diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 85671a4..7e9a02e 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -13,3 +13,4 @@ patches: - path: patch-live-content-indexing.yaml - path: patch-live-mediation-indexing.yaml - path: patch-shared-filestore.yaml + - path: patch-router.yaml diff --git a/kustomize/base/patch-live-content-indexing.yaml b/kustomize/base/patch-live-content-indexing.yaml index 8a1b184..8d24aa9 100644 --- a/kustomize/base/patch-live-content-indexing.yaml +++ b/kustomize/base/patch-live-content-indexing.yaml @@ -11,9 +11,13 @@ spec: - name: SPRING_ACTIVEMQ_POOL_ENABLED value: "true" - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS - value: "100" + value: "200" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" # 30 seconds idle timeout + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" # 60 seconds expiry timeout - name: JAVA_OPTS value: "-Dspring.activemq.packages.trustAll=true" - - name: INPUT_ALFRESCO_CONTENT_BATCH_EVENT_CHANNEL - value: sjms-batch:content.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 + # - name: INPUT_ALFRESCO_CONTENT_BATCH_EVENT_CHANNEL + # value: sjms-batch:contentstore.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 diff --git a/kustomize/base/patch-live-mediation-indexing.yaml b/kustomize/base/patch-live-mediation-indexing.yaml index 3ef4325..4dd4cd3 100644 --- a/kustomize/base/patch-live-mediation-indexing.yaml +++ b/kustomize/base/patch-live-mediation-indexing.yaml @@ -12,7 +12,11 @@ spec: value: "true" - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" # 30 seconds idle timeout + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" # 60 seconds expiry timeout - name: JAVA_OPTS value: "-Dspring.activemq.packages.trustAll=true" - - name: INPUT_ALFRESCO_MEDIATION_BATCH_EVENT_CHANNEL - value: sjms-batch:mediation.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 + # - name: INPUT_ALFRESCO_MEDIATION_BATCH_EVENT_CHANNEL + # value: sjms-batch:mediation.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 diff --git a/kustomize/base/patch-live-metadata-indexing.yaml b/kustomize/base/patch-live-metadata-indexing.yaml index 679eb12..3d93309 100644 --- a/kustomize/base/patch-live-metadata-indexing.yaml +++ b/kustomize/base/patch-live-metadata-indexing.yaml @@ -12,7 +12,11 @@ spec: value: "true" - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" # 30 seconds idle timeout + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" # 60 seconds expiry timeout - name: JAVA_OPTS value: "-Dspring.activemq.packages.trustAll=true" - - name: INPUT_ALFRESCO_METADATA_BATCH_EVENT_CHANNEL - value: sjms-batch:metadata.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 + # - name: INPUT_ALFRESCO_METADATA_BATCH_EVENT_CHANNEL + # value: sjms-batch:metadata.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 diff --git a/kustomize/base/patch-live-path-indexing.yaml b/kustomize/base/patch-live-path-indexing.yaml index 5a18e4b..14baae9 100644 --- a/kustomize/base/patch-live-path-indexing.yaml +++ b/kustomize/base/patch-live-path-indexing.yaml @@ -8,11 +8,15 @@ spec: containers: - name: alfresco-search-enterprise-path env: - - name: SPRING_ACTIVEMQ_POOL_ENABLED - value: "true" - - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS - value: "100" + # - name: SPRING_ACTIVEMQ_POOL_ENABLED + # value: "true" + # - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + # value: "100" + # - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + # value: "30000" # 30 seconds idle timeout + # - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + # value: "60000" # 60 seconds expiry timeout - name: JAVA_OPTS value: "-Dspring.activemq.packages.trustAll=true" - - name: INPUT_ALFRESCO_PATH_BATCH_EVENT_CHANNEL - value: sjms-batch:path.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 + # - name: INPUT_ALFRESCO_PATH_BATCH_EVENT_CHANNEL + # value: sjms-batch:path.