From e7fb8029ab6d2a9429534467333ed30134a72dba Mon Sep 17 00:00:00 2001 From: Prem Basumatary Date: Thu, 5 Dec 2024 09:15:28 +0000 Subject: [PATCH] TM-127 alfresco prod ns setup --- kustomize/prod/allowlist.yaml | 43 +++++++++++++++ kustomize/prod/kustomization.yaml | 10 ++++ kustomize/prod/patch-filestore-pvc.yaml | 8 +++ kustomize/prod/patch-ingress-repository.yaml | 29 ++++++++++ kustomize/prod/patch-ingress-share.yaml | 30 ++++++++++ kustomize/prod/values.yaml | 58 ++++++++++++++++++++ 6 files changed, 178 insertions(+) create mode 100644 kustomize/prod/allowlist.yaml create mode 100644 kustomize/prod/kustomization.yaml create mode 100644 kustomize/prod/patch-filestore-pvc.yaml create mode 100644 kustomize/prod/patch-ingress-repository.yaml create mode 100644 kustomize/prod/patch-ingress-share.yaml create mode 100644 kustomize/prod/values.yaml diff --git a/kustomize/prod/allowlist.yaml b/kustomize/prod/allowlist.yaml new file mode 100644 index 0000000..37bccee --- /dev/null +++ b/kustomize/prod/allowlist.yaml @@ -0,0 +1,43 @@ +- "3.10.104.193" # legacy delius-stage-az1-nat-gateway +- "3.11.26.150" # legacy delius-stage-az2-nat-gateway +- "18.130.189.137" # legacy delius-stage-az3-nat-gateway +- "35.178.209.113" # Cloud Platform live-1-eu-west-2a +- "3.8.51.207" # Cloud Platform live-1-eu-west-2c +- "35.177.252.54" # Cloud Platform live-1-eu-west-2b +- "35.176.93.186/32" # MoJ GlobalProtect +- "35.177.125.252/32" # MoJ VPN Gateway Proxies +- "35.177.137.160/32" # MoJ VPN Gateway Proxies +- "81.134.202.29/32" # MoJ VPN +- "51.149.250.0/24" # PTTP / MoJO Production Account BYOIP CIDR range +- "51.149.251.0/24" # PTTP / MoJO Production Account BYOIP CIDR range - PreProd +- "213.121.161.112/28" # 102 Petty France WiFi +- "217.33.148.210/32" # Digital studio +- "13.43.9.198/32" # MP non_live_data-public-eu-west-2a-nat +- "13.42.163.245/32" # MP non_live_data-public-eu-west-2b-nat +- "18.132.208.127/32" # MP non_live_data-public-eu-west-2c-nat +- "51.149.249.0/29" # ARK Corsham Internet Egress Exponential-E +- "51.149.249.32/29" # ARK Corsham Internet Egress Exponential-E +- "194.33.192.0/25" # ARK internet (DOM1) +- "194.33.193.0/25" # ARK internet (DOM1) +- "194.33.196.0/25" # ARK internet (DOM1) +- "194.33.197.0/25" # ARK internet (DOM1) +- "195.59.75.0/24" # ARK internet (DOM1) +- "194.33.248.0/29" # ARK Corsham Internet Egress Vodafone +- "194.33.249.0/29" # ARK Corsham Internet Egress Vodafone +- "62.25.106.209/32" # OMNI +- "195.92.40.49/32" # OMNI +- "62.25.109.197/32" # Quantum +- "195.92.38.16/28" # Quantum +- "212.137.36.230/32" # Quantum +- "78.33.10.50/31" # Unilink AOVPN +- "78.33.10.52/30" # Unilink AOVPN +- "78.33.10.56/30" # Unilink AOVPN +- "78.33.10.60/32" # Unilink AOVPN +- "78.33.32.99/32" # Unilink AOVPN +- "78.33.32.100/30" # Unilink AOVPN +- "78.33.32.104/30" # Unilink AOVPN +- "78.33.32.108/32" # Unilink AOVPN +- "83.98.63.176/29" # Unilink AOVPN +- "194.75.210.216/29" # Unilink AOVPN +- "217.138.45.109/32" # Unilink AOVPN +- "217.138.45.110/32" # Unilink AOVPN diff --git a/kustomize/prod/kustomization.yaml b/kustomize/prod/kustomization.yaml new file mode 100644 index 0000000..757ef78 --- /dev/null +++ b/kustomize/prod/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../base + +patches: + - path: patch-ingress-repository.yaml + - path: patch-ingress-share.yaml + - path: patch-filestore-pvc.yaml diff --git a/kustomize/prod/patch-filestore-pvc.yaml b/kustomize/prod/patch-filestore-pvc.yaml new file mode 100644 index 0000000..58bcc70 --- /dev/null +++ b/kustomize/prod/patch-filestore-pvc.