├── services ├── lakmus │ ├── .trivyignore │ ├── manifests │ │ ├── cdk8s.yaml │ │ ├── .gitignore │ │ └── tsconfig.json │ ├── .dockerignore │ ├── .gitignore │ └── Dockerfile ├── dis-apim-operator │ ├── .trivyignore │ ├── config │ │ ├── manager │ │ │ └── kustomization.yaml │ │ ├── network-policy │ │ │ └── kustomization.yaml │ │ ├── webhook │ │ │ ├── kustomization.yaml │ │ │ ├── service.yaml │ │ │ ├── manifests.yaml │ │ │ └── kustomizeconfig.yaml │ │ ├── certmanager │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ ├── issuer.yaml │ │ │ ├── certificate-webhook.yaml │ │ │ └── certificate-metrics.yaml │ │ ├── default │ │ │ ├── serviceaccount_client_id_patch.yaml │ │ │ ├── azure_service_monitor_patch.yaml │ │ │ ├── manager_metrics_patch.yaml │ │ │ ├── metrics_service.yaml │ │ │ └── deployment_vars_patch.yaml │ │ ├── rbac │ │ │ ├── metrics_reader_role.yaml │ │ │ ├── service_account.yaml │ │ │ ├── metrics_auth_role_binding.yaml │ │ │ ├── metrics_auth_role.yaml │ │ │ ├── role_binding.yaml │ │ │ ├── leader_election_role_binding.yaml │ │ │ ├── role.yaml │ │ │ ├── leader_election_role.yaml │ │ │ ├── api_admin_role.yaml │ │ │ └── backend_admin_role.yaml │ │ ├── samples │ │ │ ├── kustomization.yaml │ │ │ ├── apim_v1alpha1_apiversion.yaml │ │ │ └── apim_v1alpha1_backend.yaml │ │ ├── crd │ │ │ ├── patches │ │ │ │ ├── cainjection_in_backends.yaml │ │ │ │ └── webhook_in_backends.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── kustomization.yaml │ │ └── prometheus │ │ │ ├── kustomization.yaml │ │ │ └── monitor_tls_patch.yaml │ ├── internal │ │ ├── utils │ │ │ ├── consts.go │ │ │ ├── policytemplate.go │ │ │ └── utils_suite_test.go │ │ └── azure │ │ │ └── azureclient_enums.go │ ├── .dockerignore │ ├── grafana │ │ └── custom-metrics │ │ │ └── config.yaml │ ├── .github │ │ └── workflows │ │ │ ├── test.yml │ │ │ └── lint.yml │ ├── test │ │ └── utils │ │ │ └── azure_fake.go │ ├── .gitignore │ ├── hack │ │ └── boilerplate.go.txt │ └── .devcontainer │ │ ├── devcontainer.json │ │ └── post-install.sh ├── dis-identity-operator │ ├── .trivyignore │ ├── config │ │ ├── manager │ │ │ └── kustomization.yaml │ │ ├── network-policy │ │ │ └── kustomization.yaml │ │ ├── samples │ │ │ ├── kustomization.yaml │ │ │ └── application_v1alpha1_applicationidentity.yaml │ │ ├── default │ │ │ ├── manager_metrics_patch.yaml │ │ │ ├── deployment_vars_patch.yaml │ │ │ └── metrics_service.yaml │ │ ├── rbac │ │ │ ├── metrics_reader_role.yaml │ │ │ ├── service_account.yaml │ │ │ ├── metrics_auth_role.yaml │ │ │ ├── role_binding.yaml │ │ │ ├── leader_election_role_binding.yaml │ │ │ ├── metrics_auth_role_binding.yaml │ │ │ └── leader_election_role.yaml │ │ ├── prometheus │ │ │ ├── kustomization.yaml │ │ │ └── monitor_tls_patch.yaml │ │ └── crd │ │ │ ├── kustomizeconfig.yaml │ │ │ └── kustomization.yaml │ ├── internal │ │ └── utils │ │ │ ├── types.go │ │ │ └── controller.go │ ├── .dockerignore │ ├── grafana │ │ └── custom-metrics │ │ │ └── config.yaml │ ├── .gitignore │ ├── .github │ │ └── workflows │ │ │ ├── test.yml │ │ │ └── lint.yml │ ├── hack │ │ └── boilerplate.go.txt │ ├── .devcontainer │ │ ├── devcontainer.json │ │ └── post-install.sh │ └── PROJECT └── dis-pgsql-operator │ ├── .trivyignore │ ├── config │ ├── network-policy │ │ └── kustomization.yaml │ ├── samples │ │ └── kustomization.yaml │ ├── default │ │ ├── manager_metrics_patch.yaml │ │ └── metrics_service.yaml │ ├── rbac │ │ ├── metrics_reader_role.yaml │ │ ├── service_account.yaml │ │ ├── metrics_auth_role_binding.yaml │ │ ├── metrics_auth_role.yaml │ │ ├── role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ └── leader_election_role.yaml │ ├── manager │ │ └── kustomization.yaml │ ├── kind │ │ ├── kustomization.yaml │ │ └── manager_kind_patch.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor_tls_patch.yaml │ └── crd │ │ ├── kustomizeconfig.yaml │ │ └── kustomization.yaml │ ├── .dockerignore │ ├── .github │ └── workflows │ │ ├── test.yml │ │ └── lint.yml │ ├── .gitignore │ ├── hack │ └── boilerplate.go.txt │ ├── .devcontainer │ ├── devcontainer.json │ └── post-install.sh │ └── PROJECT ├── libs └── k6 │ ├── src │ ├── token_generator │ │ ├── README.md │ │ └── config.js │ ├── index.js │ └── maskinporten │ │ └── config.js │ ├── .eslintignore │ ├── .prettierignore │ ├── .prettierrc │ └── test │ └── maskinporten.js ├── infrastructure ├── images │ ├── k6-image │ │ ├── .trivyignore │ │ ├── README.md │ │ └── Dockerfile │ ├── azure-devops-agent │ │ ├── .trivyignore │ │ └── Dockerfile │ ├── k6-action │ │ ├── default_scenarios │ │ │ ├── functional.json │ │ │ ├── browser.json │ │ │ ├── smoke.json │ │ │ ├── soak.json │ │ │ ├── spike.json │ │ │ └── breakpoint.json │ │ ├── get_latest_versions.sh │ │ └── README.md │ ├── default-syncroot │ │ ├── at22 │ │ │ └── kustomization.yaml │ │ ├── at23 │ │ │ └── kustomization.yaml │ │ ├── at24 │ │ │ └── kustomization.yaml │ │ ├── prod │ │ │ └── kustomization.yaml │ │ ├── tt02 │ │ │ └── kustomization.yaml │ │ └── yt01 │ │ │ └── kustomization.yaml │ ├── terraform-azure-devops-agent │ │ ├── Dockerfile │ │ └── .trivyignore │ └── gh-runner │ │ ├── .trivyignore │ │ └── Dockerfile ├── adminservices-test │ ├── k6tests-rg │ │ ├── modules │ │ │ ├── services │ │ │ │ ├── README.md │ │ │ │ ├── k6_operator_values.yaml │ │ │ │ ├── ingress-nginx_values.tftpl │ │ │ │ ├── namespaces.tf │ │ │ │ ├── certmanager_values.tftpl │ │ │ │ ├── sealsedsecrets.tf │ │ │ │ ├── pyrra.tf │ │ │ │ ├── certmanager.tf │ │ │ │ ├── k6_operator.tf │ │ │ │ ├── ingress-nginx-controller.tf │ │ │ │ ├── certmanager_resources.tf │ │ │ │ ├── grafana_k8s_monitoring.tf │ │ │ │ └── variables.tf │ │ │ └── foundational │ │ │ │ ├── README.md │ │ │ │ ├── rg.tf │ │ │ │ ├── outputs.tf │ │ │ │ └── rbac.tf │ │ ├── README.md │ │ ├── outputs.tf │ │ └── providers.tf │ ├── altinn-monitor-test-rg │ │ ├── k6_tests_rg_data.tf │ │ ├── k6_tests_rg_k6_operator_values.yaml │ │ ├── k6_tests_rg_rg.tf │ │ ├── k6_tests_rg_ingress-nginx_values.tftpl │ │ ├── prometheus.tf │ │ ├── k6_tests_rg_amw.tf │ │ ├── prometheusrulegroups.tf │ │ ├── variables.tf │ │ ├── k6_tests_rg_certmanager_values.tftpl │ │ ├── k6_tests_rg_sealsedsecrets.tf │ │ ├── k6_tests_rg_pyrra.tf │ │ ├── k6_tests_rg_k6_operator.tf │ │ ├── k6_tests_rg_certmanager_resources.tf │ │ ├── k6_tests_rg_certmanager.tf │ │ ├── k6_tests_rg_ingress-nginx-controller.tf │ │ ├── k6_tests_rg_providers.tf │ │ └── k6_tests_rg_grafana_k8s_monitoring.tf │ ├── altinn-apim-test-rg │ │ ├── rg.tf │ │ ├── terraform.tfvars │ │ ├── data.tf │ │ ├── variables.tf │ │ ├── apim.tf │ │ └── main.tf │ └── admin-test-aks-rg │ │ ├── test-pgsql-vnet.tf │ │ ├── obs.tf │ │ └── azure-service-operator.tf ├── adminservices-prod │ └── altinncr │ │ ├── data.tf │ │ ├── kv.tf │ │ ├── providers.tf │ │ └── acr.tf ├── modules │ ├── aks │ │ ├── providers.tf │ │ ├── flux.tf │ │ └── rg.tf │ ├── apim │ │ ├── random.tf │ │ ├── resources.tf │ │ ├── providers.tf │ │ ├── iam.tf │ │ ├── output.tf │ │ └── apim.tf │ ├── dis-apim-operator │ │ ├── output.tf │ │ └── providers.tf │ ├── postgresql-vnet-subnets │ │ ├── providers.tf │ │ └── output.tf │ ├── grafana │ │ ├── output.tf │ │ └── providers.tf │ ├── aks-resources │ │ └── providers.tf │ ├── azure-service-operator │ │ ├── outputs.tf │ │ └── providers.tf │ ├── observability │ │ ├── rg.tf │ │ ├── providers.tf │ │ ├── output.tf │ │ └── app.tf │ └── dns-child-zone │ │ ├── providers.tf │ │ ├── output.tf │ │ └── ns-records.tf ├── altinn-auth-test │ └── auth-at22-aks-rg │ │ ├── dns.tf │ │ ├── terraform.tfvars │ │ ├── obs.tf │ │ └── azure-service-operator.tf ├── altinn-correspondence-test │ └── corr-at22-aks-rg │ │ ├── dns.tf │ │ ├── terraform.tfvars │ │ ├── obs.tf │ │ └── azure-service-operator.tf └── products │ ├── terraform.tfvars │ └── Makefile ├── actions ├── terraform │ └── write-terraform-summary │ │ └── README.md ├── generate-k6-manifests │ ├── cmd │ │ ├── expected_generated_files │ │ │ ├── v1 │ │ │ │ ├── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ │ └── expanded-configfile.yaml │ │ │ ├── v10 │ │ │ │ ├── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ │ ├── prod │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ │ ├── tt02 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ │ └── yt01 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ ├── v11 │ │ │ │ └── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ ├── v12 │ │ │ │ ├── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ │ └── expanded-configfile.yaml │ │ │ ├── v2 │ │ │ │ ├── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ │ └── expanded-configfile.yaml │ │ │ ├── v3 │ │ │ │ └── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ ├── v4 │ │ │ │ ├── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ │ └── expanded-configfile.yaml │ │ │ ├── v5 │ │ │ │ ├── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ │ └── yt01 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ ├── v6 │ │ │ │ ├── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ │ └── yt01 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ ├── v7 │ │ │ │ ├── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ │ └── expanded-configfile.yaml │ │ │ ├── v8 │ │ │ │ └── at22 │ │ │ │ │ ├── slo.json.tmpl │ │ │ │ │ └── tweaked-testconfig.json │ │ │ └── v9 │ │ │ │ └── at22 │ │ │ │ ├── slo.json.tmpl │ │ │ │ └── tweaked-testconfig.json │ │ ├── example_configfiles │ │ │ ├── v1.yaml │ │ │ ├── v10.yaml │ │ │ ├── v7.yaml │ │ │ ├── v4.yaml │ │ │ ├── v8.yaml │ │ │ ├── v12.yaml │ │ │ ├── v5.yaml │ │ │ ├── v9.yaml │ │ │ ├── v2.yaml │ │ │ ├── v11.yaml │ │ │ └── v3.yaml │ │ └── default_scenarios.go │ ├── test_service │ │ ├── README.md │ │ ├── env_file.env │ │ ├── test_configs │ │ │ ├── default.json │ │ │ ├── at_config.json │ │ │ └── yt01_config.json │ │ ├── conf.yaml │ │ └── k8s_wrapper │ │ │ ├── get_daemonsets.js │ │ │ └── get_deployments.js │ ├── generate.sh │ ├── Dockerfile │ ├── Dockerfile.test │ ├── action.yml │ └── main.go └── send-ci-cd-trace │ ├── tsconfig.json │ ├── .gitignore │ ├── package.json │ └── action.yml ├── tools └── disctl │ ├── pkg │ ├── altinn │ │ ├── testdata │ │ │ ├── testgetenvironments │ │ │ │ ├── server_error.json │ │ │ │ ├── malformed_json_response.json │ │ │ │ └── valid_response.json │ │ │ └── testinitappsdata │ │ │ │ ├── no_deployments_returned_from_kubewrapper.json │ │ │ │ ├── server_error_from_kubewrapper_result_in_error.json │ │ │ │ ├── invalid_response_from_kubewrapper_result_in_error.json │ │ │ │ ├── merges_response_with_existing.json │ │ │ │ └── valid_response_from_kubewrapper.json │ │ └── environments.go │ ├── util │ │ └── constants.go │ └── kube │ │ └── app.go │ ├── main.go │ ├── internal │ └── version │ │ └── version.go │ ├── .gitignore │ └── cmd │ ├── version.go │ └── root.go ├── flux ├── whoami │ ├── namespace.yaml │ └── kustomization.yaml ├── linkerd │ ├── namespace.yaml │ ├── post-deploy │ │ └── kustomization.yaml │ ├── linkerd-root-ca-clusterissuer.yaml │ ├── helmrepository.yaml │ ├── linkerd-trust-anchor-issuer.yaml │ ├── kustomization.yaml │ ├── linkerd-root-ca-cert.yaml │ └── linkerd-identity-issuer-cert.yaml ├── traefik │ ├── namespace.yaml │ ├── kustomization.yaml │ └── helmrepository.yaml ├── cert-manager │ ├── namespace.yaml │ ├── kustomization.yaml │ ├── helmrepository.yaml │ └── CHANGELOG.md ├── azure-service-operator │ ├── namespace.yaml │ ├── kustomization.yaml │ └── helm-repository.yaml ├── altinn-uptime │ ├── serviceaccount.yaml │ ├── configmaps │ │ └── generate-targets.yaml │ ├── DEPLOY.md │ ├── README.md │ ├── post-deploy │ │ └── kustomization.yaml │ ├── kustomization.yaml │ └── rbac.yaml ├── grafana-operator │ ├── namespace.yaml │ ├── post-deploy │ │ ├── kustomization.yaml │ │ └── external-grafana.yaml │ ├── grafana-manifests │ │ ├── apps │ │ │ ├── kustomization.yaml │ │ │ └── dashboards │ │ │ │ ├── kustomization.yaml │ │ │ │ └── altinn-pod-console-error-logs.yaml │ │ └── base │ │ │ ├── kustomization.yaml │ │ │ └── dashboards │ │ │ ├── kustomization.yaml │ │ │ ├── altinn-publicip.yaml │ │ │ ├── linkerd-daemonset.yaml │ │ │ ├── linkerd-deployment.yaml │ │ │ ├── altinn-traefik-official.yaml │ │ │ ├── altinn-blackbox-exporter.yaml │ │ │ ├── fluxcd-flux-cluster-stats.yaml │ │ │ ├── fluxcd-flux-control-plane.yaml │ │ │ └── fluxcd-gitops-flux-application-deployments-dashboard.yaml │ ├── grafana-redirect │ │ ├── kustomization.yaml │ │ ├── middleware.yaml │ │ └── ingressroute.yaml │ ├── fqdn-to-azure-grafana │ │ ├── kustomization.yaml │ │ ├── middleware.yaml │ │ └── ingressroute.yaml │ ├── kustomization.yaml │ ├── grafana-admin-apikey.yaml │ └── helmrepository.yaml ├── otel-operator │ ├── namespace.yaml │ ├── kustomization.yaml │ └── helmrepository.yaml ├── helm-uninstall-outdated-apps │ ├── sa.yaml │ ├── README.md │ ├── kustomization.yaml │ ├── rolebinding.yaml │ └── whitelist.yaml ├── otel-collector │ ├── namespace.yaml │ ├── kustomization.yaml │ ├── sa.yaml │ ├── CHANGELOG.md │ └── external-secrets.yaml ├── blackbox-exporter │ ├── base │ │ ├── namespace.yaml │ │ ├── kustomization.yaml │ │ └── helmrepository.yaml │ └── apps │ │ ├── kustomization.yaml │ │ └── helmrelease-patch.yaml ├── dis-apim │ ├── kustomization.yaml │ └── oci-repository.yaml ├── container-runtime-aks-config │ ├── rbac │ │ └── kustomization.yaml │ ├── ama │ │ └── kustomization.yaml │ ├── metrics-server │ │ ├── kustomization.yaml │ │ └── metrics-server-config.yaml │ ├── base │ │ ├── metrics-server-config │ │ │ ├── kustomization.yaml │ │ │ ├── README.md │ │ │ └── metrics-server-config.yaml │ │ ├── rbac-authorization-k8s │ │ │ ├── kustomization.yaml │ │ │ └── README.md │ │ ├── ama-metrics-prometheus-config │ │ │ ├── kustomization.yaml │ │ │ └── README.md │ │ ├── ama-metrics-settings-configmap │ │ │ ├── kustomization.yaml │ │ │ └── README.md │ │ └── container-azm-ms-agentconfig │ │ │ ├── kustomization.yaml │ │ │ └── README.md │ └── apps │ │ └── kustomization.yaml ├── dis-identity │ ├── kustomization.yaml │ ├── oci-repository.yaml │ └── flux-kustomize.yaml ├── external-secrets-operator │ ├── namespace.yaml │ ├── kustomization.yaml │ └── helmrepository.yaml ├── certm-lets-encrypt-dns-issuer │ ├── kustomization.yaml │ ├── certificate.yaml │ ├── production.yaml │ ├── staging.yaml │ └── CHANGELOG.md └── lakmus │ └── kustomization.yaml ├── CODEOWNERS ├── .github ├── ISSUE_TEMPLATE │ ├── config.yml │ └── enhancement.yml └── workflows │ ├── auto-update-operators.yml │ └── altinn-k6-lib-test-pr.yml └── .release-please-manifest.json /services/lakmus/.trivyignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /libs/k6/src/token_generator/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /infrastructure/images/k6-image/.trivyignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /services/dis-apim-operator/.trivyignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /services/dis-identity-operator/.trivyignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/.trivyignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/terraform/write-terraform-summary/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /infrastructure/images/azure-devops-agent/.trivyignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/foundational/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /libs/k6/.eslintignore: -------------------------------------------------------------------------------- 1 | .cache/ 2 | public/ 3 | node_modules/ 4 | build/ 5 | -------------------------------------------------------------------------------- /libs/k6/.prettierignore: -------------------------------------------------------------------------------- 1 | .cache/ 2 | public/ 3 | node_modules/ 4 | build/ 5 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v1/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v10/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v10/prod/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v10/tt02/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v10/yt01/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v11/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v12/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v2/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v3/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v4/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v5/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v5/yt01/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v6/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v6/yt01/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v7/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v8/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v9/at22/slo.json.tmpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /libs/k6/.prettierrc: -------------------------------------------------------------------------------- 1 | { 2 | "singleQuote": true, 3 | "trailingComma": "all" 4 | } 5 | -------------------------------------------------------------------------------- /tools/disctl/pkg/altinn/testdata/testgetenvironments/server_error.json: -------------------------------------------------------------------------------- 1 | Internal Server Error -------------------------------------------------------------------------------- /actions/generate-k6-manifests/test_service/README.md: -------------------------------------------------------------------------------- 1 | Simple k6 test files to test the action 2 | -------------------------------------------------------------------------------- /flux/whoami/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: whoami 5 | -------------------------------------------------------------------------------- /infrastructure/adminservices-prod/altinncr/data.tf: -------------------------------------------------------------------------------- 1 | data "azurerm_client_config" "current" {} 2 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/README.md: -------------------------------------------------------------------------------- 1 | # Infrastructure for K6 tests cluster 2 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /tools/disctl/pkg/altinn/testdata/testinitappsdata/no_deployments_returned_from_kubewrapper.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /flux/linkerd/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: linkerd 5 | -------------------------------------------------------------------------------- /flux/traefik/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: traefik 5 | -------------------------------------------------------------------------------- /flux/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: cert-manager 5 | -------------------------------------------------------------------------------- /infrastructure/images/k6-action/default_scenarios/functional.json: -------------------------------------------------------------------------------- 1 | { 2 | "vus": 1, 3 | "iterations": 1 4 | } -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/network-policy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - allow-metrics-traffic.yaml 3 | -------------------------------------------------------------------------------- /services/lakmus/manifests/cdk8s.yaml: -------------------------------------------------------------------------------- 1 | language: typescript 2 | app: npx ts-node main.ts 3 | imports: 4 | - k8s 5 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/network-policy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - allow-metrics-traffic.yaml 3 | -------------------------------------------------------------------------------- /tools/disctl/pkg/altinn/testdata/testinitappsdata/server_error_from_kubewrapper_result_in_error.json: -------------------------------------------------------------------------------- 1 | Internal Server Error -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_data.tf: -------------------------------------------------------------------------------- 1 | # data "azurerm_client_config" "current" {} 2 | -------------------------------------------------------------------------------- /infrastructure/images/k6-action/default_scenarios/browser.json: -------------------------------------------------------------------------------- 1 | { 2 | "browser": { 3 | "type": "chromium" 4 | } 5 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v1/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v10/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v10/prod/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v10/tt02/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v10/yt01/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v12/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v5/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v5/yt01/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v6/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v7/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v8/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v9/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "vus": 1 4 | } -------------------------------------------------------------------------------- /flux/azure-service-operator/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: azureserviceoperator-system 5 | -------------------------------------------------------------------------------- /services/dis-identity-operator/internal/utils/types.