-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprod-fss.yml
72 lines (71 loc) · 3.02 KB
/
prod-fss.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
apiVersion: "nais.io/v1alpha1"
kind: "Application"
metadata:
name: familie-ef-infotrygd
namespace: teamfamilie
labels:
team: teamfamilie
spec:
image: {{ image }}
port: 8080 # Required. The port number which is exposed by the container and should receive HTTP traffic.
liveness:
path: /internal/status/isAlive
initialDelay: 20
failureThreshold: 10
readiness:
path: /internal/status/isAlive
initialDelay: 20
failureThreshold: 10
prometheus:
enabled: true
path: /internal/prometheus
replicas: # Optional. Set min = max to disable autoscaling.
min: 2 # minimum number of replicas.
max: 5 # maximum number of replicas.
leaderElection: false # Optional. If true, a http endpoint will be available at $ELECTOR_PATH that return the current leader
# Compare this value with the $HOSTNAME to see if the current instance is the leader
preStopHookPath: "" # Optional. A HTTP GET will be issued to this endpoint at least once before the pod is terminated.
resources: # Optional. See: http://kubernetes.io/docs/user-guide/compute-resources/
limits:
memory: 512Mi # app will be killed if exceeding these limits
requests: # App is guaranteed the requested resources and will be scheduled on nodes with at least this amount of resources available
cpu: 50m
memory: 256Mi
ingresses: # Optional. List of ingress URLs that will route HTTP traffic to the application.
- https://familie-ef-infotrygd.intern.nav.no
- https://familie-ef-infotrygd.prod-fss-pub.nais.io
logformat: accesslog # Optional. The format of the logs from the container if the logs should be handled differently than plain text or json
logtransform: dns_loglevel # Optional. The transformation of the logs, if they should be handled differently than plain text or json
webproxy: false # Optional. Expose web proxy configuration to the application using the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables.
vault:
enabled: true # Optional. If set to true fetch secrets from Secret Service and inject into the pods. todo link to doc.
paths:
- kvPath: /oracle/data/prod/creds/ef_infotrygd_p-user
mountPath: /var/run/secrets/oracle/creds
azure:
application:
enabled: true
secureLogs:
enabled: true
accessPolicy:
inbound:
rules:
- application: familie-ef-sak
cluster: prod-gcp
env:
- name: APP_DATASOURCE_URL
value: jdbc:oracle:thin:@a01dbfl037.adeo.no:1521/infotrygd_efp
- name: APP_DATASOURCE_PLATFORM
value: org.hibernate.dialect.OracleDialect
- name: APP_DATASOURCE_DRIVER
value: oracle.jdbc.driver.OracleDriver
- name: APP_JPA_PLATFORM
value: org.hibernate.dialect.OracleDialect
- name: APP_DEFAULT_SCHEMA
value: INFOTRYGD_EFP
- name: APP_AZURE_PROXY_URL
value: https://webproxy-nais.nav.no:8088
- name: APP_DATASOURCE_USERNAME_PATH
value: /var/run/secrets/oracle/creds/username
- name: APP_DATASOURCE_PASSWORD_PATH
value: /var/run/secrets/oracle/creds/password