From 38a92320ded8d4080939b4373f64984f2e0b4a01 Mon Sep 17 00:00:00 2001
From: George Taylor <george.taylor@digital.justice.gov.uk>
Date: Thu, 8 Aug 2024 13:10:24 +0100
Subject: [PATCH 1/2] :tada: Add kustomize patching for dev environment

---
 kustomize/dev/allowlist.yaml                | 46 +++++++++++++++++++++
 kustomize/dev/kustomization.yaml            |  9 ++++
 kustomize/dev/patch-ingress-repository.yaml | 29 +++++++++++++
 kustomize/dev/patch-ingress-share.yaml      | 30 ++++++++++++++
 kustomize/dev/values.yaml                   | 10 +++++
 5 files changed, 124 insertions(+)
 create mode 100644 kustomize/dev/allowlist.yaml
 create mode 100644 kustomize/dev/kustomization.yaml
 create mode 100644 kustomize/dev/patch-ingress-repository.yaml
 create mode 100644 kustomize/dev/patch-ingress-share.yaml
 create mode 100644 kustomize/dev/values.yaml

diff --git a/kustomize/dev/allowlist.yaml b/kustomize/dev/allowlist.yaml
new file mode 100644
index 0000000..e67e172
--- /dev/null
+++ b/kustomize/dev/allowlist.yaml
@@ -0,0 +1,46 @@
+- "3.11.29.246" # legacy delius-mis-dev-az1-nat-gateway
+- "18.130.165.209" # legacy delius-mis-dev-az2-nat-gateway
+- "35.178.35.115" # legacy delius-mis-dev-az3-nat-gateway
+- "35.178.209.113" # Cloud Platform live-1-eu-west-2a
+- "3.8.51.207" # Cloud Platform live-1-eu-west-2c
+- "35.177.252.54" # Cloud Platform live-1-eu-west-2b
+- "35.176.93.186/32" # MoJ GlobalProtect
+- "35.177.125.252/32" # MoJ VPN Gateway Proxies
+- "35.177.137.160/32" # MoJ VPN Gateway Proxies
+- "81.134.202.29/32" # MoJ VPN
+- "51.149.250.0/24" # PTTP / MoJO Production Account BYOIP CIDR range
+- "51.149.251.0/24" # PTTP / MoJO Production Account BYOIP CIDR range - PreProd
+- "213.121.161.112/28" # 102 Petty France WiFi
+- "217.33.148.210/32" # Digital studio
+- "13.43.9.198/32" # MP non_live_data-public-eu-west-2a-nat
+- "13.42.163.245/32" # MP non_live_data-public-eu-west-2b-nat
+- "18.132.208.127/32" # MP non_live_data-public-eu-west-2c-nat
+- "51.149.249.0/29" # ARK Corsham Internet Egress Exponential-E
+- "51.149.249.32/29" # ARK Corsham Internet Egress Exponential-E
+- "194.33.192.0/25" # ARK internet (DOM1)
+- "194.33.193.0/25" # ARK internet (DOM1)
+- "194.33.196.0/25" # ARK internet (DOM1)
+- "194.33.197.0/25" # ARK internet (DOM1)
+- "195.59.75.0/24" # ARK internet (DOM1)
+- "194.33.248.0/29" # ARK Corsham Internet Egress Vodafone
+- "194.33.249.0/29" # ARK Corsham Internet Egress Vodafone
+- "62.25.106.209/32" # OMNI
+- "195.92.40.49/32" # OMNI
+- "62.25.109.197/32" # Quantum
+- "195.92.38.16/28" # Quantum
+- "212.137.36.230/32" # Quantum
+- "78.33.10.50/31" # Unilink AOVPN
+- "78.33.10.52/30" # Unilink AOVPN
+- "78.33.10.56/30" # Unilink AOVPN
+- "78.33.10.60/32" # Unilink AOVPN
+- "78.33.32.99/32" # Unilink AOVPN
+- "78.33.32.100/30" # Unilink AOVPN
+- "78.33.32.104/30" # Unilink AOVPN
+- "78.33.32.108/32" # Unilink AOVPN
+- "83.98.63.176/29" # Unilink AOVPN
+- "194.75.210.216/29" # Unilink AOVPN
+- "217.138.45.109/32" # Unilink AOVPN
+- "217.138.45.110/32" # Unilink AOVPN
+- "34.241.149.106/32" # Airflow in Analytical Platform
+- "52.210.79.20/32" # Airflow in Analytical Platform
+- "54.228.134.38/32" # Airflow in Analytical Platform
diff --git a/kustomize/dev/kustomization.yaml b/kustomize/dev/kustomization.yaml
new file mode 100644
index 0000000..eaf31f0
--- /dev/null
+++ b/kustomize/dev/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../base
+
+patches:
+  - path: patch-ingress-repository.yaml
+  - path: patch-ingress-share.yaml
diff --git a/kustomize/dev/patch-ingress-repository.yaml b/kustomize/dev/patch-ingress-repository.yaml
new file mode 100644
index 0000000..2ebd8c5
--- /dev/null
+++ b/kustomize/dev/patch-ingress-repository.yaml
@@ -0,0 +1,29 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: alfresco-content-services-alfresco-cs-repository
+  annotations:
+    external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-dev-green
+    nginx.ingress.kubernetes.io/whitelist-source-range: placeholder
+spec:
+  rules:
+    - host: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk
+      http:
+        paths:
+          - backend:
+              service:
+                name: alfresco-content-services-alfresco-cs-repository
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix
+          - backend:
+              service:
+                name: alfresco-content-services-alfresco-cs-repository
+                port:
+                  number: 80
+            path: /api-explorer
+            pathType: Prefix
+  tls:
+    - hosts:
+        - hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk
diff --git a/kustomize/dev/patch-ingress-share.yaml b/kustomize/dev/patch-ingress-share.yaml
new file mode 100644
index 0000000..05e61d4
--- /dev/null
+++ b/kustomize/dev/patch-ingress-share.yaml
@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: alfresco-content-services-alfresco-cs-share
+  annotations:
+    external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfrsco-poc-green
+    nginx.ingress.kubernetes.io/whitelist-source-range: placeholder
+spec:
+  rules:
+    - host: share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk
+      http:
+        paths:
+          - backend:
+              service:
+                name: alfresco-content-services-alfresco-cs-share
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix
+          - backend:
+              service:
+                name: alfresco-content-services-alfresco-cs-share
+                port:
+                  number: 80
+            path: /share/page/
+            pathType: Prefix
+  tls:
+    - hosts:
+        - share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk
+      secretName: share-ingress-cert
diff --git a/kustomize/dev/values.yaml b/kustomize/dev/values.yaml
new file mode 100644
index 0000000..cdb0e82
--- /dev/null
+++ b/kustomize/dev/values.yaml
@@ -0,0 +1,10 @@
+# this file overrides values defined in ./values.yaml
+repository:
+  replicaCount: 2
+share:
+  replicaCount: 1
+database:
+  url: jdbc:postgresql://cloud-platform-9a95f5dfd5d72b23.cdwm328dlye6.eu-west-2.rds.amazonaws.com:5432/alfresco
+externalHost: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk
+externalProtocol: https
+externalPort: 443