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | func ToPointer[T any](t T) *T { 4 | return &t 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/k6_operator_values.yaml: -------------------------------------------------------------------------------- 1 | installCRDs: true 2 | 3 | namespace: 4 | create: false 5 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/network-policy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - allow-webhook-traffic.yaml 3 | - allow-metrics-traffic.yaml 4 | -------------------------------------------------------------------------------- /tools/disctl/pkg/altinn/testdata/testgetenvironments/malformed_json_response.json: -------------------------------------------------------------------------------- 1 | {"environments": [ { "platformUrl": "https://a.com", "name": "dev" -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v11/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "browser": { 3 | "type": "chromium" 4 | } 5 | } -------------------------------------------------------------------------------- /infrastructure/images/default-syncroot/at22/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: [] 4 | -------------------------------------------------------------------------------- /infrastructure/images/default-syncroot/at23/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: [] 4 | -------------------------------------------------------------------------------- /infrastructure/images/default-syncroot/at24/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: [] 4 | -------------------------------------------------------------------------------- /infrastructure/images/default-syncroot/prod/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: [] 4 | -------------------------------------------------------------------------------- /infrastructure/images/default-syncroot/tt02/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: [] 4 | -------------------------------------------------------------------------------- /infrastructure/images/default-syncroot/yt01/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: [] 4 | -------------------------------------------------------------------------------- /flux/altinn-uptime/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: altinn-uptime-cronjob 5 | namespace: monitoring 6 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k6_operator_values.yaml: -------------------------------------------------------------------------------- 1 | installCRDs: true 2 | 3 | namespace: 4 | create: false 5 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Owners for the whole repo (will be added to all PRs) 2 | * @Altinn/team-platform 3 | 4 | # Add specific ownership for further needs here 5 | -------------------------------------------------------------------------------- /flux/grafana-operator/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: grafana 5 | annotations: 6 | linkerd.io/inject: enabled 7 | -------------------------------------------------------------------------------- /flux/linkerd/post-deploy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - rollout-restart-job.yaml 5 | -------------------------------------------------------------------------------- /flux/otel-operator/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | annotations: 6 | linkerd.io/inject: enabled 7 | -------------------------------------------------------------------------------- /flux/whoami/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - whoami.yaml 6 | -------------------------------------------------------------------------------- /services/lakmus/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore build and test binaries. 3 | bin/ 4 | -------------------------------------------------------------------------------- /flux/helm-uninstall-outdated-apps/sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: helm-uninstall-outdated-apps 5 | namespace: default 6 | -------------------------------------------------------------------------------- /flux/otel-collector/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | annotations: 6 | linkerd.io/inject: enabled 7 | -------------------------------------------------------------------------------- /infrastructure/modules/aks/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/test_service/env_file.env: -------------------------------------------------------------------------------- 1 | # Explanation for env var 1 2 | ENVFROMFILE1=ENV1 3 | 4 | 5 | # Explanation for env var 2 6 | ENVFROMFILE2=ENV2 7 | -------------------------------------------------------------------------------- /flux/blackbox-exporter/base/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | annotations: 6 | linkerd.io/inject: enabled 7 | -------------------------------------------------------------------------------- /flux/grafana-operator/post-deploy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - external-grafana.yaml 5 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore build and test binaries. 3 | bin/ 4 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/generate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | set -euo 3 | 4 | rm -rf .build .dist .conf 5 | mkdir -p .build .dist .conf 6 | 7 | generate-k6-manifests 8 | -------------------------------------------------------------------------------- /flux/dis-apim/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - oci-repository.yaml 5 | - flux-kustomize.yaml 6 | -------------------------------------------------------------------------------- /infrastructure/modules/apim/random.tf: -------------------------------------------------------------------------------- 1 | resource "random_string" "apim_random_part" { 2 | length = 6 3 | special = false 4 | upper = false 5 | numeric = true 6 | } 7 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - read-everything-and-restart.yaml 5 | -------------------------------------------------------------------------------- /flux/dis-identity/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - oci-repository.yaml 5 | - flux-kustomize.yaml 6 | -------------------------------------------------------------------------------- /flux/external-secrets-operator/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: external-secrets 5 | annotations: 6 | linkerd.io/inject: enabled 7 | -------------------------------------------------------------------------------- /flux/linkerd/linkerd-root-ca-clusterissuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: linkerd-root-ca 5 | spec: 6 | selfSigned: {} 7 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-apim-test-rg/rg.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "rg" { 2 | name = "${var.name_prefix}-rg" 3 | location = var.location 4 | } 5 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/ama/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ama-metrics-settings-configmap.yaml 5 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/metrics-server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - metrics-server-config.yaml 5 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/apps/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | - dashboards 6 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/test_service/test_configs/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "thresholds": { 3 | "http_req_duration": [ 4 | "avg<123" 5 | ] 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - folders.yaml 5 | - dashboards 6 | -------------------------------------------------------------------------------- /flux/helm-uninstall-outdated-apps/README.md: -------------------------------------------------------------------------------- 1 | # Helm uninstall outdated apps 2 | 3 | Manifests for the CronJob that prunes Helm releases older than three months, while honoring the whitelist. -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_rg.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "k6tests_rg" { 2 | name = "k6tests-rg" 3 | location = "norwayeast" 4 | } 5 | -------------------------------------------------------------------------------- /infrastructure/images/k6-action/default_scenarios/smoke.json: -------------------------------------------------------------------------------- 1 | { 2 | "stages": [ 3 | { 4 | "duration": "1m", 5 | "target": 1 6 | } 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /infrastructure/images/k6-action/default_scenarios/soak.json: -------------------------------------------------------------------------------- 1 | { 2 | "stages": [ 3 | { 4 | "duration": "8h", 5 | "target": 1 6 | } 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /infrastructure/images/k6-image/README.md: -------------------------------------------------------------------------------- 1 | # An image with k6 extensions 2 | https://grafana.com/docs/k6/latest/set-up/set-up-distributed-k6/usage/extensions/#use-k6-operator-with-k6-extensions -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-redirect/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - middleware.yaml 5 | - ingressroute.yaml 6 | -------------------------------------------------------------------------------- /flux/traefik/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - helmrepository.yaml 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /tools/disctl/pkg/altinn/testdata/testinitappsdata/invalid_response_from_kubewrapper_result_in_error.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "version": "112", 4 | "release": "altinn-access-management" 5 | }, -------------------------------------------------------------------------------- /tools/disctl/pkg/util/constants.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | const ( 4 | EnvironmentsAPI = "https://altinncdn.no/config/environments.json" 5 | KubeWrapperAPI = "kuberneteswrapper/api/v1" 6 | ) 7 | -------------------------------------------------------------------------------- /flux/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - helmrepository.yaml 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/metrics-server-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - metrics-server-config.yaml 5 | -------------------------------------------------------------------------------- /flux/grafana-operator/fqdn-to-azure-grafana/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - middleware.yaml 5 | - ingressroute.yaml 6 | -------------------------------------------------------------------------------- /flux/otel-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - helmrepository.yaml 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/foundational/rg.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "k6tests" { 2 | name = "k6tests-rg${var.suffix}" 3 | location = "norwayeast" 4 | } 5 | -------------------------------------------------------------------------------- /infrastructure/modules/dis-apim-operator/output.tf: -------------------------------------------------------------------------------- 1 | output "dis_apim_workload_identity_client_id" { 2 | value = azurerm_user_assigned_identity.disapim_identity.client_id 3 | sensitive = true 4 | } -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/rbac-authorization-k8s/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - read-everything-and-restart.yaml 5 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/apps/dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - altinn-pod-console-error-logs.yaml 5 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples of your project ## 2 | resources: 3 | - storage_v1alpha1_database.yaml 4 | # +kubebuilder:scaffold:manifestskustomizesamples 5 | -------------------------------------------------------------------------------- /flux/azure-service-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - helm-repository.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /flux/blackbox-exporter/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - helmrepository.yaml 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /flux/certm-lets-encrypt-dns-issuer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - staging.yaml 5 | - production.yaml 6 | - certificate.yaml 7 | -------------------------------------------------------------------------------- /flux/external-secrets-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - helmrepository.yaml 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /flux/lakmus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | metadata: 4 | name: lakmus 5 | namespace: flux-system 6 | resources: 7 | - lakmus-manifests.yaml 8 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - issuer.yaml 3 | - certificate-webhook.yaml 4 | - certificate-metrics.yaml 5 | 6 | configurations: 7 | - kustomizeconfig.yaml 8 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/default/serviceaccount_client_id_patch.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /metadata/annotations/azure.workload.identity~1client-id 3 | value: "${DISAPIM_WORKLOAD_IDENTITY_CLIENT_ID}" -------------------------------------------------------------------------------- /services/dis-apim-operator/internal/utils/consts.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | // maxContentSize is the maximum allowed size of the content fetched from a URL. (100MB) 4 | const maxContentSize = 100 * 1024 * 1024 5 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/ama-metrics-prometheus-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ama-metrics-prometheus-config.yaml 5 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/ama-metrics-settings-configmap/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ama-metrics-settings-configmap.yaml 5 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/container-azm-ms-agentconfig/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - container-azm-ms-agentconfig.yaml 5 | -------------------------------------------------------------------------------- /flux/otel-collector/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - external-secrets.yaml 6 | - collector.yaml 7 | - sa.yaml 8 | -------------------------------------------------------------------------------- /infrastructure/modules/postgresql-vnet-subnets/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = ">= 4.0.0" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/test_service/test_configs/at_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "thresholds": { 3 | "http_req_duration": [ 4 | "p(95)<1000" 5 | ] 6 | }, 7 | "httpDebug": "full" 8 | } 9 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-apim-test-rg/terraform.tfvars: -------------------------------------------------------------------------------- 1 | subscription_id = "1ce8e9af-c2d6-44e7-9c5e-099a308056fe" 2 | admin_services_prod_subscription_id = "a6e9ee7d-2b65-41e1-adfb-0c8c23515cf9" -------------------------------------------------------------------------------- /services/dis-identity-operator/config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples of your project ## 2 | resources: 3 | - application_v1alpha1_applicationidentity.yaml 4 | # +kubebuilder:scaffold:manifestskustomizesamples 5 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v2/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "iterations": 1, 3 | "thresholds": { 4 | "http_req_duration": [ 5 | "avg\u003c123" 6 | ] 7 | }, 8 | "vus": 1 9 | } -------------------------------------------------------------------------------- /flux/linkerd/helmrepository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: HelmRepository 3 | metadata: 4 | name: linkerd 5 | namespace: linkerd 6 | spec: 7 | interval: 1h 8 | url: https://helm.linkerd.io/edge 9 | -------------------------------------------------------------------------------- /flux/linkerd/linkerd-trust-anchor-issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Issuer 3 | metadata: 4 | name: linkerd-trust-anchor 5 | namespace: linkerd 6 | spec: 7 | ca: 8 | secretName: linkerd-trust-anchor 9 | -------------------------------------------------------------------------------- /flux/traefik/helmrepository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: HelmRepository 3 | metadata: 4 | name: traefik 5 | namespace: traefik 6 | spec: 7 | interval: 1h 8 | url: https://traefik.github.io/charts 9 | -------------------------------------------------------------------------------- /libs/k6/src/index.js: -------------------------------------------------------------------------------- 1 | export { 2 | PersonalTokenGenerator, 3 | EnterpriseTokenGenerator, 4 | } from './token_generator/token_generator.js'; 5 | export { MaskinportenAccessTokenGenerator } from './maskinporten/maskinporten.js'; 6 | -------------------------------------------------------------------------------- /flux/cert-manager/helmrepository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: HelmRepository 3 | metadata: 4 | name: jetstack 5 | namespace: cert-manager 6 | spec: 7 | interval: 1h 8 | url: https://charts.jetstack.io 9 | -------------------------------------------------------------------------------- /flux/grafana-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - grafana-admin-apikey.yaml 6 | - helmrepository.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/ingress-nginx_values.tftpl: -------------------------------------------------------------------------------- 1 | controller: 2 | service: 3 | annotations: 4 | "service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path": "/healthz" 5 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-admin-apikey.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: grafana-admin-apikey 5 | namespace: grafana 6 | type: Opaque 7 | stringData: 8 | GF_SECURITY_APIKEY: "${GRAFANA_ADMIN_APIKEY}" 9 | -------------------------------------------------------------------------------- /flux/helm-uninstall-outdated-apps/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - sa.yaml 5 | - role.yaml 6 | - rolebinding.yaml 7 | - whitelist.yaml 8 | - cronjob.yaml 9 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/outputs.tf: -------------------------------------------------------------------------------- 1 | output "k6tests_cluster_name" { 2 | value = local.k6tests_cluster_name 3 | } 4 | 5 | output "k6tests_resource_group_name" { 6 | value = local.k6tests_resource_group_name 7 | } 8 | -------------------------------------------------------------------------------- /flux/grafana-operator/helmrepository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: HelmRepository 3 | metadata: 4 | name: grafana 5 | namespace: grafana 6 | spec: 7 | interval: 1h 8 | url: https://grafana.github.io/helm-charts 9 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-apim-test-rg/data.tf: -------------------------------------------------------------------------------- 1 | data "azurerm_container_registry" "altinncr" { 2 | provider = azurerm.adminservices-prod 3 | name = "altinncr" 4 | resource_group_name = "acr" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_ingress-nginx_values.tftpl: -------------------------------------------------------------------------------- 1 | controller: 2 | service: 3 | annotations: 4 | "service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path": "/healthz" 5 | -------------------------------------------------------------------------------- /infrastructure/images/terraform-azure-devops-agent/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/altinn/altinn-platform/azure-devops-agent:v1.2.5@sha256:12d834ef49876c6386a9825c1b93621d89623c27871bba89c7cba8fd5b064646 2 | COPY scripts/install.sh . 3 | RUN ./install.sh 4 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/default/azure_service_monitor_patch.yaml: -------------------------------------------------------------------------------- 1 | # Replace monitoring.coreos.com/v1 with the azure spesific version azmonitoring.coreos.com/v1 2 | - op: replace 3 | path: /apiVersion 4 | value: azmonitoring.coreos.com/v1 -------------------------------------------------------------------------------- /infrastructure/modules/apim/resources.