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: filestore-default-pvc +spec: + resources: + requests: + storage: 4000Gi diff --git a/kustomize/prod/patch-ingress-repository.yaml b/kustomize/prod/patch-ingress-repository.yaml new file mode 100644 index 0000000..a1eeee6 --- /dev/null +++ b/kustomize/prod/patch-ingress-repository.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: alfresco-content-services-alfresco-cs-repository + annotations: + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-prod-green + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" +spec: + rules: + - host: hmpps-delius-alfresco-prod.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-cs-repository + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-cs-repository + port: + number: 80 + path: /api-explorer + pathType: Prefix + tls: + - hosts: + - hmpps-delius-alfresco-prod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/prod/patch-ingress-share.yaml b/kustomize/prod/patch-ingress-share.yaml new file mode 100644 index 0000000..08d7d8a --- /dev/null +++ b/kustomize/prod/patch-ingress-share.yaml @@ -0,0 +1,30 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: alfresco-content-services-alfresco-cs-share + annotations: + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-prod-green + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" +spec: + rules: + - host: share.hmpps-delius-alfresco-prod.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-cs-share + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-cs-share + port: + number: 80 + path: /share/page/ + pathType: Prefix + tls: + - hosts: + - share.hmpps-delius-alfresco-prod.apps.live.cloud-platform.service.justice.gov.uk + secretName: share-ingress-cert diff --git a/kustomize/prod/values.yaml b/kustomize/prod/values.yaml new file mode 100644 index 0000000..c52b85a --- /dev/null +++ b/kustomize/prod/values.yaml @@ -0,0 +1,58 @@ +# this file overrides values defined in ./values.yaml +repository: + # -- The startup probe to cover the worse case startup time for slow clusters + # startupProbe: + # periodSeconds: 30 + # failureThreshold: 40 + # readinessProbe: + # initialDelaySeconds: 60 + # periodSeconds: 30 + # timeoutSeconds: 15 + # failureThreshold: 40 # Increased from 6 to 12 + # livenessProbe: + # initialDelaySeconds: 260 # Increased from 130 to 260 + # periodSeconds: 20 + # timeoutSeconds: 15 + # failureThreshold: 40 + replicaCount: 10 + image: + tag: release_7.3.2_elasticsearch-r5.0.2-content-latest + resources: # requests and limits set closer together to ensure CP stability + requests: + cpu: 1 + memory: 6Gi + limits: + cpu: 4 + memory: 10Gi + persistence: + baseSize: 100Gi +share: + replicaCount: 1 + image: + tag: release_7.3.2_elasticsearch-r5.0.2-share-latest +externalHost: hmpps-delius-alfresco-prod.apps.live.cloud-platform.service.justice.gov.uk +externalProtocol: https +externalPort: 443 +tika: + replicaCount: 8 + resources: + limits: + cpu: 2 + memory: 4Gi +transformrouter: + replicaCount: 12 + resources: + requests: + cpu: "0.75" + memory: "300Mi" + limits: + cpu: "2" + memory: "756Mi" +alfresco-search-enterprise: + liveIndexing: + content: + replicaCount: 8 + mediation: + replicaCount: 4 + metadata: + replicaCount: 4