CONTENTFUL_ACCESS_TOKEN: '/k8s/search-indexer/CONTENTFUL_ACCESS_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/search-indexer' - create: true - name: 'search-indexer' +namespace: 'search-indexer' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +progressDeadlineSeconds: 1500 +pvcs: [] +replicaCount: + default: 1 + max: 1 + min: 1 +resources: + limits: + cpu: '800m' + memory: '4096Mi' + requests: + cpu: '400m' + memory: '3072Mi' +secrets: + API_CMS_DELETION_TOKEN: '/k8s/search-indexer/API_CMS_DELETION_TOKEN' + API_CMS_SYNC_TOKEN: '/k8s/search-indexer/API_CMS_SYNC_TOKEN' + APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/search-indexer/CONTENTFUL_ACCESS_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/search-indexer' + create: true + name: 'search-indexer' diff --git a/charts/services/search-indexer-service/values.prod.yaml b/charts/services/search-indexer-service/values.prod.yaml index c0645c745b14..1b1d10f0dfb4 100644 --- a/charts/services/search-indexer-service/values.prod.yaml +++ b/charts/services/search-indexer-service/values.prod.yaml @@ -5,9 +5,100 @@ # ##################################################################### -service: - name: 'search-indexer-service' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'search-indexer-service' +enabled: true +env: + AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.island.is' + APPLICATION_URL: 'http://search-indexer-service' + CONTENTFUL_ENTRY_FETCH_CHUNK_SIZE: '40' + CONTENTFUL_ENVIRONMENT: 'master' + CONTENTFUL_HOST: 'cdn.contentful.com' + CONTENTFUL_SPACE: '8k0h54kbe6bj' + ELASTIC_INDEX: 'island-is' + ELASTIC_NODE: 'https://vpc-search-mw4w5c2m2g5edjrtvwbpzhkw24.eu-west-1.es.amazonaws.com' + ENVIRONMENT: 'prod' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=3686 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 1 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-search-indexer' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'search-indexer-service.devland.is' + paths: + - '/' +initContainer: + containers: + - args: + - '/webapp/migrateAws.js' + command: + - '/usr/local/bin/node' + name: 'migrate-aws' + resources: + limits: + cpu: '400m' + memory: '2048Mi' + requests: + cpu: '100m' + memory: '512Mi' + - args: + - '/webapp/migrateElastic.js' + command: + - '/usr/local/bin/node' + name: 'migrate-elastic' + resources: + limits: + cpu: '700m' + memory: '4096Mi' + requests: + cpu: '300m' + memory: '3072Mi' + - args: + - '/webapp/migrateKibana.js' + command: + - '/usr/local/bin/node' + name: 'migrate-kibana' + resources: + limits: + cpu: '400m' + memory: '2048Mi' + requests: + cpu: '100m' + memory: '512Mi' env: AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.island.is' APPLICATION_URL: 'http://search-indexer-service' @@ -15,126 +106,45 @@ service: CONTENTFUL_ENVIRONMENT: 'master' CONTENTFUL_HOST: 'cdn.contentful.com' CONTENTFUL_SPACE: '8k0h54kbe6bj' + ELASTIC_DOMAIN: 'search' ELASTIC_INDEX: 'island-is' ELASTIC_NODE: 'https://vpc-search-mw4w5c2m2g5edjrtvwbpzhkw24.eu-west-1.es.amazonaws.com' ENVIRONMENT: 'prod' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=3686 -r dd-trace/init' + NODE_OPTIONS: '--max-old-space-size=2048' + S3_BUCKET: 'prod-es-custom-packages' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 1 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-search-indexer' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'search-indexer-service.devland.is' - paths: - - '/' - initContainer: - containers: - - args: - - '/webapp/migrateAws.js' - command: - - '/usr/local/bin/node' - name: 'migrate-aws' - resources: - limits: - cpu: '400m' - memory: '2048Mi' - requests: - cpu: '100m' - memory: '512Mi' - - args: - - '/webapp/migrateElastic.js' - command: - - '/usr/local/bin/node' - name: 'migrate-elastic' - resources: - limits: - cpu: '700m' - memory: '4096Mi' - requests: - cpu: '300m' - memory: '3072Mi' - - args: - - '/webapp/migrateKibana.js' - command: - - '/usr/local/bin/node' - name: 'migrate-kibana' - resources: - limits: - cpu: '400m' - memory: '2048Mi' - requests: - cpu: '100m' - memory: '512Mi' - env: - AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.island.is' - APPLICATION_URL: 'http://search-indexer-service' - CONTENTFUL_ENTRY_FETCH_CHUNK_SIZE: '40' - CONTENTFUL_ENVIRONMENT: 'master' - CONTENTFUL_HOST: 'cdn.contentful.com' - CONTENTFUL_SPACE: '8k0h54kbe6bj' - ELASTIC_DOMAIN: 'search' - ELASTIC_INDEX: 'island-is' - ELASTIC_NODE: 'https://vpc-search-mw4w5c2m2g5edjrtvwbpzhkw24.eu-west-1.es.amazonaws.com' - ENVIRONMENT: 'prod' - NODE_OPTIONS: '--max-old-space-size=2048' - S3_BUCKET: 'prod-es-custom-packages' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/search-indexer/CONTENTFUL_ACCESS_TOKEN' - namespace: 'search-indexer' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - progressDeadlineSeconds: 1500 - pvcs: [] - replicaCount: - default: 1 - max: 1 - min: 1 - resources: - limits: - cpu: '800m' - memory: '4096Mi' - requests: - cpu: '400m' - memory: '3072Mi' secrets: - API_CMS_DELETION_TOKEN: '/k8s/search-indexer/API_CMS_DELETION_TOKEN' - API_CMS_SYNC_TOKEN: '/k8s/search-indexer/API_CMS_SYNC_TOKEN' - APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' CONTENTFUL_ACCESS_TOKEN: '/k8s/search-indexer/CONTENTFUL_ACCESS_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/search-indexer' - create: true - name: 'search-indexer' +namespace: 'search-indexer' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +progressDeadlineSeconds: 1500 +pvcs: [] +replicaCount: + default: 1 + max: 1 + min: 1 +resources: + limits: + cpu: '800m' + memory: '4096Mi' + requests: + cpu: '400m' + memory: '3072Mi' +secrets: + API_CMS_DELETION_TOKEN: '/k8s/search-indexer/API_CMS_DELETION_TOKEN' + API_CMS_SYNC_TOKEN: '/k8s/search-indexer/API_CMS_SYNC_TOKEN' + APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/search-indexer/CONTENTFUL_ACCESS_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/search-indexer' + create: true + name: 'search-indexer' diff --git a/charts/services/search-indexer-service/values.staging.yaml b/charts/services/search-indexer-service/values.staging.yaml index 448f36861a36..e7f407cf667b 100644 --- a/charts/services/search-indexer-service/values.staging.yaml +++ b/charts/services/search-indexer-service/values.staging.yaml @@ -5,9 +5,101 @@ # ##################################################################### -service: - name: 'search-indexer-service' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'search-indexer-service' +enabled: true +env: + AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.staging01.devland.is' + APPLICATION_URL: 'http://search-indexer-service' + CONTENTFUL_ENTRY_FETCH_CHUNK_SIZE: '40' + CONTENTFUL_ENVIRONMENT: 'master' + CONTENTFUL_HOST: 'cdn.contentful.com' + CONTENTFUL_SPACE: '8k0h54kbe6bj' + ELASTIC_INDEX: 'island-is' + ELASTIC_NODE: 'https://vpc-search-q6hdtjcdlhkffyxvrnmzfwphuq.eu-west-1.es.amazonaws.com' + ENVIRONMENT: 'staging' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=3686 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 1 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-search-indexer' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'search-indexer-service.staging01.devland.is' + paths: + - '/' +initContainer: + containers: + - args: + - '/webapp/migrateAws.js' + command: + - '/usr/local/bin/node' + name: 'migrate-aws' + resources: + limits: + cpu: '400m' + memory: '2048Mi' + requests: + cpu: '100m' + memory: '512Mi' + - args: + - '/webapp/migrateElastic.js' + command: + - '/usr/local/bin/node' + name: 'migrate-elastic' + resources: + limits: + cpu: '700m' + memory: '4096Mi' + requests: + cpu: '300m' + memory: '3072Mi' + - args: + - '/webapp/migrateKibana.js' + command: + - '/usr/local/bin/node' + name: 'migrate-kibana' + resources: + limits: + cpu: '400m' + memory: '2048Mi' + requests: + cpu: '100m' + memory: '512Mi' env: AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.staging01.devland.is' APPLICATION_URL: 'http://search-indexer-service' @@ -15,127 +107,45 @@ service: CONTENTFUL_ENVIRONMENT: 'master' CONTENTFUL_HOST: 'cdn.contentful.com' CONTENTFUL_SPACE: '8k0h54kbe6bj' + ELASTIC_DOMAIN: 'search' ELASTIC_INDEX: 'island-is' ELASTIC_NODE: 'https://vpc-search-q6hdtjcdlhkffyxvrnmzfwphuq.eu-west-1.es.amazonaws.com' ENVIRONMENT: 'staging' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=3686 -r dd-trace/init' + NODE_OPTIONS: '--max-old-space-size=2048' + S3_BUCKET: 'staging-es-custom-packages' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 1 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-search-indexer' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'search-indexer-service.staging01.devland.is' - paths: - - '/' - initContainer: - containers: - - args: - - '/webapp/migrateAws.js' - command: - - '/usr/local/bin/node' - name: 'migrate-aws' - resources: - limits: - cpu: '400m' - memory: '2048Mi' - requests: - cpu: '100m' - memory: '512Mi' - - args: - - '/webapp/migrateElastic.js' - command: - - '/usr/local/bin/node' - name: 'migrate-elastic' - resources: - limits: - cpu: '700m' - memory: '4096Mi' - requests: - cpu: '300m' - memory: '3072Mi' - - args: - - '/webapp/migrateKibana.js' - command: - - '/usr/local/bin/node' - name: 'migrate-kibana' - resources: - limits: - cpu: '400m' - memory: '2048Mi' - requests: - cpu: '100m' - memory: '512Mi' - env: - AIR_DISCOUNT_SCHEME_FRONTEND_HOSTNAME: 'loftbru.staging01.devland.is' - APPLICATION_URL: 'http://search-indexer-service' - CONTENTFUL_ENTRY_FETCH_CHUNK_SIZE: '40' - CONTENTFUL_ENVIRONMENT: 'master' - CONTENTFUL_HOST: 'cdn.contentful.com' - CONTENTFUL_SPACE: '8k0h54kbe6bj' - ELASTIC_DOMAIN: 'search' - ELASTIC_INDEX: 'island-is' - ELASTIC_NODE: 'https://vpc-search-q6hdtjcdlhkffyxvrnmzfwphuq.eu-west-1.es.amazonaws.com' - ENVIRONMENT: 'staging' - NODE_OPTIONS: '--max-old-space-size=2048' - S3_BUCKET: 'staging-es-custom-packages' - SERVERSIDE_FEATURES_ON: '' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/search-indexer/CONTENTFUL_ACCESS_TOKEN' - namespace: 'search-indexer' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - progressDeadlineSeconds: 1500 - pvcs: [] - replicaCount: - default: 1 - max: 1 - min: 1 - resources: - limits: - cpu: '800m' - memory: '4096Mi' - requests: - cpu: '400m' - memory: '3072Mi' secrets: - API_CMS_DELETION_TOKEN: '/k8s/search-indexer/API_CMS_DELETION_TOKEN' - API_CMS_SYNC_TOKEN: '/k8s/search-indexer/API_CMS_SYNC_TOKEN' - APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' CONTENTFUL_ACCESS_TOKEN: '/k8s/search-indexer/CONTENTFUL_ACCESS_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/search-indexer' - create: true - name: 'search-indexer' +namespace: 'search-indexer' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +progressDeadlineSeconds: 1500 +pvcs: [] +replicaCount: + default: 1 + max: 1 + min: 1 +resources: + limits: + cpu: '800m' + memory: '4096Mi' + requests: + cpu: '400m' + memory: '3072Mi' +secrets: + API_CMS_DELETION_TOKEN: '/k8s/search-indexer/API_CMS_DELETION_TOKEN' + API_CMS_SYNC_TOKEN: '/k8s/search-indexer/API_CMS_SYNC_TOKEN' + APOLLO_BYPASS_CACHE_SECRET: '/k8s/api/APOLLO_BYPASS_CACHE_SECRET' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/search-indexer/CONTENTFUL_ACCESS_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/search-indexer' + create: true + name: 'search-indexer' diff --git a/charts/services/service-portal-api/values.dev.yaml b/charts/services/service-portal-api/values.dev.yaml index 7d68fe98df26..dd764effdcae 100644 --- a/charts/services/service-portal-api/values.dev.yaml +++ b/charts/services/service-portal-api/values.dev.yaml @@ -5,130 +5,140 @@ # ##################################################################### -service: - name: 'service-portal-api' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'service-portal-api' +enabled: true +env: + AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' + AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'service_portal_api' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'service_portal_api' + EMAIL_REGION: 'eu-west-1' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + ISLYKILL_CERT: '/etc/config/islyklar.p12' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'true' + SERVERSIDE_FEATURES_ON: '' + SERVICE_PORTAL_BASE_URL: 'https://beta.dev01.devland.is/minarsidur' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' +files: + - 'islyklar.p12' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'user-notification' + - 'identity-server' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-profile' +ingress: + internal-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'service-portal-api.internal.dev01.devland.is' + paths: + - '/' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' - AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' DB_HOST: 'postgres-applications.internal' DB_NAME: 'service_portal_api' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'service_portal_api' - EMAIL_REGION: 'eu-west-1' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - ISLYKILL_CERT: '/etc/config/islyklar.p12' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'true' SERVERSIDE_FEATURES_ON: '' - SERVICE_PORTAL_BASE_URL: 'https://beta.dev01.devland.is/minarsidur' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - files: - - 'islyklar.p12' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'user-notification' - - 'identity-server' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-profile' - ingress: - internal-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'service-portal-api.internal.dev01.devland.is' - paths: - - '/' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'service_portal_api' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'service_portal_api' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/service-portal-api/DB_PASSWORD' - namespace: 'service-portal' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '800m' - memory: '1024Mi' - requests: - cpu: '100m' - memory: '512Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/service-portal-api/DB_PASSWORD' - EMAIL_FROM: '/k8s/service-portal/api/EMAIL_FROM' - EMAIL_FROM_NAME: '/k8s/service-portal/api/EMAIL_FROM_NAME' - EMAIL_REPLY_TO: '/k8s/service-portal/api/EMAIL_REPLY_TO' - EMAIL_REPLY_TO_NAME: '/k8s/service-portal/api/EMAIL_REPLY_TO_NAME' - IDENTITY_SERVER_CLIENT_ID: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_ID' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_SECRET' - ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' - ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - NOVA_PASSWORD: '/k8s/gjafakort/NOVA_PASSWORD' - NOVA_URL: '/k8s/service-portal-api/NOVA_URL' - NOVA_USERNAME: '/k8s/gjafakort/NOVA_USERNAME' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/service-portal-api' - create: true - name: 'service-portal-api' +namespace: 'service-portal' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '800m' + memory: '1024Mi' + requests: + cpu: '100m' + memory: '512Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/service-portal-api/DB_PASSWORD' + EMAIL_FROM: '/k8s/service-portal/api/EMAIL_FROM' + EMAIL_FROM_NAME: '/k8s/service-portal/api/EMAIL_FROM_NAME' + EMAIL_REPLY_TO: '/k8s/service-portal/api/EMAIL_REPLY_TO' + EMAIL_REPLY_TO_NAME: '/k8s/service-portal/api/EMAIL_REPLY_TO_NAME' + IDENTITY_SERVER_CLIENT_ID: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_ID' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_SECRET' + ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' + ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + NOVA_PASSWORD: '/k8s/gjafakort/NOVA_PASSWORD' + NOVA_URL: '/k8s/service-portal-api/NOVA_URL' + NOVA_USERNAME: '/k8s/gjafakort/NOVA_USERNAME' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/service-portal-api' + create: true + name: 'service-portal-api' diff --git a/charts/services/service-portal-api/values.prod.yaml b/charts/services/service-portal-api/values.prod.yaml index adcc365a51d3..1ec1f781fb66 100644 --- a/charts/services/service-portal-api/values.prod.yaml +++ b/charts/services/service-portal-api/values.prod.yaml @@ -5,130 +5,140 @@ # ##################################################################### -service: - name: 'service-portal-api' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'service-portal-api' +enabled: true +env: + AUTH_DELEGATION_API_URL: 'https://auth-delegation-api.internal.innskra.island.is' + AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'service_portal_api' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'service_portal_api' + EMAIL_REGION: 'eu-west-1' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + ISLYKILL_CERT: '/etc/config/islyklar.p12' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'false' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SERVICE_PORTAL_BASE_URL: 'https://island.is/minarsidur' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' +files: + - 'islyklar.p12' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'user-notification' + - 'identity-server' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-profile' +ingress: + internal-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'service-portal-api.internal.island.is' + paths: + - '/' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - AUTH_DELEGATION_API_URL: 'https://auth-delegation-api.internal.innskra.island.is' - AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' DB_HOST: 'postgres-applications.internal' DB_NAME: 'service_portal_api' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'service_portal_api' - EMAIL_REGION: 'eu-west-1' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - ISLYKILL_CERT: '/etc/config/islyklar.p12' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'false' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SERVICE_PORTAL_BASE_URL: 'https://island.is/minarsidur' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - files: - - 'islyklar.p12' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'user-notification' - - 'identity-server' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-profile' - ingress: - internal-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'service-portal-api.internal.island.is' - paths: - - '/' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'service_portal_api' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'service_portal_api' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/service-portal-api/DB_PASSWORD' - namespace: 'service-portal' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '800m' - memory: '1024Mi' - requests: - cpu: '100m' - memory: '512Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/service-portal-api/DB_PASSWORD' - EMAIL_FROM: '/k8s/service-portal/api/EMAIL_FROM' - EMAIL_FROM_NAME: '/k8s/service-portal/api/EMAIL_FROM_NAME' - EMAIL_REPLY_TO: '/k8s/service-portal/api/EMAIL_REPLY_TO' - EMAIL_REPLY_TO_NAME: '/k8s/service-portal/api/EMAIL_REPLY_TO_NAME' - IDENTITY_SERVER_CLIENT_ID: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_ID' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_SECRET' - ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' - ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - NOVA_PASSWORD: '/k8s/gjafakort/NOVA_PASSWORD' - NOVA_URL: '/k8s/service-portal-api/NOVA_URL' - NOVA_USERNAME: '/k8s/gjafakort/NOVA_USERNAME' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/service-portal-api' - create: true - name: 'service-portal-api' +namespace: 'service-portal' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '800m' + memory: '1024Mi' + requests: + cpu: '100m' + memory: '512Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/service-portal-api/DB_PASSWORD' + EMAIL_FROM: '/k8s/service-portal/api/EMAIL_FROM' + EMAIL_FROM_NAME: '/k8s/service-portal/api/EMAIL_FROM_NAME' + EMAIL_REPLY_TO: '/k8s/service-portal/api/EMAIL_REPLY_TO' + EMAIL_REPLY_TO_NAME: '/k8s/service-portal/api/EMAIL_REPLY_TO_NAME' + IDENTITY_SERVER_CLIENT_ID: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_ID' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_SECRET' + ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' + ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + NOVA_PASSWORD: '/k8s/gjafakort/NOVA_PASSWORD' + NOVA_URL: '/k8s/service-portal-api/NOVA_URL' + NOVA_USERNAME: '/k8s/gjafakort/NOVA_USERNAME' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/service-portal-api' + create: true + name: 'service-portal-api' diff --git a/charts/services/service-portal-api/values.staging.yaml b/charts/services/service-portal-api/values.staging.yaml index 801cfbf8ad2a..a6c91b5bc4df 100644 --- a/charts/services/service-portal-api/values.staging.yaml +++ b/charts/services/service-portal-api/values.staging.yaml @@ -5,130 +5,140 @@ # ##################################################################### -service: - name: 'service-portal-api' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'service-portal-api' +enabled: true +env: + AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' + AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'service_portal_api' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'service_portal_api' + EMAIL_REGION: 'eu-west-1' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + ISLYKILL_CERT: '/etc/config/islyklar.p12' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'false' + SERVERSIDE_FEATURES_ON: '' + SERVICE_PORTAL_BASE_URL: 'https://beta.staging01.devland.is/minarsidur' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' +files: + - 'islyklar.p12' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'user-notification' + - 'identity-server' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-profile' +ingress: + internal-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'service-portal-api.internal.staging01.devland.is' + paths: + - '/' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' - AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' DB_HOST: 'postgres-applications.internal' DB_NAME: 'service_portal_api' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'service_portal_api' - EMAIL_REGION: 'eu-west-1' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - ISLYKILL_CERT: '/etc/config/islyklar.p12' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'false' SERVERSIDE_FEATURES_ON: '' - SERVICE_PORTAL_BASE_URL: 'https://beta.staging01.devland.is/minarsidur' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - files: - - 'islyklar.p12' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'user-notification' - - 'identity-server' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-profile' - ingress: - internal-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'service-portal-api.internal.staging01.devland.is' - paths: - - '/' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'service_portal_api' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'service_portal_api' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/service-portal-api/DB_PASSWORD' - namespace: 'service-portal' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '800m' - memory: '1024Mi' - requests: - cpu: '100m' - memory: '512Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/service-portal-api/DB_PASSWORD' - EMAIL_FROM: '/k8s/service-portal/api/EMAIL_FROM' - EMAIL_FROM_NAME: '/k8s/service-portal/api/EMAIL_FROM_NAME' - EMAIL_REPLY_TO: '/k8s/service-portal/api/EMAIL_REPLY_TO' - EMAIL_REPLY_TO_NAME: '/k8s/service-portal/api/EMAIL_REPLY_TO_NAME' - IDENTITY_SERVER_CLIENT_ID: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_ID' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_SECRET' - ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' - ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - NOVA_PASSWORD: '/k8s/gjafakort/NOVA_PASSWORD' - NOVA_URL: '/k8s/service-portal-api/NOVA_URL' - NOVA_USERNAME: '/k8s/gjafakort/NOVA_USERNAME' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/service-portal-api' - create: true - name: 'service-portal-api' +namespace: 'service-portal' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '800m' + memory: '1024Mi' + requests: + cpu: '100m' + memory: '512Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/service-portal-api/DB_PASSWORD' + EMAIL_FROM: '/k8s/service-portal/api/EMAIL_FROM' + EMAIL_FROM_NAME: '/k8s/service-portal/api/EMAIL_FROM_NAME' + EMAIL_REPLY_TO: '/k8s/service-portal/api/EMAIL_REPLY_TO' + EMAIL_REPLY_TO_NAME: '/k8s/service-portal/api/EMAIL_REPLY_TO_NAME' + IDENTITY_SERVER_CLIENT_ID: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_ID' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/service-portal/api/SERVICE_PORTAL_API_CLIENT_SECRET' + ISLYKILL_SERVICE_BASEPATH: '/k8s/api/ISLYKILL_SERVICE_BASEPATH' + ISLYKILL_SERVICE_PASSPHRASE: '/k8s/api/ISLYKILL_SERVICE_PASSPHRASE' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + NOVA_PASSWORD: '/k8s/gjafakort/NOVA_PASSWORD' + NOVA_URL: '/k8s/service-portal-api/NOVA_URL' + NOVA_USERNAME: '/k8s/gjafakort/NOVA_USERNAME' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/service-portal-api' + create: true + name: 'service-portal-api' diff --git a/charts/services/service-portal/values.dev.yaml b/charts/services/service-portal/values.dev.yaml index d622b34eb836..d6286ea74f53 100644 --- a/charts/services/service-portal/values.dev.yaml +++ b/charts/services/service-portal/values.dev.yaml @@ -5,74 +5,84 @@ # ##################################################################### -service: - name: 'service-portal' - enabled: true +global: env: - BASEPATH: '/minarsidur' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230' - SERVERSIDE_FEATURES_ON: '' - SI_PUBLIC_ENVIRONMENT: 'dev' - SI_PUBLIC_GRAPHQL_API: '/api/graphql' - SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - grantNamespaces: - - 'nginx-ingress-internal' - - 'nginx-ingress-external' - - 'islandis' - - 'user-notification' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/service-portal' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.dev01.devland.is' - paths: - - '/minarsidur' - namespace: 'service-portal' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '300m' - memory: '256Mi' - requests: - cpu: '5m' - memory: '32Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'service-portal' +enabled: true +env: + BASEPATH: '/minarsidur' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230' + SERVERSIDE_FEATURES_ON: '' + SI_PUBLIC_ENVIRONMENT: 'dev' + SI_PUBLIC_GRAPHQL_API: '/api/graphql' + SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' +grantNamespaces: + - 'nginx-ingress-internal' + - 'nginx-ingress-external' + - 'islandis' + - 'user-notification' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/service-portal' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.dev01.devland.is' + paths: + - '/minarsidur' +namespace: 'service-portal' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '300m' + memory: '256Mi' + requests: + cpu: '5m' + memory: '32Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/service-portal/values.prod.yaml b/charts/services/service-portal/values.prod.yaml index 4d4dce47ea4e..601f924dc3ec 100644 --- a/charts/services/service-portal/values.prod.yaml +++ b/charts/services/service-portal/values.prod.yaml @@ -5,77 +5,87 @@ # ##################################################################### -service: - name: 'service-portal' - enabled: true +global: env: - BASEPATH: '/minarsidur' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SI_PUBLIC_ENVIRONMENT: 'prod' - SI_PUBLIC_GRAPHQL_API: '/api/graphql' - SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - grantNamespaces: - - 'nginx-ingress-internal' - - 'nginx-ingress-external' - - 'islandis' - - 'user-notification' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/service-portal' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'island.is' - paths: - - '/minarsidur' - - host: 'www.island.is' - paths: - - '/minarsidur' - namespace: 'service-portal' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '300m' - memory: '256Mi' - requests: - cpu: '5m' - memory: '32Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'service-portal' +enabled: true +env: + BASEPATH: '/minarsidur' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SI_PUBLIC_ENVIRONMENT: 'prod' + SI_PUBLIC_GRAPHQL_API: '/api/graphql' + SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' +grantNamespaces: + - 'nginx-ingress-internal' + - 'nginx-ingress-external' + - 'islandis' + - 'user-notification' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/service-portal' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'island.is' + paths: + - '/minarsidur' + - host: 'www.island.is' + paths: + - '/minarsidur' +namespace: 'service-portal' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '300m' + memory: '256Mi' + requests: + cpu: '5m' + memory: '32Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/service-portal/values.staging.yaml b/charts/services/service-portal/values.staging.yaml index 62cbbe5488dc..0401a390ad67 100644 --- a/charts/services/service-portal/values.staging.yaml +++ b/charts/services/service-portal/values.staging.yaml @@ -5,74 +5,84 @@ # ##################################################################### -service: - name: 'service-portal' - enabled: true +global: env: - BASEPATH: '/minarsidur' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230' - SERVERSIDE_FEATURES_ON: '' - SI_PUBLIC_ENVIRONMENT: 'staging' - SI_PUBLIC_GRAPHQL_API: '/api/graphql' - SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - grantNamespaces: - - 'nginx-ingress-internal' - - 'nginx-ingress-external' - - 'islandis' - - 'user-notification' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 30 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/service-portal' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.staging01.devland.is' - paths: - - '/minarsidur' - namespace: 'service-portal' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 30 - min: 2 - resources: - limits: - cpu: '300m' - memory: '256Mi' - requests: - cpu: '5m' - memory: '32Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'service-portal' +enabled: true +env: + BASEPATH: '/minarsidur' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230' + SERVERSIDE_FEATURES_ON: '' + SI_PUBLIC_ENVIRONMENT: 'staging' + SI_PUBLIC_GRAPHQL_API: '/api/graphql' + SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' +grantNamespaces: + - 'nginx-ingress-internal' + - 'nginx-ingress-external' + - 'islandis' + - 'user-notification' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 30 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/service-portal' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.staging01.devland.is' + paths: + - '/minarsidur' +namespace: 'service-portal' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 30 + min: 2 +resources: + limits: + cpu: '300m' + memory: '256Mi' + requests: + cpu: '5m' + memory: '32Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + SI_PUBLIC_DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + SI_PUBLIC_DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-admin-api/values.dev.yaml b/charts/services/services-auth-admin-api/values.dev.yaml index e333b12f31fc..f2b108d4a7ce 100644 --- a/charts/services/services-auth-admin-api/values.dev.yaml +++ b/charts/services/services-auth-admin-api/values.dev.yaml @@ -5,96 +5,106 @@ # ##################################################################### -service: - name: 'services-auth-admin-api' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - IDENTITY_SERVER_ISSUER_URL_LIST: '["https://identity-server.dev01.devland.is","https://identity-server.staging01.devland.is","https://innskra.island.is"]' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' - SYSLUMENN_TIMEOUT: '3000' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-external' - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/backend/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/backend/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-admin-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'identity-server.dev01.devland.is' - paths: - - '/backend' - namespace: 'identity-server-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '768Mi' - requests: - cpu: '100m' - memory: '512Mi' - secrets: - CLIENT_SECRET_ENCRYPTION_KEY: '/k8s/services-auth/admin-api/CLIENT_SECRET_ENCRYPTION_KEY' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-admin-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + IDENTITY_SERVER_ISSUER_URL_LIST: '["https://identity-server.dev01.devland.is","https://identity-server.staging01.devland.is","https://innskra.island.is"]' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' + SYSLUMENN_TIMEOUT: '3000' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-external' + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/backend/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/backend/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-admin-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'identity-server.dev01.devland.is' + paths: + - '/backend' +namespace: 'identity-server-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '768Mi' + requests: + cpu: '100m' + memory: '512Mi' +secrets: + CLIENT_SECRET_ENCRYPTION_KEY: '/k8s/services-auth/admin-api/CLIENT_SECRET_ENCRYPTION_KEY' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-admin-api/values.prod.yaml b/charts/services/services-auth-admin-api/values.prod.yaml index 1f70037042f2..f392a1400099 100644 --- a/charts/services/services-auth-admin-api/values.prod.yaml +++ b/charts/services/services-auth-admin-api/values.prod.yaml @@ -5,96 +5,106 @@ # ##################################################################### -service: - name: 'services-auth-admin-api' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' - DB_HOST: 'postgres-ids.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-ids.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - IDENTITY_SERVER_ISSUER_URL_LIST: '["https://innskra.island.is"]' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SYSLUMENN_HOST: 'https://api.syslumenn.is/api' - SYSLUMENN_TIMEOUT: '3000' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-external' - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/backend/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/backend/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-admin-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'innskra.island.is' - paths: - - '/backend' - namespace: 'identity-server-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '768Mi' - requests: - cpu: '100m' - memory: '512Mi' - secrets: - CLIENT_SECRET_ENCRYPTION_KEY: '/k8s/services-auth/admin-api/CLIENT_SECRET_ENCRYPTION_KEY' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-admin-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' + DB_HOST: 'postgres-ids.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-ids.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + IDENTITY_SERVER_ISSUER_URL_LIST: '["https://innskra.island.is"]' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SYSLUMENN_HOST: 'https://api.syslumenn.is/api' + SYSLUMENN_TIMEOUT: '3000' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-external' + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/backend/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/backend/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-admin-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'innskra.island.is' + paths: + - '/backend' +namespace: 'identity-server-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '768Mi' + requests: + cpu: '100m' + memory: '512Mi' +secrets: + CLIENT_SECRET_ENCRYPTION_KEY: '/k8s/services-auth/admin-api/CLIENT_SECRET_ENCRYPTION_KEY' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-admin-api/values.staging.yaml b/charts/services/services-auth-admin-api/values.staging.yaml index 05a56a59bfaa..1ca982a2abb7 100644 --- a/charts/services/services-auth-admin-api/values.staging.yaml +++ b/charts/services/services-auth-admin-api/values.staging.yaml @@ -5,96 +5,106 @@ # ##################################################################### -service: - name: 'services-auth-admin-api' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - IDENTITY_SERVER_ISSUER_URL_LIST: '["https://identity-server.staging01.devland.is","https://innskra.island.is"]' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' - SYSLUMENN_TIMEOUT: '3000' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-external' - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/backend/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/backend/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-admin-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'identity-server.staging01.devland.is' - paths: - - '/backend' - namespace: 'identity-server-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '768Mi' - requests: - cpu: '100m' - memory: '512Mi' - secrets: - CLIENT_SECRET_ENCRYPTION_KEY: '/k8s/services-auth/admin-api/CLIENT_SECRET_ENCRYPTION_KEY' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-admin-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + IDENTITY_SERVER_ISSUER_URL_LIST: '["https://identity-server.staging01.devland.is","https://innskra.island.is"]' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' + SYSLUMENN_TIMEOUT: '3000' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-external' + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/backend/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/backend/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-admin-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'identity-server.staging01.devland.is' + paths: + - '/backend' +namespace: 'identity-server-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '768Mi' + requests: + cpu: '100m' + memory: '512Mi' +secrets: + CLIENT_SECRET_ENCRYPTION_KEY: '/k8s/services-auth/admin-api/CLIENT_SECRET_ENCRYPTION_KEY' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-delegation-api/values.dev.yaml b/charts/services/services-auth-delegation-api/values.dev.yaml index 856a9f66d92e..c11b9182cc45 100644 --- a/charts/services/services-auth-delegation-api/values.dev.yaml +++ b/charts/services/services-auth-delegation-api/values.dev.yaml @@ -5,95 +5,105 @@ # ##################################################################### -service: - name: 'services-auth-delegation-api' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' - SYSLUMENN_TIMEOUT: '3000' - USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'service-portal' - - 'user-notification-worker' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-delegation-api' - ingress: - internal-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'auth-delegation-api.internal.dev01.devland.is' - paths: - - '/' - namespace: 'identity-server-delegation' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-delegation-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' + SYSLUMENN_TIMEOUT: '3000' + USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'service-portal' + - 'user-notification-worker' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-delegation-api' +ingress: + internal-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'auth-delegation-api.internal.dev01.devland.is' + paths: + - '/' +namespace: 'identity-server-delegation' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-delegation-api/values.prod.yaml b/charts/services/services-auth-delegation-api/values.prod.yaml index 5fb3c434bc34..d0dd8d6d9be6 100644 --- a/charts/services/services-auth-delegation-api/values.prod.yaml +++ b/charts/services/services-auth-delegation-api/values.prod.yaml @@ -5,95 +5,105 @@ # ##################################################################### -service: - name: 'services-auth-delegation-api' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' - DB_HOST: 'postgres-ids.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-ids.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SYSLUMENN_HOST: 'https://api.syslumenn.is/api' - SYSLUMENN_TIMEOUT: '3000' - USER_NOTIFICATION_API_URL: 'https://user-notification.internal.island.is' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'service-portal' - - 'user-notification-worker' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-delegation-api' - ingress: - internal-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'auth-delegation-api.internal.innskra.island.is' - paths: - - '/' - namespace: 'identity-server-delegation' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-delegation-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' + DB_HOST: 'postgres-ids.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-ids.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SYSLUMENN_HOST: 'https://api.syslumenn.is/api' + SYSLUMENN_TIMEOUT: '3000' + USER_NOTIFICATION_API_URL: 'https://user-notification.internal.island.is' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'service-portal' + - 'user-notification-worker' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-delegation-api' +ingress: + internal-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'auth-delegation-api.internal.innskra.island.is' + paths: + - '/' +namespace: 'identity-server-delegation' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-delegation-api/values.staging.yaml b/charts/services/services-auth-delegation-api/values.staging.yaml index b94d03c10b8c..1acaebe52182 100644 --- a/charts/services/services-auth-delegation-api/values.staging.yaml +++ b/charts/services/services-auth-delegation-api/values.staging.yaml @@ -5,95 +5,105 @@ # ##################################################################### -service: - name: 'services-auth-delegation-api' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' - SYSLUMENN_TIMEOUT: '3000' - USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'service-portal' - - 'user-notification-worker' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-delegation-api' - ingress: - internal-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'auth-delegation-api.internal.staging01.devland.is' - paths: - - '/' - namespace: 'identity-server-delegation' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-delegation-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' + SYSLUMENN_TIMEOUT: '3000' + USER_NOTIFICATION_API_URL: 'http://web-user-notification.user-notification.svc.cluster.local' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'service-portal' + - 'user-notification-worker' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-delegation-api' +ingress: + internal-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'auth-delegation-api.internal.staging01.devland.is' + paths: + - '/' +namespace: 'identity-server-delegation' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-ids-api-cleanup/values.dev.yaml b/charts/services/services-auth-ids-api-cleanup/values.dev.yaml index 5687fa002d54..5a4276deb188 100644 --- a/charts/services/services-auth-ids-api-cleanup/values.dev.yaml +++ b/charts/services/services-auth-ids-api-cleanup/values.dev.yaml @@ -5,66 +5,76 @@ # ##################################################################### -service: - name: 'services-auth-ids-api-cleanup' - args: - - 'main.js' - - '--job=cleanup' - command: - - 'node' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - - 'user-notification' - - 'portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' - namespace: 'identity-server' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '1024Mi' - requests: - cpu: '100m' - memory: '256Mi' - schedule: '0 3 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-ids-api-cleanup' +args: + - 'main.js' + - '--job=cleanup' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' + - 'user-notification' + - 'portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' +namespace: 'identity-server' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '1024Mi' + requests: + cpu: '100m' + memory: '256Mi' +schedule: '0 3 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-ids-api-cleanup/values.prod.yaml b/charts/services/services-auth-ids-api-cleanup/values.prod.yaml index 4da0ca63d794..88701a214d23 100644 --- a/charts/services/services-auth-ids-api-cleanup/values.prod.yaml +++ b/charts/services/services-auth-ids-api-cleanup/values.prod.yaml @@ -5,66 +5,76 @@ # ##################################################################### -service: - name: 'services-auth-ids-api-cleanup' - args: - - 'main.js' - - '--job=cleanup' - command: - - 'node' - enabled: true +global: env: - DB_HOST: 'postgres-ids.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-ids.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-external' - - 'user-notification' - - 'portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' - namespace: 'identity-server' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '400m' - memory: '1024Mi' - requests: - cpu: '100m' - memory: '256Mi' - schedule: '0 3 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-ids-api-cleanup' +args: + - 'main.js' + - '--job=cleanup' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-ids.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-ids.