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "apim_rg" { 2 | name = var.apim_rg_name != "" ? var.apim_rg_name : "${var.prefix}-${var.environment}-apim-rg" 3 | location = var.location 4 | tags = var.tags 5 | } 6 | -------------------------------------------------------------------------------- /libs/k6/src/maskinporten/config.js: -------------------------------------------------------------------------------- 1 | const config = { 2 | maskinportenBaseUrl: 'https://test.maskinporten.no', 3 | audienceUrl: 'https://test.maskinporten.no/', 4 | tokenUrl: 'https://test.maskinporten.no/token', 5 | }; 6 | 7 | export { config }; 8 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/default/manager_metrics_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch adds the args to allow exposing the metrics endpoint using HTTPS 2 | - op: add 3 | path: /spec/template/spec/containers/0/args/0 4 | value: --metrics-bind-address=:8443 5 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/rbac/metrics_reader_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/default/manager_metrics_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch adds the args to allow exposing the metrics endpoint using HTTPS 2 | - op: add 3 | path: /spec/template/spec/containers/0/args/0 4 | value: --metrics-bind-address=:8443 5 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/rbac/metrics_reader_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/default/manager_metrics_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch adds the args to allow exposing the metrics endpoint using HTTPS 2 | - op: add 3 | path: /spec/template/spec/containers/0/args/0 4 | value: --metrics-bind-address=:8443 5 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/rbac/metrics_reader_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples of your project ## 2 | resources: 3 | - apim_v1alpha1_backend.yaml 4 | - apim_v1alpha1_api.yaml 5 | - apim_v1alpha1_apiversion.yaml 6 | # +kubebuilder:scaffold:manifestskustomizesamples 7 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | images: 6 | - name: controller 7 | newName: localhost/dis-pgsql-operator 8 | newTag: e2e 9 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/altinn/altinn-platform/k6-action-image:v0.0.21@sha256:1c08b76a1dd3d3d5a5976307aebc47572645be1eb2383c648cfdbebb5b536d3b 2 | 3 | COPY generate.sh /generate.sh 4 | RUN chmod +x /generate.sh 5 | 6 | CMD ["/generate.sh"] 7 | -------------------------------------------------------------------------------- /infrastructure/modules/grafana/output.tf: -------------------------------------------------------------------------------- 1 | output "grafana_endpoint" { 2 | value = azurerm_dashboard_grafana.grafana.endpoint 3 | } 4 | 5 | output "token_grafana_operator" { 6 | value = grafana_service_account_token.grafana_operator.key 7 | sensitive = true 8 | } 9 | -------------------------------------------------------------------------------- /flux/blackbox-exporter/base/helmrepository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: HelmRepository 3 | metadata: 4 | name: prometheus-community 5 | namespace: monitoring 6 | spec: 7 | interval: 1h 8 | url: https://prometheus-community.github.io/helm-charts 9 | -------------------------------------------------------------------------------- /infrastructure/modules/aks-resources/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | } 6 | azapi = { 7 | source = "Azure/azapi" 8 | version = ">= 2.3.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /flux/altinn-uptime/configmaps/generate-targets.yaml: -------------------------------------------------------------------------------- 1 | # This ConfigMap is generated by Kustomize from flux/scripts/generate_targets.sh 2 | # See kustomization.yaml for the configMapGenerator configuration 3 | # 4 | # To edit the script, modify flux/scripts/generate_targets.sh directly 5 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-apim-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: controller-manager 8 | namespace: system 9 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-pgsql-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: controller-manager 8 | namespace: system 9 | -------------------------------------------------------------------------------- /flux/otel-operator/helmrepository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: HelmRepository 3 | metadata: 4 | name: otel-oci 5 | namespace: monitoring 6 | spec: 7 | type: oci 8 | interval: 1h 9 | url: oci://ghcr.io/open-telemetry/opentelemetry-helm-charts 10 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-identity-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: controller-manager 8 | namespace: system 9 | -------------------------------------------------------------------------------- /flux/blackbox-exporter/apps/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | patches: 6 | - path: helmrelease-patch.yaml 7 | target: 8 | kind: HelmRelease 9 | name: prometheus-blackbox-exporter 10 | -------------------------------------------------------------------------------- /flux/external-secrets-operator/helmrepository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: HelmRepository 3 | metadata: 4 | name: external-secrets 5 | namespace: external-secrets 6 | spec: 7 | type: oci 8 | interval: 1h 9 | url: oci://ghcr.io/external-secrets/charts 10 | -------------------------------------------------------------------------------- /infrastructure/modules/azure-service-operator/outputs.tf: -------------------------------------------------------------------------------- 1 | output "azurerm_user_assigned_identity_principal_id" { 2 | description = "The principal ID of the Azure Service Operator User Assigned Managed Identity." 3 | value = azurerm_user_assigned_identity.aso_identity.principal_id 4 | } 5 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v6/yt01/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "stages": [ 3 | { 4 | "duration": "1m", 5 | "target": 10 6 | } 7 | ], 8 | "thresholds": { 9 | "http_req_duration": [ 10 | "p(95)\u003c300" 11 | ] 12 | } 13 | } -------------------------------------------------------------------------------- /flux/azure-service-operator/helm-repository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: HelmRepository 3 | metadata: 4 | name: aso2 5 | namespace: azureserviceoperator-system 6 | spec: 7 | interval: 1h 8 | url: https://raw.githubusercontent.com/Azure/azure-service-operator/main/v2/charts 9 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/prometheus.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_monitor_workspace" "altinn_monitor" { 2 | name = "altinn-monitor-test-amw" 3 | resource_group_name = azurerm_resource_group.rg.name 4 | location = azurerm_resource_group.rg.location 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/modules/apim/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = ">= 4.0.0" 6 | } 7 | random = { 8 | source = "hashicorp/random" 9 | version = ">= 3.0.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_amw.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_monitor_workspace" "k6tests_amw" { 2 | name = "k6tests-amw" 3 | resource_group_name = azurerm_resource_group.k6tests_rg.name 4 | location = azurerm_resource_group.k6tests_rg.location 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/modules/dis-apim-operator/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = ">= 4.0.0" 6 | } 7 | azapi = { 8 | source = "Azure/azapi" 9 | version = ">= 2.3.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/default/deployment_vars_patch.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/containers/0/env 3 | value: 4 | - name: DISID_ISSUER_URL 5 | value: "${DISID_ISSUER_URL}" 6 | - name: DISID_TARGET_RESOURCE_GROUP 7 | value: "${DISID_TARGET_RESOURCE_GROUP}" 8 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/apps/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base/ama-metrics-prometheus-config 5 | - ../base/ama-metrics-settings-configmap 6 | - ../base/container-azm-ms-agentconfig 7 | - ../base/metrics-server-config 8 | -------------------------------------------------------------------------------- /infrastructure/modules/azure-service-operator/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = ">= 4.0.0" 6 | } 7 | azapi = { 8 | source = "Azure/azapi" 9 | version = ">= 2.3.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /tools/disctl/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright © 2024, Altinn 3 | */ 4 | package main 5 | 6 | import ( 7 | "github.com/altinn/altinn-platform/disctl/cmd" 8 | "github.com/altinn/altinn-platform/disctl/internal/version" 9 | ) 10 | 11 | func main() { 12 | cmd.BuildInfo = version.Get() 13 | cmd.Execute() 14 | } 15 | -------------------------------------------------------------------------------- /flux/otel-collector/sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: otel-collector 5 | namespace: monitoring 6 | labels: 7 | app: otel-collector 8 | annotations: 9 | azure.workload.identity/client-id: ${CLIENT_ID} 10 | azure.workload.identity/tenant-id: ${TENANT_ID} 11 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/namespaces.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "namespace" { 2 | for_each = toset( 3 | concat( 4 | ["platform"], 5 | [for v in var.k8s_rbac : v["namespace"]] 6 | ) 7 | ) 8 | metadata { 9 | name = each.value 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/test_service/test_configs/yt01_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "stages": [ 3 | { 4 | "duration": "1m", 5 | "target": 10 6 | } 7 | ], 8 | "thresholds": { 9 | "http_req_duration": [ 10 | "p(95)<300" 11 | ] 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /infrastructure/modules/apim/iam.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_role_assignment" "apim_service_contributor" { 2 | for_each = var.apim_service_contributors 3 | scope = azurerm_api_management.apim.id 4 | role_definition_name = "API Management Service Contributor" 5 | principal_id = each.value 6 | } 7 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v3/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "httpDebug": "full", 3 | "stages": [ 4 | { 5 | "duration": "1m", 6 | "target": 1 7 | } 8 | ], 9 | "thresholds": { 10 | "http_req_duration": [ 11 | "p(95)\u003c1000" 12 | ] 13 | } 14 | } -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/example_configfiles/v1.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | contexts: 5 | - environment: at22 6 | node_type: "default" 7 | test_run: 8 | name: "get-deployments" 9 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/example_configfiles/v10.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | contexts: 5 | - environment: at22 6 | - environment: yt01 7 | - environment: tt02 8 | - environment: prod 9 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/example_configfiles/v7.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | contexts: 5 | - environment: at22 6 | node_type: "default" 7 | test_run: 8 | name: "get-deployments" 9 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/metrics-server-config/README.md: -------------------------------------------------------------------------------- 1 | # Metrics Server Configuration 2 | 3 | This directory contains the ConfigMap for Kubernetes metrics-server that configures the nanny (autoscaling) settings. 4 | 5 | The configuration defines base CPU/memory resources and per-node scaling factors for the metrics-server deployment. -------------------------------------------------------------------------------- /infrastructure/images/terraform-azure-devops-agent/.trivyignore: -------------------------------------------------------------------------------- 1 | # Checkd against kubectl with govulncheck and kubectl is not affected (false positiv) 2 | # CVE with status needs evaluation in ubuntu 24.04 3 | CVE-2025-47907 4 | CVE-2025-47906 5 | CVE-2024-25621 6 | CVE-2025-58183 7 | CVE-2025-58186 8 | CVE-2025-58187 9 | CVE-2025-58188 10 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/samples/apim_v1alpha1_apiversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apim.dis.altinn.cloud/v1alpha1 2 | kind: ApiVersion 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-apim-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: apiversion-sample 8 | spec: 9 | # TODO(user): Add fields here 10 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v4/at22/tweaked-testconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "stages": [ 3 | { 4 | "duration": "1m", 5 | "target": 10 6 | }, 7 | { 8 | "duration": "1m", 9 | "target": 1000 10 | }, 11 | { 12 | "duration": "10s", 13 | "target": 0 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /infrastructure/modules/observability/rg.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "obs" { 2 | count = local.reuse_rg ? 0 : 1 3 | name = "${var.prefix}-${var.environment}-obs-rg" 4 | location = var.location 5 | lifecycle { prevent_destroy = true } 6 | tags = merge(var.localtags, { 7 | submodule = "observability" 8 | }) 9 | } 10 | -------------------------------------------------------------------------------- /flux/dis-apim/oci-repository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: OCIRepository 3 | metadata: 4 | name: dis-apim-operator 5 | namespace: flux-system 6 | spec: 7 | interval: 5m0s 8 | provider: azure 9 | ref: 10 | tag: latest 11 | timeout: 5m0s 12 | url: oci://altinncr.azurecr.io/dis/kustomize/dis-apim-operator 13 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-redirect/middleware.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: Middleware 3 | metadata: 4 | name: redirect-to-azure-grafana 5 | namespace: traefik 6 | spec: 7 | redirectRegex: 8 | permanent: true 9 | regex: ^https?://(.*)altinn\.(no|cloud)/monitor(.*) 10 | replacement: ${EXTERNAL_GRAFANA_URL}$3 11 | -------------------------------------------------------------------------------- /services/dis-apim-operator/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore everything by default and re-include only needed files 3 | ** 4 | 5 | # Re-include Go source files (but not *_test.go) 6 | !**/*.go 7 | **/*_test.go 8 | 9 | # Re-include Go module files 10 | !go.mod 11 | !go.sum 12 | -------------------------------------------------------------------------------- /services/dis-identity-operator/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore everything by default and re-include only needed files 3 | ** 4 | 5 | # Re-include Go source files (but not *_test.go) 6 | !**/*.go 7 | **/*_test.go 8 | 9 | # Re-include Go module files 10 | !go.mod 11 | !go.sum 12 | -------------------------------------------------------------------------------- /tools/disctl/pkg/altinn/testdata/testinitappsdata/merges_response_with_existing.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "version": "112", 4 | "release": "altinn-access-management" 5 | }, 6 | { 7 | "version": "222", 8 | "release": "altinn-authentication" 9 | }, 10 | { 11 | "version": "333", 12 | "release": "altinn-authorization" 13 | } 14 | ] -------------------------------------------------------------------------------- /tools/disctl/pkg/altinn/testdata/testinitappsdata/valid_response_from_kubewrapper.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "version": "111", 4 | "release": "altinn-access-management" 5 | }, 6 | { 7 | "version": "222", 8 | "release": "altinn-authentication" 9 | }, 10 | { 11 | "version": "333", 12 | "release": "altinn-authorization" 13 | } 14 | ] -------------------------------------------------------------------------------- /flux/altinn-uptime/DEPLOY.md: -------------------------------------------------------------------------------- 1 | # Deploy 2 | 3 | ```bash 4 | kubectl apply -k flux/ 5 | ``` 6 | 7 | # Test 8 | 9 | ```bash 10 | kubectl create job --from=cronjob/altinn-uptime-sync test-$(date +%s) -n monitoring 11 | kubectl logs -f job/test- -n monitoring 12 | ``` 13 | 14 | # Rollback 15 | 16 | ```bash 17 | kubectl delete -k flux/ 18 | ``` 19 | -------------------------------------------------------------------------------- /flux/dis-identity/oci-repository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: OCIRepository 3 | metadata: 4 | name: dis-identity-operator 5 | namespace: flux-system 6 | spec: 7 | interval: 5m0s 8 | provider: azure 9 | ref: 10 | tag: v0.0.3 11 | timeout: 5m0s 12 | url: oci://altinncr.azurecr.io/dis/kustomize/dis-identity-operator 13 | -------------------------------------------------------------------------------- /infrastructure/adminservices-prod/altinncr/kv.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_key_vault" "kv" { 2 | name = var.acrname 3 | location = azurerm_resource_group.acr.location 4 | resource_group_name = azurerm_resource_group.acr.name 5 | sku_name = "standard" 6 | tenant_id = data.azurerm_client_config.current.tenant_id 7 | } 8 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/prometheusrulegroups.tf: -------------------------------------------------------------------------------- 1 | // A resource group to host the PrometheusRuleGroups managed by the dis-promrulegroups-operator 2 | resource "azurerm_resource_group" "promctl" { 3 | name = "prom-rule-groups-rg" 4 | location = "norwayeast" 5 | tags = { 6 | "app" = "dis-promrulegroups-operator" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /infrastructure/modules/postgresql-vnet-subnets/output.tf: -------------------------------------------------------------------------------- 1 | output "subnet_ids" { 2 | description = "The IDs of the created subnets." 3 | value = [for s in azurerm_subnet.postgresql_subnets : s.id] 4 | } 5 | 6 | output "vnet_id" { 7 | description = "The ID of the created virtual network." 8 | value = azurerm_virtual_network.postgresql.id 9 | } 10 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/certmanager_values.tftpl: -------------------------------------------------------------------------------- 1 | # values.yaml 2 | crds: 3 | enabled: true 4 | config: 5 | featureGates: 6 | # Disable the use of Exact PathType in Ingress resources, to work around a bug in ingress-nginx 7 | # https://github.com/kubernetes/ingress-nginx/issues/11176 8 | ACMEHTTP01IngressPathTypeExact: false 9 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/kind/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ../default 6 | 7 | patches: 8 | - path: manager_kind_patch.yaml 9 | target: 10 | kind: Deployment 11 | name: dis-pgsql-operator-controller-manager 12 | namespace: dis-pgsql-operator-system 13 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "insights_workspace_test_dp" { 2 | type = map(string) 3 | default = { 4 | "dp-be-test-insightsWorkspace" = "dp-be-test-rg" 5 | "dp-be-yt01-insightsWorkspace" = "dp-be-yt01-rg" 6 | } 7 | } 8 | 9 | variable "subs_to_monitor" { 10 | type = map(string) 11 | default = {} 12 | } 13 | -------------------------------------------------------------------------------- /flux/certm-lets-encrypt-dns-issuer/certificate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: wildcard-tls 5 | namespace: traefik 6 | spec: 7 | secretName: ssl-cert 8 | issuerRef: 9 | name: letsencrypt-production 10 | kind: ClusterIssuer 11 | dnsNames: 12 | - "${AZURE_DNS_ZONE_NAME}" 13 | - "*.${AZURE_DNS_ZONE_NAME}" 14 | -------------------------------------------------------------------------------- /flux/linkerd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - linkerd-root-ca-clusterissuer.yaml 5 | - namespace.yaml 6 | - values-ha.yaml 7 | - linkerd-root-ca-cert.yaml 8 | - linkerd-trust-anchor-issuer.yaml 9 | - linkerd-identity-issuer-cert.yaml 10 | - helmrepository.yaml 11 | - helmrelease.yaml 12 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_certmanager_values.tftpl: -------------------------------------------------------------------------------- 1 | # values.yaml 2 | crds: 3 | enabled: true 4 | config: 5 | featureGates: 6 | # Disable the use of Exact PathType in Ingress resources, to work around a bug in ingress-nginx 7 | # https://github.com/kubernetes/ingress-nginx/issues/11176 8 | ACMEHTTP01IngressPathTypeExact: false 9 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/crd/patches/cainjection_in_backends.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 7 | name: backends.apim.dis.altinn.cloud 8 | -------------------------------------------------------------------------------- /infrastructure/images/k6-action/default_scenarios/spike.json: -------------------------------------------------------------------------------- 1 | { 2 | "stages": [ 3 | { 4 | "duration": "1m", 5 | "target": 10 6 | }, 7 | { 8 | "duration": "1m", 9 | "target": 1000 10 | }, 11 | { 12 | "duration": "10s", 13 | "target": 0 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/foundational/outputs.tf: -------------------------------------------------------------------------------- 1 | output "k6tests_cluster_name" { 2 | value = azurerm_kubernetes_cluster.k6tests.name 3 | } 4 | 5 | output "k6tests_resource_group_name" { 6 | value = azurerm_resource_group.k6tests.name 7 | } 8 | 9 | output "k6tests_resource_group_location" { 10 | value = azurerm_resource_group.k6tests.location 11 | } 12 | -------------------------------------------------------------------------------- /infrastructure/modules/dns-child-zone/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azuread = { 4 | source = "hashicorp/azuread" 5 | version = "~> 3.0" 6 | } 7 | azurerm = { 8 | source = "hashicorp/azurerm" 9 | version = "~> 4.0" 10 | configuration_aliases = [ 11 | azurerm.parent_zone 12 | ] 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/samples/application_v1alpha1_applicationidentity.