From 13c0776031c921522fd8d0234f4f355800399dc2 Mon Sep 17 00:00:00 2001
From: George Taylor <george.taylor@digital.justice.gov.uk>
Date: Fri, 30 Aug 2024 16:03:02 +0100
Subject: [PATCH] :tada: add stage environment

---
 jobs/migrate-s3/templates/job.yaml            |  4 +-
 kustomize/stage/allowlist.yaml                | 43 +++++++++++++++++++
 kustomize/stage/kustomization.yaml            |  9 ++++
 kustomize/stage/patch-ingress-repository.yaml | 29 +++++++++++++
 kustomize/stage/patch-ingress-share.yaml      | 30 +++++++++++++
 kustomize/stage/values.yaml                   | 27 ++++++++++++
 6 files changed, 140 insertions(+), 2 deletions(-)
 create mode 100644 kustomize/stage/allowlist.yaml
 create mode 100644 kustomize/stage/kustomization.yaml
 create mode 100644 kustomize/stage/patch-ingress-repository.yaml
 create mode 100644 kustomize/stage/patch-ingress-share.yaml
 create mode 100644 kustomize/stage/values.yaml

diff --git a/jobs/migrate-s3/templates/job.yaml b/jobs/migrate-s3/templates/job.yaml
index ea093db..a736c34 100644
--- a/jobs/migrate-s3/templates/job.yaml
+++ b/jobs/migrate-s3/templates/job.yaml
@@ -29,8 +29,8 @@ spec:
         imagePullPolicy: IfNotPresent
         resources:
           limits:
-            cpu: 1
-            memory: 1Gi
+            cpu: 2
+            memory: 4Gi
         command:
         - /bin/entrypoint.sh
         env:
diff --git a/kustomize/stage/allowlist.yaml b/kustomize/stage/allowlist.yaml
new file mode 100644
index 0000000..37bccee
--- /dev/null
+++ b/kustomize/stage/allowlist.yaml
@@ -0,0 +1,43 @@
+- "3.10.104.193" # legacy delius-stage-az1-nat-gateway
+- "3.11.26.150" # legacy delius-stage-az2-nat-gateway
+- "18.130.189.137" # legacy delius-stage-az3-nat-gateway
+- "35.178.209.113" # Cloud Platform live-1-eu-west-2a
+- "3.8.51.207" # Cloud Platform live-1-eu-west-2c
+- "35.177.252.54" # Cloud Platform live-1-eu-west-2b
+- "35.176.93.186/32" # MoJ GlobalProtect
+- "35.177.125.252/32" # MoJ VPN Gateway Proxies
+- "35.177.137.160/32" # MoJ VPN Gateway Proxies
+- "81.134.202.29/32" # MoJ VPN
+- "51.149.250.0/24" # PTTP / MoJO Production Account BYOIP CIDR range
+- "51.149.251.0/24" # PTTP / MoJO Production Account BYOIP CIDR range - PreProd
+- "213.121.161.112/28" # 102 Petty France WiFi
+- "217.33.148.210/32" # Digital studio
+- "13.43.9.198/32" # MP non_live_data-public-eu-west-2a-nat
+- "13.42.163.245/32" # MP non_live_data-public-eu-west-2b-nat
+- "18.132.208.127/32" # MP non_live_data-public-eu-west-2c-nat
+- "51.149.249.0/29" # ARK Corsham Internet Egress Exponential-E
+- "51.149.249.32/29" # ARK Corsham Internet Egress Exponential-E
+- "194.33.192.0/25" # ARK internet (DOM1)
+- "194.33.193.0/25" # ARK internet (DOM1)
+- "194.33.196.0/25" # ARK internet (DOM1)
+- "194.33.197.0/25" # ARK internet (DOM1)
+- "195.59.75.0/24" # ARK internet (DOM1)
+- "194.33.248.0/29" # ARK Corsham Internet Egress Vodafone
+- "194.33.249.0/29" # ARK Corsham Internet Egress Vodafone
+- "62.25.106.209/32" # OMNI
+- "195.92.40.49/32" # OMNI
+- "62.25.109.197/32" # Quantum
+- "195.92.38.16/28" # Quantum
+- "212.137.36.230/32" # Quantum
+- "78.33.10.50/31" # Unilink AOVPN
+- "78.33.10.52/30" # Unilink AOVPN
+- "78.33.10.56/30" # Unilink AOVPN
+- "78.33.10.60/32" # Unilink AOVPN
+- "78.33.32.99/32" # Unilink AOVPN
+- "78.33.32.100/30" # Unilink AOVPN
+- "78.33.32.104/30" # Unilink AOVPN
+- "78.33.32.108/32" # Unilink AOVPN
+- "83.98.63.176/29" # Unilink AOVPN
+- "194.75.210.216/29" # Unilink AOVPN
