Skip to content

Commit

Permalink
Merge pull request #118 from ministryofjustice/TM-127-alfresco-setup-…
Browse files Browse the repository at this point in the history
…prod-namespace

TM-127 alfresco prod ns setup
  • Loading branch information
pbasumatary authored Dec 5, 2024
2 parents b8ddccf + e7fb802 commit 0fe6c36
Show file tree
Hide file tree
Showing 6 changed files with 178 additions and 0 deletions.
43 changes: 43 additions & 0 deletions kustomize/prod/allowlist.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
- "3.10.104.193" # legacy delius-stage-az1-nat-gateway
- "3.11.26.150" # legacy delius-stage-az2-nat-gateway
- "18.130.189.137" # legacy delius-stage-az3-nat-gateway
- "35.178.209.113" # Cloud Platform live-1-eu-west-2a
- "3.8.51.207" # Cloud Platform live-1-eu-west-2c
- "35.177.252.54" # Cloud Platform live-1-eu-west-2b
- "35.176.93.186/32" # MoJ GlobalProtect
- "35.177.125.252/32" # MoJ VPN Gateway Proxies
- "35.177.137.160/32" # MoJ VPN Gateway Proxies
- "81.134.202.29/32" # MoJ VPN
- "51.149.250.0/24" # PTTP / MoJO Production Account BYOIP CIDR range
- "51.149.251.0/24" # PTTP / MoJO Production Account BYOIP CIDR range - PreProd
- "213.121.161.112/28" # 102 Petty France WiFi
- "217.33.148.210/32" # Digital studio
- "13.43.9.198/32" # MP non_live_data-public-eu-west-2a-nat
- "13.42.163.245/32" # MP non_live_data-public-eu-west-2b-nat
- "18.132.208.127/32" # MP non_live_data-public-eu-west-2c-nat
- "51.149.249.0/29" # ARK Corsham Internet Egress Exponential-E
- "51.149.249.32/29" # ARK Corsham Internet Egress Exponential-E
- "194.33.192.0/25" # ARK internet (DOM1)
- "194.33.193.0/25" # ARK internet (DOM1)
- "194.33.196.0/25" # ARK internet (DOM1)
- "194.33.197.0/25" # ARK internet (DOM1)
- "195.59.75.0/24" # ARK internet (DOM1)
- "194.33.248.0/29" # ARK Corsham Internet Egress Vodafone
- "194.33.249.0/29" # ARK Corsham Internet Egress Vodafone
- "62.25.106.209/32" # OMNI
- "195.92.40.49/32" # OMNI
- "62.25.109.197/32" # Quantum
- "195.92.38.16/28" # Quantum
- "212.137.36.230/32" # Quantum
- "78.33.10.50/31" # Unilink AOVPN
- "78.33.10.52/30" # Unilink AOVPN
- "78.33.10.56/30" # Unilink AOVPN
- "78.33.10.60/32" # Unilink AOVPN
- "78.33.32.99/32" # Unilink AOVPN
- "78.33.32.100/30" # Unilink AOVPN
- "78.33.32.104/30" # Unilink AOVPN
- "78.33.32.108/32" # Unilink AOVPN
- "83.98.63.176/29" # Unilink AOVPN
- "194.75.210.216/29" # Unilink AOVPN
- "217.138.45.109/32" # Unilink AOVPN
- "217.138.45.110/32" # Unilink AOVPN
10 changes: 10 additions & 0 deletions kustomize/prod/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../base

patches:
- path: patch-ingress-repository.yaml
- path: patch-ingress-share.yaml
- path: patch-filestore-pvc.yaml
8 changes: 8 additions & 0 deletions kustomize/prod/patch-filestore-pvc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: filestore-default-pvc
spec:
resources:
requests:
storage: 4000Gi
29 changes: 29 additions & 0 deletions kustomize/prod/patch-ingress-repository.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: alfresco-content-services-alfresco-cs-repository
annotations:
external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-prod-green
nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder"
spec:
rules:
- host: hmpps-delius-alfresco-prod.apps.live.cloud-platform.service.justice.gov.uk
http:
paths:
- backend:
service:
name: alfresco-content-services-alfresco-cs-repository
port:
number: 80
path: /
pathType: Prefix
- backend:
service:
name: alfresco-content-services-alfresco-cs-repository
port:
number: 80
path: /api-explorer
pathType: Prefix
tls:
- hosts:
- hmpps-delius-alfresco-prod.apps.live.cloud-platform.service.justice.gov.uk
30 changes: 30 additions & 0 deletions kustomize/prod/patch-ingress-share.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: alfresco-content-services-alfresco-cs-share
annotations:
external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-prod-green
nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder"
spec:
rules:
- host: share.hmpps-delius-alfresco-prod.apps.live.cloud-platform.service.justice.gov.uk
http:
paths:
- backend:
service:
name: alfresco-content-services-alfresco-cs-share
port:
number: 80
path: /
pathType: Prefix
- backend:
service:
name: alfresco-content-services-alfresco-cs-share
port:
number: 80
path: /share/page/
pathType: Prefix
tls:
- hosts:
- share.hmpps-delius-alfresco-prod.apps.live.cloud-platform.service.justice.gov.uk
secretName: share-ingress-cert
58 changes: 58 additions & 0 deletions kustomize/prod/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# this file overrides values defined in ./values.yaml
repository:
# -- The startup probe to cover the worse case startup time for slow clusters
# startupProbe:
# periodSeconds: 30
# failureThreshold: 40
# readinessProbe:
# initialDelaySeconds: 60
# periodSeconds: 30
# timeoutSeconds: 15
# failureThreshold: 40 # Increased from 6 to 12
# livenessProbe:
# initialDelaySeconds: 260 # Increased from 130 to 260
# periodSeconds: 20
# timeoutSeconds: 15
# failureThreshold: 40
replicaCount: 10
image:
tag: release_7.3.2_elasticsearch-r5.0.2-content-latest
resources: # requests and limits set closer together to ensure CP stability
requests:
cpu: 1
memory: 6Gi
limits:
cpu: 4
memory: 10Gi
persistence:
baseSize: 100Gi
share:
replicaCount: 1
image:
tag: release_7.3.2_elasticsearch-r5.0.2-share-latest
externalHost: hmpps-delius-alfresco-prod.apps.live.cloud-platform.service.justice.gov.uk
externalProtocol: https
externalPort: 443
tika:
replicaCount: 8
resources:
limits:
cpu: 2
memory: 4Gi
transformrouter:
replicaCount: 12
resources:
requests:
cpu: "0.75"
memory: "300Mi"
limits:
cpu: "2"
memory: "756Mi"
alfresco-search-enterprise:
liveIndexing:
content:
replicaCount: 8
mediation:
replicaCount: 4
metadata:
replicaCount: 4

0 comments on commit 0fe6c36

Please sign in to comment.