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: application.dis.altinn.cloud/v1alpha1 2 | kind: ApplicationIdentity 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-identity-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: applicationidentity-sample 8 | spec: 9 | # TODO(user): Add fields here 10 | -------------------------------------------------------------------------------- /flux/grafana-operator/post-deploy/external-grafana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: grafana.integreatly.org/v1beta1 2 | kind: Grafana 3 | metadata: 4 | name: external-grafana 5 | namespace: grafana 6 | labels: 7 | dashboards: "external-grafana" 8 | spec: 9 | external: 10 | url: "${EXTERNAL_GRAFANA_URL}" 11 | apiKey: 12 | name: grafana-admin-apikey 13 | key: GF_SECURITY_APIKEY 14 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-apim-test-rg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "subscription_id" { 2 | type = string 3 | } 4 | 5 | variable "admin_services_prod_subscription_id" { 6 | type = string 7 | } 8 | 9 | variable "location" { 10 | type = string 11 | default = "norwayeast" 12 | } 13 | 14 | variable "name_prefix" { 15 | type = string 16 | default = "altinn-apim-test" 17 | } -------------------------------------------------------------------------------- /services/dis-apim-operator/config/samples/apim_v1alpha1_backend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apim.dis.altinn.cloud/v1alpha1 2 | kind: Backend 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-apim-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: backend-sample 8 | spec: 9 | title: backend-sample 10 | description: Sample backend 11 | url: https://api.example.com 12 | -------------------------------------------------------------------------------- /infrastructure/modules/aks/flux.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_kubernetes_cluster_extension" "flux" { 2 | name = "flux" 3 | cluster_id = azurerm_kubernetes_cluster.aks.id 4 | extension_type = "microsoft.flux" 5 | configuration_settings = { 6 | "useKubeletIdentity" = "true" 7 | "autoUpgradeMinorVersion" = "true" 8 | "multiTenancy.enforce" = "false" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/rbac/metrics_auth_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: metrics-auth-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: metrics-auth-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/rbac/metrics_auth_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: metrics-auth-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: metrics-auth-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /infrastructure/modules/apim/output.tf: -------------------------------------------------------------------------------- 1 | output "apim_id" { 2 | value = azurerm_api_management.apim.id 3 | } 4 | 5 | output "apim_service_name" { 6 | value = azurerm_api_management.apim.name 7 | } 8 | 9 | output "apim_rg_name" { 10 | value = azurerm_resource_group.apim_rg.name 11 | } 12 | 13 | output "apim_default_logger_id" { 14 | value = azurerm_api_management_logger.apimlogger.id 15 | } 16 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/Dockerfile.test: -------------------------------------------------------------------------------- 1 | FROM k6-action-image:test 2 | COPY --from=golang:1.25-alpine@sha256:ac09a5f469f307e5da71e766b0bd59c9c49ea460a528cc3e6686513d64a6f1fb /usr/local/go/ /usr/local/go/ 3 | ENV PATH="/usr/local/go/bin:${PATH}" 4 | 5 | COPY actions/generate-k6-manifests /actions/generate-k6-manifests 6 | WORKDIR /actions/generate-k6-manifests 7 | RUN go mod download 8 | RUN go test -v ./... 9 | -------------------------------------------------------------------------------- /infrastructure/modules/dns-child-zone/output.tf: -------------------------------------------------------------------------------- 1 | output "azuread_cert_manager_client_id" { 2 | sensitive = true 3 | value = azuread_application.cert_manager_app.client_id 4 | } 5 | 6 | output "azurerm_dns_zone_name" { 7 | value = azurerm_dns_zone.child_zone.name 8 | } 9 | 10 | output "azurerm_dns_zone_resource_group_name" { 11 | value = azurerm_dns_zone.child_zone.resource_group_name 12 | } 13 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/example_configfiles/v4.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | contexts: 5 | - environment: at22 6 | test_run: 7 | name: "get-deployments" 8 | test_type: 9 | type: spike # Check Grafana to see the spike 10 | enabled: true 11 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | contact_links: 2 | - name: 🙋🏾 Question 3 | url: https://github.com/Altinn/altinn-platform/discussions/categories/q-a 4 | about: If you have a question for Team-Platform open a Q-A Discussion 5 | - name: 🤔 Request for comment 6 | url: https://github.com/Altinn/altinn-platform/discussions/categories/request-for-comments 7 | about: Create a RFC for a large enhancement or change in our solution -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/example_configfiles/v8.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | contexts: 5 | - environment: at22 6 | node_type: default 7 | test_run: 8 | name: get-deployments 9 | secrets: 10 | - super-secret-1 11 | - super-secret-2 12 | -------------------------------------------------------------------------------- /flux/helm-uninstall-outdated-apps/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: helm-uninstall-outdated-apps 5 | namespace: default 6 | subjects: 7 | - kind: ServiceAccount 8 | name: helm-uninstall-outdated-apps 9 | namespace: default 10 | roleRef: 11 | kind: Role 12 | name: helm-uninstall-outdated-apps 13 | apiGroup: rbac.authorization.k8s.io 14 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/rbac/metrics_auth_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-auth-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/rbac/metrics_auth_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-auth-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/rbac/metrics_auth_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-auth-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/example_configfiles/v12.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | contexts: 5 | - environment: at22 6 | test_run: 7 | test_type: 8 | type: functional 9 | enabled: true 10 | config_file: "" 11 | id: at22-pre-determined 12 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/sealsedsecrets.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "sealed_secrets" { 2 | lint = true 3 | name = "sealedsecrets" 4 | namespace = "sealedsecrets-system" 5 | create_namespace = true 6 | repository = "https://bitnami-labs.github.io/sealed-secrets" 7 | chart = "sealed-secrets" 8 | version = "2.17.9" 9 | } 10 | -------------------------------------------------------------------------------- /flux/grafana-operator/fqdn-to-azure-grafana/middleware.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: Middleware 3 | metadata: 4 | name: redirect-grafana-fqdn-to-azure-grafana 5 | namespace: traefik 6 | spec: 7 | redirectRegex: 8 | permanent: true 9 | # Redirect entire host preserving path and query 10 | regex: ^https?://${REDIRECT_GRAFANA_FROM_FQDN}(.*) 11 | replacement: https://${REDIRECT_GRAFANA_TO_FQDN}$1 12 | -------------------------------------------------------------------------------- /flux/otel-collector/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## [1.0.1](https://github.com/Altinn/altinn-platform/compare/flux-oci-otel-collector-v1.0.0...flux-oci-otel-collector-v1.0.1) (2025-11-27) 4 | 5 | 6 | ### Bug Fixes 7 | 8 | * Point OpenTelemetry images to altinncr GHCR ([#2469](https://github.com/Altinn/altinn-platform/issues/2469)) ([32fd188](https://github.com/Altinn/altinn-platform/commit/32fd188f3c1604204639aceabcca9cb5256a4ca5)) 9 | -------------------------------------------------------------------------------- /libs/k6/src/token_generator/config.js: -------------------------------------------------------------------------------- 1 | const config = { 2 | altinnTestToolsBaseUrl: 3 | 'https://altinn-testtools-token-generator.azurewebsites.net', 4 | getEnterpriseTokenUrl: 5 | 'https://altinn-testtools-token-generator.azurewebsites.net/api/GetEnterpriseToken', 6 | getPersonalTokenUrl: 7 | 'https://altinn-testtools-token-generator.azurewebsites.net/api/GetPersonalToken', 8 | }; 9 | 10 | export { config }; 11 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-apim-test-rg/apim.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_api_management" "admin_test_apim" { 2 | name = "${var.name_prefix}-apim" 3 | location = azurerm_resource_group.rg.location 4 | resource_group_name = azurerm_resource_group.rg.name 5 | publisher_name = "Team-Platform" 6 | publisher_email = "test-team-platform@ai-dev.no" 7 | 8 | sku_name = "Developer_1" 9 | } 10 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/example_configfiles/v5.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | contexts: 5 | - environment: at22 6 | test_run: 7 | name: "get-deployments" 8 | - environment: yt01 9 | test_run: 10 | name: "get-deployments" # Check Grafana to see metrics for both envs 11 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/test_service/conf.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | env_file: actions/generate-k6-manifests/test_service/env_file.env 5 | contexts: 6 | - environment: at22 7 | node_type: "default" 8 | test_run: 9 | env: 10 | - name: FOO 11 | value: BAR 12 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/ama-metrics-settings-configmap/README.md: -------------------------------------------------------------------------------- 1 | # AMA Metrics Settings Configuration 2 | 3 | This directory contains the Azure Monitor Agent (AMA) settings configuration that controls which metrics are collected from the Kubernetes cluster. 4 | 5 | The configuration enables/disables various metric collectors (kubelet, cadvisor, kubestate, etc.) and sets scrape intervals and namespaces for pod annotation-based scraping. -------------------------------------------------------------------------------- /services/dis-identity-operator/internal/utils/controller.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 4 | 5 | // IsOwnedBy checks if the given object is owned by the specified owner. 6 | func IsOwnedBy(object metav1.Object, owner metav1.Object) bool { 7 | for _, ref := range object.GetOwnerReferences() { 8 | if ref.UID == owner.GetUID() { 9 | return true 10 | } 11 | } 12 | return false 13 | } 14 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/ama-metrics-prometheus-config/README.md: -------------------------------------------------------------------------------- 1 | # AMA Metrics Prometheus Configuration 2 | 3 | This directory contains the Prometheus configuration for Azure Monitor Agent (AMA) to scrape Traefik metrics from the `altinn-traefik-metrics` service in the `traefik` namespace. 4 | 5 | The configuration filters metrics to only include specific Traefik metrics and routes them to the centralized monitoring account in Azure Monitor. -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/example_configfiles/v9.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | env_file: actions/generate-k6-manifests/test_service/env_file.env 5 | contexts: 6 | - environment: at22 7 | node_type: "default" 8 | test_run: 9 | env: 10 | - name: FOO 11 | value: BAR 12 | -------------------------------------------------------------------------------- /infrastructure/modules/observability/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.9.0" 3 | 4 | required_providers { 5 | azurerm = { 6 | source = "hashicorp/azurerm" 7 | version = ">= 4.42.0" 8 | } 9 | azuread = { 10 | source = "hashicorp/azuread" 11 | version = ">= 3.6.0" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | version = ">= 3.7.2" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /services/lakmus/manifests/.gitignore: -------------------------------------------------------------------------------- 1 | # node / tooling 2 | node_modules/ 3 | .npmrc 4 | package-lock.json#* # npm conflict files 5 | 6 | # cdk8s outputs 7 | dist/ 8 | cdk8s.out/ 9 | .cdk8s/ 10 | .jssi/ 11 | jsii/ 12 | coverage/ 13 | 14 | # tests (if you’re not keeping them) 15 | __snapshots__/ 16 | 17 | # OS/editor junk 18 | .DS_Store 19 | *.swp 20 | 21 | 22 | # don't commit compiled artifacts from imports/ 23 | imports/*.js 24 | imports/*.d.ts 25 | -------------------------------------------------------------------------------- /infrastructure/modules/dns-child-zone/ns-records.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_dns_ns_record" "child_zone" { 2 | name = replace(azurerm_dns_zone.child_zone.name, "/\\.${var.parent_dns_zone_name}$/", "") 3 | zone_name = var.parent_dns_zone_name 4 | resource_group_name = var.parent_dns_zone_rg 5 | ttl = 300 6 | records = azurerm_dns_zone.child_zone.name_servers 7 | provider = azurerm.parent_zone 8 | } 9 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/example_configfiles/v2.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | config_file: actions/generate-k6-manifests/test_service/test_configs/default.json # Tweak the threshold value to make it obvious 5 | contexts: 6 | - environment: at22 7 | node_type: "default" 8 | test_run: 9 | name: "get-deployments" 10 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/base/dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - altinn-blackbox-exporter.yaml 5 | - altinn-publicip.yaml 6 | - altinn-traefik-official.yaml 7 | - fluxcd-flux-cluster-stats.yaml 8 | - fluxcd-flux-control-plane.yaml 9 | - fluxcd-gitops-flux-application-deployments-dashboard.yaml 10 | - linkerd-daemonset.yaml 11 | - linkerd-deployment.yaml 12 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-apim-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: webhook-service 8 | namespace: system 9 | spec: 10 | ports: 11 | - port: 443 12 | protocol: TCP 13 | targetPort: 9443 14 | selector: 15 | control-plane: controller-manager 16 | app.kubernetes.io/name: dis-apim-operator 17 | -------------------------------------------------------------------------------- /tools/disctl/internal/version/version.go: -------------------------------------------------------------------------------- 1 | package version 2 | 3 | var ( 4 | // Dummy dev values, replaced during build 5 | // with ldflags 6 | version = "dev" 7 | commit = "" 8 | date = "1970-01-01T00:00:00Z" 9 | ) 10 | 11 | type VersionInfo struct { 12 | Version string 13 | Commit string 14 | Date string 15 | } 16 | 17 | func Get() VersionInfo { 18 | return VersionInfo{ 19 | Version: version, 20 | Commit: commit, 21 | Date: date, 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/pyrra.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "pyrra" { 2 | lint = true 3 | name = "pyrra" 4 | namespace = "pyrra-system" 5 | create_namespace = true 6 | repository = "https://rlex.github.io/helm-charts" 7 | chart = "pyrra" 8 | version = "0.14.3" 9 | set = [ 10 | { 11 | name = "genericRules.enabled" 12 | value = "true" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /infrastructure/images/gh-runner/.trivyignore: -------------------------------------------------------------------------------- 1 | # Backages provided by Github through their runner image. Should be handled upstream. 2 | CVE-2024-21538 3 | CVE-2025-22874 4 | 5 | # database/sql: Postgres Scan Race Condition https://avd.aquasec.com/nvd/cve-2025-47907 6 | CVE-2025-47907 7 | 8 | # CVE-2025-52881: opencontainers/selinux (HIGH) – fixed in v1.13.0 9 | CVE-2025-52881 10 | 11 | # glob CLI: Command injection via -c/--cmd executes matches with shell:true 12 | CVE-2025-64756 13 | -------------------------------------------------------------------------------- /infrastructure/modules/apim/apim.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_api_management" "apim" { 2 | name = "${var.prefix}-${var.environment}-${random_string.apim_random_part.result}-apim" 3 | location = azurerm_resource_group.apim_rg.location 4 | resource_group_name = azurerm_resource_group.apim_rg.name 5 | publisher_name = var.publisher 6 | publisher_email = var.publisher_email 7 | sku_name = var.sku_name 8 | tags = var.tags 9 | } 10 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-apim-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: manager-rolebinding 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: manager-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: controller-manager 15 | namespace: system 16 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-pgsql-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: manager-rolebinding 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: manager-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: controller-manager 15 | namespace: system 16 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_sealsedsecrets.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "sealed_secrets" { 2 | depends_on = [azurerm_kubernetes_cluster.k6tests] 3 | lint = true 4 | name = "sealedsecrets" 5 | namespace = "sealedsecrets-system" 6 | create_namespace = true 7 | repository = "https://bitnami-labs.github.io/sealed-secrets" 8 | chart = "sealed-secrets" 9 | version = "2.17.9" 10 | } 11 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-identity-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: manager-rolebinding 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: manager-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: controller-manager 15 | namespace: system 16 | -------------------------------------------------------------------------------- /actions/send-ci-cd-trace/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://json.schemastore.org/tsconfig", 3 | "compilerOptions": { 4 | "target": "ES2020", 5 | "module": "CommonJS", 6 | "moduleResolution": "Node", 7 | "rootDir": "./src", 8 | "outDir": "./dist", 9 | "strict": true, 10 | "esModuleInterop": true, 11 | "skipLibCheck": true 12 | }, 13 | "exclude": [ 14 | "./dist", 15 | "./node_modules", 16 | "./__tests__", 17 | "./coverage" 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/base/dashboards/altinn-publicip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: grafana.integreatly.org/v1beta1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: external-grafana-altinn-publicip 5 | namespace: grafana 6 | spec: 7 | folderRef: external-grafana-altinn 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "external-grafana" 11 | url: "https://raw.githubusercontent.com/Altinn/altinn-dashboards-grafana/${RELEASE_BRANCH:=release}/dashboards/altinn/publicip.json" 12 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-apim-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: leader-election-rolebinding 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: leader-election-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: controller-manager 15 | namespace: system 16 | -------------------------------------------------------------------------------- /flux/altinn-uptime/README.md: -------------------------------------------------------------------------------- 1 | # Altinn Uptime Monitoring 2 | 3 | Auto-generates ServiceMonitors for Altinn organizations using Prometheus Blackbox Exporter. 