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-external' + - 'user-notification' + - 'portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' +namespace: 'identity-server' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '400m' + memory: '1024Mi' + requests: + cpu: '100m' + memory: '256Mi' +schedule: '0 3 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-ids-api-cleanup/values.staging.yaml b/charts/services/services-auth-ids-api-cleanup/values.staging.yaml index 970bb0f99cd9..62add51ed018 100644 --- a/charts/services/services-auth-ids-api-cleanup/values.staging.yaml +++ b/charts/services/services-auth-ids-api-cleanup/values.staging.yaml @@ -5,66 +5,76 @@ # ##################################################################### -service: - name: 'services-auth-ids-api-cleanup' - args: - - 'main.js' - - '--job=cleanup' - command: - - 'node' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - - 'user-notification' - - 'portals-admin' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' - namespace: 'identity-server' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '1024Mi' - requests: - cpu: '100m' - memory: '256Mi' - schedule: '0 3 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-ids-api-cleanup' +args: + - 'main.js' + - '--job=cleanup' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=921 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' + - 'user-notification' + - 'portals-admin' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' +namespace: 'identity-server' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '1024Mi' + requests: + cpu: '100m' + memory: '256Mi' +schedule: '0 3 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-ids-api/values.dev.yaml b/charts/services/services-auth-ids-api/values.dev.yaml index ad6739bb93ef..3f01536db5bf 100644 --- a/charts/services/services-auth-ids-api/values.dev.yaml +++ b/charts/services/services-auth-ids-api/values.dev.yaml @@ -5,138 +5,148 @@ # ##################################################################### -service: - name: 'services-auth-ids-api' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-ids-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' + DB_EXTENSIONS: 'uuid-ossp' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: '6cf94113-d326-4e4d-b97c-1fea12d2f5e1' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'true' + PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' + PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' + PASSKEY_CORE_MAX_AGE_DAYS: '365' + PASSKEY_CORE_RP_ID: 'island.is' + PASSKEY_CORE_RP_NAME: 'Island.is' + PUBLIC_URL: 'https://identity-server.dev01.devland.is/api' + REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' + SYSLUMENN_TIMEOUT: '3000' + USER_PROFILE_CLIENT_SCOPE: '["@island.is/user-profile:read"]' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '10001' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-external' + - 'user-notification' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 15 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' + - args: + - 'sequelize-cli' + - 'db:seed:all' + command: + - 'npx' + name: 'seed' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' DB_EXTENSIONS: 'uuid-ossp' DB_HOST: 'postgres-applications.internal' DB_NAME: 'servicesauth' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: '6cf94113-d326-4e4d-b97c-1fea12d2f5e1' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'true' - PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' - PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' - PASSKEY_CORE_MAX_AGE_DAYS: '365' - PASSKEY_CORE_RP_ID: 'island.is' - PASSKEY_CORE_RP_NAME: 'Island.is' - PUBLIC_URL: 'https://identity-server.dev01.devland.is/api' - REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' SERVERSIDE_FEATURES_ON: '' - SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' - SYSLUMENN_TIMEOUT: '3000' - USER_PROFILE_CLIENT_SCOPE: '["@island.is/user-profile:read"]' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '10001' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-external' - - 'user-notification' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 15 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - - args: - - 'sequelize-cli' - - 'db:seed:all' - command: - - 'npx' - name: 'seed' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_EXTENSIONS: 'uuid-ossp' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'servicesauth' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - namespace: 'identity-server' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 15 - min: 2 - resources: - limits: - cpu: '800m' - memory: '768Mi' - requests: - cpu: '400m' - memory: '512Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/services-auth/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - NOVA_PASSWORD: '/k8s/services-auth/NOVA_PASSWORD' - NOVA_URL: '/k8s/services-auth/NOVA_URL' - NOVA_USERNAME: '/k8s/services-auth/NOVA_USERNAME' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'identity-server' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 15 + min: 2 +resources: + limits: + cpu: '800m' + memory: '768Mi' + requests: + cpu: '400m' + memory: '512Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/services-auth/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + NOVA_PASSWORD: '/k8s/services-auth/NOVA_PASSWORD' + NOVA_URL: '/k8s/services-auth/NOVA_URL' + NOVA_USERNAME: '/k8s/services-auth/NOVA_USERNAME' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-ids-api/values.prod.yaml b/charts/services/services-auth-ids-api/values.prod.yaml index e229bced66f1..8452923e6595 100644 --- a/charts/services/services-auth-ids-api/values.prod.yaml +++ b/charts/services/services-auth-ids-api/values.prod.yaml @@ -5,138 +5,148 @@ # ##################################################################### -service: - name: 'services-auth-ids-api' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-ids-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' + DB_EXTENSIONS: 'uuid-ossp' + DB_HOST: 'postgres-ids.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-ids.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: '8271bbc2-d8de-480f-8540-ea43fc40b7ae' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'false' + PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' + PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' + PASSKEY_CORE_MAX_AGE_DAYS: '365' + PASSKEY_CORE_RP_ID: 'island.is' + PASSKEY_CORE_RP_NAME: 'Island.is' + PUBLIC_URL: 'https://innskra.island.is/api' + REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SYSLUMENN_HOST: 'https://api.syslumenn.is/api' + SYSLUMENN_TIMEOUT: '3000' + USER_PROFILE_CLIENT_SCOPE: '["@island.is/user-profile:read"]' + USER_PROFILE_CLIENT_URL: 'https://service-portal-api.internal.island.is' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-external' + - 'user-notification' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 15 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' + - args: + - 'sequelize-cli' + - 'db:seed:all' + command: + - 'npx' + name: 'seed' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' DB_EXTENSIONS: 'uuid-ossp' DB_HOST: 'postgres-ids.internal' DB_NAME: 'servicesauth' DB_REPLICAS_HOST: 'postgres-ids.internal' DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: '8271bbc2-d8de-480f-8540-ea43fc40b7ae' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'false' - PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' - PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' - PASSKEY_CORE_MAX_AGE_DAYS: '365' - PASSKEY_CORE_RP_ID: 'island.is' - PASSKEY_CORE_RP_NAME: 'Island.is' - PUBLIC_URL: 'https://innskra.island.is/api' - REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SYSLUMENN_HOST: 'https://api.syslumenn.is/api' - SYSLUMENN_TIMEOUT: '3000' - USER_PROFILE_CLIENT_SCOPE: '["@island.is/user-profile:read"]' - USER_PROFILE_CLIENT_URL: 'https://service-portal-api.internal.island.is' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-external' - - 'user-notification' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 15 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - - args: - - 'sequelize-cli' - - 'db:seed:all' - command: - - 'npx' - name: 'seed' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_EXTENSIONS: 'uuid-ossp' - DB_HOST: 'postgres-ids.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-ids.internal' - DB_USER: 'servicesauth' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - namespace: 'identity-server' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 15 - min: 2 - resources: - limits: - cpu: '800m' - memory: '768Mi' - requests: - cpu: '400m' - memory: '512Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/services-auth/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - NOVA_PASSWORD: '/k8s/services-auth/NOVA_PASSWORD' - NOVA_URL: '/k8s/services-auth/NOVA_URL' - NOVA_USERNAME: '/k8s/services-auth/NOVA_USERNAME' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'identity-server' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 15 + min: 2 +resources: + limits: + cpu: '800m' + memory: '768Mi' + requests: + cpu: '400m' + memory: '512Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/services-auth/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + NOVA_PASSWORD: '/k8s/services-auth/NOVA_PASSWORD' + NOVA_URL: '/k8s/services-auth/NOVA_URL' + NOVA_USERNAME: '/k8s/services-auth/NOVA_USERNAME' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-ids-api/values.staging.yaml b/charts/services/services-auth-ids-api/values.staging.yaml index d0886f109094..0ed369b6862e 100644 --- a/charts/services/services-auth-ids-api/values.staging.yaml +++ b/charts/services/services-auth-ids-api/values.staging.yaml @@ -5,138 +5,148 @@ # ##################################################################### -service: - name: 'services-auth-ids-api' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-ids-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' + DB_EXTENSIONS: 'uuid-ossp' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NATIONAL_REGISTRY_B2C_CLIENT_ID: '6cf94113-d326-4e4d-b97c-1fea12d2f5e1' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + NOVA_ACCEPT_UNAUTHORIZED: 'false' + PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' + PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' + PASSKEY_CORE_MAX_AGE_DAYS: '365' + PASSKEY_CORE_RP_ID: 'island.is' + PASSKEY_CORE_RP_NAME: 'Island.is' + PUBLIC_URL: 'https://identity-server.staging01.devland.is/api' + REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' + SYSLUMENN_TIMEOUT: '3000' + USER_PROFILE_CLIENT_SCOPE: '["@island.is/user-profile:read"]' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-external' + - 'user-notification' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 15 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' + - args: + - 'sequelize-cli' + - 'db:seed:all' + command: + - 'npx' + name: 'seed' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' DB_EXTENSIONS: 'uuid-ossp' DB_HOST: 'postgres-applications.internal' DB_NAME: 'servicesauth' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NATIONAL_REGISTRY_B2C_CLIENT_ID: '6cf94113-d326-4e4d-b97c-1fea12d2f5e1' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - NOVA_ACCEPT_UNAUTHORIZED: 'false' - PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' - PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' - PASSKEY_CORE_MAX_AGE_DAYS: '365' - PASSKEY_CORE_RP_ID: 'island.is' - PASSKEY_CORE_RP_NAME: 'Island.is' - PUBLIC_URL: 'https://identity-server.staging01.devland.is/api' - REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' SERVERSIDE_FEATURES_ON: '' - SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' - SYSLUMENN_TIMEOUT: '3000' - USER_PROFILE_CLIENT_SCOPE: '["@island.is/user-profile:read"]' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-external' - - 'user-notification' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 15 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-ids-api' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - - args: - - 'sequelize-cli' - - 'db:seed:all' - command: - - 'npx' - name: 'seed' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_EXTENSIONS: 'uuid-ossp' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'servicesauth' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - namespace: 'identity-server' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 15 - min: 2 - resources: - limits: - cpu: '800m' - memory: '768Mi' - requests: - cpu: '400m' - memory: '512Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/services-auth/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - NOVA_PASSWORD: '/k8s/services-auth/NOVA_PASSWORD' - NOVA_URL: '/k8s/services-auth/NOVA_URL' - NOVA_USERNAME: '/k8s/services-auth/NOVA_USERNAME' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'identity-server' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 15 + min: 2 +resources: + limits: + cpu: '800m' + memory: '768Mi' + requests: + cpu: '400m' + memory: '512Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/services-auth/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' + NOVA_PASSWORD: '/k8s/services-auth/NOVA_PASSWORD' + NOVA_URL: '/k8s/services-auth/NOVA_URL' + NOVA_USERNAME: '/k8s/services-auth/NOVA_USERNAME' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-personal-representative-public/values.dev.yaml b/charts/services/services-auth-personal-representative-public/values.dev.yaml index 6f946614981a..08b020d2b4f0 100644 --- a/charts/services/services-auth-personal-representative-public/values.dev.yaml +++ b/charts/services/services-auth-personal-representative-public/values.dev.yaml @@ -5,66 +5,76 @@ # ##################################################################### -service: - name: 'services-auth-personal-representative-public' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative-public' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'personal-representative-public-xrd.internal.dev01.devland.is' - paths: - - '/' - namespace: 'personal-representative' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-personal-representative-public' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative-public' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'personal-representative-public-xrd.internal.dev01.devland.is' + paths: + - '/' +namespace: 'personal-representative' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-personal-representative-public/values.prod.yaml b/charts/services/services-auth-personal-representative-public/values.prod.yaml index d66fdeb65371..d9370ec8a097 100644 --- a/charts/services/services-auth-personal-representative-public/values.prod.yaml +++ b/charts/services/services-auth-personal-representative-public/values.prod.yaml @@ -5,66 +5,76 @@ # ##################################################################### -service: - name: 'services-auth-personal-representative-public' - enabled: true +global: env: - DB_HOST: 'postgres-ids.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-ids.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative-public' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'personal-representative-public-xrd.internal.innskra.island.is' - paths: - - '/' - namespace: 'personal-representative' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-personal-representative-public' +enabled: true +env: + DB_HOST: 'postgres-ids.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-ids.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative-public' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'personal-representative-public-xrd.internal.innskra.island.is' + paths: + - '/' +namespace: 'personal-representative' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-personal-representative-public/values.staging.yaml b/charts/services/services-auth-personal-representative-public/values.staging.yaml index 742b180409ae..5a132366628b 100644 --- a/charts/services/services-auth-personal-representative-public/values.staging.yaml +++ b/charts/services/services-auth-personal-representative-public/values.staging.yaml @@ -5,66 +5,76 @@ # ##################################################################### -service: - name: 'services-auth-personal-representative-public' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative-public' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'personal-representative-public-xrd.internal.staging01.devland.is' - paths: - - '/' - namespace: 'personal-representative' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-personal-representative-public' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative-public' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'personal-representative-public-xrd.internal.staging01.devland.is' + paths: + - '/' +namespace: 'personal-representative' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-personal-representative/values.dev.yaml b/charts/services/services-auth-personal-representative/values.dev.yaml index 6afa98941f22..973eb041bc32 100644 --- a/charts/services/services-auth-personal-representative/values.dev.yaml +++ b/charts/services/services-auth-personal-representative/values.dev.yaml @@ -5,89 +5,99 @@ # ##################################################################### -service: - name: 'services-auth-personal-representative' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' - SYSLUMENN_TIMEOUT: '3000' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'personal-representative-xrd.internal.dev01.devland.is' - paths: - - '/' - namespace: 'personal-representative' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-personal-representative' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' + SYSLUMENN_TIMEOUT: '3000' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'personal-representative-xrd.internal.dev01.devland.is' + paths: + - '/' +namespace: 'personal-representative' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-personal-representative/values.prod.yaml b/charts/services/services-auth-personal-representative/values.prod.yaml index 8b748446fad3..f9f74f8d92c1 100644 --- a/charts/services/services-auth-personal-representative/values.prod.yaml +++ b/charts/services/services-auth-personal-representative/values.prod.yaml @@ -5,89 +5,99 @@ # ##################################################################### -service: - name: 'services-auth-personal-representative' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' - DB_HOST: 'postgres-ids.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-ids.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SYSLUMENN_HOST: 'https://api.syslumenn.is/api' - SYSLUMENN_TIMEOUT: '3000' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'personal-representative-xrd.internal.innskra.island.is' - paths: - - '/' - namespace: 'personal-representative' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-personal-representative' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' + DB_HOST: 'postgres-ids.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-ids.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SYSLUMENN_HOST: 'https://api.syslumenn.is/api' + SYSLUMENN_TIMEOUT: '3000' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'personal-representative-xrd.internal.innskra.island.is' + paths: + - '/' +namespace: 'personal-representative' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-personal-representative/values.staging.yaml b/charts/services/services-auth-personal-representative/values.staging.yaml index 212e2d315435..21ec99d0547a 100644 --- a/charts/services/services-auth-personal-representative/values.staging.yaml +++ b/charts/services/services-auth-personal-representative/values.staging.yaml @@ -5,89 +5,99 @@ # ##################################################################### -service: - name: 'services-auth-personal-representative' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' - SYSLUMENN_TIMEOUT: '3000' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'personal-representative-xrd.internal.staging01.devland.is' - paths: - - '/' - namespace: 'personal-representative' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-personal-representative' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' + SYSLUMENN_TIMEOUT: '3000' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-personal-representative' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'personal-representative-xrd.internal.staging01.devland.is' + paths: + - '/' +namespace: 'personal-representative' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-public-api/values.dev.yaml b/charts/services/services-auth-public-api/values.dev.yaml index f80cba70f189..4398430d7eb2 100644 --- a/charts/services/services-auth-public-api/values.dev.yaml +++ b/charts/services/services-auth-public-api/values.dev.yaml @@ -5,105 +5,115 @@ # ##################################################################### -service: - name: 'services-auth-public-api' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' - PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' - PASSKEY_CORE_RP_ID: 'island.is' - PASSKEY_CORE_RP_NAME: 'Island.is' - PUBLIC_URL: 'https://identity-server.dev01.devland.is/api' - REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: '' - SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' - SYSLUMENN_TIMEOUT: '3000' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '10001' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-external' - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-public-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/rewrite-target: '/$2' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'identity-server.dev01.devland.is' - paths: - - '/api(/|$)(.*)' - namespace: 'identity-server-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '384Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-public-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' + PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' + PASSKEY_CORE_RP_ID: 'island.is' + PASSKEY_CORE_RP_NAME: 'Island.is' + PUBLIC_URL: 'https://identity-server.dev01.devland.is/api' + REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' + SYSLUMENN_TIMEOUT: '3000' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-DEV/GOV/10001/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS-DEV/GOV/10006/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '10001' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-external' + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-public-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/rewrite-target: '/$2' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'identity-server.dev01.devland.is' + paths: + - '/api(/|$)(.*)' +namespace: 'identity-server-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '384Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-public-api/values.prod.yaml b/charts/services/services-auth-public-api/values.prod.yaml index e8aaab3d72e7..cedab910898a 100644 --- a/charts/services/services-auth-public-api/values.prod.yaml +++ b/charts/services/services-auth-public-api/values.prod.yaml @@ -5,105 +5,115 @@ # ##################################################################### -service: - name: 'services-auth-public-api' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' - DB_HOST: 'postgres-ids.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-ids.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' - PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' - PASSKEY_CORE_RP_ID: 'island.is' - PASSKEY_CORE_RP_NAME: 'Island.is' - PUBLIC_URL: 'https://innskra.island.is/api' - REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SYSLUMENN_HOST: 'https://api.syslumenn.is/api' - SYSLUMENN_TIMEOUT: '3000' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-external' - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-public-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/rewrite-target: '/$2' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'innskra.island.is' - paths: - - '/api(/|$)(.*)' - namespace: 'identity-server-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '384Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-public-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' + DB_HOST: 'postgres-ids.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-ids.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' + PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' + PASSKEY_CORE_RP_ID: 'island.is' + PASSKEY_CORE_RP_NAME: 'Island.is' + PUBLIC_URL: 'https://innskra.island.is/api' + REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SYSLUMENN_HOST: 'https://api.syslumenn.is/api' + SYSLUMENN_TIMEOUT: '3000' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.dnugi2.euw1.cache.amazonaws.com:6379"]' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-external' + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-public-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/rewrite-target: '/$2' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'innskra.island.is' + paths: + - '/api(/|$)(.*)' +namespace: 'identity-server-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '384Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-auth-public-api/values.staging.yaml b/charts/services/services-auth-public-api/values.staging.yaml index f3634bc368d7..af05b8333772 100644 --- a/charts/services/services-auth-public-api/values.staging.yaml +++ b/charts/services/services-auth-public-api/values.staging.yaml @@ -5,105 +5,115 @@ # ##################################################################### -service: - name: 'services-auth-public-api' - enabled: true +global: env: - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'servicesauth' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'servicesauth' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' - PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' - PASSKEY_CORE_RP_ID: 'island.is' - PASSKEY_CORE_RP_NAME: 'Island.is' - PUBLIC_URL: 'https://identity-server.staging01.devland.is/api' - REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: '' - SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' - SYSLUMENN_TIMEOUT: '3000' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' - XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' - XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' - XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' - XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' - XROAD_TJODSKRA_MEMBER_CODE: '6503760649' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' - grantNamespaces: - - 'nginx-ingress-external' - - 'nginx-ingress-internal' - - 'islandis' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-public-api' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/rewrite-target: '/$2' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'identity-server.staging01.devland.is' - paths: - - '/api(/|$)(.