Feature/opprydding i nais v2 (#401)

mrsladek · web-flow · commit 4f37f4c3172c · 2020-03-19T14:06:51.000+01:00
* Endret hvordan systembruker hentes og hvordan appdynamics er satt opp
* Fjerner openidconnect bruker fra koden
* Flytter databaseoppsett til vault
* Ordnet elementer i yaml filene
diff --git a/.deploy/dev-fss-q0.yaml b/.deploy/dev-fss-q0.yaml
@@ -22,14 +22,14 @@ spec:
     timeout: 5
     periodSeconds: 10
     failureThreshold: 27
+  prometheus:
+    enabled: true
+    path: "/fpabakus/internal/metrics/prometheus"
   replicas:
     min: 1
     max: 2
     cpuThresholdPercentage: 80
   preStopHookPath: "/fpabakus/internal/preStop"
-  prometheus:
-    enabled: true
-    path: "/fpabakus/internal/metrics/prometheus"
   resources:
     limits:
       cpu: "2000m"
@@ -40,26 +40,26 @@ spec:
   vault:
     enabled: true
     sidecar: false
+    paths:
+      - mountPath: /var/run/secrets/nais.io/serviceuser
+        kvPath: serviceuser/data/dev/srvfpabakus
+      - mountPath: /var/run/secrets/nais.io/vault
+        kvPath: /kv/preprod/fss/fpabakus/q0
   env:
     - name: LOADBALANCER_FQDN
       value: fpabakus-q0.nais.preprod.local
     - name: ABAC_PDP_ENDPOINT_URL
       value: https://wasapp-q0.adeo.no/asm-pdp/authorize
     - name: SECURITYTOKENSERVICE_URL
       value: https://sts-q0.preprod.local/SecurityTokenServiceProvider/
-      #Systembruker
-    - name: SYSTEMBRUKER_USERNAME
-      value: srvfp-abakus
     #OpenID
     - name: OPENIDCONNECT_ISSOHOST
       value: https://isso-q.adeo.no:443/isso/oauth2
     - name: OPENIDCONNECT_ISSOISSUER
       value: https://isso-q.adeo.no:443/isso/oauth2
     - name: OPENIDCONNECT_ISSOJWKS
       value: https://isso-q.adeo.no:443/isso/oauth2/connect/jwk_uri
-    - name: OPENIDCONNECT_USERNAME
-      value: fpabakus-q0
-      #OIDC
+    #OIDC
     - name: OIDC_STS_ISSUERURL
       value: https://security-token-service.nais.preprod.local
     - name: OIDC_STS_JWKSURL
@@ -69,11 +69,9 @@ spec:
       value: b27apvl00045.preprod.local:8443,b27apvl00046.preprod.local:8443,b27apvl00047.preprod.local:8443
     - name: KAFKA_SCHEMA_REGISTRY_URL
       value: https://kafka-test-schema-registry.nais.preprod.local
-    #Database
-    - name: DEFAULTDS_USERNAME
-      value: fpabakus-q0
-    - name: DEFAULTDS_URL
-      value: jdbc:postgresql://B27DBVL007.preprod.local:5432/fpabakus-q0
+    #Appdynamics (mer i Dockerfile)
+    - name: APPDYNAMICS_AGENT_ACCOUNT_NAME
+      value: NON-PROD
     # Eksterne systemer
     - name: HENTINNTEKTLISTEBOLK_URL
       value: https://app-q0.adeo.no/inntektskomponenten-ws/rs/api/v1/hentinntektlistebolk
diff --git a/.deploy/dev-fss-q1.yaml b/.deploy/dev-fss-q1.yaml
@@ -22,14 +22,14 @@ spec:
     timeout: 5
     periodSeconds: 10
     failureThreshold: 27
+  prometheus:
+    enabled: true
+    path: "/fpabakus/internal/metrics/prometheus"
   replicas:
     min: 1
     max: 2
     cpuThresholdPercentage: 80
   preStopHookPath: "/fpabakus/internal/preStop"
-  prometheus:
-    enabled: true
-    path: "/fpabakus/internal/metrics/prometheus"
   resources:
     limits:
       cpu: "2000m"
@@ -40,26 +40,26 @@ spec:
   vault:
     enabled: true
     sidecar: false
+    paths:
+      - mountPath: /var/run/secrets/nais.io/serviceuser
+        kvPath: serviceuser/data/dev/srvfpabakus
+      - mountPath: /var/run/secrets/nais.io/vault
+        kvPath: /kv/preprod/fss/fpabakus/q1
   env:
     - name: LOADBALANCER_FQDN
       value: fpabakus-q1.nais.preprod.local
     - name: ABAC_PDP_ENDPOINT_URL
       value: https://wasapp-q1.adeo.no/asm-pdp/authorize
     - name: SECURITYTOKENSERVICE_URL
       value: https://sts-q1.preprod.local/SecurityTokenServiceProvider/
-      #Systembruker
-    - name: SYSTEMBRUKER_USERNAME
-      value: srvfp-abakus
     #OpenID
     - name: OPENIDCONNECT_ISSOHOST
       value: https://isso-q.adeo.no:443/isso/oauth2