4 | 5 | ## Configuration 6 | 7 | - **Extra targets**: Edit `configmaps/extra-targets.yaml` 8 | - **Maintenance**: Edit `configmaps/maintenance-targets.yaml` 9 | - **Script**: Edit `scripts/generate_targets.sh` 10 | 11 | ## Manual Run 12 | 13 | ```bash 14 | kubectl create job --from=cronjob/altinn-uptime-sync manual-$(date +%s) -n monitoring 15 | ``` 16 | -------------------------------------------------------------------------------- /infrastructure/altinn-auth-test/auth-at22-aks-rg/dns.tf: -------------------------------------------------------------------------------- 1 | module "dns-child-zone" { 2 | depends_on = [module.aks] 3 | source = "../../modules/dns-child-zone" 4 | providers = { 5 | azurerm.parent_zone = azurerm.parent_zone 6 | } 7 | prefix = var.team_name 8 | environment = var.environment 9 | cluster_ipv4_address = module.aks.pip4_ip_address 10 | cluster_ipv6_address = module.aks.pip6_ip_address 11 | oidc_issuer_url = module.aks.aks_oidc_issuer_url 12 | } 13 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-pgsql-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: leader-election-rolebinding 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: leader-election-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: controller-manager 15 | namespace: system 16 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/action.yml: -------------------------------------------------------------------------------- 1 | name: "k6-tests-manifests-generator" 2 | description: "Generates the manifests needed to run k6 tests in k8s" 3 | inputs: 4 | config_file: 5 | description: "The config file with the information needed to generate the manifests" 6 | required: true 7 | 8 | command_line_args: 9 | description: "Command line arguments to pass to the k6 run command" 10 | required: false 11 | default: "" 12 | 13 | runs: 14 | using: "docker" 15 | image: "Dockerfile" 16 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/metrics-server/metrics-server-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: metrics-server-config 5 | namespace: kube-system 6 | labels: 7 | kubernetes.io/cluster-service: "true" 8 | addonmanager.kubernetes.io/mode: EnsureExists 9 | data: 10 | NannyConfiguration: |- 11 | apiVersion: nannyconfig/v1alpha1 12 | kind: NannyConfiguration 13 | baseCPU: 100m 14 | cpuPerNode: 1m 15 | baseMemory: 100Mi 16 | memoryPerNode: 8Mi 17 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/base/dashboards/linkerd-daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: grafana.integreatly.org/v1beta1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: external-grafana-linkerd-daemonset 5 | namespace: grafana 6 | spec: 7 | folderRef: external-grafana-linkerd 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "external-grafana" 11 | url: "https://raw.githubusercontent.com/Altinn/altinn-dashboards-grafana/${RELEASE_BRANCH:=release}/dashboards/linkerd/daemonset.json" 12 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/base/dashboards/linkerd-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: grafana.integreatly.org/v1beta1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: external-grafana-linkerd-deployment 5 | namespace: grafana 6 | spec: 7 | folderRef: external-grafana-linkerd 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "external-grafana" 11 | url: "https://raw.githubusercontent.com/Altinn/altinn-dashboards-grafana/${RELEASE_BRANCH:=release}/dashboards/linkerd/deployment.json" 12 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: dis-identity-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: leader-election-rolebinding 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: leader-election-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: controller-manager 15 | namespace: system 16 | -------------------------------------------------------------------------------- /infrastructure/altinn-correspondence-test/corr-at22-aks-rg/dns.tf: -------------------------------------------------------------------------------- 1 | module "dns-child-zone" { 2 | depends_on = [module.aks] 3 | source = "../../modules/dns-child-zone" 4 | providers = { 5 | azurerm.parent_zone = azurerm.parent_zone 6 | } 7 | prefix = var.team_name 8 | environment = var.environment 9 | cluster_ipv4_address = module.aks.pip4_ip_address 10 | cluster_ipv6_address = module.aks.pip6_ip_address 11 | oidc_issuer_url = module.aks.aks_oidc_issuer_url 12 | } 13 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/rbac/metrics_auth_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: metrics-auth-rolebinding 5 | labels: 6 | app.kubernetes.io/name: dis-identity-operator 7 | app.kubernetes.io/managed-by: kustomize 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: metrics-auth-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: controller-manager 15 | namespace: system 16 | -------------------------------------------------------------------------------- /tools/disctl/.gitignore: -------------------------------------------------------------------------------- 1 | # Output of the `go build` command 2 | *.out 3 | 4 | # Directories for Go tools 5 | bin/ 6 | dist/ 7 | 8 | # Go test binary and coverage profiles 9 | *.test 10 | *.coverprofile 11 | *.cov 12 | *.out 13 | *.cover 14 | 15 | # IDE and editor-specific files 16 | .vscode/ 17 | .idea/ 18 | 19 | 20 | # Git-specific files 21 | .gitattributes 22 | .gitmodules 23 | .git/ 24 | 25 | # Common build system files 26 | .env 27 | 28 | # Godoc 29 | .doc/ 30 | 31 | # System files 32 | .DS_Store 33 | Thumbs.db 34 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/metrics-server-config/metrics-server-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: metrics-server-config 5 | namespace: kube-system 6 | labels: 7 | kubernetes.io/cluster-service: "true" 8 | addonmanager.kubernetes.io/mode: EnsureExists 9 | data: 10 | NannyConfiguration: |- 11 | apiVersion: nannyconfig/v1alpha1 12 | kind: NannyConfiguration 13 | baseCPU: 100m 14 | cpuPerNode: 1m 15 | baseMemory: 100Mi 16 | memoryPerNode: 8Mi 17 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/base/dashboards/altinn-traefik-official.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: grafana.integreatly.org/v1beta1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: external-grafana-altinn-traefik-official 5 | namespace: grafana 6 | spec: 7 | folderRef: external-grafana-altinn 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "external-grafana" 11 | url: "https://raw.githubusercontent.com/Altinn/altinn-dashboards-grafana/${RELEASE_BRANCH:=release}/dashboards/altinn/traefik-official.json" 12 | -------------------------------------------------------------------------------- /services/lakmus/.gitignore: -------------------------------------------------------------------------------- 1 | # Output of the `go build` command 2 | *.out 3 | 4 | # Directories for Go tools 5 | bin/ 6 | dist/ 7 | 8 | # Go test binary and coverage profiles 9 | *.test 10 | *.coverprofile 11 | *.cov 12 | *.out 13 | *.cover 14 | 15 | # IDE and editor-specific files 16 | .vscode/ 17 | .idea/ 18 | 19 | 20 | # Git-specific files 21 | .gitattributes 22 | .gitmodules 23 | .git/ 24 | 25 | # Common build system files 26 | .env 27 | 28 | # Godoc 29 | .doc/ 30 | 31 | # System files 32 | .DS_Store 33 | Thumbs.db 34 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/base/dashboards/altinn-blackbox-exporter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: grafana.integreatly.org/v1beta1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: external-grafana-altinn-blackbox-exporter 5 | namespace: grafana 6 | spec: 7 | folderRef: external-grafana-altinn 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "external-grafana" 11 | url: "https://raw.githubusercontent.com/Altinn/altinn-dashboards-grafana/${RELEASE_BRANCH:=release}/dashboards/altinn/blackbox-exporter.json" 12 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/base/dashboards/fluxcd-flux-cluster-stats.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: grafana.integreatly.org/v1beta1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: external-grafana-fluxcd-flux-cluster-stats 5 | namespace: grafana 6 | spec: 7 | folderRef: external-grafana-fluxcd 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "external-grafana" 11 | url: "https://raw.githubusercontent.com/Altinn/altinn-dashboards-grafana/${RELEASE_BRANCH:=release}/dashboards/fluxcd/flux-cluster-stats.json" 12 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/base/dashboards/fluxcd-flux-control-plane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: grafana.integreatly.org/v1beta1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: external-grafana-fluxcd-flux-control-plane 5 | namespace: grafana 6 | spec: 7 | folderRef: external-grafana-fluxcd 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "external-grafana" 11 | url: "https://raw.githubusercontent.com/Altinn/altinn-dashboards-grafana/${RELEASE_BRANCH:=release}/dashboards/fluxcd/flux-control-plane.json" 12 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-redirect/ingressroute.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: IngressRoute 3 | metadata: 4 | name: kube-prometheus-stack-grafana 5 | namespace: traefik 6 | spec: 7 | entryPoints: 8 | - https 9 | routes: 10 | - kind: Rule 11 | match: Host(`${K8S_DNS_NAME}`) && PathPrefix(`/monitor`) 12 | middlewares: 13 | - name: redirect-to-azure-grafana 14 | namespace: traefik 15 | services: 16 | - kind: TraefikService 17 | name: noop@internal 18 | -------------------------------------------------------------------------------- /infrastructure/modules/grafana/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azuread = { 4 | source = "hashicorp/azuread" 5 | version = ">= 3.1.0" 6 | } 7 | azurerm = { 8 | source = "hashicorp/azurerm" 9 | version = ">= 4.0.0" 10 | } 11 | grafana = { 12 | source = "grafana/grafana" 13 | version = ">= 3.0.0" 14 | } 15 | http = { 16 | source = "hashicorp/http" 17 | } 18 | time = { 19 | source = "hashicorp/time" 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/crd/patches/webhook_in_backends.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: backends.apim.dis.altinn.cloud 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/example_configfiles/v11.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 4 | contexts: 5 | - environment: at22 6 | test_type: 7 | type: browser 8 | enabled: true 9 | test_run: 10 | env: 11 | - name: ZZZ 12 | value: "Something" 13 | - name: K6_PROMETHEUS_RW_TREND_STATS 14 | value: "avg,count,min,med,max,p(75),p(95)" 15 | -------------------------------------------------------------------------------- /actions/send-ci-cd-trace/.gitignore: -------------------------------------------------------------------------------- 1 | # Node Modules 2 | node_modules/ 3 | 4 | # Build Output 5 | coverage/ 6 | dist/ 7 | 8 | # TypeScript Cache and Output 9 | *.tsbuildinfo 10 | 11 | # Logs 12 | npm-debug.log* 13 | yarn-debug.log* 14 | yarn-error.log* 15 | pnpm-debug.log* 16 | 17 | # OS Specific Files 18 | .DS_Store 19 | Thumbs.db 20 | 21 | # Environment Variables 22 | .env 23 | .env.local 24 | .env.*.local 25 | 26 | # IDE/Editor Specific Files 27 | .idea/ 28 | .vscode/ 29 | *.swp 30 | *.swo 31 | *.swn 32 | 33 | # Tests 34 | __tests__/ 35 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/certmanager.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "certmanager" { 2 | // depends_on = [ ] 3 | lint = true 4 | name = "certmanager" 5 | namespace = "certmanager" 6 | create_namespace = true 7 | repository = "https://charts.jetstack.io" 8 | chart = "cert-manager" // jetstack/cert-manager 9 | version = "v1.19.1" 10 | 11 | values = [ 12 | "${templatefile("${path.module}/certmanager_values.tftpl", {})}" 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/k6_operator.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "k6_operator" { 2 | depends_on = [helm_release.prometheus_operator_crds] 3 | lint = true 4 | name = "k6-operator" 5 | namespace = "k6-operator-system" 6 | create_namespace = true 7 | repository = "https://grafana.github.io/helm-charts" 8 | chart = "k6-operator" 9 | version = "4.1.1" 10 | values = [file("${path.module}/k6_operator_values.yaml")] 11 | } 12 | -------------------------------------------------------------------------------- /services/dis-apim-operator/internal/azure/azureclient_enums.go: -------------------------------------------------------------------------------- 1 | package azure 2 | 3 | // DiagnosticsType Internal enum that holds the allowed values for diagnosticsId in the APIM api 4 | type DiagnosticsType string 5 | 6 | const ( 7 | // DiagnosticsIdAzureMonitor - Azure Monitor diagnostics settings id. 8 | DiagnosticsIdAzureMonitor DiagnosticsType = "azuremonitor" 9 | // DiagnosticsIdApplicationInsights - Application Insights diagnostics settings id. 10 | DiagnosticsIdApplicationInsights DiagnosticsType = "applicationinsights" 11 | ) 12 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/test_service/k8s_wrapper/get_daemonsets.js: -------------------------------------------------------------------------------- 1 | import { check } from 'k6'; 2 | import http from 'k6/http'; 3 | import { sleep } from 'k6'; 4 | import exec from 'k6/execution'; 5 | 6 | export function setup() { 7 | console.log(JSON.stringify(exec.test.options, null, "\t")) 8 | } 9 | 10 | export default function () { 11 | const res = http.get(`${__ENV.BASE_URL}/kuberneteswrapper/api/v1/DaemonSets`) 12 | check(res, { 13 | 'is status 200': (r) => r.status === 200, 14 | }); 15 | sleep(1); 16 | } 17 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js: -------------------------------------------------------------------------------- 1 | import { check } from 'k6'; 2 | import http from 'k6/http'; 3 | import { sleep } from 'k6'; 4 | import exec from 'k6/execution'; 5 | 6 | export function setup() { 7 | console.log(JSON.stringify(exec.test.options, null, "\t")) 8 | } 9 | 10 | export default function () { 11 | const res = http.get(`${__ENV.BASE_URL}/kuberneteswrapper/api/v1/Deployments`) 12 | check(res, { 13 | 'is status 200': (r) => r.status === 200, 14 | }); 15 | sleep(1); 16 | } 17 | -------------------------------------------------------------------------------- /flux/grafana-operator/fqdn-to-azure-grafana/ingressroute.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: IngressRoute 3 | metadata: 4 | name: redirect-grafana-fqdn-to-azure-grafana 5 | namespace: traefik 6 | spec: 7 | entryPoints: 8 | - https 9 | routes: 10 | - kind: Rule 11 | match: Host(`${REDIRECT_GRAFANA_FROM_FQDN}`) 12 | middlewares: 13 | - name: redirect-grafana-fqdn-to-azure-grafana 14 | namespace: traefik 15 | services: 16 | - kind: TraefikService 17 | name: noop@internal 18 | -------------------------------------------------------------------------------- /flux/grafana-operator/grafana-manifests/apps/dashboards/altinn-pod-console-error-logs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: grafana.integreatly.org/v1beta1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: external-grafana-altinn-pod-console-error-logs 5 | namespace: grafana 6 | spec: 7 | folderRef: external-grafana-altinn 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "external-grafana" 11 | url: "https://raw.githubusercontent.com/Altinn/altinn-dashboards-grafana/${RELEASE_BRANCH:=release}/dashboards/altinn/pod-console-error-logs.json" 12 | -------------------------------------------------------------------------------- /tools/disctl/pkg/altinn/testdata/testgetenvironments/valid_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "environments": [ 3 | { 4 | "platformUrl": "https://a.com", 5 | "hostname": "a.com", 6 | "appPrefix": "apps", 7 | "platformPrefix": "platform", 8 | "name": "dev", 9 | "type": "test" 10 | }, 11 | { 12 | "platformUrl": "https://b.com", 13 | "hostname": "b.com", 14 | "appPrefix": "apps", 15 | "platformPrefix": "platform", 16 | "name": "prod", 17 | "type": "production" 18 | } 19 | ] 20 | } -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_pyrra.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "pyrra" { 2 | depends_on = [azurerm_kubernetes_cluster.k6tests] 3 | lint = true 4 | name = "pyrra" 5 | namespace = "pyrra-system" 6 | create_namespace = true 7 | repository = "https://rlex.github.io/helm-charts" 8 | chart = "pyrra" 9 | version = "0.14.3" 10 | set = [ 11 | { 12 | name = "genericRules.enabled" 13 | value = "true" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/ingress-nginx-controller.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "ingress_nginx" { 2 | // depends_on = [] 3 | lint = true 4 | name = "ingress-nginx" 5 | namespace = "ingress-nginx" 6 | create_namespace = true 7 | repository = "https://kubernetes.github.io/ingress-nginx" 8 | chart = "ingress-nginx" 9 | version = "4.14.0" 10 | values = [ 11 | "${templatefile("${path.module}/ingress-nginx_values.tftpl", {})}" 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /tools/disctl/cmd/version.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | 6 | "github.com/altinn/altinn-platform/disctl/internal/version" 7 | "github.com/spf13/cobra" 8 | ) 9 | 10 | var BuildInfo version.VersionInfo 11 | 12 | var versionCmd = &cobra.Command{ 13 | Use: "version", 14 | Short: "Print the build information for disctl", 15 | RunE: func(cmd *cobra.Command, args []string) error { 16 | fmt.Printf("Dis version: %s\nCommit: %s\nBuild Date: %s\n", BuildInfo.Version, BuildInfo.Commit, BuildInfo.Date) 17 | return nil 18 | }, 19 | } 20 | -------------------------------------------------------------------------------- /tools/disctl/pkg/kube/app.go: -------------------------------------------------------------------------------- 1 | package kube 2 | 3 | import ( 4 | "github.com/altinn/altinn-platform/disctl/pkg/util" 5 | ) 6 | 7 | type AppInfo struct { 8 | Version string `json:"version"` 9 | Release string `json:"release"` 10 | } 11 | 12 | type AppVersions struct { 13 | AppName string 14 | Versions map[string]string // Map of environment to version 15 | } 16 | 17 | func GetAppInfos(url string) ([]AppInfo, error) { 18 | r, err := util.RequestArray[AppInfo](url) 19 | if err != nil { 20 | return nil, err 21 | } 22 | return r, nil 23 | } 24 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/default/metrics_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | app.kubernetes.io/name: dis-apim-operator 7 | app.kubernetes.io/managed-by: kustomize 8 | name: controller-manager-metrics-service 9 | namespace: system 10 | spec: 11 | ports: 12 | - name: https 13 | port: 8443 14 | protocol: TCP 15 | targetPort: 8443 16 | selector: 17 | control-plane: controller-manager 18 | app.kubernetes.io/name: dis-apim-operator 19 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/default/metrics_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | app.kubernetes.io/name: dis-pgsql-operator 7 | app.kubernetes.io/managed-by: kustomize 8 | name: controller-manager-metrics-service 9 | namespace: system 10 | spec: 11 | ports: 12 | - name: https 13 | port: 8443 14 | protocol: TCP 15 | targetPort: 8443 16 | selector: 17 | control-plane: controller-manager 18 | app.kubernetes.io/name: dis-pgsql-operator 19 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_k6_operator.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "k6_operator" { 2 | depends_on = [azurerm_kubernetes_cluster.k6tests] 3 | lint = true 4 | name = "k6-operator" 5 | namespace = "k6-operator-system" 6 | create_namespace = true 7 | repository = "https://grafana.github.io/helm-charts" 8 | chart = "k6-operator" 9 | version = "4.1.1" 10 | values = ["${file("${path.module}/k6_tests_rg_k6_operator_values.yaml")}"] 11 | } 12 | -------------------------------------------------------------------------------- /flux/linkerd/linkerd-root-ca-cert.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: linkerd-root-ca 5 | namespace: linkerd 6 | spec: 7 | isCA: true 8 | literalSubject: CN=root.linkerd.cluster.local 9 | secretName: linkerd-trust-anchor 10 | duration: 87600h 11 | renewBefore: 1460h 12 | usages: ["cert sign", "crl sign"] 13 | privateKey: 14 | rotationPolicy: Always 15 | algorithm: ECDSA 16 | size: 256 17 | revisionHistoryLimit: 3 18 | issuerRef: 19 | name: linkerd-root-ca 20 | kind: ClusterIssuer 21 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/certmanager/issuer.yaml: -------------------------------------------------------------------------------- 1 | # The following manifest contains a self-signed issuer CR. 2 | # More information can be found at https://docs.cert-manager.io 3 | # WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. 4 | apiVersion: cert-manager.io/v1 5 | kind: Issuer 6 | metadata: 7 | labels: 8 | app.kubernetes.io/name: dis-apim-operator 9 | app.kubernetes.io/managed-by: kustomize 10 | name: selfsigned-issuer 11 | namespace: system 12 | spec: 13 | selfSigned: {} 14 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | 4 | # [PROMETHEUS-WITH-CERTS] The following patch configures the ServiceMonitor in ../prometheus 5 | # to securely reference certificates created and managed by cert-manager. 6 | # Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml 7 | # to mount the "metrics-server-cert" secret in the Manager Deployment. 8 | #patches: 9 | # - path: monitor_tls_patch.yaml 10 | # target: 11 | # kind: ServiceMonitor 12 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/default/metrics_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | app.kubernetes.io/name: dis-identity-operator 7 | app.kubernetes.io/managed-by: kustomize 8 | name: controller-manager-metrics-service 9 | namespace: system 10 | spec: 11 | ports: 12 | - name: https 13 | port: 8443 14 | protocol: TCP 15 | targetPort: 8443 16 | selector: 17 | control-plane: controller-manager 18 | app.kubernetes.io/name: dis-identity-operator 19 | -------------------------------------------------------------------------------- /flux/altinn-uptime/post-deploy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: monitoring 4 | 5 | resources: 6 | - ../configmaps/extra-targets.yaml 7 | - ../configmaps/maintenance-targets.yaml 8 | - run-job-on-deploy.yaml 9 | 10 | configMapGenerator: 11 | - name: altinn-uptime-generate-targets 12 | files: 13 | - generate_targets.sh=../scripts/generate_targets.sh 14 | options: 15 | labels: 16 | app.kubernetes.io/name: altinn-uptime 17 | app.kubernetes.io/component: config 18 | -------------------------------------------------------------------------------- /infrastructure/adminservices-prod/altinncr/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = "~> 4.0" 6 | } 7 | } 8 | backend "azurerm" { 9 | use_azuread_auth = true 10 | } 11 | } 12 | 13 | provider "azurerm" { 14 | subscription_id = var.subscription_id 15 | features {} 16 | resource_providers_to_register = [ 17 | "Microsoft.Monitor", 18 | "Microsoft.AlertsManagement", 19 | "Microsoft.Dashboard", 20 | "Microsoft.KubernetesConfiguration" 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /infrastructure/images/k6-image/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.25-alpine@sha256:ac09a5f469f307e5da71e766b0bd59c9c49ea460a528cc3e6686513d64a6f1fb AS builder 2 | RUN apk update && apk upgrade && apk add git 3 | 4 | RUN go install go.k6.io/xk6/cmd/xk6@latest 5 | 6 | RUN xk6 build \ 7 | --with github.com/grafana/xk6-dns \ 8 | --with github.com/grafana/xk6-tls \ 9 | --with github.com/phymbert/xk6-sse \ 10 | --output /k6 11 | 12 | FROM grafana/k6:1.4.2@sha256:3656673de3f30424e8ebcfa46acd9558d83b6a43612d0f668ffeac953950c6c7 13 | COPY --from=builder /k6 /usr/bin/k6 14 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | 4 | # [PROMETHEUS-WITH-CERTS] The following patch configures the ServiceMonitor in ../prometheus 5 | # to securely reference certificates created and managed by cert-manager. 