*)' - namespace: 'identity-server-admin' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '384Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/servicesauth/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' - NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' - SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' - SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' - ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' - ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' - ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/identity-server/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-auth-public-api' +enabled: true +env: + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'servicesauth' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'servicesauth' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/auth-api' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + PASSKEY_CORE_ALLOWED_ORIGINS: '["https://island.is","android:apk-key-hash:JgPeo_F6KYk-ngRa26tO2SsAtMiTBQCc7WtSgN-jRX0","android:apk-key-hash:EsLTUu5kaY7XPmMl2f7nbq4amu-PNzdYu3FecNf90wU"]' + PASSKEY_CORE_CHALLENGE_TTL_MS: '120000' + PASSKEY_CORE_RP_ID: 'island.is' + PASSKEY_CORE_RP_NAME: 'Island.is' + PUBLIC_URL: 'https://identity-server.staging01.devland.is/api' + REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + SYSLUMENN_HOST: 'https://api.syslumenn.is/staging' + SYSLUMENN_TIMEOUT: '3000' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_NATIONAL_REGISTRY_ACTOR_TOKEN: 'true' + XROAD_NATIONAL_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_NATIONAL_REGISTRY_SERVICE_PATH: 'IS-TEST/GOV/6503760649/SKRA-Protected/Einstaklingar-v1' + XROAD_RSK_PROCURING_ACTOR_TOKEN: 'true' + XROAD_RSK_PROCURING_PATH: 'IS-TEST/GOV/5402696029/Skatturinn/relationships-v1' + XROAD_RSK_PROCURING_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + XROAD_TJODSKRA_API_PATH: '/SKRA-Protected/Einstaklingar-v1' + XROAD_TJODSKRA_MEMBER_CODE: '6503760649' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + ZENDESK_CONTACT_FORM_SUBDOMAIN: 'digitaliceland' +grantNamespaces: + - 'nginx-ingress-external' + - 'nginx-ingress-internal' + - 'islandis' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-auth-public-api' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/rewrite-target: '/$2' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'identity-server.staging01.devland.is' + paths: + - '/api(/|$)(.*)' +namespace: 'identity-server-admin' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '384Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/servicesauth/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-auth/IDENTITY_SERVER_CLIENT_SECRET' + NATIONAL_REGISTRY_IDS_CLIENT_SECRET: '/k8s/xroad/client/NATIONAL-REGISTRY/IDENTITYSERVER_SECRET' + SYSLUMENN_PASSWORD: '/k8s/services-auth/SYSLUMENN_PASSWORD' + SYSLUMENN_USERNAME: '/k8s/services-auth/SYSLUMENN_USERNAME' + ZENDESK_CONTACT_FORM_EMAIL: '/k8s/api/ZENDESK_CONTACT_FORM_EMAIL' + ZENDESK_CONTACT_FORM_TOKEN: '/k8s/api/ZENDESK_CONTACT_FORM_TOKEN' + ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE: '/k8s/services-auth/ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-bff-portals-admin/values.dev.yaml b/charts/services/services-bff-portals-admin/values.dev.yaml index 32df0a313f6a..e5b6da0bda2f 100644 --- a/charts/services/services-bff-portals-admin/values.dev.yaml +++ b/charts/services/services-bff-portals-admin/values.dev.yaml @@ -5,88 +5,98 @@ # ##################################################################### -service: - name: 'services-bff-portals-admin' - enabled: true +global: env: - BFF_ALLOWED_EXTERNAL_API_URLS: '["https://api.dev01.devland.is"]' - BFF_ALLOWED_REDIRECT_URIS: '["https://beta.dev01.devland.is"]' - BFF_CACHE_USER_PROFILE_TTL_MS: '3595000' - BFF_CALLBACKS_BASE_PATH: 'https://beta.dev01.devland.is/stjornbord/bff/callbacks' - BFF_CLIENT_BASE_URL: 'https://beta.dev01.devland.is' - BFF_CLIENT_KEY_PATH: '/stjornbord' - BFF_LOGIN_ATTEMPT_TTL_MS: '604800000' - BFF_LOGOUT_REDIRECT_URI: 'https://beta.dev01.devland.is' - BFF_NAME: 'stjornbord' - BFF_PAR_SUPPORT_ENABLED: 'true' - BFF_PROXY_API_ENDPOINT: 'http://web-api.islandis.svc.cluster.local/api/graphql' - IDENTITY_SERVER_CLIENT_ID: '@admin.island.is/bff-stjornbord' - IDENTITY_SERVER_CLIENT_SCOPES: '["@admin.island.is/delegations","@admin.island.is/ads","@admin.island.is/regulations","@admin.island.is/regulations:manage","@admin.island.is/icelandic-names-registry","@admin.island.is/application-system:admin","@admin.island.is/application-system:institution","@admin.island.is/document-provider","@admin.island.is/auth","@admin.island.is/auth:admin","@admin.island.is/petitions","@admin.island.is/service-desk","@admin.island.is/ads:explicit","@admin.island.is/signature-collection:manage","@admin.island.is/signature-collection:process","@admin.island.is/form-system","@admin.island.is/form-system:admin","@admin.island.is/delegation-system","@admin.island.is/delegation-system:admin"]' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/stjornbord/bff/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/stjornbord/bff/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-bff' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.dev01.devland.is' - paths: - - '/stjornbord/bff' - namespace: 'portals-admin' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - BFF_TOKEN_SECRET_BASE64: '/k8s/services-bff/portals-admin/BFF_TOKEN_SECRET_BASE64' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-bff/portals-admin/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-bff-portals-admin' +enabled: true +env: + BFF_ALLOWED_EXTERNAL_API_URLS: '["https://api.dev01.devland.is"]' + BFF_ALLOWED_REDIRECT_URIS: '["https://beta.dev01.devland.is"]' + BFF_CACHE_USER_PROFILE_TTL_MS: '3595000' + BFF_CALLBACKS_BASE_PATH: 'https://beta.dev01.devland.is/stjornbord/bff/callbacks' + BFF_CLIENT_BASE_URL: 'https://beta.dev01.devland.is' + BFF_CLIENT_KEY_PATH: '/stjornbord' + BFF_LOGIN_ATTEMPT_TTL_MS: '604800000' + BFF_LOGOUT_REDIRECT_URI: 'https://beta.dev01.devland.is' + BFF_NAME: 'stjornbord' + BFF_PAR_SUPPORT_ENABLED: 'true' + BFF_PROXY_API_ENDPOINT: 'http://web-api.islandis.svc.cluster.local/api/graphql' + IDENTITY_SERVER_CLIENT_ID: '@admin.island.is/bff-stjornbord' + IDENTITY_SERVER_CLIENT_SCOPES: '["@admin.island.is/delegations","@admin.island.is/ads","@admin.island.is/regulations","@admin.island.is/regulations:manage","@admin.island.is/icelandic-names-registry","@admin.island.is/application-system:admin","@admin.island.is/application-system:institution","@admin.island.is/document-provider","@admin.island.is/auth","@admin.island.is/auth:admin","@admin.island.is/petitions","@admin.island.is/service-desk","@admin.island.is/ads:explicit","@admin.island.is/signature-collection:manage","@admin.island.is/signature-collection:process","@admin.island.is/form-system","@admin.island.is/form-system:admin","@admin.island.is/delegation-system","@admin.island.is/delegation-system:admin"]' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/stjornbord/bff/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/stjornbord/bff/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-bff' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/services-bff' - create: true - name: 'services-bff' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.dev01.devland.is' + paths: + - '/stjornbord/bff' +namespace: 'portals-admin' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + BFF_TOKEN_SECRET_BASE64: '/k8s/services-bff/portals-admin/BFF_TOKEN_SECRET_BASE64' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-bff/portals-admin/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/services-bff' + create: true + name: 'services-bff' diff --git a/charts/services/services-bff-portals-admin/values.prod.yaml b/charts/services/services-bff-portals-admin/values.prod.yaml index a598b3465197..ffde3a0cc06e 100644 --- a/charts/services/services-bff-portals-admin/values.prod.yaml +++ b/charts/services/services-bff-portals-admin/values.prod.yaml @@ -5,90 +5,100 @@ # ##################################################################### -service: - name: 'services-bff-portals-admin' - enabled: true +global: env: - BFF_ALLOWED_EXTERNAL_API_URLS: '["https://api.island.is"]' - BFF_ALLOWED_REDIRECT_URIS: '["https://island.is"]' - BFF_CACHE_USER_PROFILE_TTL_MS: '3595000' - BFF_CALLBACKS_BASE_PATH: 'https://island.is/stjornbord/bff/callbacks' - BFF_CLIENT_BASE_URL: 'https://island.is' - BFF_CLIENT_KEY_PATH: '/stjornbord' - BFF_LOGIN_ATTEMPT_TTL_MS: '604800000' - BFF_LOGOUT_REDIRECT_URI: 'https://island.is' - BFF_NAME: 'stjornbord' - BFF_PAR_SUPPORT_ENABLED: 'true' - BFF_PROXY_API_ENDPOINT: 'http://web-api.islandis.svc.cluster.local/api/graphql' - IDENTITY_SERVER_CLIENT_ID: '@admin.island.is/bff-stjornbord' - IDENTITY_SERVER_CLIENT_SCOPES: '["@admin.island.is/delegations","@admin.island.is/ads","@admin.island.is/regulations","@admin.island.is/regulations:manage","@admin.island.is/icelandic-names-registry","@admin.island.is/application-system:admin","@admin.island.is/application-system:institution","@admin.island.is/document-provider","@admin.island.is/auth","@admin.island.is/auth:admin","@admin.island.is/petitions","@admin.island.is/service-desk","@admin.island.is/ads:explicit","@admin.island.is/signature-collection:manage","@admin.island.is/signature-collection:process","@admin.island.is/form-system","@admin.island.is/form-system:admin","@admin.island.is/delegation-system","@admin.island.is/delegation-system:admin"]' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/stjornbord/bff/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/stjornbord/bff/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-bff' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'island.is' - paths: - - '/stjornbord/bff' - - host: 'www.island.is' - paths: - - '/stjornbord/bff' - namespace: 'portals-admin' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - BFF_TOKEN_SECRET_BASE64: '/k8s/services-bff/portals-admin/BFF_TOKEN_SECRET_BASE64' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-bff/portals-admin/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-bff-portals-admin' +enabled: true +env: + BFF_ALLOWED_EXTERNAL_API_URLS: '["https://api.island.is"]' + BFF_ALLOWED_REDIRECT_URIS: '["https://island.is"]' + BFF_CACHE_USER_PROFILE_TTL_MS: '3595000' + BFF_CALLBACKS_BASE_PATH: 'https://island.is/stjornbord/bff/callbacks' + BFF_CLIENT_BASE_URL: 'https://island.is' + BFF_CLIENT_KEY_PATH: '/stjornbord' + BFF_LOGIN_ATTEMPT_TTL_MS: '604800000' + BFF_LOGOUT_REDIRECT_URI: 'https://island.is' + BFF_NAME: 'stjornbord' + BFF_PAR_SUPPORT_ENABLED: 'true' + BFF_PROXY_API_ENDPOINT: 'http://web-api.islandis.svc.cluster.local/api/graphql' + IDENTITY_SERVER_CLIENT_ID: '@admin.island.is/bff-stjornbord' + IDENTITY_SERVER_CLIENT_SCOPES: '["@admin.island.is/delegations","@admin.island.is/ads","@admin.island.is/regulations","@admin.island.is/regulations:manage","@admin.island.is/icelandic-names-registry","@admin.island.is/application-system:admin","@admin.island.is/application-system:institution","@admin.island.is/document-provider","@admin.island.is/auth","@admin.island.is/auth:admin","@admin.island.is/petitions","@admin.island.is/service-desk","@admin.island.is/ads:explicit","@admin.island.is/signature-collection:manage","@admin.island.is/signature-collection:process","@admin.island.is/form-system","@admin.island.is/form-system:admin","@admin.island.is/delegation-system","@admin.island.is/delegation-system:admin"]' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/stjornbord/bff/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/stjornbord/bff/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-bff' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/services-bff' - create: true - name: 'services-bff' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'island.is' + paths: + - '/stjornbord/bff' + - host: 'www.island.is' + paths: + - '/stjornbord/bff' +namespace: 'portals-admin' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + BFF_TOKEN_SECRET_BASE64: '/k8s/services-bff/portals-admin/BFF_TOKEN_SECRET_BASE64' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-bff/portals-admin/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/services-bff' + create: true + name: 'services-bff' diff --git a/charts/services/services-bff-portals-admin/values.staging.yaml b/charts/services/services-bff-portals-admin/values.staging.yaml index 94d465b6b307..6c61eb1836e1 100644 --- a/charts/services/services-bff-portals-admin/values.staging.yaml +++ b/charts/services/services-bff-portals-admin/values.staging.yaml @@ -5,88 +5,98 @@ # ##################################################################### -service: - name: 'services-bff-portals-admin' - enabled: true +global: env: - BFF_ALLOWED_EXTERNAL_API_URLS: '["https://api.staging01.devland.is"]' - BFF_ALLOWED_REDIRECT_URIS: '["https://beta.staging01.devland.is"]' - BFF_CACHE_USER_PROFILE_TTL_MS: '3595000' - BFF_CALLBACKS_BASE_PATH: 'https://beta.staging01.devland.is/stjornbord/bff/callbacks' - BFF_CLIENT_BASE_URL: 'https://beta.staging01.devland.is' - BFF_CLIENT_KEY_PATH: '/stjornbord' - BFF_LOGIN_ATTEMPT_TTL_MS: '604800000' - BFF_LOGOUT_REDIRECT_URI: 'https://beta.staging01.devland.is' - BFF_NAME: 'stjornbord' - BFF_PAR_SUPPORT_ENABLED: 'true' - BFF_PROXY_API_ENDPOINT: 'http://web-api.islandis.svc.cluster.local/api/graphql' - IDENTITY_SERVER_CLIENT_ID: '@admin.island.is/bff-stjornbord' - IDENTITY_SERVER_CLIENT_SCOPES: '["@admin.island.is/delegations","@admin.island.is/ads","@admin.island.is/regulations","@admin.island.is/regulations:manage","@admin.island.is/icelandic-names-registry","@admin.island.is/application-system:admin","@admin.island.is/application-system:institution","@admin.island.is/document-provider","@admin.island.is/auth","@admin.island.is/auth:admin","@admin.island.is/petitions","@admin.island.is/service-desk","@admin.island.is/ads:explicit","@admin.island.is/signature-collection:manage","@admin.island.is/signature-collection:process","@admin.island.is/form-system","@admin.island.is/form-system:admin","@admin.island.is/delegation-system","@admin.island.is/delegation-system:admin"]' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/stjornbord/bff/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/stjornbord/bff/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-bff' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/enable-global-auth: 'false' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.staging01.devland.is' - paths: - - '/stjornbord/bff' - namespace: 'portals-admin' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - secrets: - BFF_TOKEN_SECRET_BASE64: '/k8s/services-bff/portals-admin/BFF_TOKEN_SECRET_BASE64' - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-bff/portals-admin/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-bff-portals-admin' +enabled: true +env: + BFF_ALLOWED_EXTERNAL_API_URLS: '["https://api.staging01.devland.is"]' + BFF_ALLOWED_REDIRECT_URIS: '["https://beta.staging01.devland.is"]' + BFF_CACHE_USER_PROFILE_TTL_MS: '3595000' + BFF_CALLBACKS_BASE_PATH: 'https://beta.staging01.devland.is/stjornbord/bff/callbacks' + BFF_CLIENT_BASE_URL: 'https://beta.staging01.devland.is' + BFF_CLIENT_KEY_PATH: '/stjornbord' + BFF_LOGIN_ATTEMPT_TTL_MS: '604800000' + BFF_LOGOUT_REDIRECT_URI: 'https://beta.staging01.devland.is' + BFF_NAME: 'stjornbord' + BFF_PAR_SUPPORT_ENABLED: 'true' + BFF_PROXY_API_ENDPOINT: 'http://web-api.islandis.svc.cluster.local/api/graphql' + IDENTITY_SERVER_CLIENT_ID: '@admin.island.is/bff-stjornbord' + IDENTITY_SERVER_CLIENT_SCOPES: '["@admin.island.is/delegations","@admin.island.is/ads","@admin.island.is/regulations","@admin.island.is/regulations:manage","@admin.island.is/icelandic-names-registry","@admin.island.is/application-system:admin","@admin.island.is/application-system:institution","@admin.island.is/document-provider","@admin.island.is/auth","@admin.island.is/auth:admin","@admin.island.is/petitions","@admin.island.is/service-desk","@admin.island.is/ads:explicit","@admin.island.is/signature-collection:manage","@admin.island.is/signature-collection:process","@admin.island.is/form-system","@admin.island.is/form-system:admin","@admin.island.is/delegation-system","@admin.island.is/delegation-system:admin"]' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/stjornbord/bff/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/stjornbord/bff/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-bff' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/services-bff' - create: true - name: 'services-bff' + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/enable-global-auth: 'false' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.staging01.devland.is' + paths: + - '/stjornbord/bff' +namespace: 'portals-admin' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + BFF_TOKEN_SECRET_BASE64: '/k8s/services-bff/portals-admin/BFF_TOKEN_SECRET_BASE64' + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-bff/portals-admin/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/services-bff' + create: true + name: 'services-bff' diff --git a/charts/services/services-documents/values.dev.yaml b/charts/services/services-documents/values.dev.yaml index 7986eba538b7..83c19d129dc3 100644 --- a/charts/services/services-documents/values.dev.yaml +++ b/charts/services/services-documents/values.dev.yaml @@ -5,82 +5,92 @@ # ##################################################################### -service: - name: 'services-documents' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-documents' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_documents' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'services_documents' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'islandis' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-documents' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_documents' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'services_documents' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'islandis' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-documents' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_documents' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'services_documents' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/services-documents/DB_PASSWORD' - namespace: 'services-documents' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-documents/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'services-documents' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-documents/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-documents/values.prod.yaml b/charts/services/services-documents/values.prod.yaml index 84badec92b27..b45e24d634a0 100644 --- a/charts/services/services-documents/values.prod.yaml +++ b/charts/services/services-documents/values.prod.yaml @@ -5,82 +5,92 @@ # ##################################################################### -service: - name: 'services-documents' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-documents' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_documents' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_documents' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'islandis' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-documents' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_documents' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'services_documents' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'islandis' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-documents' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_documents' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_documents' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/services-documents/DB_PASSWORD' - namespace: 'services-documents' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-documents/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'services-documents' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-documents/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-documents/values.staging.yaml b/charts/services/services-documents/values.staging.yaml index a02eda7d83d3..62e2c5f722a0 100644 --- a/charts/services/services-documents/values.staging.yaml +++ b/charts/services/services-documents/values.staging.yaml @@ -5,82 +5,92 @@ # ##################################################################### -service: - name: 'services-documents' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-documents' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_documents' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_documents' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'islandis' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-documents' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_documents' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'services_documents' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'islandis' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-documents' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_documents' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_documents' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/services-documents/DB_PASSWORD' - namespace: 'services-documents' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-documents/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'services-documents' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-documents/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-sessions-cleanup/values.dev.yaml b/charts/services/services-sessions-cleanup/values.dev.yaml index 2810e712e008..fa54d71f9cc6 100644 --- a/charts/services/services-sessions-cleanup/values.dev.yaml +++ b/charts/services/services-sessions-cleanup/values.dev.yaml @@ -5,65 +5,75 @@ # ##################################################################### -service: - name: 'services-sessions-cleanup' - args: - - 'main.js' - - '--job=cleanup' - command: - - 'node' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_sessions' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'services_sessions' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' - namespace: 'services-sessions' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - schedule: '0 3 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/services-sessions/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-sessions-cleanup' +args: + - 'main.js' + - '--job=cleanup' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_sessions' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'services_sessions' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' +namespace: 'services-sessions' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +schedule: '0 3 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-sessions/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-sessions-cleanup/values.prod.yaml b/charts/services/services-sessions-cleanup/values.prod.yaml index f8c42663766d..2a436d368e82 100644 --- a/charts/services/services-sessions-cleanup/values.prod.yaml +++ b/charts/services/services-sessions-cleanup/values.prod.yaml @@ -5,65 +5,75 @@ # ##################################################################### -service: - name: 'services-sessions-cleanup' - args: - - 'main.js' - - '--job=cleanup' - command: - - 