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 diff --git a/kustomize/base/patch-router.yaml b/kustomize/base/patch-router.yaml new file mode 100644 index 0000000..f904722 --- /dev/null +++ b/kustomize/base/patch-router.yaml @@ -0,0 +1,18 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-router +spec: + template: + spec: + containers: + - name: alfresco-content-services + env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" # 30 seconds idle timeout + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" # 60 seconds expiry timeout diff --git a/kustomize/base/patch-shared-filestore.yaml b/kustomize/base/patch-shared-filestore.yaml index c2a096c..1774421 100644 --- a/kustomize/base/patch-shared-filestore.yaml +++ b/kustomize/base/patch-shared-filestore.yaml @@ -3,13 +3,18 @@ kind: Deployment metadata: name: alfresco-content-services-alfresco-filestore spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 0 # No new pods are created above the desired replica count + maxUnavailable: 1 # Allow the old pod to be terminated before the new one starts template: spec: containers: - name: alfresco-content-services env: - name: scheduler.content.age.millis - value: "3600000" + value: "518400000" # 6 days - name: scheduler.cleanup.interval - value: "1800000" + value: "259200000" # 3 days diff --git a/kustomize/poc/patch-ingress-repository.yaml b/kustomize/poc/patch-ingress-repository.yaml index 5c5ca2a..6000935 100644 --- a/kustomize/poc/patch-ingress-repository.yaml +++ b/kustomize/poc/patch-ingress-repository.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-cs-repository annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfrsco-poc-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + nginx.ingress.kubernetes.io/whitelist-source-range: "35.176.126.163,35.178.162.73,52.56.195.113,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32" spec: rules: - host: hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/poc/patch-ingress-share.yaml b/kustomize/poc/patch-ingress-share.yaml index 653684b..b8877d9 100644 --- a/kustomize/poc/patch-ingress-share.yaml +++ b/kustomize/poc/patch-ingress-share.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-cs-share annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfrsco-poc-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + nginx.ingress.kubernetes.io/whitelist-source-range: "35.176.126.163,35.178.162.73,52.56.195.113,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32" spec: rules: - host: share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/stage/patch-filestore-pvc.yaml b/kustomize/stage/patch-filestore-pvc.yaml index 44bee48..355c159 100644 --- a/kustomize/stage/patch-filestore-pvc.yaml +++ b/kustomize/stage/patch-filestore-pvc.yaml @@ -5,4 +5,4 @@ metadata: spec: resources: requests: - storage: 500Gi + storage: 5000Gi diff --git a/kustomize/stage/patch-ingress-repository.yaml b/kustomize/stage/patch-ingress-repository.yaml index 5c7a07c..72bf8fd 100644 --- a/kustomize/stage/patch-ingress-repository.yaml +++ b/kustomize/stage/patch-ingress-repository.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-cs-repository annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-stage-green - nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: - host: hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/stage/patch-ingress-share.yaml b/kustomize/stage/patch-ingress-share.yaml index dc969ba..052ebae 100644 --- a/kustomize/stage/patch-ingress-share.yaml +++ b/kustomize/stage/patch-ingress-share.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-cs-share annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-stage-green - nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: - host: share.hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/stage/values.yaml b/kustomize/stage/values.yaml index 53ea885..da7fe7d 100644 --- a/kustomize/stage/values.yaml +++ b/kustomize/stage/values.yaml @@ -14,16 +14,16 @@ repository: # periodSeconds: 20 # timeoutSeconds: 15 # failureThreshold: 40 - replicaCount: 6 + replicaCount: 4 image: tag: release_7.3.2_elasticsearch-r5.0.2-content-latest resources: # requests and limits set closer together to ensure CP stability requests: - cpu: 2 - memory: 8Gi + cpu: 1 + memory: 6Gi limits: cpu: 4 - memory: 16Gi + memory: 10Gi persistence: baseSize: 100Gi share: @@ -40,4 +40,15 @@ tika: cpu: 2 memory: 4Gi transformrouter: - replicaCount: 1 + replicaCount: 4 + resources: + requests: + cpu: "0.75" + memory: "300Mi" + limits: + cpu: "2" + memory: "756Mi" +alfresco-search-enterprise: + liveIndexing: + content: + replicaCount: 4 diff --git a/tools/scripts/amq-connect.sh b/tools/scripts/amq-connect.sh index ce398b8..addaffd 100755 --- a/tools/scripts/amq-connect.sh +++ b/tools/scripts/amq-connect.sh @@ -15,42 +15,74 @@ main() { echo "Connecting to AMQ Console in namespace $namespace" # get amq connection url - URL=$(kubectl get secrets amazon-mq-broker-secret --namespace ${namespace} -o json | jq -r ".data.BROKER_CONSOLE_URL | @base64d") + URL0=$(kubectl get secrets amazon-mq-broker-secret --namespace ${namespace} -o json | jq -r ".data.BROKER_CONSOLE_URL_0 | @base64d") + + URL1=$(kubectl