6 | # Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml 7 | # to mount the "metrics-server-cert" secret in the Manager Deployment. 8 | #patches: 9 | # - path: monitor_tls_patch.yaml 10 | # target: 11 | # kind: ServiceMonitor 12 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | 4 | # [PROMETHEUS-WITH-CERTS] The following patch configures the ServiceMonitor in ../prometheus 5 | # to securely reference certificates created and managed by cert-manager. 6 | # Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml 7 | # to mount the "metrics-server-cert" secret in the Manager Deployment. 8 | #patches: 9 | # - path: monitor_tls_patch.yaml 10 | # target: 11 | # kind: ServiceMonitor 12 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/default_scenarios.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | type BreakpointConfig struct { 4 | Executor string `json:"executor"` 5 | Stages []Stage `json:"stages"` 6 | Thresholds map[string][]Threshold `json:"thresholds"` 7 | } 8 | 9 | type Stage struct { 10 | Duration string `json:"duration"` 11 | Target int `json:"target"` 12 | } 13 | 14 | type Threshold struct { 15 | Threshold string `json:"threshold"` 16 | AbortOnFail bool `json:"abortOnFail"` 17 | DelayAbortEval string `json:"delayAbortEval"` 18 | } 19 | -------------------------------------------------------------------------------- /flux/altinn-uptime/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: monitoring 5 | 6 | resources: 7 | - configmaps/extra-targets.yaml 8 | - configmaps/maintenance-targets.yaml 9 | - serviceaccount.yaml 10 | - rbac.yaml 11 | - cronjob.yaml 12 | 13 | configMapGenerator: 14 | - name: altinn-uptime-generate-targets 15 | files: 16 | - generate_targets.sh=scripts/generate_targets.sh 17 | options: 18 | labels: 19 | app.kubernetes.io/name: altinn-uptime 20 | app.kubernetes.io/component: config 21 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/rbac-authorization-k8s/README.md: -------------------------------------------------------------------------------- 1 | # RBAC Authorization Configuration 2 | 3 | This directory contains the RBAC configuration that grants read access to all Kubernetes resources and restart capabilities to an Entra ID group. 4 | 5 | The configuration requires the `${AKS_READ_EVERYTHING_AND_RESTART_GROUP_ID}` environment variable to be set with the Entra ID group object ID. 6 | 7 | The ClusterRole allows reading all resources across core, apps, batch, and extensions API groups, with additional permissions to update deployments and delete pods for restart operations. -------------------------------------------------------------------------------- /services/dis-apim-operator/grafana/custom-metrics/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | customMetrics: 3 | # - metric: # Raw custom metric (required) 4 | # type: # Metric type: counter/gauge/histogram (required) 5 | # expr: # Prom_ql for the metric (optional) 6 | # unit: # Unit of measurement, examples: s,none,bytes,percent,etc. (optional) 7 | # 8 | # 9 | # Example: 10 | # --- 11 | # customMetrics: 12 | # - metric: foo_bar 13 | # unit: none 14 | # type: histogram 15 | # expr: histogram_quantile(0.90, sum by(instance, le) (rate(foo_bar{job=\"$job\", namespace=\"$namespace\"}[5m]))) 16 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/foundational/rbac.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_role_assignment" "azure_kubernetes_service_cluster_user_role" { 2 | scope = azurerm_kubernetes_cluster.k6tests.id 3 | role_definition_name = "Azure Kubernetes Service Cluster User Role" 4 | principal_id = var.k8s_users_group_object_id 5 | } 6 | 7 | resource "azurerm_role_assignment" "reader_user_role" { 8 | scope = azurerm_log_analytics_workspace.k6tests.id 9 | role_definition_name = "Reader" 10 | principal_id = var.k8s_users_group_object_id 11 | } 12 | -------------------------------------------------------------------------------- /services/dis-identity-operator/grafana/custom-metrics/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | customMetrics: 3 | # - metric: # Raw custom metric (required) 4 | # type: # Metric type: counter/gauge/histogram (required) 5 | # expr: # Prom_ql for the metric (optional) 6 | # unit: # Unit of measurement, examples: s,none,bytes,percent,etc. (optional) 7 | # 8 | # 9 | # Example: 10 | # --- 11 | # customMetrics: 12 | # - metric: foo_bar 13 | # unit: none 14 | # type: histogram 15 | # expr: histogram_quantile(0.90, sum by(instance, le) (rate(foo_bar{job=\"$job\", namespace=\"$namespace\"}[5m]))) 16 | -------------------------------------------------------------------------------- /flux/blackbox-exporter/apps/helmrelease-patch.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/values/serviceMonitor/targets/- 3 | value: 4 | name: ${PLATFORM_URL} 5 | url: https://${PLATFORM_URL}/kuberneteswrapper/api/v1/deployments 6 | hostname: ${PLATFORM_URL} 7 | interval: 60s 8 | scrapeTimeout: 30s 9 | module: http_2xx 10 | - op: add 11 | path: /spec/values/serviceMonitor/targets/- 12 | value: 13 | name: ${MASKINPORTEN_URL} 14 | url: https://${MASKINPORTEN_URL} 15 | hostname: ${MASKINPORTEN_URL} 16 | interval: 60s 17 | scrapeTimeout: 30s 18 | module: http_2xx 19 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/certmanager_resources.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_manifest" "letsencrypt_issuer" { 2 | manifest = yamldecode(< 0)) { 10 | throw new Error("Unexpected token value") 11 | } 12 | } 13 | 14 | 15 | export default function testMaskinportenAccessTokenGenerator() { 16 | testMaskinportenToken() 17 | } 18 | -------------------------------------------------------------------------------- /flux/cert-manager/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## [1.4.0](https://github.com/Altinn/altinn-platform/compare/flux-oci-cert-manager-v1.3.0...flux-oci-cert-manager-v1.4.0) (2025-12-04) 4 | 5 | 6 | ### Features 7 | 8 | * Add Renovate Helmreleases detection and config ([#2493](https://github.com/Altinn/altinn-platform/issues/2493)) ([a873283](https://github.com/Altinn/altinn-platform/commit/a87328365fd08c2b050fa62757727461402726d2)) 9 | * **dis-cr:** deploy dns child zone and cert-manager tls issuer ([#2126](https://github.com/Altinn/altinn-platform/issues/2126)) ([c9d50fe](https://github.com/Altinn/altinn-platform/commit/c9d50fe99658ec5ad8e2aacceb5db652ff38af9d)) 10 | -------------------------------------------------------------------------------- /infrastructure/products/terraform.tfvars: -------------------------------------------------------------------------------- 1 | workspaces = [ 2 | { 3 | name = "dev" 4 | environments = [ 5 | { 6 | arm_subscription = "dev" 7 | names = ["dev"] 8 | }, 9 | { 10 | arm_subscription = "test" 11 | names = ["test", "at21", "at22", "at23", "at24", "at25", "yt01", "grafana"] 12 | }] 13 | }, 14 | { 15 | name = "prod" 16 | environments = [ 17 | { 18 | arm_subscription = "staging" 19 | names = ["staging", "tt02"] 20 | }, 21 | { 22 | arm_subscription = "prod" 23 | names = ["prod"] 24 | }] 25 | } 26 | ] 27 | -------------------------------------------------------------------------------- /services/dis-apim-operator/.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | name: Lint 2 | 3 | on: 4 | push: 5 | pull_request: 6 | 7 | jobs: 8 | lint: 9 | name: Run on Ubuntu 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Clone the code 13 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 14 | 15 | - name: Setup Go 16 | uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 17 | with: 18 | go-version-file: go.mod 19 | 20 | - name: Run linter 21 | uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8 22 | with: 23 | version: v2.3.0 24 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/default/deployment_vars_patch.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/containers/0/env 3 | value: 4 | - name: DISAPIM_SUBSCRIPTION_ID 5 | value: "${DISAPIM_SUBSCRIPTION_ID}" 6 | - name: DISAPIM_RESOURCE_GROUP 7 | value: "${DISAPIM_RESOURCE_GROUP}" 8 | - name: DISAPIM_APIM_SERVICE_NAME 9 | value: "${DISAPIM_APIM_SERVICE_NAME}" 10 | - name: DISAPIM_DEFAULT_LOGGER_ID 11 | value: "${DISAPIM_DEFAULT_LOGGER_ID}" 12 | - name: DISAPIM_NAMESPACE_SUFFIX 13 | value: "${DISAPIM_NAMESPACE_SUFFIX}" 14 | - op: add 15 | path: /spec/template/metadata/labels/azure.workload.identity~1use 16 | value: "true" -------------------------------------------------------------------------------- /services/dis-identity-operator/.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | name: Lint 2 | 3 | on: 4 | push: 5 | pull_request: 6 | 7 | jobs: 8 | lint: 9 | name: Run on Ubuntu 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Clone the code 13 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 14 | 15 | - name: Setup Go 16 | uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 17 | with: 18 | go-version-file: go.mod 19 | 20 | - name: Run linter 21 | uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 22 | with: 23 | version: v2.1.6 24 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | name: Lint 2 | 3 | on: 4 | push: 5 | pull_request: 6 | 7 | jobs: 8 | lint: 9 | name: Run on Ubuntu 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Clone the code 13 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 14 | 15 | - name: Setup Go 16 | uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 17 | with: 18 | go-version-file: go.mod 19 | 20 | - name: Run linter 21 | uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 22 | with: 23 | version: v2.5.0 24 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/prometheus/monitor_tls_patch.yaml: -------------------------------------------------------------------------------- 1 | # Patch for Prometheus ServiceMonitor to enable secure TLS configuration 2 | # using certificates managed by cert-manager 3 | - op: replace 4 | path: /spec/endpoints/0/tlsConfig 5 | value: 6 | # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize 7 | serverName: SERVICE_NAME.SERVICE_NAMESPACE.svc 8 | insecureSkipVerify: false 9 | ca: 10 | secret: 11 | name: metrics-server-cert 12 | key: ca.crt 13 | cert: 14 | secret: 15 | name: metrics-server-cert 16 | key: tls.crt 17 | keySecret: 18 | name: metrics-server-cert 19 | key: tls.key 20 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/prometheus/monitor_tls_patch.yaml: -------------------------------------------------------------------------------- 1 | # Patch for Prometheus ServiceMonitor to enable secure TLS configuration 2 | # using certificates managed by cert-manager 3 | - op: replace 4 | path: /spec/endpoints/0/tlsConfig 5 | value: 6 | # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize 7 | serverName: SERVICE_NAME.SERVICE_NAMESPACE.svc 8 | insecureSkipVerify: false 9 | ca: 10 | secret: 11 | name: metrics-server-cert 12 | key: ca.crt 13 | cert: 14 | secret: 15 | name: metrics-server-cert 16 | key: tls.crt 17 | keySecret: 18 | name: metrics-server-cert 19 | key: tls.key 20 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/prometheus/monitor_tls_patch.yaml: -------------------------------------------------------------------------------- 1 | # Patch for Prometheus ServiceMonitor to enable secure TLS configuration 2 | # using certificates managed by cert-manager 3 | - op: replace 4 | path: /spec/endpoints/0/tlsConfig 5 | value: 6 | # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize 7 | serverName: SERVICE_NAME.SERVICE_NAMESPACE.svc 8 | insecureSkipVerify: false 9 | ca: 10 | secret: 11 | name: metrics-server-cert 12 | key: ca.crt 13 | cert: 14 | secret: 15 | name: metrics-server-cert 16 | key: tls.crt 17 | keySecret: 18 | name: metrics-server-cert 19 | key: tls.key 20 | -------------------------------------------------------------------------------- /infrastructure/altinn-auth-test/auth-at22-aks-rg/obs.tf: -------------------------------------------------------------------------------- 1 | module "observability" { 2 | source = "../../modules/observability" 3 | depends_on = [module.aks] 4 | prefix = var.team_name 5 | environment = var.environment 6 | enable_aks_monitoring = true 7 | azurerm_kubernetes_cluster_id = module.aks.azurerm_kubernetes_cluster_id 8 | oidc_issuer_url = module.aks.aks_oidc_issuer_url 9 | tenant_id = local.tenant_id 10 | subscription_id = var.subscription_id 11 | ci_service_principal_object_id = data.azurerm_client_config.current.object_id 12 | } 13 | -------------------------------------------------------------------------------- /.release-please-manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "flux/altinn-uptime": "1.4.0", 3 | "flux/azure-service-operator": "1.1.0", 4 | "flux/blackbox-exporter": "0.5.1", 5 | "flux/cert-manager": "1.4.0", 6 | "flux/certm-lets-encrypt-dns-issuer": "0.3.0", 7 | "flux/container-runtime-aks-config": "0.2.0", 8 | "flux/dis-apim": "0.1.0", 9 | "flux/dis-identity": "0.1.0", 10 | "flux/external-secrets-operator": "1.1.0", 11 | "flux/grafana-operator": "1.3.0", 12 | "flux/helm-uninstall-outdated-apps": "1.0.0", 13 | "flux/lakmus": "1.0.2", 14 | "flux/linkerd": "1.7.0", 15 | "flux/otel-collector": "1.0.1", 16 | "flux/otel-operator": "1.1.1", 17 | "flux/traefik": "1.5.0", 18 | "flux/whoami": "0.1.0" 19 | } 20 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/admin-test-aks-rg/obs.tf: -------------------------------------------------------------------------------- 1 | module "observability" { 2 | source = "../../modules/observability" 3 | depends_on = [module.aks] 4 | prefix = local.team_name 5 | environment = local.environment 6 | enable_aks_monitoring = true 7 | azurerm_kubernetes_cluster_id = module.aks.azurerm_kubernetes_cluster_id 8 | oidc_issuer_url = module.aks.aks_oidc_issuer_url 9 | tenant_id = local.tenant_id 10 | subscription_id = var.subscription_id 11 | ci_service_principal_object_id = data.azurerm_client_config.current.object_id 12 | } 13 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = "~> 4.0" 6 | } 7 | random = { 8 | source = "hashicorp/random" 9 | version = "3.7.2" 10 | } 11 | } 12 | 13 | backend "azurerm" {} 14 | 15 | } 16 | 17 | provider "azurerm" { 18 | features {} 19 | } 20 | 21 | provider "helm" { 22 | kubernetes = { 23 | config_path = "~/.kube/config" 24 | config_context = "k6tests-cluster" 25 | } 26 | } 27 | 28 | provider "kubernetes" { 29 | config_path = "~/.kube/config" 30 | config_context = "k6tests-cluster" 31 | } 32 | 33 | provider "random" {} 34 | -------------------------------------------------------------------------------- /infrastructure/images/k6-action/default_scenarios/breakpoint.json: -------------------------------------------------------------------------------- 1 | { 2 | "executor": "ramping-arrival-rate", 3 | "stages": [ 4 | { 5 | "duration": "10m", 6 | "target": 100 7 | } 8 | ], 9 | "thresholds": { 10 | "http_req_failed": [ 11 | { 12 | "threshold": "rate==0.0", 13 | "abortOnFail": true, 14 | "delayAbortEval": "10s" 15 | } 16 | ], 17 | "http_req_duration": [ 18 | { 19 | "threshold": "max<5000", 20 | "abortOnFail": true, 21 | "delayAbortEval": "10s" 22 | } 23 | ] 24 | } 25 | } -------------------------------------------------------------------------------- /services/dis-apim-operator/.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Kubebuilder DevContainer", 3 | "image": "golang:1.24", 4 | "features": { 5 | "ghcr.io/devcontainers/features/docker-in-docker:2": {}, 6 | "ghcr.io/devcontainers/features/git:1": {} 7 | }, 8 | 9 | "runArgs": ["--network=host"], 10 | 11 | "customizations": { 12 | "vscode": { 13 | "settings": { 14 | "terminal.integrated.shell.linux": "/bin/bash" 15 | }, 16 | "extensions": [ 17 | "ms-kubernetes-tools.vscode-kubernetes-tools", 18 | "ms-azuretools.vscode-docker" 19 | ] 20 | } 21 | }, 22 | 23 | "onCreateCommand": "bash .devcontainer/post-install.sh" 24 | } 25 | 26 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/webhook/manifests.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: admissionregistration.k8s.io/v1 3 | kind: MutatingWebhookConfiguration 4 | metadata: 5 | name: mutating-webhook-configuration 6 | webhooks: 7 | - admissionReviewVersions: 8 | - v1 9 | clientConfig: 10 | service: 11 | name: webhook-service 12 | namespace: system 13 | path: /mutate-apim-dis-altinn-cloud-v1alpha1-backend 14 | failurePolicy: Fail 15 | name: mbackend-v1alpha1.kb.io 16 | rules: 17 | - apiGroups: 18 | - apim.dis.altinn.cloud 19 | apiVersions: 20 | - v1alpha1 21 | operations: 22 | - CREATE 23 | - UPDATE 24 | resources: 25 | - backends 26 | sideEffects: None 27 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Kubebuilder DevContainer", 3 | "image": "golang:1.24", 4 | "features": { 5 | "ghcr.io/devcontainers/features/docker-in-docker:2": {}, 6 | "ghcr.io/devcontainers/features/git:1": {} 7 | }, 8 | 9 | "runArgs": ["--network=host"], 10 | 11 | "customizations": { 12 | "vscode": { 13 | "settings": { 14 | "terminal.integrated.shell.linux": "/bin/bash" 15 | }, 16 | "extensions": [ 17 | "ms-kubernetes-tools.vscode-kubernetes-tools", 18 | "ms-azuretools.vscode-docker" 19 | ] 20 | } 21 | }, 22 | 23 | "onCreateCommand": "bash .devcontainer/post-install.sh" 24 | } 25 | 26 | -------------------------------------------------------------------------------- /infrastructure/altinn-correspondence-test/corr-at22-aks-rg/obs.tf: -------------------------------------------------------------------------------- 1 | module "observability" { 2 | source = "../../modules/observability" 3 | depends_on = [module.aks] 4 | prefix = var.team_name 5 | environment = var.environment 6 | enable_aks_monitoring = true 7 | azurerm_kubernetes_cluster_id = module.aks.azurerm_kubernetes_cluster_id 8 | oidc_issuer_url = module.aks.aks_oidc_issuer_url 9 | tenant_id = local.tenant_id 10 | subscription_id = var.subscription_id 11 | ci_service_principal_object_id = data.azurerm_client_config.current.object_id 12 | } 13 | -------------------------------------------------------------------------------- /services/dis-identity-operator/.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Kubebuilder DevContainer", 3 | "image": "golang:1.24", 4 | "features": { 5 | "ghcr.io/devcontainers/features/docker-in-docker:2": {}, 6 | "ghcr.io/devcontainers/features/git:1": {} 7 | }, 8 | 9 | "runArgs": ["--network=host"], 10 | 11 | "customizations": { 12 | "vscode": { 13 | "settings": { 14 | "terminal.integrated.shell.linux": "/bin/bash" 15 | }, 16 | "extensions": [ 17 | "ms-kubernetes-tools.vscode-kubernetes-tools", 18 | "ms-azuretools.vscode-docker" 19 | ] 20 | } 21 | }, 22 | 23 | "onCreateCommand": "bash .devcontainer/post-install.sh" 24 | } 25 | 26 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | 7 | "github.com/Altinn/altinn-platform/actions/generate-k6-manifests/cmd" 8 | ) 9 | 10 | func main() { 11 | userConfigFile, ok := os.LookupEnv("INPUT_CONFIG_FILE") 12 | if !ok { 13 | log.Fatal("INPUT_CONFIG_FILE is mandatory") 14 | } 15 | 16 | var g cmd.Generator = cmd.K8sManifestGenerator{ 17 | ConfigDirectory: ".conf", 18 | DistDirectory: ".dist", 19 | BuildDirectory: ".build", 20 | DefaultScenariosDirectory: "/actions/generate-k6-manifests/default_scenarios", 21 | RepoRootDirectory: ".", 22 | } 23 | cf := g.Initialize(userConfigFile) 24 | g.Generate(*cf) 25 | } 26 | -------------------------------------------------------------------------------- /infrastructure/modules/aks/rg.