     - name: OPENIDCONNECT_ISSOISSUER
       value: https://isso-q.adeo.no:443/isso/oauth2
     - name: OPENIDCONNECT_ISSOJWKS
       value: https://isso-q.adeo.no:443/isso/oauth2/connect/jwk_uri
-    - name: OPENIDCONNECT_USERNAME
-      value: fpabakus-q1
-      #OIDC
+    #OIDC
     - name: OIDC_STS_ISSUERURL
       value: https://security-token-service.nais.preprod.local
     - name: OIDC_STS_JWKSURL
@@ -69,12 +69,10 @@ spec:
       value: b27apvl00045.preprod.local:8443,b27apvl00046.preprod.local:8443,b27apvl00047.preprod.local:8443
     - name: KAFKA_SCHEMA_REGISTRY_URL
       value: https://kafka-test-schema-registry.nais.preprod.local
-    #Database
-    - name: DEFAULTDS_USERNAME
-      value: fpabakus-q1
-    - name: DEFAULTDS_URL
-      value: jdbc:postgresql://B27DBVL007.preprod.local:5432/fpabakus-q1
-    # Eksterne systemer
+    #Appdynamics (mer i Dockerfile)
+    - name: APPDYNAMICS_AGENT_ACCOUNT_NAME
+      value: NON-PROD
+    #Eksterne systemer
     - name: HENTINNTEKTLISTEBOLK_URL
       value: https://app-q1.adeo.no/inntektskomponenten-ws/rs/api/v1/hentinntektlistebolk
     - name: ARBEIDSFORHOLD_V3_URL
diff --git a/.deploy/dev-fss-t4.yaml b/.deploy/dev-fss-t4.yaml
@@ -40,26 +40,26 @@ spec:
   vault:
     enabled: true
     sidecar: false
+    paths:
+      - mountPath: /var/run/secrets/nais.io/serviceuser
+        kvPath: serviceuser/data/test/srvfpabakus
+      - mountPath: /var/run/secrets/nais.io/vault
+        kvPath: /kv/preprod/fss/fpabakus/t4
   env:
     - name: LOADBALANCER_FQDN
       value: fpabakus-t4.nais.preprod.local
     - name: ABAC_PDP_ENDPOINT_URL
       value: https://wasapp-t4.adeo.no/asm-pdp/authorize
     - name: SECURITYTOKENSERVICE_URL
       value: https://sts-t4.test.local/SecurityTokenServiceProvider/
-    #Systembruker
-    - name: SYSTEMBRUKER_USERNAME
-      value: srvfp-abakus
     #OpenID
     - name: OPENIDCONNECT_ISSOHOST
       value: https://isso-t.adeo.no:443/isso/oauth2
     - name: OPENIDCONNECT_ISSOISSUER
       value: https://isso-t.adeo.no:443/isso/oauth2
     - name: OPENIDCONNECT_ISSOJWKS
       value: https://isso-t.adeo.no:443/isso/oauth2/connect/jwk_uri
-    - name: OPENIDCONNECT_USERNAME
-      value: fpabakus-t4
-      #OIDC
+    #OIDC
     - name: OIDC_STS_ISSUERURL
       value: https://security-token-service.nais.preprod.local
     - name: OIDC_STS_JWKSURL
@@ -69,11 +69,9 @@ spec:
       value: 26apvl00159.test.local:8443,d26apvl00160.test.local:8443,d26apvl00161.test.local:8443
     - name: KAFKA_SCHEMA_REGISTRY_URL
       value: https://kafka-test-schema-registry.nais.preprod.local
-    #Database
-    - name: DEFAULTDS_USERNAME
-      value: fpabakus-t4
-    - name: DEFAULTDS_URL
-      value: jdbc:postgresql://b27dbvl007.preprod.local:5432/fpabakus-t4
+    #Appdynamics (mer i Dockerfile)
+    - name: APPDYNAMICS_AGENT_ACCOUNT_NAME
+      value: NON-PROD
     # Eksterne systemer
     - name: HENTINNTEKTLISTEBOLK_URL
       value: https://app-t4.adeo.no/inntektskomponenten-ws/rs/api/v1/hentinntektlistebolk
diff --git a/.deploy/prod-fss-default.yaml b/.deploy/prod-fss-default.yaml
@@ -8,6 +8,8 @@ metadata:
 spec:
   image: {{ image }}
   port: 8080
+  ingresses:
+    - "https://fpabakus.nais.adeo.no/"
   liveness:
     path: "/fpabakus/internal/isAlive"
     initialDelay: 30
@@ -20,49 +22,44 @@ spec:
     timeout: 5
     periodSeconds: 10
     failureThreshold: 27
+  prometheus:
+    enabled: true
+    path: "/fpabakus/internal/metrics/prometheus"
   replicas:
     min: 2
     max: 3
     cpuThresholdPercentage: 80
   preStopHookPath: "/fpabakus/internal/preStop"
-  prometheus:
-    enabled: true
-    path: "/fpabakus/internal/metrics/prometheus"
   resources:
     limits:
       cpu: "2000m"
       memory: "2048Mi"
     requests:
       cpu: "600m"
       memory: "1024Mi"
-  ingresses: # Optional. List of ingress URLs that will route HTTP traffic to the application.