get secrets amazon-mq-broker-secret --namespace ${namespace} -o json | jq -r ".data.BROKER_CONSOLE_URL_1 | @base64d") + + URL2=$(kubectl get secrets amazon-mq-broker-secret --namespace ${namespace} -o json | jq -r ".data.BROKER_CONSOLE_URL_2 | @base64d") + + LOCAL_PORT_0=8161 + LOCAL_PORT_1=8162 + LOCAL_PORT_2=8163 + # extract host and port - HOST=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 1) + HOST_0=$(echo $URL0 | cut -d '/' -f 3 | cut -d ':' -f 1) # extract protocol - PROTOCOL=$(echo $URL | awk -F'://' '{print $1}') + PROTOCOL_0=$(echo $URL0 | awk -F'://' '{print $1}') # extract remote port - REMOTE_PORT=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 2) - # if custom local port not provided, use remote port - if [ -z "$2" ]; then - LOCAL_PORT=$REMOTE_PORT - else - LOCAL_PORT=$2 - fi + REMOTE_PORT_0=$(echo $URL0 | cut -d '/' -f 3 | cut -d ':' -f 2) + + HOST_1=$(echo $URL1 | cut -d '/' -f 3 | cut -d ':' -f 1) + PROTOCOL_1=$(echo $URL1 | awk -F'://' '{print $1}') + REMOTE_PORT_1=$(echo $URL1 | cut -d '/' -f 3 | cut -d ':' -f 2) + + HOST_2=$(echo $URL1 | cut -d '/' -f 3 | cut -d ':' -f 1) + PROTOCOL_2=$(echo $URL1 | awk -F'://' '{print $1}') + REMOTE_PORT_2=$(echo $URL1 | cut -d '/' -f 3 | cut -d ':' -f 2) + # generate random hex string RANDOM_HEX=$(openssl rand -hex 4) # start port forwarding - kubectl run port-forward-pod-${RANDOM_HEX} --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT} --env="REMOTE_HOST=$HOST" --env="LOCAL_PORT=$LOCAL_PORT" --env="REMOTE_PORT=$REMOTE_PORT" --namespace ${namespace}; + kubectl run port-forward-pod-${RANDOM_HEX}-0 --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT_0} --env="REMOTE_HOST=$HOST_0" --env="LOCAL_PORT=$LOCAL_PORT_0" --env="REMOTE_PORT=$REMOTE_PORT_0" --namespace ${namespace}; + kubectl run port-forward-pod-${RANDOM_HEX}-1 --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT_1} --env="REMOTE_HOST=$HOST_1" --env="LOCAL_PORT=$LOCAL_PORT_1" --env="REMOTE_PORT=$REMOTE_PORT_1" --namespace ${namespace}; + kubectl run port-forward-pod-${RANDOM_HEX}-2 --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT_2} --env="REMOTE_HOST=$HOST_2" --env="LOCAL_PORT=$LOCAL_PORT_2" --env="REMOTE_PORT=$REMOTE_PORT_2" --namespace ${namespace}; # wait for pod to start - kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX} --timeout=30s --namespace ${namespace} + kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX}-0 --timeout=30s --namespace ${namespace} + kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX}-1 --timeout=30s --namespace ${namespace} + kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX}-2 --timeout=30s --namespace ${namespace} printf "\nPort forwarding started, connecting to $HOST:$REMOTE_PORT \n" printf "\n****************************************************\n" printf "Connect to ${PROTOCOL}://localhost:$LOCAL_PORT locally\n" printf "Press Ctrl+C to stop port forwarding \n" printf "****************************************************\n\n" # start the local port forwarding session - kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX} $LOCAL_PORT:$LOCAL_PORT; + kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX}-0 $LOCAL_PORT_0:$LOCAL_PORT_0 & + PORT_FORWARD_PID_0=$! + kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX}-1 $LOCAL_PORT_1:$LOCAL_PORT_1 & + PORT_FORWARD_PID_1=$! + kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX}-2 $LOCAL_PORT_2:$LOCAL_PORT_2 & + PORT_FORWARD_PID_2=$! + wait } fail() { printf "\n\nPort forwarding failed" - kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace} + kill $PORT_FORWARD_PID_0 || true + kill $PORT_FORWARD_PID_1 || true + kill $PORT_FORWARD_PID_2 || true + kubectl delete pod port-forward-pod-${RANDOM_HEX}-0 --force --grace-period=0 --namespace ${namespace} + kubectl delete pod port-forward-pod-${RANDOM_HEX}-1 --force --grace-period=0 --namespace ${namespace} + kubectl delete pod port-forward-pod-${RANDOM_HEX}-2 --force --grace-period=0 --namespace ${namespace} exit 1 } ctrl_c() { printf "\n\nStopping port forwarding" - kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace} + kill $PORT_FORWARD_PID_0 || true + kill $PORT_FORWARD_PID_1 || true + kill $PORT_FORWARD_PID_2 || true + kubectl delete pod port-forward-pod-${RANDOM_HEX}-0 --force --grace-period=0 --namespace ${namespace} + kubectl delete pod port-forward-pod-${RANDOM_HEX}-1 --force --grace-period=0 --namespace ${namespace} + kubectl delete pod port-forward-pod-${RANDOM_HEX}-2 --force --grace-period=0 --namespace ${namespace} exit 0 }