'node' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_sessions' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_sessions' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' - namespace: 'services-sessions' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - schedule: '0 3 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/services-sessions/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-sessions-cleanup' +args: + - 'main.js' + - '--job=cleanup' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_sessions' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_sessions' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' +namespace: 'services-sessions' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +schedule: '0 3 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-sessions/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-sessions-cleanup/values.staging.yaml b/charts/services/services-sessions-cleanup/values.staging.yaml index 0e3079e2dc79..df9aff0539a1 100644 --- a/charts/services/services-sessions-cleanup/values.staging.yaml +++ b/charts/services/services-sessions-cleanup/values.staging.yaml @@ -5,65 +5,75 @@ # ##################################################################### -service: - name: 'services-sessions-cleanup' - args: - - 'main.js' - - '--job=cleanup' - command: - - 'node' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_sessions' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_sessions' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' - namespace: 'services-sessions' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' - schedule: '0 3 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/services-sessions/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-sessions-cleanup' +args: + - 'main.js' + - '--job=cleanup' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_sessions' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_sessions' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' +namespace: 'services-sessions' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +schedule: '0 3 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-sessions/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-sessions-worker/values.dev.yaml b/charts/services/services-sessions-worker/values.dev.yaml index cbb41726849b..b0fcf628cfaf 100644 --- a/charts/services/services-sessions-worker/values.dev.yaml +++ b/charts/services/services-sessions-worker/values.dev.yaml @@ -5,99 +5,109 @@ # ##################################################################### -service: - name: 'services-sessions-worker' - args: - - 'main.js' - - '--job=worker' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-sessions-worker' +args: + - 'main.js' + - '--job=worker' +command: + - 'node' +enabled: true +env: + DB_EXTENSIONS: 'uuid-ossp' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_sessions' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'services_sessions' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_EXTENSIONS: 'uuid-ossp' DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_sessions' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'services_sessions' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_EXTENSIONS: 'uuid-ossp' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_sessions' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'services_sessions' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/services-sessions/DB_PASSWORD' - namespace: 'services-sessions' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-sessions/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/sessions-worker' - create: true - name: 'sessions-worker' +namespace: 'services-sessions' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-sessions/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/sessions-worker' + create: true + name: 'sessions-worker' diff --git a/charts/services/services-sessions-worker/values.prod.yaml b/charts/services/services-sessions-worker/values.prod.yaml index 12db2631ab9a..430ba3aa97cb 100644 --- a/charts/services/services-sessions-worker/values.prod.yaml +++ b/charts/services/services-sessions-worker/values.prod.yaml @@ -5,99 +5,109 @@ # ##################################################################### -service: - name: 'services-sessions-worker' - args: - - 'main.js' - - '--job=worker' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-sessions-worker' +args: + - 'main.js' + - '--job=worker' +command: + - 'node' +enabled: true +env: + DB_EXTENSIONS: 'uuid-ossp' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_sessions' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_sessions' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_EXTENSIONS: 'uuid-ossp' DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_sessions' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'services_sessions' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_EXTENSIONS: 'uuid-ossp' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_sessions' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_sessions' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/services-sessions/DB_PASSWORD' - namespace: 'services-sessions' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-sessions/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/sessions-worker' - create: true - name: 'sessions-worker' +namespace: 'services-sessions' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-sessions/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/sessions-worker' + create: true + name: 'sessions-worker' diff --git a/charts/services/services-sessions-worker/values.staging.yaml b/charts/services/services-sessions-worker/values.staging.yaml index a738f2833e73..3721d83be564 100644 --- a/charts/services/services-sessions-worker/values.staging.yaml +++ b/charts/services/services-sessions-worker/values.staging.yaml @@ -5,99 +5,109 @@ # ##################################################################### -service: - name: 'services-sessions-worker' - args: - - 'main.js' - - '--job=worker' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-sessions-worker' +args: + - 'main.js' + - '--job=worker' +command: + - 'node' +enabled: true +env: + DB_EXTENSIONS: 'uuid-ossp' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_sessions' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_sessions' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_EXTENSIONS: 'uuid-ossp' DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_sessions' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'services_sessions' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_EXTENSIONS: 'uuid-ossp' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_sessions' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_sessions' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/services-sessions/DB_PASSWORD' - namespace: 'services-sessions' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '100m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-sessions/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/sessions-worker' - create: true - name: 'sessions-worker' +namespace: 'services-sessions' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '100m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-sessions/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/sessions-worker' + create: true + name: 'sessions-worker' diff --git a/charts/services/services-sessions/values.dev.yaml b/charts/services/services-sessions/values.dev.yaml index 873a839370c4..dfb22e69db69 100644 --- a/charts/services/services-sessions/values.dev.yaml +++ b/charts/services/services-sessions/values.dev.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'services-sessions' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_sessions' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'services_sessions_read' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' - ingress: - internal-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'sessions-api.internal.dev01.devland.is' - paths: - - '/' - namespace: 'services-sessions' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 10 - min: 1 - resources: - limits: - cpu: '250m' - memory: '512Mi' - requests: - cpu: '25m' - memory: '300Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/services-sessions/readonly/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-sessions' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_sessions' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'services_sessions_read' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' +ingress: + internal-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'sessions-api.internal.dev01.devland.is' + paths: + - '/' +namespace: 'services-sessions' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 10 + min: 1 +resources: + limits: + cpu: '250m' + memory: '512Mi' + requests: + cpu: '25m' + memory: '300Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-sessions/readonly/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-sessions/values.prod.yaml b/charts/services/services-sessions/values.prod.yaml index 3924ef526fae..ac6d8167fb4e 100644 --- a/charts/services/services-sessions/values.prod.yaml +++ b/charts/services/services-sessions/values.prod.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'services-sessions' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_sessions' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_sessions_read' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' - ingress: - internal-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'sessions-api.internal.island.is' - paths: - - '/' - namespace: 'services-sessions' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 10 - min: 1 - resources: - limits: - cpu: '250m' - memory: '512Mi' - requests: - cpu: '25m' - memory: '300Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/services-sessions/readonly/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-sessions' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_sessions' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_sessions_read' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' +ingress: + internal-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'sessions-api.internal.island.is' + paths: + - '/' +namespace: 'services-sessions' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 10 + min: 1 +resources: + limits: + cpu: '250m' + memory: '512Mi' + requests: + cpu: '25m' + memory: '300Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-sessions/readonly/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-sessions/values.staging.yaml b/charts/services/services-sessions/values.staging.yaml index 946e32fdfb8b..5de452280635 100644 --- a/charts/services/services-sessions/values.staging.yaml +++ b/charts/services/services-sessions/values.staging.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'services-sessions' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_sessions' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_sessions_read' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' - ingress: - internal-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'sessions-api.internal.staging01.devland.is' - paths: - - '/' - namespace: 'services-sessions' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 10 - min: 1 - resources: - limits: - cpu: '250m' - memory: '512Mi' - requests: - cpu: '25m' - memory: '300Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/services-sessions/readonly/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-sessions' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_sessions' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_sessions_read' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-sessions' +ingress: + internal-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'sessions-api.internal.staging01.devland.is' + paths: + - '/' +namespace: 'services-sessions' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 10 + min: 1 +resources: + limits: + cpu: '250m' + memory: '512Mi' + requests: + cpu: '25m' + memory: '300Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-sessions/readonly/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/services-university-gateway-worker/values.dev.yaml b/charts/services/services-university-gateway-worker/values.dev.yaml index 8ce8e5a4d296..b219e85aa530 100644 --- a/charts/services/services-university-gateway-worker/values.dev.yaml +++ b/charts/services/services-university-gateway-worker/values.dev.yaml @@ -5,89 +5,99 @@ # ##################################################################### -service: - name: 'services-university-gateway-worker' - args: - - 'main.js' - - '--job' - - 'worker' - command: - - 'node' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_university_gateway' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'services_university_gateway' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10056/LBHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS-DEV/EDU/10057/Bifrost-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS-DEV/EDU/10055/Holar-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-DEV/EDU/10049/LHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS-DEV/EDU/10062/RvkUni-Hvin-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-DEV/EDU/10054/UNAK-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10010/HI-Protected/umsoknir-v1' - grantNamespaces: - - 'islandis' - - 'nginx-ingress-internal' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' - namespace: 'services-university-gateway' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '384Mi' - requests: - cpu: '50m' - memory: '256Mi' - schedule: '0 * * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/services-university-gateway-worker' - create: true - name: 'services-university-gateway-worker' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-university-gateway-worker' +args: + - 'main.js' + - '--job' + - 'worker' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_university_gateway' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'services_university_gateway' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10056/LBHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS-DEV/EDU/10057/Bifrost-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS-DEV/EDU/10055/Holar-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-DEV/EDU/10049/LHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS-DEV/EDU/10062/RvkUni-Hvin-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-DEV/EDU/10054/UNAK-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10010/HI-Protected/umsoknir-v1' +grantNamespaces: + - 'islandis' + - 'nginx-ingress-internal' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' +namespace: 'services-university-gateway' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '384Mi' + requests: + cpu: '50m' + memory: '256Mi' +schedule: '0 * * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/services-university-gateway-worker' + create: true + name: 'services-university-gateway-worker' diff --git a/charts/services/services-university-gateway-worker/values.prod.yaml b/charts/services/services-university-gateway-worker/values.prod.yaml index 52f5f260bdac..2827d3e190cc 100644 --- a/charts/services/services-university-gateway-worker/values.prod.yaml +++ b/charts/services/services-university-gateway-worker/values.prod.yaml @@ -5,89 +5,99 @@ # ##################################################################### -service: - name: 'services-university-gateway-worker' - args: - - 'main.js' - - '--job' - - 'worker' - command: - - 'node' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_university_gateway' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_university_gateway' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/4112043590/LBHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS/EDU/5502690239/Bifrost-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS/EDU/5001694359/Holar-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS/EDU/4210984099/LHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS/EDU/5101054190/RvkUni-Hvin-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS/EDU/5206871229/UNAK-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/6001692039/HI-Protected/umsoknir-v1' - grantNamespaces: - - 'islandis' - - 'nginx-ingress-internal' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' - namespace: 'services-university-gateway' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '384Mi' - requests: - cpu: '50m' - memory: '256Mi' - schedule: '0 * * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/services-university-gateway-worker' - create: true - name: 'services-university-gateway-worker' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-university-gateway-worker' +args: + - 'main.js' + - '--job' + - 'worker' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_university_gateway' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_university_gateway' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/4112043590/LBHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS/EDU/5502690239/Bifrost-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS/EDU/5001694359/Holar-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS/EDU/4210984099/LHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS/EDU/5101054190/RvkUni-Hvin-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS/EDU/5206871229/UNAK-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/6001692039/HI-Protected/umsoknir-v1' +grantNamespaces: + - 'islandis' + - 'nginx-ingress-internal' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' +namespace: 'services-university-gateway' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '384Mi' + requests: + cpu: '50m' + memory: '256Mi' +schedule: '0 * * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/services-university-gateway-worker' + create: true + name: 'services-university-gateway-worker' diff --git a/charts/services/services-university-gateway-worker/values.staging.yaml b/charts/services/services-university-gateway-worker/values.staging.yaml index e14559e68773..e64ffd48d011 100644 --- a/charts/services/services-university-gateway-worker/values.staging.yaml +++ b/charts/services/services-university-gateway-worker/values.staging.yaml @@ -5,89 +5,99 @@ # ##################################################################### -service: - name: 'services-university-gateway-worker' - args: - - 'main.js' - - '--job' - - 'worker' - command: - - 'node' - enabled: true +global: env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_university_gateway' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_university_gateway' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10056/LBHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS-TEST/EDU/10057/Bifrost-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS-TEST/EDU/10055/Holar-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-TEST/EDU/10049/LHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS-TEST/EDU/5101054190/RvkUni-Hvin-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-TEST/EDU/10054/UNAK-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10010/HI-Protected/umsoknir-v1' - grantNamespaces: - - 'islandis' - - 'nginx-ingress-internal' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' - namespace: 'services-university-gateway' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '384Mi' - requests: - cpu: '50m' - memory: '256Mi' - schedule: '0 2 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/services-university-gateway-worker' - create: true - name: 'services-university-gateway-worker' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-university-gateway-worker' +args: + - 'main.js' + - '--job' + - 'worker' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_university_gateway' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_university_gateway' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10056/LBHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS-TEST/EDU/10057/Bifrost-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS-TEST/EDU/10055/Holar-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-TEST/EDU/10049/LHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS-TEST/EDU/5101054190/RvkUni-Hvin-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-TEST/EDU/10054/UNAK-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10010/HI-Protected/umsoknir-v1' +grantNamespaces: + - 'islandis' + - 'nginx-ingress-internal' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' +namespace: 'services-university-gateway' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '384Mi' + requests: + cpu: '50m' + memory: '256Mi' +schedule: '0 2 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/services-university-gateway-worker' + create: true + name: 'services-university-gateway-worker' diff --git a/charts/services/services-university-gateway/values.dev.yaml b/charts/services/services-university-gateway/values.dev.yaml index f402f052ac45..3916a66ca657 100644 --- a/charts/services/services-university-gateway/values.dev.yaml +++ b/charts/services/services-university-gateway/values.dev.yaml @@ -5,131 +5,141 @@ # ##################################################################### -service: - name: 'services-university-gateway' - args: - - 'main.js' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-university-gateway' +args: + - 'main.js' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_university_gateway' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'services_university_gateway' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10056/LBHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS-DEV/EDU/10057/Bifrost-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS-DEV/EDU/10055/Holar-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-DEV/EDU/10049/LHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS-DEV/EDU/10062/RvkUni-Hvin-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-DEV/EDU/10054/UNAK-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10010/HI-Protected/umsoknir-v1' +grantNamespaces: + - 'islandis' + - 'nginx-ingress-internal' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'services-university-gateway.internal.dev01.devland.is' + paths: + - '/api' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' + - args: + - 'sequelize-cli' + - 'db:seed:all' + command: + - 'npx' + name: 'seed' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_university_gateway' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'services_university_gateway' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10056/LBHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS-DEV/EDU/10057/Bifrost-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS-DEV/EDU/10055/Holar-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-DEV/EDU/10049/LHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS-DEV/EDU/10062/RvkUni-Hvin-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-DEV/EDU/10054/UNAK-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS-DEV/EDU/10010/HI-Protected/umsoknir-v1' - grantNamespaces: - - 'islandis' - - 'nginx-ingress-internal' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'services-university-gateway.internal.dev01.devland.is' - paths: - - '/api' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - - args: - - 'sequelize-cli' - - 'db:seed:all' - command: - - 'npx' - name: 'seed' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_university_gateway' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'services_university_gateway' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' - namespace: 'services-university-gateway' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '200m' - memory: '384Mi' - requests: - cpu: '50m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/services-university-gateway' - create: true - name: 'services-university-gateway' +namespace: 'services-university-gateway' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '200m' + memory: '384Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/services-university-gateway' + create: true + name: 'services-university-gateway' diff --git a/charts/services/services-university-gateway/values.prod.yaml b/charts/services/services-university-gateway/values.prod.yaml index 41e71669fa69..59ce966458e7 100644 --- a/charts/services/services-university-gateway/values.prod.yaml +++ b/charts/services/services-university-gateway/values.prod.yaml @@ -5,131 +5,141 @@ # ##################################################################### -service: - name: 'services-university-gateway' - args: - - 'main.js' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-university-gateway' +args: + - 'main.js' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_university_gateway' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_university_gateway' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' + XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/4112043590/LBHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS/EDU/5502690239/Bifrost-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS/EDU/5001694359/Holar-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS/EDU/4210984099/LHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS/EDU/5101054190/RvkUni-Hvin-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS/EDU/5206871229/UNAK-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/6001692039/HI-Protected/umsoknir-v1' +grantNamespaces: + - 'islandis' + - 'nginx-ingress-internal' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'services-university-gateway.internal.island.is' + paths: + - '/api' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' + - args: + - 'sequelize-cli' + - 'db:seed:all' + command: + - 'npx' + name: 'seed' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_university_gateway' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'services_university_gateway' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/4112043590/LBHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS/EDU/5502690239/Bifrost-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS/EDU/5001694359/Holar-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS/EDU/4210984099/LHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS/EDU/5101054190/RvkUni-Hvin-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS/EDU/5206871229/UNAK-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS/EDU/6001692039/HI-Protected/umsoknir-v1' - grantNamespaces: - - 'islandis' - - 'nginx-ingress-internal' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'services-university-gateway.internal.island.is' - paths: - - '/api' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - - args: - - 'sequelize-cli' - - 'db:seed:all' - command: - - 'npx' - name: 'seed' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_university_gateway' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_university_gateway' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' - namespace: 'services-university-gateway' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '200m' - memory: '384Mi' - requests: - cpu: '50m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/services-university-gateway' - create: true - name: 'services-university-gateway' +namespace: 'services-university-gateway' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '200m' + memory: '384Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/services-university-gateway' + create: true + name: 'services-university-gateway' diff --git a/charts/services/services-university-gateway/values.staging.yaml b/charts/services/services-university-gateway/values.staging.yaml index d97d8e508183..688dd16644f0 100644 --- a/charts/services/services-university-gateway/values.staging.yaml +++ b/charts/services/services-university-gateway/values.staging.yaml @@ -5,131 +5,141 @@ # ##################################################################### -service: - name: 'services-university-gateway' - args: - - 'main.js' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'services-university-gateway' +args: + - 'main.js' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'services_university_gateway' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'services_university_gateway' + IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10056/LBHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS-TEST/EDU/10057/Bifrost-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS-TEST/EDU/10055/Holar-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-TEST/EDU/10049/LHI-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS-TEST/EDU/5101054190/RvkUni-Hvin-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-TEST/EDU/10054/UNAK-Protected/umsoknir-v1' + XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10010/HI-Protected/umsoknir-v1' +grantNamespaces: + - 'islandis' + - 'nginx-ingress-internal' + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'services-university-gateway.internal.staging01.devland.is' + paths: + - '/api' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' + - args: + - 'sequelize-cli' + - 'db:seed:all' + command: + - 'npx' + name: 'seed' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'services_university_gateway' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'services_university_gateway' - IDENTITY_SERVER_CLIENT_ID: '@island.is/clients/university-gateway' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_UNIVERSITY_GATEWAY_AGRICULTURAL_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10056/LBHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_BIFROST_UNIVERSITY_PATH: 'IS-TEST/EDU/10057/Bifrost-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_HOLAR_UNIVERSITY_PATH: 'IS-TEST/EDU/10055/Holar-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_ICELAND_UNIVERSITY_OF_THE_ARTS_PATH: 'IS-TEST/EDU/10049/LHI-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_REYKJAVIK_UNIVERSITY_PATH: 'IS-TEST/EDU/5101054190/RvkUni-Hvin-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_AKUREYRI_PATH: 'IS-TEST/EDU/10054/UNAK-Protected/umsoknir-v1' - XROAD_UNIVERSITY_GATEWAY_UNIVERSITY_OF_ICELAND_PATH: 'IS-TEST/EDU/10010/HI-Protected/umsoknir-v1' - grantNamespaces: - - 'islandis' - - 'nginx-ingress-internal' - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-university-gateway' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'services-university-gateway.internal.staging01.devland.is' - paths: - - '/api' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - - args: - - 'sequelize-cli' - - 'db:seed:all' - command: - - 'npx' - name: 'seed' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'services_university_gateway' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'services_university_gateway' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' - namespace: 'services-university-gateway' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '200m' - memory: '384Mi' - requests: - cpu: '50m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/services-university-gateway' - create: true - name: 'services-university-gateway' +namespace: 'services-university-gateway' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '200m' + memory: '384Mi' + requests: + cpu: '50m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/services-university-gateway/DB_PASSWORD' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/services-university-gateway/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/services-university-gateway' + create: true + name: 'services-university-gateway' diff --git a/charts/services/skilavottord-web/values.dev.yaml b/charts/services/skilavottord-web/values.dev.yaml index 6fb0b20b8d27..3a79f9ea475e 100644 --- a/charts/services/skilavottord-web/values.dev.yaml +++ b/charts/services/skilavottord-web/values.dev.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'skilavottord-web' - enabled: true +global: env: - API_URL: 'http://web-skilavottord-ws' - ENVIRONMENT: 'dev' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 8 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.dev01.devland.is' - paths: - - '/app/skilavottord/' - namespace: 'skilavottord' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '40m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - IDENTITY_SERVER_DOMAIN: '/k8s/skilavottord/web/IDENTITY_SERVER_DOMAIN' - IDENTITY_SERVER_LOGOUT_REDIRECT_URL: '/k8s/skilavottord/web/IDENTITY_SERVER_LOGOUT_REDIRECT_URL' - NEXTAUTH_URL: '/k8s/skilavottord/web/NEXTAUTH_URL' - SKILAVOTTORD_WEB_IDS_CLIENT_SECRET: '/k8s/skilavottord/web/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'skilavottord-web' +enabled: true +env: + API_URL: 'http://web-skilavottord-ws' + ENVIRONMENT: 'dev' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 8 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.dev01.devland.is' + paths: + - '/app/skilavottord/' +namespace: 'skilavottord' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '40m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' + IDENTITY_SERVER_DOMAIN: '/k8s/skilavottord/web/IDENTITY_SERVER_DOMAIN' + IDENTITY_SERVER_LOGOUT_REDIRECT_URL: '/k8s/skilavottord/web/IDENTITY_SERVER_LOGOUT_REDIRECT_URL' + NEXTAUTH_URL: '/k8s/skilavottord/web/NEXTAUTH_URL' + SKILAVOTTORD_WEB_IDS_CLIENT_SECRET: '/k8s/skilavottord/web/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/skilavottord-web/values.prod.yaml b/charts/services/skilavottord-web/values.prod.yaml index 9c145e2baa6e..1e749d8d079b 100644 --- a/charts/services/skilavottord-web/values.prod.yaml +++ b/charts/services/skilavottord-web/values.prod.yaml @@ -5,74 +5,84 @@ # ##################################################################### -service: - name: 'skilavottord-web' - enabled: true +global: env: - API_URL: 'http://web-skilavottord-ws' - ENVIRONMENT: 'prod' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 8 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'island.is' - paths: - - '/app/skilavottord/' - - host: 'www.island.is' - paths: - - '/app/skilavottord/' - namespace: 'skilavottord' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '40m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - IDENTITY_SERVER_DOMAIN: '/k8s/skilavottord/web/IDENTITY_SERVER_DOMAIN' - IDENTITY_SERVER_LOGOUT_REDIRECT_URL: '/k8s/skilavottord/web/IDENTITY_SERVER_LOGOUT_REDIRECT_URL' - NEXTAUTH_URL: '/k8s/skilavottord/web/NEXTAUTH_URL' - SKILAVOTTORD_WEB_IDS_CLIENT_SECRET: '/k8s/skilavottord/web/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'skilavottord-web' +enabled: true +env: + API_URL: 'http://web-skilavottord-ws' + ENVIRONMENT: 'prod' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 8 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'island.is' + paths: + - '/app/skilavottord/' + - host: 'www.island.is' + paths: + - '/app/skilavottord/' +namespace: 'skilavottord' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '40m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' + IDENTITY_SERVER_DOMAIN: '/k8s/skilavottord/web/IDENTITY_SERVER_DOMAIN' + IDENTITY_SERVER_LOGOUT_REDIRECT_URL: '/k8s/skilavottord/web/IDENTITY_SERVER_LOGOUT_REDIRECT_URL' + NEXTAUTH_URL: '/k8s/skilavottord/web/NEXTAUTH_URL' + SKILAVOTTORD_WEB_IDS_CLIENT_SECRET: '/k8s/skilavottord/web/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/skilavottord-web/values.staging.yaml b/charts/services/skilavottord-web/values.staging.yaml index 7668b7bf5b05..592971c93b7c 100644 --- a/charts/services/skilavottord-web/values.staging.yaml +++ b/charts/services/skilavottord-web/values.staging.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'skilavottord-web' - enabled: true +global: env: - API_URL: 'http://web-skilavottord-ws' - ENVIRONMENT: 'staging' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-external' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 8 - replicas: - max: 10 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.staging01.devland.is' - paths: - - '/app/skilavottord/' - namespace: 'skilavottord' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 10 - min: 2 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '40m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - IDENTITY_SERVER_DOMAIN: '/k8s/skilavottord/web/IDENTITY_SERVER_DOMAIN' - IDENTITY_SERVER_LOGOUT_REDIRECT_URL: '/k8s/skilavottord/web/IDENTITY_SERVER_LOGOUT_REDIRECT_URL' - NEXTAUTH_URL: '/k8s/skilavottord/web/NEXTAUTH_URL' - SKILAVOTTORD_WEB_IDS_CLIENT_SECRET: '/k8s/skilavottord/web/IDENTITY_SERVER_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'skilavottord-web' +enabled: true +env: + API_URL: 'http://web-skilavottord-ws' + ENVIRONMENT: 'staging' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-external' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 8 + replicas: + max: 10 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.staging01.devland.is' + paths: + - '/app/skilavottord/' +namespace: 'skilavottord' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 10 + min: 2 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '40m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' + IDENTITY_SERVER_DOMAIN: '/k8s/skilavottord/web/IDENTITY_SERVER_DOMAIN' + IDENTITY_SERVER_LOGOUT_REDIRECT_URL: '/k8s/skilavottord/web/IDENTITY_SERVER_LOGOUT_REDIRECT_URL' + NEXTAUTH_URL: '/k8s/skilavottord/web/NEXTAUTH_URL' + SKILAVOTTORD_WEB_IDS_CLIENT_SECRET: '/k8s/skilavottord/web/IDENTITY_SERVER_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/skilavottord-ws/values.dev.yaml b/charts/services/skilavottord-ws/values.dev.yaml index 3205ebeb0e62..912a0807fa3a 100644 --- a/charts/services/skilavottord-ws/values.dev.yaml +++ b/charts/services/skilavottord-ws/values.dev.yaml @@ -5,100 +5,110 @@ # ##################################################################### -service: - name: 'skilavottord-ws' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'skilavottord-ws' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'skilavottord' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'skilavottord' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-ws' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.dev01.devland.is' + paths: + - '/app/skilavottord/api/graphql' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'skilavottord' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'skilavottord' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-ws' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.dev01.devland.is' - paths: - - '/app/skilavottord/api/graphql' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'skilavottord' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'skilavottord' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/skilavottord/DB_PASSWORD' - namespace: 'skilavottord' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '40m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/skilavottord/DB_PASSWORD' - FJARSYSLA_REST_PASS: '/k8s/skilavottord/FJARSYSLA_REST_PASS' - FJARSYSLA_REST_URL: '/k8s/skilavottord-ws/FJARSYSLA_REST_URL' - FJARSYSLA_REST_USER: '/k8s/skilavottord/FJARSYSLA_REST_USER' - SAMGONGUSTOFA_REST_AUTH_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_AUTH_URL' - SAMGONGUSTOFA_REST_DEREG_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_DEREG_URL' - SAMGONGUSTOFA_REST_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_REST_PASS' - SAMGONGUSTOFA_REST_USER: '/k8s/skilavottord/SAMGONGUSTOFA_REST_USER' - SAMGONGUSTOFA_SOAP_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_PASS' - SAMGONGUSTOFA_SOAP_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_SOAP_URL' - SAMGONGUSTOFA_SOAP_USER: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_USER' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'skilavottord' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '40m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/skilavottord/DB_PASSWORD' + FJARSYSLA_REST_PASS: '/k8s/skilavottord/FJARSYSLA_REST_PASS' + FJARSYSLA_REST_URL: '/k8s/skilavottord-ws/FJARSYSLA_REST_URL' + FJARSYSLA_REST_USER: '/k8s/skilavottord/FJARSYSLA_REST_USER' + SAMGONGUSTOFA_REST_AUTH_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_AUTH_URL' + SAMGONGUSTOFA_REST_DEREG_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_DEREG_URL' + SAMGONGUSTOFA_REST_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_REST_PASS' + SAMGONGUSTOFA_REST_USER: '/k8s/skilavottord/SAMGONGUSTOFA_REST_USER' + SAMGONGUSTOFA_SOAP_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_PASS' + SAMGONGUSTOFA_SOAP_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_SOAP_URL' + SAMGONGUSTOFA_SOAP_USER: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_USER' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/skilavottord-ws/values.prod.yaml b/charts/services/skilavottord-ws/values.prod.yaml index 02e0783cc579..2cbcfc7a20e5 100644 --- a/charts/services/skilavottord-ws/values.prod.yaml +++ b/charts/services/skilavottord-ws/values.prod.yaml @@ -5,103 +5,113 @@ # ##################################################################### -service: - name: 'skilavottord-ws' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'skilavottord-ws' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'skilavottord' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'skilavottord' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-ws' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'island.is' + paths: + - '/app/skilavottord/api/graphql' + - host: 'www.island.is' + paths: + - '/app/skilavottord/api/graphql' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'skilavottord' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'skilavottord' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-ws' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'island.is' - paths: - - '/app/skilavottord/api/graphql' - - host: 'www.island.is' - paths: - - '/app/skilavottord/api/graphql' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'skilavottord' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'skilavottord' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/skilavottord/DB_PASSWORD' - namespace: 'skilavottord' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '40m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/skilavottord/DB_PASSWORD' - FJARSYSLA_REST_PASS: '/k8s/skilavottord/FJARSYSLA_REST_PASS' - FJARSYSLA_REST_URL: '/k8s/skilavottord-ws/FJARSYSLA_REST_URL' - FJARSYSLA_REST_USER: '/k8s/skilavottord/FJARSYSLA_REST_USER' - SAMGONGUSTOFA_REST_AUTH_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_AUTH_URL' - SAMGONGUSTOFA_REST_DEREG_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_DEREG_URL' - SAMGONGUSTOFA_REST_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_REST_PASS' - SAMGONGUSTOFA_REST_USER: '/k8s/skilavottord/SAMGONGUSTOFA_REST_USER' - SAMGONGUSTOFA_SOAP_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_PASS' - SAMGONGUSTOFA_SOAP_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_SOAP_URL' - SAMGONGUSTOFA_SOAP_USER: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_USER' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'skilavottord' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '40m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/skilavottord/DB_PASSWORD' + FJARSYSLA_REST_PASS: '/k8s/skilavottord/FJARSYSLA_REST_PASS' + FJARSYSLA_REST_URL: '/k8s/skilavottord-ws/FJARSYSLA_REST_URL' + FJARSYSLA_REST_USER: '/k8s/skilavottord/FJARSYSLA_REST_USER' + SAMGONGUSTOFA_REST_AUTH_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_AUTH_URL' + SAMGONGUSTOFA_REST_DEREG_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_DEREG_URL' + SAMGONGUSTOFA_REST_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_REST_PASS' + SAMGONGUSTOFA_REST_USER: '/k8s/skilavottord/SAMGONGUSTOFA_REST_USER' + SAMGONGUSTOFA_SOAP_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_PASS' + SAMGONGUSTOFA_SOAP_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_SOAP_URL' + SAMGONGUSTOFA_SOAP_USER: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_USER' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/skilavottord-ws/values.staging.yaml b/charts/services/skilavottord-ws/values.staging.yaml index 6ae7f7f33757..7589387d597d 100644 --- a/charts/services/skilavottord-ws/values.staging.yaml +++ b/charts/services/skilavottord-ws/values.staging.yaml @@ -5,100 +5,110 @@ # ##################################################################### -service: - name: 'skilavottord-ws' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'skilavottord-ws' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'skilavottord' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'skilavottord' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'application-system' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-ws' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.staging01.devland.is' + paths: + - '/app/skilavottord/api/graphql' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'skilavottord' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'skilavottord' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=460 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'application-system' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/skilavottord-ws' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.staging01.devland.is' - paths: - - '/app/skilavottord/api/graphql' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'skilavottord' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'skilavottord' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/skilavottord/DB_PASSWORD' - namespace: 'skilavottord' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '512Mi' - requests: - cpu: '40m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/skilavottord/DB_PASSWORD' - FJARSYSLA_REST_PASS: '/k8s/skilavottord/FJARSYSLA_REST_PASS' - FJARSYSLA_REST_URL: '/k8s/skilavottord-ws/FJARSYSLA_REST_URL' - FJARSYSLA_REST_USER: '/k8s/skilavottord/FJARSYSLA_REST_USER' - SAMGONGUSTOFA_REST_AUTH_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_AUTH_URL' - SAMGONGUSTOFA_REST_DEREG_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_DEREG_URL' - SAMGONGUSTOFA_REST_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_REST_PASS' - SAMGONGUSTOFA_REST_USER: '/k8s/skilavottord/SAMGONGUSTOFA_REST_USER' - SAMGONGUSTOFA_SOAP_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_PASS' - SAMGONGUSTOFA_SOAP_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_SOAP_URL' - SAMGONGUSTOFA_SOAP_USER: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_USER' - securityContext: - allowPrivilegeEscalation: false - privileged: false +namespace: 'skilavottord' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '512Mi' + requests: + cpu: '40m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/skilavottord/DB_PASSWORD' + FJARSYSLA_REST_PASS: '/k8s/skilavottord/FJARSYSLA_REST_PASS' + FJARSYSLA_REST_URL: '/k8s/skilavottord-ws/FJARSYSLA_REST_URL' + FJARSYSLA_REST_USER: '/k8s/skilavottord/FJARSYSLA_REST_USER' + SAMGONGUSTOFA_REST_AUTH_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_AUTH_URL' + SAMGONGUSTOFA_REST_DEREG_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_REST_DEREG_URL' + SAMGONGUSTOFA_REST_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_REST_PASS' + SAMGONGUSTOFA_REST_USER: '/k8s/skilavottord/SAMGONGUSTOFA_REST_USER' + SAMGONGUSTOFA_SOAP_PASS: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_PASS' + SAMGONGUSTOFA_SOAP_URL: '/k8s/skilavottord-ws/SAMGONGUSTOFA_SOAP_URL' + SAMGONGUSTOFA_SOAP_USER: '/k8s/skilavottord/SAMGONGUSTOFA_SOAP_USER' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/user-notification-cleanup-worker/values.dev.yaml b/charts/services/user-notification-cleanup-worker/values.dev.yaml