Use nais docker push

.github/workflows/deploy-kafka-manager.yml

@@ -0,0 +1,37 @@
+name: Deploy kafka-manager
+
+on:
+  push:
+    branches:
+      - 'main'
+    paths:
+      - '.nais/org-kafka-manager-dev.yml'
+      - '.nais/org-kafka-manager-prod.yml'
+      - '.github/workflows/deploy-kafka-manager.yml'
+
+jobs:
+  deploy-dev:
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    name: Deploy til dev-gcp
+    steps:
+      - uses: actions/checkout@v3
+      - uses: nais/deploy/actions/deploy@v2
+        env:
+          RESOURCE: .nais/org-kafka-manager-dev.yml
+          CLUSTER: dev-gcp
+
+  deploy-prod:
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    name: Deploy til prod-gcp
+    steps:
+      - uses: actions/checkout@v3
+      - uses: nais/deploy/actions/deploy@v2
+        env:
+          RESOURCE: .nais/org-kafka-manager-prod.yml
+          CLUSTER: prod-gcp

.github/workflows/deploy.yml

@@ -12,36 +12,44 @@ on:
           - dev
           - prod
       aiven-secret:
-        description: Aiven secret to mount, e.g aiven-vedtak-6rxv2sxp
+        description: Aiven secret med korrekte rettigheter to mount, f.eks. aiven-org-kafka-manager-cg37ax1v
         required: true
 
 env:
-  IMAGE: ghcr.io/${{ github.repository }}:${{ github.sha }}
   POOL: nav-${{ github.event.inputs.environment }}
   SECRET: ${{ github.event.inputs.aiven-secret }}
 
 jobs:
-  deploy:
+  build:
     runs-on: ubuntu-latest
-    name: Deploy til ${{ github.event.inputs.environment }}-gcp
+    permissions:
+      contents: "read"
+      id-token: "write"
     steps:
-      - uses: styfle/cancel-workflow-action@0.9.1
+      - uses: styfle/cancel-workflow-action@0.11.0
       - uses: actions/checkout@v3
-      - uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: docker/[email protected]
+      - name: Build and push Docker image
+        uses: nais/docker-build-push@v0
+        id: docker-push
         with:
-          push: true
-          tags: ${{env.IMAGE}},ghcr.io/navikt/${{ github.repository }}:latest
+          team: org
+          image_suffix: kafka-cli
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+    outputs:
+      image: ${{ steps.docker-push.outputs.image }}
 
-      - uses: nais/deploy/actions/deploy@v1
+  deploy:
+    runs-on: ubuntu-latest
+    name: Deploy til ${{ github.event.inputs.environment }}-gcp
+    permissions:
+      contents: "read"
+      id-token: "write"
+    steps:
+      - uses: nais/deploy/actions/deploy@v2
         env:
-          RESOURCE: nais.yml
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+          RESOURCE: .nais/nais.yml
           PRINT_PAYLOAD: true
           CLUSTER: ${{ github.event.inputs.environment }}-gcp
-          VAR: pool=${{ env.POOL }},secret=${{ env.SECRET }}
+          VAR: image=${{needs.build.outputs.image}},pool=${{ env.POOL }},secret=${{ env.SECRET }}

nais.yml → .nais/nais.yml

@@ -2,9 +2,9 @@ apiVersion: nais.io/v1alpha1
 kind: Application
 metadata:
   name: kafka-cli
-  namespace: aap
+  namespace: org
   labels:
-    team: aap
+    team: org
   annotations:
     nais.io/read-only-file-system: "false"
 spec:

.nais/org-kafka-manager-dev.yml

@@ -0,0 +1,152 @@
+kind: Application
+apiVersion: nais.io/v1alpha1
+metadata:
+  name: org-kafka-manager
+  namespace: org
+  labels:
+    team: org
+spec:
+  image: ghcr.io/navikt/kafka-manager/kafka-manager:2.2023.08.01_08.06-26db51b7b8b7 # See https://github.com/navikt/kafka-manager/packages
+  port: 8080
+  webproxy: true
+  ingresses:
+    - https://org-kafka-manager.intern.dev.nav.no
+  prometheus:
+    enabled: true
+    path: /internal/prometheus
+  readiness:
+    path: /internal/health/readiness
+    initialDelay: 20
+  liveness:
+    path: /internal/health/liveness
+    initialDelay: 20
+  replicas:
+    min: 1
+    max: 1  # 1 instance is required since in-memory session management is used
+    cpuThresholdPercentage: 75
+  resources:
+    limits:
+      cpu: "1"
+      memory: 1024Mi
+    requests:
+      cpu: 250m
+      memory: 512Mi
+  azure: # Required
+    application:
+      enabled: true
+      tenant: nav.no
+      claims:
+        groups:
+          - id: efa3b907-b01c-4293-94a2-c0890b123783 # Required for authorization
+  kafka: # Optional. Required for Aiven
+    pool: nav-dev
+
+  env:
+    - name: APP_CONFIG_JSON # Required
+      value: >
+          {
+            "topics": [
+              {
+                "name": "org.nav-ident",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nav-ident-rnr",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.orgenhet-eventsource",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.intern-orgenhet-state",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.intern-ressurs-state",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.api-orgenhet-state-v3",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.api-ressurs-state-v2",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+              "name": "org.nom.api-hendelser-v1",
+              "location": "AIVEN",
+              "keyDeserializerType": "STRING",
+              "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.nom-mastered-ressurs",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.ressurs-eventsource",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "nom.skjermede-personer-status-v1",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "nom.skjermede-personer-v1",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom-ressurser",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.orgtilknytning-eventsource",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.intern-orgtilknytning-state",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.organisering-eventsource",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              },
+              {
+                "name": "org.nom.intern-organisering-state",
+                "location": "AIVEN",
+                "keyDeserializerType": "STRING",
+                "valueDeserializerType": "STRING"
+              }
+            ]
+          }