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "aks" { 2 | name = var.azurerm_resource_group_aks_name != "" ? var.azurerm_resource_group_aks_name : "${var.prefix}-${var.environment}-aks-rg" 3 | location = var.location 4 | } 5 | resource "azurerm_resource_group" "monitor" { 6 | name = var.azurerm_resource_group_monitor_name != "" ? var.azurerm_resource_group_monitor_name : "${var.prefix}-${var.environment}-monitor-rg" 7 | location = var.location 8 | } 9 | 10 | resource "azurerm_resource_group" "dis" { 11 | name = var.azurerm_resource_group_dis_name != "" ? var.azurerm_resource_group_dis_name : "DIS_${var.prefix}-${var.environment}_main-rg" 12 | location = var.location 13 | } 14 | -------------------------------------------------------------------------------- /services/lakmus/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.25-alpine@sha256:ac09a5f469f307e5da71e766b0bd59c9c49ea460a528cc3e6686513d64a6f1fb AS builder 2 | ARG TARGETOS 3 | ARG TARGETARCH 4 | 5 | WORKDIR /workspace 6 | 7 | COPY go.mod go.mod 8 | COPY go.sum go.sum 9 | 10 | RUN go mod download 11 | 12 | COPY cmd/ cmd/ 13 | COPY internal/ internal/ 14 | COPY pkg/ pkg/ 15 | COPY test/ test/ 16 | 17 | RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o lakmus cmd/main.go 18 | 19 | FROM gcr.io/distroless/static:nonroot@sha256:2b7c93f6d6648c11f0e80a48558c8f77885eb0445213b8e69a6a0d7c89fc6ae4 20 | 21 | WORKDIR / 22 | COPY --from=builder /workspace/lakmus . 23 | 24 | USER 65532:65532 25 | 26 | ENTRYPOINT ["/lakmus"] 27 | -------------------------------------------------------------------------------- /tools/disctl/cmd/root.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | 7 | "github.com/spf13/cobra" 8 | ) 9 | 10 | var rootCmd = &cobra.Command{ 11 | Use: "dis", 12 | Short: "Disctl is a CLI tool for managing and interacting with the Dis platform", 13 | Args: cobra.NoArgs, 14 | RunE: func(cmd *cobra.Command, args []string) error { 15 | return cmd.Help() 16 | }, 17 | } 18 | 19 | func Execute() { 20 | if err := rootCmd.Execute(); err != nil { 21 | fmt.Fprintln(os.Stderr, err) 22 | os.Exit(1) 23 | } 24 | } 25 | 26 | func init() { 27 | // Completion not needed at the moment 28 | rootCmd.CompletionOptions.DisableDefaultCmd = true 29 | rootCmd.AddCommand(releasesCmd) 30 | rootCmd.AddCommand(versionCmd) 31 | } 32 | -------------------------------------------------------------------------------- /flux/certm-lets-encrypt-dns-issuer/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## [0.3.0](https://github.com/Altinn/altinn-platform/compare/flux-oci-certm-lets-encrypt-dns-issuer-v0.2.0...flux-oci-certm-lets-encrypt-dns-issuer-v0.3.0) (2025-12-02) 4 | 5 | 6 | ### Features 7 | 8 | * **dis-cr:** deploy certificate that uses letsencrypt-staging cluster-issuer ([#2136](https://github.com/Altinn/altinn-platform/issues/2136)) ([2e8fc90](https://github.com/Altinn/altinn-platform/commit/2e8fc90bd191c8ddf2fbf69bdb81c6612d58d21d)) 9 | * **dis-cr:** deploy dns child zone and cert-manager tls issuer ([#2126](https://github.com/Altinn/altinn-platform/issues/2126)) ([c9d50fe](https://github.com/Altinn/altinn-platform/commit/c9d50fe99658ec5ad8e2aacceb5db652ff38af9d)) 10 | -------------------------------------------------------------------------------- /actions/send-ci-cd-trace/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "send-ci-cd-trace-action", 3 | "private": true, 4 | "version": "1.0.0", 5 | "main": "dist/index.js", 6 | "scripts": { 7 | "build": "esbuild src/index.ts --bundle --platform=node --target=node20 --outfile=dist/index.js", 8 | "start": "npx ts-node src/index.ts" 9 | }, 10 | "dependencies": { 11 | "@actions/core": "^1.11.1", 12 | "@actions/github": "^6.0.0", 13 | "@azure/monitor-opentelemetry": "^1.8.0", 14 | "@opentelemetry/api": "^1.9.0" 15 | }, 16 | "devDependencies": { 17 | "esbuild": "^0.27.0", 18 | "typescript": "^5.6.3" 19 | }, 20 | "engines": { 21 | "node": ">=20.0.0" 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /services/dis-apim-operator/.devcontainer/post-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -x 3 | 4 | curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 5 | chmod +x ./kind 6 | mv ./kind /usr/local/bin/kind 7 | 8 | curl -L -o kubebuilder https://go.kubebuilder.io/dl/latest/linux/amd64 9 | chmod +x kubebuilder 10 | mv kubebuilder /usr/local/bin/ 11 | 12 | KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt) 13 | curl -LO "https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl" 14 | chmod +x kubectl 15 | mv kubectl /usr/local/bin/kubectl 16 | 17 | docker network create -d=bridge --subnet=172.19.0.0/24 kind 18 | 19 | kind version 20 | kubebuilder version 21 | docker --version 22 | go version 23 | kubectl version --client 24 | -------------------------------------------------------------------------------- /tools/disctl/pkg/altinn/environments.go: -------------------------------------------------------------------------------- 1 | package altinn 2 | 3 | import "github.com/altinn/altinn-platform/disctl/pkg/util" 4 | 5 | type Environment struct { 6 | PlatformUrl string `json:"platformUrl"` 7 | Hostname string `json:"hostname"` 8 | AppPrefix string `json:"appPrefix"` 9 | PlatformPrefix string `json:"platformPrefix"` 10 | Name string `json:"name"` 11 | Type string `json:"type"` 12 | } 13 | 14 | type EnvsResp struct { 15 | Environments []Environment `json:"environments"` 16 | } 17 | 18 | func GetEnvironments(url string) ([]Environment, error) { 19 | response, err := util.RequestObject[EnvsResp](url) 20 | if err != nil { 21 | return nil, err 22 | } 23 | return response.Environments, nil 24 | } 25 | -------------------------------------------------------------------------------- /services/dis-identity-operator/.devcontainer/post-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -x 3 | 4 | curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 5 | chmod +x ./kind 6 | mv ./kind /usr/local/bin/kind 7 | 8 | curl -L -o kubebuilder https://go.kubebuilder.io/dl/latest/linux/amd64 9 | chmod +x kubebuilder 10 | mv kubebuilder /usr/local/bin/ 11 | 12 | KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt) 13 | curl -LO "https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl" 14 | chmod +x kubectl 15 | mv kubectl /usr/local/bin/kubectl 16 | 17 | docker network create -d=bridge --subnet=172.19.0.0/24 kind 18 | 19 | kind version 20 | kubebuilder version 21 | docker --version 22 | go version 23 | kubectl version --client 24 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/PROJECT: -------------------------------------------------------------------------------- 1 | # Code generated by tool. DO NOT EDIT. 2 | # This file is used to track the info used to scaffold your project 3 | # and allow the plugins properly work. 4 | # More info: https://book.kubebuilder.io/reference/project-config.html 5 | cliVersion: 4.10.1 6 | domain: dis.altinn.cloud 7 | layout: 8 | - go.kubebuilder.io/v4 9 | projectName: dis-pgsql-operator 10 | repo: github.com/Altinn/altinn-platform/services/dis-pgsql-operator 11 | resources: 12 | - api: 13 | crdVersion: v1 14 | namespaced: true 15 | controller: true 16 | domain: dis.altinn.cloud 17 | group: storage 18 | kind: Database 19 | path: github.com/Altinn/altinn-platform/services/dis-pgsql-operator/api/v1alpha1 20 | version: v1alpha1 21 | version: "3" 22 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-apim-test-rg/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = "~> 4.0" 6 | } 7 | } 8 | backend "azurerm" { 9 | use_azuread_auth = true 10 | } 11 | } 12 | 13 | provider "azurerm" { 14 | subscription_id = var.subscription_id 15 | features {} 16 | resource_providers_to_register = [ 17 | "Microsoft.ApiManagement", 18 | "Microsoft.App", 19 | ] 20 | } 21 | 22 | provider "azurerm" { 23 | alias = "adminservices-prod" 24 | resource_provider_registrations = "none" 25 | subscription_id = var.admin_services_prod_subscription_id 26 | use_oidc = true 27 | features {} 28 | } -------------------------------------------------------------------------------- /services/dis-apim-operator/config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: manager-role 6 | rules: 7 | - apiGroups: 8 | - apim.dis.altinn.cloud 9 | resources: 10 | - apis 11 | - apiversions 12 | - backends 13 | verbs: 14 | - create 15 | - delete 16 | - get 17 | - list 18 | - patch 19 | - update 20 | - watch 21 | - apiGroups: 22 | - apim.dis.altinn.cloud 23 | resources: 24 | - apis/finalizers 25 | - apiversions/finalizers 26 | - backends/finalizers 27 | verbs: 28 | - update 29 | - apiGroups: 30 | - apim.dis.altinn.cloud 31 | resources: 32 | - apis/status 33 | - apiversions/status 34 | - backends/status 35 | verbs: 36 | - get 37 | - patch 38 | - update 39 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/.devcontainer/post-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -x 3 | 4 | curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-$(go env GOARCH) 5 | chmod +x ./kind 6 | mv ./kind /usr/local/bin/kind 7 | 8 | curl -L -o kubebuilder https://go.kubebuilder.io/dl/latest/linux/$(go env GOARCH) 9 | chmod +x kubebuilder 10 | mv kubebuilder /usr/local/bin/ 11 | 12 | KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt) 13 | curl -LO "https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/$(go env GOARCH)/kubectl" 14 | chmod +x kubectl 15 | mv kubectl /usr/local/bin/kubectl 16 | 17 | docker network create -d=bridge --subnet=172.19.0.0/24 kind 18 | 19 | kind version 20 | kubebuilder version 21 | docker --version 22 | go version 23 | kubectl version --client 24 | -------------------------------------------------------------------------------- /actions/send-ci-cd-trace/action.yml: -------------------------------------------------------------------------------- 1 | name: 'Send CI/CD Trace to Azure Monitor' 2 | description: 'Collects jobs and steps metrics from GitHub Actions workflow and send them to Azure Application Insights' 3 | author: 'Digdir' 4 | inputs: 5 | app: 6 | description: 'Name of the App' 7 | required: true 8 | team: 9 | description: 'Name of the team that owns the App' 10 | required: true 11 | connection_string: 12 | description: 'Azure Application Insights Connection String' 13 | required: true 14 | repo_token: 15 | description: 'GitHub Token for accessing workflow data in private repositories' 16 | required: true 17 | environment: 18 | description: 'Deployment environment' 19 | required: false 20 | runs: 21 | using: 'node20' 22 | main: 'dist/index.js' 23 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/grafana_k8s_monitoring.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "grafana_k8s_monitoring" { 2 | depends_on = [ 3 | helm_release.loki, 4 | ] 5 | lint = true 6 | name = "k8s-monitoring" 7 | namespace = "monitoring" 8 | take_ownership = true 9 | create_namespace = false 10 | repository = "https://grafana.github.io/helm-charts" 11 | chart = "k8s-monitoring" 12 | version = "3.6.0" 13 | 14 | values = [ 15 | "${templatefile( 16 | "${path.module}/grafana_k8s_monitoring_values.tftpl", 17 | { 18 | cluster_name = "${var.k6tests_cluster_name}", 19 | namespaces = toset([for v in var.k8s_rbac : v["namespace"]]) 20 | } 21 | )}" 22 | ] 23 | } 24 | -------------------------------------------------------------------------------- /infrastructure/products/Makefile: -------------------------------------------------------------------------------- 1 | ARM_STORAGE_ACCOUNT=altinnterraformstorage02 2 | ARM_STORAGE_CONTAINER=tfstates 3 | ADMIN_GITHUB_OWNER=altinn 4 | ADMIN_GITHUB_REPOSITORY=altinn-platform 5 | AZ_SUBSCRIPTION=d43d5057-8389-40d5-88c4-04db9275cbf2 6 | 7 | TF=terraform 8 | TF_BACKEND_FLAGS=-backend-config="storage_account_name=$(ARM_STORAGE_ACCOUNT)" -backend-config="container_name=$(ARM_STORAGE_CONTAINER)" -backend-config="key=github.com/$(ADMIN_GITHUB_OWNER)/$(ADMIN_GITHUB_REPOSITORY)/environments/prod/products.tfstate" 9 | 10 | tf_migrate: 11 | $(TF) init -migrate-state $(TF_BACKEND_FLAGS) 12 | 13 | tf_init: 14 | ${TF} init $(TF_BACKEND_FLAGS) 15 | 16 | az_set_subscription: 17 | az account set --subscription "$(AZ_SUBSCRIPTION)" 18 | 19 | clean_local_state: 20 | @rm -f *.tfstate *.tfstate.backup 21 | -------------------------------------------------------------------------------- /services/dis-apim-operator/internal/utils/utils_suite_test.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | logf "sigs.k8s.io/controller-runtime/pkg/log" 9 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 10 | ) 11 | 12 | func TestUtils(t *testing.T) { 13 | RegisterFailHandler(Fail) 14 | RunSpecs(t, "Utils Suite") 15 | } 16 | 17 | var _ = BeforeSuite(func() { 18 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) 19 | By("setting up the test environment") 20 | // Add any setup steps that need to be done before the tests run 21 | }) 22 | 23 | var _ = AfterSuite(func() { 24 | By("tearing down the test environment") 25 | // Add any teardown steps that need to be done after the tests run 26 | }) 27 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/storage.dis.altinn.cloud_databases.yaml 6 | # +kubebuilder:scaffold:crdkustomizeresource 7 | 8 | patches: 9 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 10 | # patches here are for enabling the conversion webhook for each CRD 11 | # +kubebuilder:scaffold:crdkustomizewebhookpatch 12 | 13 | # [WEBHOOK] To enable webhook, uncomment the following section 14 | # the following config is for teaching kustomize how to do kustomization for CRDs. 15 | #configurations: 16 | #- kustomizeconfig.yaml 17 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_providers.tf: -------------------------------------------------------------------------------- 1 | /* 2 | terraform { 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 4.0" 7 | } 8 | } 9 | backend "azurerm" { 10 | use_azuread_auth = true 11 | } 12 | } 13 | 14 | provider "azurerm" { 15 | subscription_id = "1ce8e9af-c2d6-44e7-9c5e-099a308056fe" 16 | features {} 17 | resource_providers_to_register = [ 18 | "Microsoft.Monitor", 19 | "Microsoft.AlertsManagement", 20 | "Microsoft.Dashboard", 21 | "Microsoft.KubernetesConfiguration" 22 | ] 23 | } 24 | */ 25 | provider "helm" { 26 | kubernetes = { 27 | config_path = "~/.kube/config" 28 | } 29 | } 30 | 31 | provider "kubernetes" { 32 | config_path = "~/.kube/config" 33 | } 34 | -------------------------------------------------------------------------------- /flux/dis-identity/flux-kustomize.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: dis-identity-operator 5 | namespace: flux-system 6 | spec: 7 | force: false 8 | interval: 5m0s 9 | path: ./default 10 | postBuild: 11 | substitute: 12 | DISID_ISSUER_URL: ${DISID_ISSUER_URL} 13 | DISID_TARGET_RESOURCE_GROUP: ${DISID_TARGET_RESOURCE_GROUP} 14 | prune: false 15 | retryInterval: 5m0s 16 | images: 17 | - name: controller 18 | newName: altinncr.azurecr.io/ghcr.io/altinn/altinn-platform/dis-identity-operator 19 | newTag: v0.0.4 20 | sourceRef: 21 | kind: OCIRepository 22 | name: dis-identity-operator 23 | namespace: flux-system 24 | targetNamespace: dis-identity-operator-system 25 | timeout: 5m0s 26 | wait: true 27 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: dis-apim-operator 7 | app.kubernetes.io/managed-by: kustomize 8 | name: leader-election-role 9 | rules: 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - configmaps 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - create 19 | - update 20 | - patch 21 | - delete 22 | - apiGroups: 23 | - coordination.k8s.io 24 | resources: 25 | - leases 26 | verbs: 27 | - get 28 | - list 29 | - watch 30 | - create 31 | - update 32 | - patch 33 | - delete 34 | - apiGroups: 35 | - "" 36 | resources: 37 | - events 38 | verbs: 39 | - create 40 | - patch 41 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: dis-pgsql-operator 7 | app.kubernetes.io/managed-by: kustomize 8 | name: leader-election-role 9 | rules: 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - configmaps 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - create 19 | - update 20 | - patch 21 | - delete 22 | - apiGroups: 23 | - coordination.k8s.io 24 | resources: 25 | - leases 26 | verbs: 27 | - get 28 | - list 29 | - watch 30 | - create 31 | - update 32 | - patch 33 | - delete 34 | - apiGroups: 35 | - "" 36 | resources: 37 | - events 38 | verbs: 39 | - create 40 | - patch 41 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/k6tests-rg/modules/services/variables.tf: -------------------------------------------------------------------------------- 1 | variable "suffix" { 2 | type = string 3 | } 4 | 5 | variable "tenant_id" { 6 | type = string 7 | } 8 | 9 | variable "k8s_rbac" { 10 | type = map( 11 | object( 12 | { 13 | namespace = string 14 | dev_group = string 15 | sp_group = string 16 | } 17 | ) 18 | ) 19 | } 20 | 21 | variable "k6tests_cluster_name" { 22 | type = string 23 | } 24 | 25 | variable "oidc_issuer_url" { 26 | type = string 27 | } 28 | 29 | variable "remote_write_endpoint" { 30 | type = string 31 | } 32 | 33 | variable "data_collection_rule_id" { 34 | type = string 35 | } 36 | 37 | variable "resource_group_name" { 38 | type = string 39 | } 40 | 41 | variable "resource_group_location" { 42 | type = string 43 | } 44 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/application.dis.altinn.cloud_applicationidentities.yaml 6 | # +kubebuilder:scaffold:crdkustomizeresource 7 | 8 | patches: 9 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 10 | # patches here are for enabling the conversion webhook for each CRD 11 | # +kubebuilder:scaffold:crdkustomizewebhookpatch 12 | 13 | # [WEBHOOK] To enable webhook, uncomment the following section 14 | # the following config is for teaching kustomize how to do kustomization for CRDs. 15 | #configurations: 16 | #- kustomizeconfig.yaml 17 | -------------------------------------------------------------------------------- /infrastructure/modules/observability/app.tf: -------------------------------------------------------------------------------- 1 | resource "azuread_application" "app" { 2 | display_name = "${var.prefix}-${var.environment}-otel-collector" 3 | sign_in_audience = "AzureADMyOrg" 4 | } 5 | 6 | resource "azuread_service_principal" "sp" { 7 | client_id = azuread_application.app.client_id 8 | } 9 | 10 | resource "azuread_application_federated_identity_credential" "obs_fed_identity" { 11 | application_id = azuread_application.app.id 12 | display_name = "fed-identity-${var.prefix}-${var.environment}-obs" 13 | description = "The federated identity used to federate K8s with Azure AD for ${var.prefix}-${var.environment}-otel" 14 | audiences = ["api://AzureADTokenExchange"] 15 | issuer = var.oidc_issuer_url 16 | subject = "system:serviceaccount:monitoring:otel-collector" 17 | } 18 | -------------------------------------------------------------------------------- /services/dis-identity-operator/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: dis-identity-operator 7 | app.kubernetes.io/managed-by: kustomize 8 | name: leader-election-role 9 | rules: 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - configmaps 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - create 19 | - update 20 | - patch 21 | - delete 22 | - apiGroups: 23 | - coordination.k8s.io 24 | resources: 25 | - leases 26 | verbs: 27 | - get 28 | - list 29 | - watch 30 | - create 31 | - update 32 | - patch 33 | - delete 34 | - apiGroups: 35 | - "" 36 | resources: 37 | - events 38 | verbs: 39 | - create 40 | - patch 41 | -------------------------------------------------------------------------------- /services/dis-pgsql-operator/config/kind/manager_kind_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: dis-pgsql-operator-controller-manager 5 | namespace: dis-pgsql-operator-system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | imagePullPolicy: Never 12 | args: 13 | - "--use-az-fakes" 14 | env: 15 | - name: AZURE_SUBSCRIPTION_ID 16 | value: "fake-subscription" 17 | - name: AZURE_VNET_RESOURCE_GROUP 18 | value: "fake-rg" 19 | - name: AZURE_VNET_NAME 20 | value: "fake-db-vnet" 21 | - name: AKS_VNET_NAME 22 | value: "fake-aks-vnet" 23 | - name: WRITE_NAMESPACE 24 | value: "default" 25 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/altinn-monitor-test-rg/k6_tests_rg_grafana_k8s_monitoring.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "grafana_k8s_monitoring" { 2 | depends_on = [ 3 | helm_release.loki, 4 | ] 5 | lint = true 6 | name = "k8s-monitoring" 7 | namespace = "monitoring" 8 | take_ownership = true 9 | create_namespace = false 10 | repository = "https://grafana.github.io/helm-charts" 11 | chart = "k8s-monitoring" 12 | version = "3.6.0" 13 | 14 | values = [ 15 | "${templatefile( 16 | "${path.module}/k6_tests_rg_grafana_k8s_monitoring_values.tftpl", 17 | { 18 | cluster_name = "${azurerm_kubernetes_cluster.k6tests.name}", 19 | namespaces = toset([for v in var.k8s_rbac : v["namespace"]]) 20 | } 21 | )}" 22 | ] 23 | } 24 | -------------------------------------------------------------------------------- /infrastructure/images/k6-action/get_latest_versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | KUBECTL_VERSION="$(curl -L -s https://dl.k8s.io/release/stable.txt)" 4 | KUBESEAL_VERSION=$(curl -s https://api.github.com/repos/bitnami-labs/sealed-secrets/tags | jq -r '.[0].name') 5 | JSONNET_VERSION=$(curl -s https://api.github.com/repos/google/jsonnet/tags | jq -r '.[0].name') 6 | K6_VERSION=$(curl -s https://api.github.com/repos/grafana/k6/tags | jq -r '.