index 7eab21aa6c9f..0a120dea2a1a 100644 --- a/charts/services/user-notification-cleanup-worker/values.dev.yaml +++ b/charts/services/user-notification-cleanup-worker/values.dev.yaml @@ -5,96 +5,106 @@ # ##################################################################### -service: - name: 'user-notification-cleanup-worker' - args: - - '--no-experimental-fetch' - - 'main.js' - - '--job=cleanup' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'user-notification-cleanup-worker' +args: + - '--no-experimental-fetch' + - 'main.js' + - '--job=cleanup' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'user_notification' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'user_notification' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server-delegation' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'user_notification' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'user_notification' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server-delegation' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'user_notification' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'user_notification' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/user-notification/DB_PASSWORD' - namespace: 'user-notification' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - schedule: '@hourly' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/user-notification/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/user-notification-cleanup-worker' - create: true - name: 'user-notification-cleanup-worker' +namespace: 'user-notification' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +schedule: '@hourly' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/user-notification/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/user-notification-cleanup-worker' + create: true + name: 'user-notification-cleanup-worker' diff --git a/charts/services/user-notification-cleanup-worker/values.prod.yaml b/charts/services/user-notification-cleanup-worker/values.prod.yaml index 2b64fab9e9c5..d8fce489b1a7 100644 --- a/charts/services/user-notification-cleanup-worker/values.prod.yaml +++ b/charts/services/user-notification-cleanup-worker/values.prod.yaml @@ -5,96 +5,106 @@ # ##################################################################### -service: - name: 'user-notification-cleanup-worker' - args: - - '--no-experimental-fetch' - - 'main.js' - - '--job=cleanup' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'user-notification-cleanup-worker' +args: + - '--no-experimental-fetch' + - 'main.js' + - '--job=cleanup' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'user_notification' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'user_notification' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server-delegation' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'user_notification' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'user_notification' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server-delegation' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'user_notification' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'user_notification' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/user-notification/DB_PASSWORD' - namespace: 'user-notification' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - schedule: '@midnight' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/user-notification/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/user-notification-cleanup-worker' - create: true - name: 'user-notification-cleanup-worker' +namespace: 'user-notification' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +schedule: '@midnight' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/user-notification/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/user-notification-cleanup-worker' + create: true + name: 'user-notification-cleanup-worker' diff --git a/charts/services/user-notification-cleanup-worker/values.staging.yaml b/charts/services/user-notification-cleanup-worker/values.staging.yaml index f2a28de06fdb..f2e7f59cd8c1 100644 --- a/charts/services/user-notification-cleanup-worker/values.staging.yaml +++ b/charts/services/user-notification-cleanup-worker/values.staging.yaml @@ -5,96 +5,106 @@ # ##################################################################### -service: - name: 'user-notification-cleanup-worker' - args: - - '--no-experimental-fetch' - - 'main.js' - - '--job=cleanup' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'user-notification-cleanup-worker' +args: + - '--no-experimental-fetch' + - 'main.js' + - '--job=cleanup' +command: + - 'node' +enabled: true +env: + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'user_notification' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'user_notification' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server-delegation' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: DB_HOST: 'postgres-applications.internal' DB_NAME: 'user_notification' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'user_notification' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' SERVERSIDE_FEATURES_ON: '' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server-delegation' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'user_notification' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'user_notification' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/user-notification/DB_PASSWORD' - namespace: 'user-notification' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - schedule: '@midnight' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' DB_PASS: '/k8s/user-notification/DB_PASSWORD' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/user-notification-cleanup-worker' - create: true - name: 'user-notification-cleanup-worker' +namespace: 'user-notification' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +schedule: '@midnight' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DB_PASS: '/k8s/user-notification/DB_PASSWORD' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/user-notification-cleanup-worker' + create: true + name: 'user-notification-cleanup-worker' diff --git a/charts/services/user-notification-worker/values.dev.yaml b/charts/services/user-notification-worker/values.dev.yaml index 0513749491fe..1bf7c01440c1 100644 --- a/charts/services/user-notification-worker/values.dev.yaml +++ b/charts/services/user-notification-worker/values.dev.yaml @@ -5,123 +5,133 @@ # ##################################################################### -service: - name: 'user-notification-worker' - args: - - '--no-experimental-fetch' - - 'main.js' - - '--job=worker' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'user-notification-worker' +args: + - '--no-experimental-fetch' + - 'main.js' + - '--job=worker' +command: + - 'node' +enabled: true +env: + AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' + AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' + CONTENTFUL_HOST: 'preview.contentful.com' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'user_notification' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'user_notification' + DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' + EMAIL_FROM_ADDRESS: 'development@island.is' + EMAIL_REGION: 'eu-west-1' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + MAIN_QUEUE_NAME: 'user-notification' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: '' + SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server-delegation' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 2 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' - AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' - CONTENTFUL_HOST: 'preview.contentful.com' DB_HOST: 'postgres-applications.internal' DB_NAME: 'user_notification' DB_REPLICAS_HOST: 'postgres-applications-reader.internal' DB_USER: 'user_notification' - DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' - EMAIL_FROM_ADDRESS: 'development@island.is' - EMAIL_REGION: 'eu-west-1' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - MAIN_QUEUE_NAME: 'user-notification' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' SERVERSIDE_FEATURES_ON: '' - SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server-delegation' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 2 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'user_notification' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'user_notification' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/user-notification/DB_PASSWORD' - namespace: 'user-notification' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 2 - min: 1 - resources: - limits: - cpu: '400m' - memory: '384Mi' - requests: - cpu: '150m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' DB_PASS: '/k8s/user-notification/DB_PASSWORD' - FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' - IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/user-notification-worker' - create: true - name: 'user-notification-worker' +namespace: 'user-notification' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 2 + min: 1 +resources: + limits: + cpu: '400m' + memory: '384Mi' + requests: + cpu: '150m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' + DB_PASS: '/k8s/user-notification/DB_PASSWORD' + FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' + IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/user-notification-worker' + create: true + name: 'user-notification-worker' diff --git a/charts/services/user-notification-worker/values.prod.yaml b/charts/services/user-notification-worker/values.prod.yaml index 617a16a5f6a0..2ce3c5f1e8f6 100644 --- a/charts/services/user-notification-worker/values.prod.yaml +++ b/charts/services/user-notification-worker/values.prod.yaml @@ -5,123 +5,133 @@ # ##################################################################### -service: - name: 'user-notification-worker' - args: - - '--no-experimental-fetch' - - 'main.js' - - '--job=worker' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'user-notification-worker' +args: + - '--no-experimental-fetch' + - 'main.js' + - '--job=worker' +command: + - 'node' +enabled: true +env: + AUTH_DELEGATION_API_URL: 'https://auth-delegation-api.internal.innskra.island.is' + AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' + CONTENTFUL_HOST: 'cdn.contentful.com' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'user_notification' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'user_notification' + DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' + EMAIL_FROM_ADDRESS: 'noreply@island.is' + EMAIL_REGION: 'eu-west-1' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + MAIN_QUEUE_NAME: 'user-notification' + NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server-delegation' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 2 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - AUTH_DELEGATION_API_URL: 'https://auth-delegation-api.internal.innskra.island.is' - AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' - CONTENTFUL_HOST: 'cdn.contentful.com' DB_HOST: 'postgres-applications.internal' DB_NAME: 'user_notification' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'user_notification' - DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' - EMAIL_FROM_ADDRESS: 'noreply@island.is' - EMAIL_REGION: 'eu-west-1' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - MAIN_QUEUE_NAME: 'user-notification' - NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server-delegation' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 2 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'user_notification' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'user_notification' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - secrets: - DB_PASS: '/k8s/user-notification/DB_PASSWORD' - namespace: 'user-notification' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 2 - min: 1 - resources: - limits: - cpu: '400m' - memory: '384Mi' - requests: - cpu: '150m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' DB_PASS: '/k8s/user-notification/DB_PASSWORD' - FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' - IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/user-notification-worker' - create: true - name: 'user-notification-worker' +namespace: 'user-notification' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 2 + min: 1 +resources: + limits: + cpu: '400m' + memory: '384Mi' + requests: + cpu: '150m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' + DB_PASS: '/k8s/user-notification/DB_PASSWORD' + FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' + IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/user-notification-worker' + create: true + name: 'user-notification-worker' diff --git a/charts/services/user-notification-worker/values.staging.yaml b/charts/services/user-notification-worker/values.staging.yaml index 5e07417e0b03..6016cd6dfdea 100644 --- a/charts/services/user-notification-worker/values.staging.yaml +++ b/charts/services/user-notification-worker/values.staging.yaml @@ -5,123 +5,133 @@ # ##################################################################### -service: - name: 'user-notification-worker' - args: - - '--no-experimental-fetch' - - 'main.js' - - '--job=worker' - command: - - 'node' - enabled: true +global: + env: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'user-notification-worker' +args: + - '--no-experimental-fetch' + - 'main.js' + - '--job=worker' +command: + - 'node' +enabled: true +env: + AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' + AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' + CONTENTFUL_HOST: 'cdn.contentful.com' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'user_notification' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'user_notification' + DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' + EMAIL_FROM_ADDRESS: 'development@island.is' + EMAIL_REGION: 'eu-west-1' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + MAIN_QUEUE_NAME: 'user-notification' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: '' + SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server-delegation' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 2 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' +initContainer: + containers: + - args: + - 'sequelize-cli' + - 'db:migrate' + command: + - 'npx' + name: 'migrations' + resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '50m' + memory: '128Mi' env: - AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' - AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' - CONTENTFUL_HOST: 'cdn.contentful.com' DB_HOST: 'postgres-applications.internal' DB_NAME: 'user_notification' DB_REPLICAS_HOST: 'postgres-applications.internal' DB_USER: 'user_notification' - DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' - EMAIL_FROM_ADDRESS: 'development@island.is' - EMAIL_REGION: 'eu-west-1' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - MAIN_QUEUE_NAME: 'user-notification' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' SERVERSIDE_FEATURES_ON: '' - SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server-delegation' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 2 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' - initContainer: - containers: - - args: - - 'sequelize-cli' - - 'db:migrate' - command: - - 'npx' - name: 'migrations' - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '50m' - memory: '128Mi' - env: - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'user_notification' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'user_notification' - SERVERSIDE_FEATURES_ON: '' - secrets: - DB_PASS: '/k8s/user-notification/DB_PASSWORD' - namespace: 'user-notification' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 2 - min: 1 - resources: - limits: - cpu: '400m' - memory: '384Mi' - requests: - cpu: '150m' - memory: '256Mi' secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' DB_PASS: '/k8s/user-notification/DB_PASSWORD' - FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' - IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/user-notification-worker' - create: true - name: 'user-notification-worker' +namespace: 'user-notification' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 2 + min: 1 +resources: + limits: + cpu: '400m' + memory: '384Mi' + requests: + cpu: '150m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' + DB_PASS: '/k8s/user-notification/DB_PASSWORD' + FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' + IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/user-notification-worker' + create: true + name: 'user-notification-worker' diff --git a/charts/services/user-notification/values.dev.yaml b/charts/services/user-notification/values.dev.yaml index 1ef373013b2e..de82ce62f772 100644 --- a/charts/services/user-notification/values.dev.yaml +++ b/charts/services/user-notification/values.dev.yaml @@ -5,108 +5,118 @@ # ##################################################################### -service: - name: 'user-notification' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' - AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'user_notification' - DB_REPLICAS_HOST: 'postgres-applications-reader.internal' - DB_USER: 'user_notification' - DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' - EMAIL_FROM_ADDRESS: 'development@island.is' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' - LOG_LEVEL: 'info' - MAIN_QUEUE_NAME: 'user-notification' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' - SERVERSIDE_FEATURES_ON: '' - SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server-delegation' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'user-notification-xrd.internal.dev01.devland.is' - paths: - - '/' - namespace: 'user-notification' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '384Mi' - requests: - cpu: '150m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' - DB_PASS: '/k8s/user-notification/DB_PASSWORD' - FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' - IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'user-notification' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' + AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'user_notification' + DB_REPLICAS_HOST: 'postgres-applications-reader.internal' + DB_USER: 'user_notification' + DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' + EMAIL_FROM_ADDRESS: 'development@island.is' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is' + LOG_LEVEL: 'info' + MAIN_QUEUE_NAME: 'user-notification' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'b464afdd-056b-406d-b650-6d41733cfeb7' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitydev.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-DEV/GOV/10001/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitydev.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: '' + SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server-delegation' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/user-notification' - create: true - name: 'user-notification' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'user-notification-xrd.internal.dev01.devland.is' + paths: + - '/' +namespace: 'user-notification' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '384Mi' + requests: + cpu: '150m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' + DB_PASS: '/k8s/user-notification/DB_PASSWORD' + FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' + IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/user-notification' + create: true + name: 'user-notification' diff --git a/charts/services/user-notification/values.prod.yaml b/charts/services/user-notification/values.prod.yaml index cc8901065d01..5431ce0f5d1c 100644 --- a/charts/services/user-notification/values.prod.yaml +++ b/charts/services/user-notification/values.prod.yaml @@ -5,108 +5,118 @@ # ##################################################################### -service: - name: 'user-notification' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - AUTH_DELEGATION_API_URL: 'https://auth-delegation-api.internal.innskra.island.is' - AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'user_notification' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'user_notification' - DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' - EMAIL_FROM_ADDRESS: 'noreply@island.is' - IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' - LOG_LEVEL: 'info' - MAIN_QUEUE_NAME: 'user-notification' - NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server-delegation' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'user-notification-xrd.internal.island.is' - paths: - - '/' - namespace: 'user-notification' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '400m' - memory: '384Mi' - requests: - cpu: '150m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' - DB_PASS: '/k8s/user-notification/DB_PASSWORD' - FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' - IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'user-notification' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + AUTH_DELEGATION_API_URL: 'https://auth-delegation-api.internal.innskra.island.is' + AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'user_notification' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'user_notification' + DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' + EMAIL_FROM_ADDRESS: 'noreply@island.is' + IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is' + LOG_LEVEL: 'info' + MAIN_QUEUE_NAME: 'user-notification' + NATIONAL_REGISTRY_B2C_CLIENT_ID: '2304d7ca-7ed3-4188-8b6d-e1b7e0e3df7f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentity.b2clogin.com/skraidentity.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentity.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server-delegation' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/user-notification' - create: true - name: 'user-notification' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'user-notification-xrd.internal.island.is' + paths: + - '/' +namespace: 'user-notification' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '400m' + memory: '384Mi' + requests: + cpu: '150m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' + DB_PASS: '/k8s/user-notification/DB_PASSWORD' + FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' + IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/user-notification' + create: true + name: 'user-notification' diff --git a/charts/services/user-notification/values.staging.yaml b/charts/services/user-notification/values.staging.yaml index 0cf6941f51db..f4c312c8b9fa 100644 --- a/charts/services/user-notification/values.staging.yaml +++ b/charts/services/user-notification/values.staging.yaml @@ -5,108 +5,118 @@ # ##################################################################### -service: - name: 'user-notification' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' - AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' - COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' - DB_HOST: 'postgres-applications.internal' - DB_NAME: 'user_notification' - DB_REPLICAS_HOST: 'postgres-applications.internal' - DB_USER: 'user_notification' - DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' - EMAIL_FROM_ADDRESS: 'development@island.is' - IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' - LOG_LEVEL: 'info' - MAIN_QUEUE_NAME: 'user-notification' - NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' - NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' - NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' - NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' - NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' - REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' - REDIS_USE_SSL: 'true' - SERVERSIDE_FEATURES_ON: '' - SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' - USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - grantNamespaces: - - 'nginx-ingress-internal' - - 'islandis' - - 'identity-server-delegation' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/health/check' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-internal-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'user-notification-xrd.internal.staging01.devland.is' - paths: - - '/' - namespace: 'user-notification' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '400m' - memory: '384Mi' - requests: - cpu: '150m' - memory: '256Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' - DB_PASS: '/k8s/user-notification/DB_PASSWORD' - FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' - IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' - IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' - NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'user-notification' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local' + AUTH_DELEGATION_MACHINE_CLIENT_SCOPE: '["@island.is/auth/delegations/index:system"]' + COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1' + DB_HOST: 'postgres-applications.internal' + DB_NAME: 'user_notification' + DB_REPLICAS_HOST: 'postgres-applications.internal' + DB_USER: 'user_notification' + DEAD_LETTER_QUEUE_NAME: 'user-notification-failure' + EMAIL_FROM_ADDRESS: 'development@island.is' + IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is' + LOG_LEVEL: 'info' + MAIN_QUEUE_NAME: 'user-notification' + NATIONAL_REGISTRY_B2C_CLIENT_ID: 'ca128c23-b43c-443d-bade-ec5a146a933f' + NATIONAL_REGISTRY_B2C_ENDPOINT: 'https://skraidentitydev.b2clogin.com/skraidentitystaging.onmicrosoft.com/b2c_1_midlun_flow/oauth2/v2.0/token' + NATIONAL_REGISTRY_B2C_PATH: 'IS-TEST/GOV/6503760649/SKRA-Cloud-Protected/Midlun-v1' + NATIONAL_REGISTRY_B2C_SCOPE: 'https://skraidentitystaging.onmicrosoft.com/midlun/.default' + NODE_OPTIONS: '--max-old-space-size=345 -r dd-trace/init' + REDIS_URL_NODE_01: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]' + REDIS_USE_SSL: 'true' + SERVERSIDE_FEATURES_ON: '' + SERVICE_PORTAL_CLICK_ACTION_URL: 'https://island.is/minarsidur' + USER_PROFILE_CLIENT_URL: 'http://web-service-portal-api.service-portal.svc.cluster.local' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' +grantNamespaces: + - 'nginx-ingress-internal' + - 'islandis' + - 'identity-server-delegation' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/health/check' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-user-notification' +ingress: + primary-alb: annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/user-notification' - create: true - name: 'user-notification' + kubernetes.io/ingress.class: 'nginx-internal-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'user-notification-xrd.internal.staging01.devland.is' + paths: + - '/' +namespace: 'user-notification' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '400m' + memory: '384Mi' + requests: + cpu: '150m' + memory: '256Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + CONTENTFUL_ACCESS_TOKEN: '/k8s/user-notification/CONTENTFUL_ACCESS_TOKEN' + DB_PASS: '/k8s/user-notification/DB_PASSWORD' + FIREBASE_CREDENTIALS: '/k8s/user-notification/firestore-credentials' + IDENTITY_SERVER_CLIENT_ID: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_ID' + IDENTITY_SERVER_CLIENT_SECRET: '/k8s/user-notification/USER_NOTIFICATION_CLIENT_SECRET' + NATIONAL_REGISTRY_B2C_CLIENT_SECRET: '/k8s/api/NATIONAL_REGISTRY_B2C_CLIENT_SECRET' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/user-notification' + create: true + name: 'user-notification' diff --git a/charts/services/web/values.dev.yaml b/charts/services/web/values.dev.yaml index 35461b14ba2f..a6455c2f5c34 100644 --- a/charts/services/web/values.dev.yaml +++ b/charts/services/web/values.dev.yaml @@ -5,75 +5,85 @@ # ##################################################################### -service: - name: 'web' - enabled: true +global: env: - API_URL: 'http://web-api' - DISABLE_API_CATALOGUE: 'false' - DISABLE_ORGANIZATION_CHATBOT: 'false' - DISABLE_SYSLUMENN_PAGE: 'false' - ENVIRONMENT: 'dev' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - TRACKING_DOMAIN: 'beta.dev01.devland.is' - grantNamespaces: - - 'nginx-ingress-external' - - 'api-catalogue' - - 'application-system' - - 'consultation-portal' - - 'search-indexer' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 20 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 50 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.dev01.devland.is' - paths: - - '/' - namespace: 'islandis' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 50 - min: 2 - resources: - limits: - cpu: '1000m' - memory: '768Mi' - requests: - cpu: '300m' - memory: '384Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'web' +enabled: true +env: + API_URL: 'http://web-api' + DISABLE_API_CATALOGUE: 'false' + DISABLE_ORGANIZATION_CHATBOT: 'false' + DISABLE_SYSLUMENN_PAGE: 'false' + ENVIRONMENT: 'dev' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + TRACKING_DOMAIN: 'beta.dev01.devland.is' +grantNamespaces: + - 'nginx-ingress-external' + - 'api-catalogue' + - 'application-system' + - 'consultation-portal' + - 'search-indexer' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 20 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 50 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.dev01.devland.is' + paths: + - '/' +namespace: 'islandis' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 50 + min: 2 +resources: + limits: + cpu: '1000m' + memory: '768Mi' + requests: + cpu: '300m' + memory: '384Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/web/values.prod.yaml b/charts/services/web/values.prod.yaml index 8b480b747dfe..a5c86c5c9db1 100644 --- a/charts/services/web/values.prod.yaml +++ b/charts/services/web/values.prod.yaml @@ -5,78 +5,88 @@ # ##################################################################### -service: - name: 'web' - enabled: true +global: env: - API_URL: 'http://web-api' - DISABLE_API_CATALOGUE: 'false' - DISABLE_ORGANIZATION_CHATBOT: 'false' - DISABLE_SYSLUMENN_PAGE: 'false' - ENVIRONMENT: 'prod' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - TRACKING_DOMAIN: 'island.is' - grantNamespaces: - - 'nginx-ingress-external' - - 'api-catalogue' - - 'application-system' - - 'consultation-portal' - - 'search-indexer' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 20 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 50 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'island.is' - paths: - - '/' - - host: 'www.island.is' - paths: - - '/' - namespace: 'islandis' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 50 - min: 2 - resources: - limits: - cpu: '1000m' - memory: '768Mi' - requests: - cpu: '300m' - memory: '384Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'web' +enabled: true +env: + API_URL: 'http://web-api' + DISABLE_API_CATALOGUE: 'false' + DISABLE_ORGANIZATION_CHATBOT: 'false' + DISABLE_SYSLUMENN_PAGE: 'false' + ENVIRONMENT: 'prod' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + TRACKING_DOMAIN: 'island.is' +grantNamespaces: + - 'nginx-ingress-external' + - 'api-catalogue' + - 'application-system' + - 'consultation-portal' + - 'search-indexer' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 20 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 50 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'island.is' + paths: + - '/' + - host: 'www.island.is' + paths: + - '/' +namespace: 'islandis' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 50 + min: 2 +resources: + limits: + cpu: '1000m' + memory: '768Mi' + requests: + cpu: '300m' + memory: '384Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/web/values.staging.yaml b/charts/services/web/values.staging.yaml index 39d11797cf78..4a0b40a3fa19 100644 --- a/charts/services/web/values.staging.yaml +++ b/charts/services/web/values.staging.yaml @@ -5,76 +5,86 @@ # ##################################################################### -service: - name: 'web' - basicAuth: '/k8s/web/basic_auth' - enabled: true +global: env: - API_URL: 'http://web-api' - DISABLE_API_CATALOGUE: 'false' - DISABLE_ORGANIZATION_CHATBOT: 'false' - DISABLE_SYSLUMENN_PAGE: 'false' - ENVIRONMENT: 'staging' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' - SERVERSIDE_FEATURES_ON: '' - TRACKING_DOMAIN: 'beta.staging01.devland.is' - grantNamespaces: - - 'nginx-ingress-external' - - 'api-catalogue' - - 'application-system' - - 'consultation-portal' - - 'search-indexer' - grantNamespacesEnabled: true - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/liveness' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 20 - path: '/readiness' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 50 - min: 2 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/web' - ingress: - primary-alb: - annotations: - kubernetes.io/ingress.class: 'nginx-external-alb' - nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' - nginx.ingress.kubernetes.io/proxy-buffering: 'on' - nginx.ingress.kubernetes.io/service-upstream: 'true' - hosts: - - host: 'beta.staging01.devland.is' - paths: - - '/' - namespace: 'islandis' - podDisruptionBudget: - maxUnavailable: 1 - pvcs: [] - replicaCount: - default: 2 - max: 50 - min: 2 - resources: - limits: - cpu: '1000m' - memory: '768Mi' - requests: - cpu: '300m' - memory: '384Mi' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' - DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' - securityContext: - allowPrivilegeEscalation: false - privileged: false + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'web' +basicAuth: '/k8s/web/basic_auth' +enabled: true +env: + API_URL: 'http://web-api' + DISABLE_API_CATALOGUE: 'false' + DISABLE_ORGANIZATION_CHATBOT: 'false' + DISABLE_SYSLUMENN_PAGE: 'false' + ENVIRONMENT: 'staging' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=691 -r dd-trace/init' + SERVERSIDE_FEATURES_ON: '' + TRACKING_DOMAIN: 'beta.staging01.devland.is' +grantNamespaces: + - 'nginx-ingress-external' + - 'api-catalogue' + - 'application-system' + - 'consultation-portal' + - 'search-indexer' +grantNamespacesEnabled: true +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/liveness' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 20 + path: '/readiness' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 50 + min: 2 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/web' +ingress: + primary-alb: + annotations: + kubernetes.io/ingress.class: 'nginx-external-alb' + nginx.ingress.kubernetes.io/proxy-buffer-size: '8k' + nginx.ingress.kubernetes.io/proxy-buffering: 'on' + nginx.ingress.kubernetes.io/service-upstream: 'true' + hosts: + - host: 'beta.staging01.devland.is' + paths: + - '/' +namespace: 'islandis' +podDisruptionBudget: + maxUnavailable: 1 +pvcs: [] +replicaCount: + default: 2 + max: 50 + min: 2 +resources: + limits: + cpu: '1000m' + memory: '768Mi' + requests: + cpu: '300m' + memory: '384Mi' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' + DD_RUM_APPLICATION_ID: '/k8s/DD_RUM_APPLICATION_ID' + DD_RUM_CLIENT_TOKEN: '/k8s/DD_RUM_CLIENT_TOKEN' +securityContext: + allowPrivilegeEscalation: false + privileged: false diff --git a/charts/services/xroad-collector/values.dev.yaml b/charts/services/xroad-collector/values.dev.yaml index 3997bb86d66b..5ee8d773b1d6 100644 --- a/charts/services/xroad-collector/values.dev.yaml +++ b/charts/services/xroad-collector/values.dev.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'xroad-collector' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - ELASTIC_NODE: 'https://vpc-search-njkekqydiegezhr4vqpkfnw5la.eu-west-1.es.amazonaws.com' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - NODE_TLS_REJECT_UNAUTHORIZED: '0' - SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' - XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-xroad-collector' - namespace: 'xroad-collector' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - schedule: '0 2 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/xroad-collector' - create: true - name: 'xroad-collector' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'dev' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'xroad-collector' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + ELASTIC_NODE: 'https://vpc-search-njkekqydiegezhr4vqpkfnw5la.eu-west-1.es.amazonaws.com' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + NODE_TLS_REJECT_UNAUTHORIZED: '0' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.dev01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.dev01.devland.is/r1/IS-DEV' + XROAD_CLIENT_ID: 'IS-DEV/GOV/10000/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.dev01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.dev01.devland.is/r1/IS-DEV' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-xroad-collector' +namespace: 'xroad-collector' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +schedule: '0 2 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::013313053092:role/xroad-collector' + create: true + name: 'xroad-collector' diff --git a/charts/services/xroad-collector/values.prod.yaml b/charts/services/xroad-collector/values.prod.yaml index feae3ef0d29d..e58441a7be40 100644 --- a/charts/services/xroad-collector/values.prod.yaml +++ b/charts/services/xroad-collector/values.prod.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'xroad-collector' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - ELASTIC_NODE: 'https://vpc-search-mw4w5c2m2g5edjrtvwbpzhkw24.eu-west-1.es.amazonaws.com' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - NODE_TLS_REJECT_UNAUTHORIZED: '0' - SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' - XROAD_BASE_PATH: 'http://securityserver.island.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' - XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 10 - min: 3 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-xroad-collector' - namespace: 'xroad-collector' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 3 - max: 10 - min: 3 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - schedule: '0 2 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/xroad-collector' - create: true - name: 'xroad-collector' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'prod' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'xroad-collector' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + ELASTIC_NODE: 'https://vpc-search-mw4w5c2m2g5edjrtvwbpzhkw24.eu-west-1.es.amazonaws.com' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + NODE_TLS_REJECT_UNAUTHORIZED: '0' + SERVERSIDE_FEATURES_ON: 'driving-license-use-v1-endpoint-for-v2-comms' + XROAD_BASE_PATH: 'http://securityserver.island.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.island.is/r1/IS' + XROAD_CLIENT_ID: 'IS/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.island.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.island.is/r1/IS' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 10 + min: 3 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-xroad-collector' +namespace: 'xroad-collector' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 3 + max: 10 + min: 3 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +schedule: '0 2 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::251502586493:role/xroad-collector' + create: true + name: 'xroad-collector' diff --git a/charts/services/xroad-collector/values.staging.yaml b/charts/services/xroad-collector/values.staging.yaml index 805c31149006..8f9c0ba8c176 100644 --- a/charts/services/xroad-collector/values.staging.yaml +++ b/charts/services/xroad-collector/values.staging.yaml @@ -5,71 +5,81 @@ # ##################################################################### -service: - name: 'xroad-collector' - args: - - '--no-experimental-fetch' - - 'main.js' - command: - - 'node' - enabled: true +global: env: - ELASTIC_NODE: 'https://vpc-search-q6hdtjcdlhkffyxvrnmzfwphuq.eu-west-1.es.amazonaws.com' - LOG_LEVEL: 'info' - NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' - NODE_TLS_REJECT_UNAUTHORIZED: '0' - SERVERSIDE_FEATURES_ON: '' - XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' - XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' - XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' - XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' - XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' - grantNamespaces: [] - grantNamespacesEnabled: false - healthCheck: - liveness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - readiness: - initialDelaySeconds: 3 - path: '/' - timeoutSeconds: 3 - hpa: - scaling: - metric: - cpuAverageUtilization: 90 - nginxRequestsIrate: 5 - replicas: - max: 3 - min: 1 - image: - repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-xroad-collector' - namespace: 'xroad-collector' - podDisruptionBudget: - maxUnavailable: 1 - podSecurityContext: - fsGroup: 65534 - pvcs: [] - replicaCount: - default: 1 - max: 3 - min: 1 - resources: - limits: - cpu: '200m' - memory: '256Mi' - requests: - cpu: '100m' - memory: '128Mi' - schedule: '0 2 * * *' - secrets: - CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' - securityContext: - allowPrivilegeEscalation: false - privileged: false - serviceAccount: - annotations: - eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/xroad-collector' - create: true - name: 'xroad-collector' + AUDIT_GROUP_NAME: '/island-is/audit-log' + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' + PORT: '3333' + name: 'staging' + initContainer: + env: + AWS_REGION: 'eu-west-1' + NPM_CONFIG_UPDATE_NOTIFIER: 'false' +name: 'xroad-collector' +args: + - '--no-experimental-fetch' + - 'main.js' +command: + - 'node' +enabled: true +env: + ELASTIC_NODE: 'https://vpc-search-q6hdtjcdlhkffyxvrnmzfwphuq.eu-west-1.es.amazonaws.com' + LOG_LEVEL: 'info' + NODE_OPTIONS: '--max-old-space-size=230 -r dd-trace/init' + NODE_TLS_REJECT_UNAUTHORIZED: '0' + SERVERSIDE_FEATURES_ON: '' + XROAD_BASE_PATH: 'http://securityserver.staging01.devland.is' + XROAD_BASE_PATH_WITH_ENV: 'http://securityserver.staging01.devland.is/r1/IS-TEST' + XROAD_CLIENT_ID: 'IS-TEST/GOV/5501692829/island-is-client' + XROAD_TLS_BASE_PATH: 'https://securityserver.staging01.devland.is' + XROAD_TLS_BASE_PATH_WITH_ENV: 'https://securityserver.staging01.devland.is/r1/IS-TEST' +grantNamespaces: [] +grantNamespacesEnabled: false +healthCheck: + liveness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 + readiness: + initialDelaySeconds: 3 + path: '/' + timeoutSeconds: 3 +hpa: + scaling: + metric: + cpuAverageUtilization: 90 + nginxRequestsIrate: 5 + replicas: + max: 3 + min: 1 +image: + repository: '821090935708.dkr.ecr.eu-west-1.amazonaws.com/services-xroad-collector' +namespace: 'xroad-collector' +podDisruptionBudget: + maxUnavailable: 1 +podSecurityContext: + fsGroup: 65534 +pvcs: [] +replicaCount: + default: 1 + max: 3 + min: 1 +resources: + limits: + cpu: '200m' + memory: '256Mi' + requests: + cpu: '100m' + memory: '128Mi' +schedule: '0 2 * * *' +secrets: + CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY' +securityContext: + allowPrivilegeEscalation: false + privileged: false +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: 'arn:aws:iam::261174024191:role/xroad-collector' + create: true + name: 'xroad-collector' diff --git a/infra/helm/libs/api-template/values.global.yaml b/infra/helm/libs/api-template/values.global.yaml new file mode 100644 index 000000000000..416197556582 --- /dev/null +++ b/infra/helm/libs/api-template/values.global.yaml @@ -0,0 +1,3 @@ +global: + image: + tag: debug diff --git a/infra/helm/libs/cronjob-template/templates/_helpers.tpl b/infra/helm/libs/cronjob-template/templates/_helpers.tpl index 924d9da8880e..00e92e0d4f65 100644 --- a/infra/helm/libs/cronjob-template/templates/_helpers.tpl +++ b/infra/helm/libs/cronjob-template/templates/_helpers.tpl @@ -3,8 +3,12 @@ Expand the name of the chart. */}} {{- define "cronjob-template.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} +{{- if .Values.name -}} + {{- .Values.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} {{/* Create a default fully qualified app name. @@ -12,23 +16,23 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "cronjob-template.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} +{{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- $name := .Values.name | default .Chart.Name .Values.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- end -}} +{{- end -}} +{{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "cronjob-template.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end }} {{/* diff --git a/infra/helm/libs/cronjob-template/values.global.yaml b/infra/helm/libs/cronjob-template/values.global.yaml new file mode 100644 index 000000000000..416197556582 --- /dev/null +++ b/infra/helm/libs/cronjob-template/values.global.yaml @@ -0,0 +1,3 @@ +global: + image: + tag: debug diff --git a/infra/helm/libs/job-template/templates/_helpers.tpl b/infra/helm/libs/job-template/templates/_helpers.tpl index 9fe56a76cd6c..d9b22069a578 100644 --- a/infra/helm/libs/job-template/templates/_helpers.tpl +++ b/infra/helm/libs/job-template/templates/_helpers.tpl @@ -3,8 +3,12 @@ Expand the name of the chart. */}} {{- define "job-template.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} +{{- if .Values.name -}} + {{- .Values.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} {{/* Create a default fully qualified app name. @@ -12,17 +16,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "job-template.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} +{{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- $name := .Values.name | default .Chart.Name .Values.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- end -}} +{{- end -}} +{{- end -}} {{/* Create chart name and version as used by the chart label. diff --git a/infra/helm/libs/job-template/values.global.yaml b/infra/helm/libs/job-template/values.global.yaml new file mode 100644 index 000000000000..416197556582 --- /dev/null +++ b/infra/helm/libs/job-template/values.global.yaml @@ -0,0 +1,3 @@ +global: + image: + tag: debug From bc03c61b8ea70e8865ec9e4a8f4c6b08c3bfdebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B3n=20Levy?= Date: Thu, 14 Nov 2024 16:07:25 +0000 Subject: [PATCH 4/5] Update infra/helm/libs/job-template/templates/serviceaccount.yaml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- infra/helm/libs/job-template/templates/serviceaccount.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/helm/libs/job-template/templates/serviceaccount.yaml b/infra/helm/libs/job-template/templates/serviceaccount.yaml index 81bee6cbaacf..80bb679cd044 100644 --- a/infra/helm/libs/job-template/templates/serviceaccount.yaml +++ b/infra/helm/libs/job-template/templates/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "cronjob-template.serviceAccountName" . }} + name: {{ include "job-template.serviceAccountName" . }} {{- if .Values.namespace }} namespace: {{ .Values.namespace }} {{- end }} From 049a84a5e69562a4c4b2332b7bf024c1abfee49a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B3n=20Levy?= Date: Thu, 14 Nov 2024 16:07:58 +0000 Subject: [PATCH 5/5] Update infra/helm/libs/job-template/templates/pvc.yaml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- infra/helm/libs/job-template/templates/pvc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/helm/libs/job-template/templates/pvc.yaml b/infra/helm/libs/job-template/templates/pvc.yaml index 93e9a6d60f89..0bf55327ec12 100644 --- a/infra/helm/libs/job-template/templates/pvc.yaml +++ b/infra/helm/libs/job-template/templates/pvc.yaml @@ -1,4 +1,4 @@ -{{- $labels := include "cronjob-template.labels" . -}} +{{- $labels := include "job-template.labels" . -}} {{- $namespace := $.Values.namespace -}} {{- if .Values.enabled }} {{- range .Values.pvcs }}