EY-4245: Skriv proxyen over til å basere seg på distroless-baseimage (#…

…305) * EY-4245: Flyttar innlesing av filer over i rein kode * Tar bort innlesing til miljøvariablar no som det ikkje trengs lenger * Dockerfile for proxyen som baserer seg på distroless * Revert "Dockerfile for proxyen som baserer seg på distroless" This reverts commit 2edc4c7. * Reapply "Dockerfile for proxyen som baserer seg på distroless" This reverts commit 7aec705.
navikt · Aug 5, 2024 · b7ee2ca · b7ee2ca
1 parent 96819bb
commit b7ee2ca
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 25 deletions.
diff --git a/apps/etterlatte-proxy/Dockerfile b/apps/etterlatte-proxy/Dockerfile
@@ -1,5 +1,8 @@
-FROM ghcr.io/navikt/baseimages/temurin:21
-
-COPY import-vault-token.sh /init-scripts
+FROM gcr.io/distroless/java21
+ENV TZ="Europe/Oslo"
+ENV JDK_JAVA_OPTIONS="-Dhttp.proxyHost=webproxy.nais -Dhttps.proxyHost=webproxy.nais -Dhttp.proxyPort=8088 -Dhttps.proxyPort=8088 -Dhttp.nonProxyHosts=localhost|127.0.0.1|10.254.0.1|*.local|*.adeo.no|*.nav.no|*.aetat.no|*.devillo.no|*.oera.no|*.nais.io|*.aivencloud.com|*.intern.dev.nav.no"
+WORKDIR /app
 COPY build/libs/*.jar ./
-
+EXPOSE 8080
+USER nonroot
+CMD ["app.jar"]
diff --git a/apps/etterlatte-proxy/import-vault-token.sh b/apps/etterlatte-proxy/import-vault-token.sh
diff --git a/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt b/apps/etterlatte-proxy/src/main/kotlin/config/Config.kt
@@ -5,6 +5,9 @@ import io.ktor.client.call.body
 import io.ktor.client.request.get
 import io.ktor.server.config.ApplicationConfig
 import no.nav.etterlatte.routes.httpClientWithProxy
+import java.nio.file.Files
+import java.nio.file.Paths
+import kotlin.io.path.exists
 
 data class Config(
     val sts: Sts,
@@ -44,13 +47,24 @@ suspend fun ApplicationConfig.load() =
                 soapUrl = property("sts.soapUrl").getString(),
                 serviceuser =
                     Config.Sts.ServiceUser(
-                        name = property("serviceuser.name").getString(),
-                        password = property("serviceuser.password").getString()
+                        name = name(),
+                        password = password()
                     )
             ),
         aad =
             Config.AAD(
                 metadata = httpClientWithProxy().use { it.get(property("aad.wellKnownUrl").getString()).body() },
                 clientId = property("aad.clientId").getString()
             )
-    )
+    )
+
+private fun name() =
+    Paths.get("/secrets/srvetterlatte/username")
+        .takeIf { it.exists() }
+        ?.let { Files.readString(it) }
+        ?: "srvetterlatte"
+
+private fun password() = Paths.get("/secrets/srvetterlatte/password")
+    .takeIf { it.exists() }
+    ?.let { Files.readString(it) }
+    ?: "srv-password"
diff --git a/apps/etterlatte-proxy/src/main/resources/application.conf b/apps/etterlatte-proxy/src/main/resources/application.conf
@@ -22,13 +22,6 @@ simuleringOppdrag {
     url = ${?SIMULERING_OPPDRAG_URL}
 }
 
-serviceuser {
-    name = "srvetterlatte"
-    password = "srv-password"
-    name = ${?SERVICEUSER_USERNAME}
-    password = ${?SERVICEUSER_PASSWORD}
-}
-
 aad {
     wellKnownUrl = "https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b/v2.0/.well-known/openid-configuration"
     wellKnownUrl = ${?AZURE_APP_WELL_KNOWN_URL}