[0].name') 7 | JB_VERSION=$(curl -s https://api.github.com/repos/jsonnet-bundler/jsonnet-bundler/tags | jq -r '.[0].name') 8 | 9 | echo "**** Latest versions ****" 10 | echo "KUBECTL: ${KUBECTL_VERSION}" 11 | echo "KUBESEAL: ${KUBESEAL_VERSION}" 12 | echo "JSONNET: ${JSONNET_VERSION}" 13 | echo "K6: ${K6_VERSION}" 14 | echo "JB: ${JB_VERSION}" 15 | echo "*************************" -------------------------------------------------------------------------------- /services/dis-identity-operator/PROJECT: -------------------------------------------------------------------------------- 1 | # Code generated by tool. DO NOT EDIT. 2 | # This file is used to track the info used to scaffold your project 3 | # and allow the plugins properly work. 4 | # More info: https://book.kubebuilder.io/reference/project-config.html 5 | cliVersion: 4.9.0 6 | domain: dis.altinn.cloud 7 | layout: 8 | - go.kubebuilder.io/v4 9 | plugins: 10 | autoupdate.kubebuilder.io/v1-alpha: {} 11 | projectName: dis-identity-operator 12 | repo: github.com/Altinn/altinn-platform/services/dis-identity-operator 13 | resources: 14 | - api: 15 | crdVersion: v1 16 | namespaced: true 17 | controller: true 18 | domain: dis.altinn.cloud 19 | group: application 20 | kind: ApplicationIdentity 21 | path: github.com/Altinn/altinn-platform/services/dis-identity-operator/api/v1alpha1 22 | version: v1alpha1 23 | version: "3" 24 | -------------------------------------------------------------------------------- /infrastructure/images/k6-action/README.md: -------------------------------------------------------------------------------- 1 | # Altinn K6 Action Image 2 | Default image used for Altinn's K6 Github action. 3 | 4 | ## Maintenance 5 | Whenever we upgrade the k8s version on the cluster / we get notified of an upgrade, we should bump the dependencies. 6 | 7 | ### New trivy alerts 8 | This image is set up with Trivy to scan for vulnerabilities. If any vulnerabilities are found, the workflow will fail. 9 | 10 | #### Managing Vulnerabilities 11 | 1. **False Positives**: If an alert is a false positive, add the CVE ID to `.trivyignore` 12 | 2. **Accepted Risks**: For known risks that have been assessed and accepted: 13 | - Add the CVE ID to `.trivyignore` 14 | - Add a comment above the CVE explaining: 15 | - Why the risk is acceptable 16 | - Any mitigating controls in place 17 | - When the decision should be reviewed 18 | -------------------------------------------------------------------------------- /flux/container-runtime-aks-config/base/container-azm-ms-agentconfig/README.md: -------------------------------------------------------------------------------- 1 | # Azure Monitor Container Agent Configuration 2 | 3 | This directory contains the ConfigMap for configuring the Azure Monitor container agent in the AKS cluster. 4 | 5 | ## Configuration 6 | 7 | - `container-azm-ms-agentconfig.yaml`: ConfigMap that controls log collection settings for stdout, stderr, environment variables, and Kubernetes events 8 | - `kustomization.yaml`: Kustomize configuration for deploying the ConfigMap 9 | 10 | ## Settings 11 | 12 | The agent is configured to: 13 | - Disable stdout log collection 14 | - Enable stderr log collection (excluding kube-system and monitoring namespaces) 15 | - Disable environment variable collection 16 | - Disable container log enrichment 17 | - Disable collection of all Kubernetes events (only abnormal events are collected) 18 | -------------------------------------------------------------------------------- /infrastructure/images/gh-runner/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/actions/actions-runner:2.330.0@sha256:ee54ad8776606f29434f159196529b7b9c83c0cb9195c1ff5a7817e7e570dcfe 2 | # for latest release, see https://github.com/actions/runner/releases 3 | 4 | USER root 5 | 6 | # install curl and jq 7 | RUN apt-get update && apt-get install -y curl jq && \ 8 | apt-get clean && \ 9 | rm -rf /var/lib/apt/lists/* 10 | 11 | COPY scripts/entrypoint.sh ./entrypoint.sh 12 | COPY scripts/app-token.sh ./app-token.sh 13 | COPY scripts/token.sh ./token.sh 14 | RUN chmod +x ./entrypoint.sh && \ 15 | chmod +x ./app-token.sh && \ 16 | chmod +x ./token.sh && \ 17 | mkdir /_work && \ 18 | chown runner:docker \ 19 | ./entrypoint.sh \ 20 | ./app-token.sh \ 21 | ./token.sh \ 22 | /_work 23 | 24 | USER runner 25 | 26 | ENTRYPOINT ["./entrypoint.sh"] 27 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v4/expanded-configfile.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_scope: k8s-wrapper 4 | test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 5 | config_file: "" 6 | env_file: "" 7 | contexts: 8 | - environment: at22 9 | node_type: default 10 | test_type: 11 | type: spike 12 | enabled: true 13 | config_file: "" 14 | test_run: 15 | name: get-deployments 16 | id: at22-get-deployments 17 | parallelism: 1 18 | resources: 19 | requests: 20 | memory: 200Mi 21 | cpu: 250m 22 | env: [] 23 | secrets: 24 | - token-generator-creds 25 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v1/expanded-configfile.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_scope: k8s-wrapper 4 | test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 5 | config_file: "" 6 | env_file: "" 7 | contexts: 8 | - environment: at22 9 | node_type: default 10 | test_type: 11 | type: functional 12 | enabled: true 13 | config_file: "" 14 | test_run: 15 | name: get-deployments 16 | id: at22-get-deployments 17 | parallelism: 1 18 | resources: 19 | requests: 20 | memory: 200Mi 21 | cpu: 250m 22 | env: [] 23 | secrets: 24 | - token-generator-creds 25 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v12/expanded-configfile.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_scope: k8s-wrapper 4 | test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 5 | config_file: "" 6 | env_file: "" 7 | contexts: 8 | - environment: at22 9 | node_type: default 10 | test_type: 11 | type: functional 12 | enabled: true 13 | config_file: "" 14 | test_run: 15 | name: get-deployments 16 | id: at22-pre-determined 17 | parallelism: 1 18 | resources: 19 | requests: 20 | memory: 200Mi 21 | cpu: 250m 22 | env: [] 23 | secrets: 24 | - token-generator-creds 25 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v7/expanded-configfile.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_scope: k8s-wrapper 4 | test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 5 | config_file: "" 6 | env_file: "" 7 | contexts: 8 | - environment: at22 9 | node_type: default 10 | test_type: 11 | type: functional 12 | enabled: true 13 | config_file: "" 14 | test_run: 15 | name: get-deployments 16 | id: at22-get-deployments 17 | parallelism: 1 18 | resources: 19 | requests: 20 | memory: 200Mi 21 | cpu: 250m 22 | env: [] 23 | secrets: 24 | - token-generator-creds 25 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/certmanager/certificate-webhook.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | labels: 7 | app.kubernetes.io/name: dis-apim-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 10 | namespace: system 11 | spec: 12 | # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize 13 | # replacements in the config/default/kustomization.yaml file. 14 | dnsNames: 15 | - SERVICE_NAME.SERVICE_NAMESPACE.svc 16 | - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local 17 | issuerRef: 18 | kind: Issuer 19 | name: selfsigned-issuer 20 | secretName: webhook-server-cert 21 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/apim.dis.altinn.cloud_backends.yaml 6 | - bases/apim.dis.altinn.cloud_apis.yaml 7 | - bases/apim.dis.altinn.cloud_apiversions.yaml 8 | # +kubebuilder:scaffold:crdkustomizeresource 9 | 10 | patches: 11 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 12 | # patches here are for enabling the conversion webhook for each CRD 13 | # +kubebuilder:scaffold:crdkustomizewebhookpatch 14 | 15 | # [WEBHOOK] To enable webhook, uncomment the following section 16 | # the following config is for teaching kustomize how to do kustomization for CRDs. 17 | configurations: 18 | - kustomizeconfig.yaml 19 | -------------------------------------------------------------------------------- /flux/otel-collector/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1 2 | kind: SecretStore 3 | metadata: 4 | name: otel-azure-kv-store 5 | namespace: monitoring 6 | spec: 7 | provider: 8 | azurekv: 9 | authType: WorkloadIdentity 10 | vaultUrl: ${KV_URI} 11 | serviceAccountRef: 12 | name: otel-collector 13 | namespace: monitoring 14 | --- 15 | apiVersion: external-secrets.io/v1 16 | kind: ExternalSecret 17 | metadata: 18 | name: app-insights-connstring-external-secret 19 | namespace: monitoring 20 | spec: 21 | refreshInterval: 1h 22 | secretStoreRef: 23 | kind: SecretStore 24 | name: otel-azure-kv-store 25 | target: 26 | name: app-insights-connstring 27 | creationPolicy: Owner 28 | data: 29 | - secretKey: connectionString # key inside the k8s Secret 30 | remoteRef: 31 | key: connectionString 32 | -------------------------------------------------------------------------------- /infrastructure/images/azure-devops-agent/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04@sha256:c35e29c9450151419d9448b0fd75374fec4fff364a27f176fb458d472dfc9e54 2 | RUN DEBIAN_FRONTEND=noninteractive apt-get update && \ 3 | DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ 4 | DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends \ 5 | apt-transport-https \ 6 | apt-utils \ 7 | ca-certificates \ 8 | curl \ 9 | git \ 10 | iputils-ping \ 11 | jq \ 12 | unzip \ 13 | lsb-release \ 14 | software-properties-common && \ 15 | rm -rf /var/lib/apt/lists/* 16 | 17 | RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash 18 | 19 | # Can be 'linux-x64', 'linux-arm64', 'linux-arm', 'rhel.6-x64'. 20 | ENV TARGETARCH=linux-x64 21 | 22 | WORKDIR /azp 23 | 24 | COPY scripts/start.sh . 25 | RUN chmod +x start.sh 26 | 27 | ENTRYPOINT [ "./start.sh" ] 28 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/enhancement.yml: -------------------------------------------------------------------------------- 1 | name: Enhancement ✨ 2 | description: Request a new feature or enhancement 3 | labels: ["kind/feature-request", "status/triage"] 4 | projects: Altinn/117 5 | body: 6 | - type: markdown 7 | attributes: 8 | value: | 9 | Please make sure this feature request hasn't been already submitted by someone by looking through other open/closed issues 10 | 11 | - type: textarea 12 | id: description 13 | attributes: 14 | label: Description 15 | description: Give us a brief description of the feature or enhancement you would like 16 | validations: 17 | required: true 18 | 19 | - type: textarea 20 | id: additional-information 21 | attributes: 22 | label: Additional Information 23 | description: Give us some additional information on the feature request like proposed solutions, links, screenshots, etc. -------------------------------------------------------------------------------- /infrastructure/altinn-auth-test/auth-at22-aks-rg/azure-service-operator.tf: -------------------------------------------------------------------------------- 1 | module "azure_service_operator" { 2 | depends_on = [module.aks, module.infra-resources] 3 | source = "../../modules/azure-service-operator" 4 | prefix = var.team_name 5 | environment = var.environment 6 | azurerm_kubernetes_cluster_oidc_issuer_url = module.aks.aks_oidc_issuer_url 7 | azurerm_kubernetes_cluster_id = module.aks.azurerm_kubernetes_cluster_id 8 | azurerm_kubernetes_workpool_vnet_id = module.aks.aks_workpool_vnet_id 9 | azurerm_subscription_id = var.subscription_id 10 | dis_resource_group_id = module.aks.dis_resource_group_id 11 | flux_release_tag = var.flux_release_tag 12 | } 13 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/certmanager/certificate-metrics.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a metrics certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | labels: 7 | app.kubernetes.io/name: dis-apim-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | name: metrics-certs # this name should match the one appeared in kustomizeconfig.yaml 10 | namespace: system 11 | spec: 12 | dnsNames: 13 | # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize 14 | # replacements in the config/default/kustomization.yaml file. 15 | - SERVICE_NAME.SERVICE_NAMESPACE.svc 16 | - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local 17 | issuerRef: 18 | kind: Issuer 19 | name: selfsigned-issuer 20 | secretName: metrics-server-cert 21 | -------------------------------------------------------------------------------- /infrastructure/adminservices-test/admin-test-aks-rg/azure-service-operator.tf: -------------------------------------------------------------------------------- 1 | module "azure_service_operator" { 2 | depends_on = [module.aks, module.aks_resources] 3 | source = "../../modules/azure-service-operator" 4 | prefix = local.team_name 5 | environment = local.environment 6 | azurerm_kubernetes_cluster_oidc_issuer_url = module.aks.aks_oidc_issuer_url 7 | azurerm_kubernetes_cluster_id = module.aks.azurerm_kubernetes_cluster_id 8 | azurerm_kubernetes_workpool_vnet_id = module.aks.aks_workpool_vnet_id 9 | azurerm_subscription_id = var.subscription_id 10 | dis_resource_group_id = module.aks.dis_resource_group_id 11 | flux_release_tag = var.flux_release_tag 12 | } 13 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting nameReference. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | -------------------------------------------------------------------------------- /infrastructure/altinn-correspondence-test/corr-at22-aks-rg/azure-service-operator.tf: -------------------------------------------------------------------------------- 1 | module "azure_service_operator" { 2 | depends_on = [module.aks, module.infra-resources] 3 | source = "../../modules/azure-service-operator" 4 | prefix = var.team_name 5 | environment = var.environment 6 | azurerm_kubernetes_cluster_oidc_issuer_url = module.aks.aks_oidc_issuer_url 7 | azurerm_kubernetes_cluster_id = module.aks.azurerm_kubernetes_cluster_id 8 | azurerm_kubernetes_workpool_vnet_id = module.aks.aks_workpool_vnet_id 9 | azurerm_subscription_id = var.subscription_id 10 | dis_resource_group_id = module.aks.dis_resource_group_id 11 | flux_release_tag = var.flux_release_tag 12 | } 13 | -------------------------------------------------------------------------------- /flux/altinn-uptime/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: altinn-uptime-manager 5 | namespace: monitoring 6 | labels: 7 | app.kubernetes.io/name: altinn-uptime 8 | app.kubernetes.io/component: rbac 9 | rules: 10 | - apiGroups: ["azmonitoring.coreos.com"] 11 | resources: ["servicemonitors"] 12 | verbs: ["get", "list", "create", "update", "patch", "delete"] 13 | --- 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: RoleBinding 16 | metadata: 17 | name: altinn-uptime-manager-binding 18 | namespace: monitoring 19 | labels: 20 | app.kubernetes.io/name: altinn-uptime 21 | app.kubernetes.io/component: rbac 22 | subjects: 23 | - kind: ServiceAccount 24 | name: altinn-uptime-cronjob 25 | namespace: monitoring 26 | roleRef: 27 | kind: Role 28 | name: altinn-uptime-manager 29 | apiGroup: rbac.authorization.k8s.io 30 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/rbac/api_admin_role.yaml: -------------------------------------------------------------------------------- 1 | # This rule is not used by the project dis-apim-operator itself. 2 | # It is provided to allow the cluster admin to help manage permissions for users. 3 | # 4 | # Grants full permissions ('*') over apim.dis.altinn.cloud. 5 | # This role is intended for users authorized to modify roles and bindings within the cluster, 6 | # enabling them to delegate specific permissions to other users or groups as needed. 7 | 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: ClusterRole 10 | metadata: 11 | labels: 12 | app.kubernetes.io/name: dis-apim-operator 13 | app.kubernetes.io/managed-by: kustomize 14 | name: api-admin-role 15 | rules: 16 | - apiGroups: 17 | - apim.dis.altinn.cloud 18 | resources: 19 | - apis 20 | verbs: 21 | - '*' 22 | - apiGroups: 23 | - apim.dis.altinn.cloud 24 | resources: 25 | - apis/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /services/lakmus/manifests/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "alwaysStrict": true, 4 | "charset": "utf8", 5 | "declaration": true, 6 | "experimentalDecorators": true, 7 | "inlineSourceMap": true, 8 | "inlineSources": true, 9 | "lib": [ 10 | "es2016" 11 | ], 12 | "module": "CommonJS", 13 | "noEmit": false, 14 | "noEmitOnError": true, 15 | "noFallthroughCasesInSwitch": true, 16 | "noImplicitAny": true, 17 | "noImplicitReturns": true, 18 | "noImplicitThis": true, 19 | "noUnusedLocals": true, 20 | "noUnusedParameters": true, 21 | "resolveJsonModule": true, 22 | "strict": true, 23 | "strictNullChecks": true, 24 | "strictPropertyInitialization": true, 25 | "stripInternal": true, 26 | "target": "ES2017" 27 | }, 28 | "include": [ 29 | "**/*.ts" 30 | ], 31 | "exclude": [ 32 | "node_modules" 33 | ] 34 | } 35 | -------------------------------------------------------------------------------- /.github/workflows/altinn-k6-lib-test-pr.yml: -------------------------------------------------------------------------------- 1 | name: Altinn K6 Lib Tests 2 | 3 | on: 4 | push: 5 | branches: [main] 6 | paths: 7 | - .github/workflows/altinn-k6-lib-test-pr.yml 8 | - libs/k6/** 9 | pull_request: 10 | branches: [main] 11 | paths: 12 | - .github/workflows/altinn-k6-lib-test-pr.yml 13 | - libs/k6/** 14 | 15 | permissions: 16 | contents: read 17 | 18 | jobs: 19 | checks: 20 | runs-on: ubuntu-latest 21 | defaults: 22 | run: 23 | working-directory: libs/k6 24 | steps: 25 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 26 | 27 | - name: Use Node.js 28 | uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 29 | with: 30 | node-version: "24.x" 31 | 32 | - name: Dependencies 33 | run: yarn 34 | 35 | - name: Lint Code 36 | run: yarn lint 37 | -------------------------------------------------------------------------------- /infrastructure/adminservices-prod/altinncr/acr.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "acr" { 2 | location = "norwayeast" 3 | name = "acr" 4 | } 5 | resource "azurerm_container_registry" "acr" { 6 | name = var.acrname 7 | resource_group_name = azurerm_resource_group.acr.name 8 | location = azurerm_resource_group.acr.location 9 | sku = "Standard" 10 | } 11 | 12 | resource "azurerm_container_registry_cache_rule" "cache_rule" { 13 | for_each = { for rule in var.cache_rules : rule.name => rule } 14 | name = each.value.name 15 | container_registry_id = azurerm_container_registry.acr.id 16 | target_repo = each.value.target_repo 17 | source_repo = each.value.source_repo 18 | credential_set_id = each.value.credential_set_id != null ? "${azurerm_container_registry.acr.id}${each.value.credential_set_id}" : null 19 | } 20 | -------------------------------------------------------------------------------- /actions/generate-k6-manifests/cmd/expected_generated_files/v2/expanded-configfile.yaml: -------------------------------------------------------------------------------- 1 | namespace: platform 2 | test_definitions: 3 | - test_scope: k8s-wrapper 4 | test_file: actions/generate-k6-manifests/test_service/k8s_wrapper/get_deployments.js 5 | config_file: actions/generate-k6-manifests/test_service/test_configs/default.json 6 | env_file: "" 7 | contexts: 8 | - environment: at22 9 | node_type: default 10 | test_type: 11 | type: functional 12 | enabled: true 13 | config_file: "" 14 | test_run: 15 | name: get-deployments 16 | id: at22-get-deployments 17 | parallelism: 1 18 | resources: 19 | requests: 20 | memory: 200Mi 21 | cpu: 250m 22 | env: [] 23 | secrets: 24 | - token-generator-creds 25 | -------------------------------------------------------------------------------- /services/dis-apim-operator/config/rbac/backend_admin_role.yaml: -------------------------------------------------------------------------------- 1 | # This rule is not used by the project dis-apim-operator itself. 2 | # It is provided to allow the cluster admin to help manage permissions for users. 3 | # 4 | # Grants full permissions ('*') over apim.dis.altinn.cloud. 5 | # This role is intended for users authorized to modify roles and bindings within the cluster, 6 | # enabling them to delegate specific permissions to other users or groups as needed. 7 | 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: ClusterRole 10 | metadata: 11 | labels: 12 | app.kubernetes.io/name: dis-apim-operator 13 | app.kubernetes.io/managed-by: kustomize 14 | name: backend-admin-role 15 | rules: 16 | - apiGroups: 17 | - apim.dis.altinn.cloud 18 | resources: 19 | - backends 20 | verbs: 21 | - '*' 22 | - apiGroups: 23 | - apim.dis.altinn.cloud 24 | resources: 25 | - backends/status 26 | verbs: 27 | - get 28 | --------------------------------------------------------------------------------