-
Notifications
You must be signed in to change notification settings - Fork 11
/
app-config.yaml
406 lines (375 loc) · 13.1 KB
/
app-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
app:
title: Kartverket.dev
baseUrl: http://localhost:3000
support:
url: https://skip.kartverket.no # Used by common ErrorPage
items: # Used by common SupportButton component
- title: Documentation
icon: article
links:
- url: https://skip.kartverket.no/docs
title: SKIPDOK
- title: Slack Channel
icon: chat
links:
- url: https://kartverketgroup.slack.com/archives/C028ZEED280
title: '#gen-skip'
- title: RISC Feedback Channel
icon: chat
links:
- url: https://kartverketgroup.slack.com/archives/C075KCPTURY
title: '#kodenær-ros-tilbakemelding'
- title: RISC Documentation
icon: article
links:
- url: https://kartverket.atlassian.net/wiki/spaces/SIK/pages/1176142023/Koden+r+RoS
title: Confluence - RISC
- title: Security Metrics Feedback Channel
icon: chat
links:
- url: https://kartverketgroup.slack.com/archives/C07RNB2LPUZ
title: '#sikkerhetsmetrikker-tilbakemelding'
organization:
name: Kartverket
backend:
# Used for enabling authentication, secret is shared by all backend plugins
# See https://backstage.io/docs/auth/service-to-service-auth for
# information on the format
# auth:
# keys:
# - secret: ${BACKEND_SECRET}
baseUrl: http://localhost:7007
listen:
port: 7007
# Uncomment the following host directive to bind to specific interfaces
# host: 127.0.0.1
csp:
connect-src: ["'self'", 'http:', 'https:']
img-src: ["'self'", 'data:', 'imgs.xkcd.com']
frame-src:
[
'sandbox.kartverket.dev',
'kartverket.dev',
'fedifeed.com',
'monitoring.kartverket.cloud',
]
# unsafe-eval is required by backstage
# unsafe-inline is required by the lighthouse iframe
script-src:
[
"'self'",
'sandbox.kartverket.dev',
'skip.instatus.com',
"'unsafe-eval'",
"'unsafe-inline'",
]
# Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
# Default Helmet Content-Security-Policy values can be removed by setting the key to false
cors:
origin: http://localhost:3000
methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
credentials: true
# This is for local development only, it is not recommended to use this in production
# The production database configuration is stored in app-config.production.yaml
database:
client: better-sqlite3
connection: ':memory:'
# workingDirectory: /tmp # Use this to configure a working directory for the scaffolder, defaults to the OS temp-dir
integrations:
github:
- host: github.com
# This is a Personal Access Token or PAT from GitHub. You can find out how to generate this token, and more information
# about setting up the GitHub integration here: https://backstage.io/docs/getting-started/configuration#setting-up-a-github-integration
token: ${GITHUB_TOKEN}
permission:
enabled: false
### Add a proxy endpoint for the frontend.
### A typical reason to do this is to handle HTTPS and CORS for internal services.
proxy:
endpoints:
'/xkcd-proxy':
target: https://xkcd.com/
'/opencost':
# Uses cluster-local service in a kubernetes environment
target: https://opencost.dev.skip.statkart.no
'/lighthouse':
target: http://lighthouse-audit-service.lighthouse-audit-service.svc.cluster.local:3003
'/grafana/api':
# May be a public or an internal DNS
target: https://monitoring.kartverket.cloud
headers:
Authorization: Bearer ${GRAFANA_TOKEN}
'/risc-proxy':
target: http://localhost:8080
allowedHeaders: ['Authorization', 'GCP-Access-Token', 'GitHub-Access-Token']
'/opencost-cacher':
target: http://localhost:8080
credentials: forward
changeOrigin: true
lighthouse:
baseUrl: http://localhost:7007/api/proxy/lighthouse
auth:
providers:
google:
development:
clientId: ${GOOGLE_OAUTH_CLIENT_ID}
clientSecret: ${GOOGLE_OAUTH_CLIENT_SECRET}
kubernetes:
serviceLocatorMethod:
type: 'multiTenant'
clusterLocatorMethods:
- type: 'config'
clusters:
- url: https://10.13.2.133
name: atkv1-sandbox
authProvider: 'serviceAccount'
#dashboardUrl: http://127.0.0.1:64713 # url copied from running the command: minikube service kubernetes-dashboard -n kubernetes-dashboard
#dashboardApp: standard
#customResources:
# - group: 'argoproj.io'
# apiVersion: 'v1alpha1'
# plural: 'rollouts'
- url: https://34.88.245.88
name: atgcp1-sandbox
authProvider: 'serviceAccount'
skipTLSVerify: true # TODO Fix me
serviceAccountToken: ${ATGCP1_SANDBOX_SERVICE_ACCOUNT_TOKEN}
caData: ${ATGCP1_SANDBOX_CA_DATA}
scaffolder:
defaultAuthor:
name: 'Backstage'
email: 'martin.nygard@kartverket.no'
defaultCommitMessage: 'Test'
catalog:
orphanStrategy: delete
rules:
- allow: [Component, Group, User, Resource, Location, System, API, Domain]
providers:
github:
providerId:
organization: 'Kartverket'
catalogPath: '/catalog-info.yaml' # string
validateLocationsExist: true
filters:
repository: '.*' # Regex
schedule: # same options as in TaskScheduleDefinition
# supports cron, ISO duration, "human duration" as used in code
frequency: { minutes: 30 }
# supports ISO duration, "human duration" as used in code
timeout: { minutes: 3 }
techdocs:
builder: local
grafana:
# Publicly accessible domain
domain: https://monitoring.kartverket.cloud
# Is unified alerting enabled in Grafana?
# See: https://grafana.com/blog/2021/06/14/the-new-unified-alerting-system-for-grafana-everything-you-need-to-know/
# Optional. Default: false
unifiedAlerting: true
home:
recentVisits:
filterBy:
- field: pathname
operator: '!='
value: /
- field: pathname
operator: '!='
value: /catalog
- field: pathname
operator: '!='
value: /settings
- field: pathname
operator: '!='
value: /api-docs
- field: pathname
operator: '!='
value: /explore
- field: pathname
operator: '!='
value: /docs
- field: pathname
operator: '!='
value: /tech-radar
- field: pathname
operator: '!='
value: /search
- field: pathname
operator: '!='
value: /create
topVisits:
filterBy:
- field: pathname
operator: '!='
value: /
- field: pathname
operator: '!='
value: /catalog
- field: pathname
operator: '!='
value: /settings
- field: pathname
operator: '!='
value: /api-docs
- field: pathname
operator: '!='
value: /explore
- field: pathname
operator: '!='
value: /docs
- field: pathname
operator: '!='
value: /tech-radar
- field: pathname
operator: '!='
value: /search
- field: pathname
operator: '!='
value: /create
explore:
tools:
- title: Google Cloud
description: |
Google Cloud Platform lets you build, deploy, and scale applications,
websites, and services on the same infrastructure as Google. GCP provides
a suite of cloud computing services like compute, storage, networking,
databases, and machine learning.
url: https://console.cloud.google.com
image: /img/google-cloud.svg
tags:
- google-cloud
- title: Grafana – monitoring.kartverket.cloud
description: Query, visualize, alert on, and understand your data no matter where it's stored. With Grafana you can create, explore, and share all of your data through beautiful, flexible dashboards.
