chore: deploy files for prod&demo

.github/workflows/codeql.yaml

@@ -0,0 +1,22 @@
+name: Code scanning (CodeQL)
+
+on:
+  pull_request:
+    types: [ready_for_review, opened, reopened, synchronize]
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '0 2 * * *'
+
+jobs:
+  codeql:
+    name: Run codeql scan
+    if: github.event.pull_request.draft == false
+    uses: Informasjonsforvaltning/workflows/.github/workflows/codeql.yaml@main
+    with:
+      language: java
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/deploy-prod&demo.yaml

@@ -0,0 +1,46 @@
+name: Deploy to production and demo
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  build-fdk-statistics-service:
+    name: Build on merge to main branch
+    uses: Informasjonsforvaltning/workflows/.github/workflows/build-push.yaml@main
+    with:
+      app_name: fdk-statistics-service
+      environment: prod
+      java_version: '21'
+      coverage_file_path: ./target/site/jacoco/jacoco.xml
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GCP_SA_DIGDIR_FDK_GCR_KEY: ${{ secrets.GCP_SA_DIGDIR_FDK_GCR_KEY }}
+
+  deploy-prod:
+    name: Deploy to prod environment
+    needs: [ build-fdk-statistics-service ]
+    uses: Informasjonsforvaltning/workflows/.github/workflows/kustomize-deploy.yaml@main
+    with:
+      app_name: fdk-statistics-service
+      environment: prod
+      cluster: digdir-fdk-prod
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      DIGDIR_FDK_AUTODEPLOY: ${{ secrets.DIGDIR_FDK_PROD_AUTODEPLOY }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+
+  deploy-demo:
+    name: Deploy to prod environment
+    needs: [ deploy-prod ]
+    uses: Informasjonsforvaltning/workflows/.github/workflows/kustomize-deploy.yaml@main
+    with:
+      app_name: fdk-statistics-service
+      environment: demo
+      cluster: digdir-fdk-dev
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      DIGDIR_FDK_AUTODEPLOY: ${{ secrets.DIGDIR_FDK_DEV_AUTODEPLOY }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

deploy/demo/env.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fdk-statistics-service
+  labels:
+    app: fdk-statistics-service
+spec:
+  template:
+    spec:
+      containers:
+        - name: fdk-statistics-service
+          env:
+            - name: POSTGRES_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-demo
+                  key: HOST
+            - name: POSTGRES_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-demo
+                  key: PORT
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-statistics-service
+                  key: POSTGRESQL_DB
+            - name: POSTGRES_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-statistics-service
+                  key: POSTGRESQL_USER
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-statistics-service
+                  key: POSTGRESQL_PASSWORD
+            - name: KAFKA_SCHEMA_REGISTRY
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-metadata-quality-demo
+                  key: SCHEMA_REGISTRY
+            - name: KAFKA_BOOTSTRAP_SERVERS
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-metadata-quality-demo
+                  key: BROKERS
+            - name: SSO_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: commonurl-demo
+                  key: SSO_BASE_URI
+            - name: CORS_ORIGIN_PATTERNS
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-statistics-service
+                  key: CORS_ORIGIN_PATTERNS

deploy/demo/ingress.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: fdk-statistics-service
+  annotations:
+    nginx.ingress.kubernetes.io/limit-rps: '4'
+    nginx.ingress.kubernetes.io/limit-burst-multiplier: '2'
+    nginx.ingress.kubernetes.io/limit-whitelist: '10.0.0.0/8,162.244.5.0/24'
+    nginx.ingress.kubernetes.io/server-snippet: |
+      server_tokens off;
+      location ~ ^/(ping|ready|prometheus) {
+        deny all;
+        return 404;
+      }
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: statistics.api.demo.fellesdatakatalog.digdir.no
+      http:
+        paths:
+          - backend:
+              service:
+                name: fdk-statistics-service
+                port:
+                  number: 8080
+            path: /
+            pathType: Prefix

deploy/demo/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: demo
+resources:
+  - ../base
+  - ingress.yaml
+
+patchesStrategicMerge:
+  - env.yaml

deploy/prod/env.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fdk-statistics-service
+  labels:
+    app: fdk-statistics-service
+spec:
+  template:
+    spec:
+      containers:
+        - name: fdk-statistics-service
+          env:
+            - name: POSTGRES_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-prod
+                  key: HOST
+            - name: POSTGRES_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-prod
+                  key: PORT
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-statistics-service
+                  key: POSTGRESQL_DB
+            - name: POSTGRES_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-statistics-service
+                  key: POSTGRESQL_USER
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-statistics-service
+                  key: POSTGRESQL_PASSWORD
+            - name: KAFKA_SCHEMA_REGISTRY
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-metadata-quality-prod
+                  key: SCHEMA_REGISTRY
+            - name: KAFKA_BOOTSTRAP_SERVERS
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-metadata-quality-prod
+                  key: BROKERS
+            - name: SSO_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: commonurl-prod
+                  key: SSO_BASE_URI
+            - name: CORS_ORIGIN_PATTERNS
+              valueFrom:
+                secretKeyRef:
+                  name: fdk-statistics-service
+                  key: CORS_ORIGIN_PATTERNS

deploy/prod/ingress.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: fdk-statistics-service
+  annotations:
+    nginx.ingress.kubernetes.io/limit-rps: '4'
+    nginx.ingress.kubernetes.io/limit-burst-multiplier: '2'
+    nginx.ingress.kubernetes.io/limit-whitelist: '10.0.0.0/8,162.244.5.0/24'
+    nginx.ingress.kubernetes.io/server-snippet: |
+      server_tokens off;
+      location ~ ^/(ping|ready|prometheus) {
+        deny all;
+        return 404;
+      }
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: statistics.api.fellesdatakatalog.digdir.no
+      http:
+        paths:
+          - backend:
+              service:
+                name: fdk-statistics-service
+                port:
+                  number: 8080
+            path: /
+            pathType: Prefix

deploy/prod/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: prod
+resources:
+  - ../base
+  - ingress.yaml
+
+patchesStrategicMerge:
+  - env.yaml