-    - "https://fpabakus.nais.adeo.no/"
-  logformat: accesslog # Optional. The format of the logs from the container if the logs should be handled differently than plain text or json
-  logtransform: dns_loglevel # Optional. The transformation of the logs, if they should be handled differently than plain text or json
-  webproxy: false # Optional. Expose web proxy configuration to the application using the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables.
   vault:
     enabled: true
-  sidecar: true # refresh token
+    sidecar: false
+    paths:
+      - mountPath: /var/run/secrets/nais.io/serviceuser
+        kvPath: serviceuser/data/prod/srvfpabakus
+      - mountPath: /var/run/secrets/nais.io/vault
+        kvPath: /kv/prod/fss/fpabakus/default
   env:
     - name: LOADBALANCER_FQDN
       value: fpabakus.nais.adeo.no
     - name: ABAC_PDP_ENDPOINT_URL
       value: https://wasapp.adeo.no/asm-pdp/authorize
     - name: SECURITYTOKENSERVICE_URL
       value: https://sts.adeo.no/SecurityTokenServiceProvider/
-      #Systembruker
-    - name: SYSTEMBRUKER_USERNAME
-      value: srvfp-abakus
     #OpenID
     - name: OPENIDCONNECT_ISSOHOST
       value: https://isso.adeo.no:443/isso/oauth2
     - name: OPENIDCONNECT_ISSOISSUER
       value: https://isso.adeo.no:443/isso/oauth2
     - name: OPENIDCONNECT_ISSOJWKS
       value: https://isso.adeo.no:443/isso/oauth2/connect/jwk_uri
-    - name: OPENIDCONNECT_USERNAME
-      value: fpabakus-p
-      #OIDC
+    #OIDC
     - name: OIDC_STS_ISSUERURL
       value: https://security-token-service.nais.adeo.no
     - name: OIDC_STS_JWKSURL
@@ -72,11 +69,9 @@ spec:
       value: a01apvl00145.adeo.no:8443,a01apvl00146.adeo.no:8443,a01apvl00147.adeo.no:8443,a01apvl00148.adeo.no:8443,a01apvl00149.adeo.no:8443,a01apvl00150.adeo.no:8443
     - name: KAFKA_SCHEMA_REGISTRY_URL
       value: http://kafka-schema-registry.tpa:8081
-    #Database
-    - name: DEFAULTDS_USERNAME
-      value: fpabakus
-    - name: DEFAULTDS_URL
-      value: jdbc:postgresql://a01dbfl039.adeo.no:5432/fpabakus
+    #Appdynamics (mer i Dockerfile)
+    - name: APPDYNAMICS_AGENT_ACCOUNT_NAME
+      value: PROD
     # Eksterne systemer
     - name: HENTINNTEKTLISTEBOLK_URL
       value: https://app.adeo.no/inntektskomponenten-ws/rs/api/v1/hentinntektlistebolk
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,8 @@
 FROM navikt/java:11-appdynamics
 ENV APPD_ENABLED=true
+ENV APPDYNAMICS_CONTROLLER_HOST_NAME=appdynamics.adeo.no
+ENV APPDYNAMICS_CONTROLLER_PORT=443
+ENV APPDYNAMICS_CONTROLLER_SSL_ENABLED=true
 
 RUN mkdir lib
 RUN mkdir webapp
@@ -15,3 +18,6 @@ COPY web/target/lib/*.jar ./
 ENV JAVA_OPTS="-Xmx1024m -Xms128m \
     -Djava.security.egd=file:/dev/urandom \
     -Dlogback.configurationFile=conf/logback.xml"
+
+# Export vault properties
+COPY export-vault.sh /init-scripts/export-vault.sh
diff --git a/export-vault.sh b/export-vault.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+if test -f /var/run/secrets/nais.io/serviceuser/username;
+then
+  export SYSTEMBRUKER_USERNAME=$(cat /var/run/secrets/nais.io/serviceuser/username)
+  echo "Setting SYSTEMBRUKER_USERNAME"
+fi
+
+if test -f /var/run/secrets/nais.io/serviceuser/password;
+then
+  export SYSTEMBRUKER_PASSWORD=$(cat /var/run/secrets/nais.io/serviceuser/password)
+  echo "Setting SYSTEMBRUKER_PASSWORD"
+fi