url: https://monitoring.kartverket.cloud
image: /img/grafana.png
tags:
- observability
- title: Argo CD dev
description: Declarative continuous delivery with a fully-loaded UI
url: https://argo-dev.kartverket.dev/
image: /img/argocd.png
tags:
- gitops
- deployment
- kubernetes
- title: Argo CD production
description: Declarative continuous delivery with a fully-loaded UI
url: https://argo-prod.kartverket.dev/
image: /img/argocd.png
tags:
- gitops
- deployment
- kubernetes
- title: Just-In-Time Access
description: Grants you access to Google Cloud projects for a limited time
url: https://jit.skip.kartverket.no/
image: /img/jit.png
tags:
- google-cloud
- security
- title: Google Secret Manager
description: |
Google Secret Manager is a secure and convenient storage system for
API keys, passwords, certificates, and other sensitive data. Secret
Manager provides a central place and single source of truth to manage,
access, and audit secrets across Google Cloud.
url: https://kartverket.atlassian.net/wiki/spaces/SKIPDOK/pages/433455199
image: /img/gsm.webp
tags:
- google-cloud
- security
- secrets
- title: Scality S3 Admin
description: |
Scality S3 is a highly scalable, durable, and available S3-compatible
object storage service that can be used to store and retrieve any amount
of data, at any time, from anywhere.
url: https://s3-rin.statkart.no/_/console/login
image: /img/s3.jpeg
tags:
- storage
- title: Scality S3 Browser
description: |
Scality S3 is a highly scalable, durable, and available S3-compatible
object storage service that can be used to store and retrieve any amount
of data, at any time, from anywhere.
url: https://s3-rin.statkart.no/_/s3browser/connect
image: /img/s3.jpeg
tags:
- storage
- title: GitHub
description: |
GitHub is a Git repository hosting service which adds many additional
features. Storing code on GitHub is the main use for GitHub which has a powerful
graphical interface. It also provides builds, bug tracking, change requests,
collaboration features, such as a wikis and basic task management tools.
url: https://github.com/kartverket
image: /img/github.png
tags:
- git
- collaboration
- title: Skiperator
description: |
Skiperator is an operator intended to make the setup of applications
simple from the users' point of view. When using the operator an
application developer can set up all associated resources for an optimal
deployment using a simple custom resource called Application.
url: https://github.com/kartverket/skiperator
image: /skip.png
tags:
- kubernetes
- deployment
- title: Sysdig
description: |
Sysdig is a unified platform for container and microservices monitoring,
troubleshooting, security and forensics. Sysdig platform has been built
on top of Sysdig open source technologies, such as Falco, Sysdig, and
Sysdig Inspect.
url: https://eu1.app.sysdig.com/secure
image: /img/sysdig.webp
tags:
- security
- title: ArgoKit
description: |
ArgoKit is a toolkit for Argo CD. It contains a set of tools that
makes it easier to work with Argo CD.
url: https://github.com/kartverket/argokit
image: /img/argokit.png
tags:
- gitops
- deployment
- title: Pharos
description: |
A GitHub action for running different Security Scans, that should be run before deploying to SKIP.
Currently the action contains two scans, TFSec and Trivy. To use Trivy, an image must be provided as an input.
url: https://github.com/kartverket/pharos
image: /img/pharos.png
tags:
- security
- deployment
- title: Nacho SKIP
description: |
A composite GitHub Action for authenticating with GCP@Kartverket using Workload Identity Federation using cosign for image signing and verification.
As of the current version cosign is used only to sign and verify an image, but in the future there will hopefully be ways of attesting and attaching SBOMs to the image using the SLSA framework.
url: https://github.com/kartverket/nacho-skip
image: /img/nachoskip.png
lifecycle: Experimental
tags:
- deployment
- google-cloud
- title: GitHub Workflows
description: |
Shared reusable workflows for GitHub Actions.
url: https://github.com/kartverket/github-workflows
image: /skip.png
lifecycle: Sunsetting
tags:
- deployment
- title: Tailscale
description: |
Tailscale is a zero config VPN for building secure networks. Remote
access from any network or physical location.
url: https://tailscale.com/
image: /img/tailscale.svg
lifecycle: Closed Beta
tags:
- security