+- "217.138.45.109/32" # Unilink AOVPN
+- "217.138.45.110/32" # Unilink AOVPN
diff --git a/kustomize/stage/kustomization.yaml b/kustomize/stage/kustomization.yaml
new file mode 100644
index 0000000..eaf31f0
--- /dev/null
+++ b/kustomize/stage/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../base
+
+patches:
+  - path: patch-ingress-repository.yaml
+  - path: patch-ingress-share.yaml
diff --git a/kustomize/stage/patch-ingress-repository.yaml b/kustomize/stage/patch-ingress-repository.yaml
new file mode 100644
index 0000000..8af3ed6
--- /dev/null
+++ b/kustomize/stage/patch-ingress-repository.yaml
@@ -0,0 +1,29 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: alfresco-content-services-alfresco-cs-repository
+  annotations:
+    external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-test-green
+    nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder"
+spec:
+  rules:
+    - host: hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk
+      http:
+        paths:
+          - backend:
+              service:
+                name: alfresco-content-services-alfresco-cs-repository
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix
+          - backend:
+              service:
+                name: alfresco-content-services-alfresco-cs-repository
+                port:
+                  number: 80
+            path: /api-explorer
+            pathType: Prefix
+  tls:
+    - hosts:
+        - hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk
diff --git a/kustomize/stage/patch-ingress-share.yaml b/kustomize/stage/patch-ingress-share.yaml
new file mode 100644
index 0000000..7d36bd7
--- /dev/null
+++ b/kustomize/stage/patch-ingress-share.yaml
@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: alfresco-content-services-alfresco-cs-share
+  annotations:
+    external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-test-green
+    nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder"
+spec:
+  rules:
+    - host: share.hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk
+      http:
+        paths:
+          - backend:
+              service:
+                name: alfresco-content-services-alfresco-cs-share
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix
+          - backend:
+              service:
+                name: alfresco-content-services-alfresco-cs-share
+                port:
+                  number: 80
+            path: /share/page/
+            pathType: Prefix
+  tls:
+    - hosts:
+        - share.hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk
+      secretName: share-ingress-cert
diff --git a/kustomize/stage/values.yaml b/kustomize/stage/values.yaml
new file mode 100644
index 0000000..7be3f95
--- /dev/null
+++ b/kustomize/stage/values.yaml
@@ -0,0 +1,27 @@
+# this file overrides values defined in ./values.yaml
+repository:
+  replicaCount: 2
+  image:
+    tag: release_7.3.2_elasticsearch-r5.0.2-content-latest
+  resources: # requests and limits set closer together to ensure CP stability
+    requests:
+      cpu: 4
+      memory: 16Gi
+    limits:
+      cpu: 6
+      memory: 24Gi
+  persistence:
+    baseSize: 100Gi
+share:
+  replicaCount: 1
+  image:
+    tag: release_7.3.2_elasticsearch-r5.0.2-share-latest
+externalHost: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk
+externalProtocol: https
+externalPort: 443
+tika:
+  replicaCount: 2
+  resources:
+    limits:
+      cpu: 2
+      memory: 2Gi