From 510a7be8755daac7bfd9e41bb7771fc56eef212b Mon Sep 17 00:00:00 2001
From: George Taylor <george.taylor@digital.justice.gov.uk>
Date: Fri, 9 Aug 2024 15:06:20 +0100
Subject: [PATCH 2/2] :recycle: refactoring prefixes

---
 kustomize/dev/patch-ingress-repository.yaml | 8 ++++----
 kustomize/dev/patch-ingress-share.yaml      | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/kustomize/dev/patch-ingress-repository.yaml b/kustomize/dev/patch-ingress-repository.yaml
index 2ebd8c5..8e23bb8 100644
--- a/kustomize/dev/patch-ingress-repository.yaml
+++ b/kustomize/dev/patch-ingress-repository.yaml
@@ -1,9 +1,9 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: alfresco-content-services-alfresco-cs-repository
+  name: delius-alfresco-cs-repository
   annotations:
-    external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-dev-green
+    external-dns.alpha.kubernetes.io/set-identifier: delius-alfresco-cs-repository-hmpps-delius-alfresco-dev-green
     nginx.ingress.kubernetes.io/whitelist-source-range: placeholder
 spec:
   rules:
@@ -12,14 +12,14 @@ spec:
         paths:
           - backend:
               service:
-                name: alfresco-content-services-alfresco-cs-repository
+                name: delius-alfresco-cs-repository
                 port:
                   number: 80
             path: /
             pathType: Prefix
           - backend:
               service:
-                name: alfresco-content-services-alfresco-cs-repository
+                name: delius-alfresco-cs-repository
                 port:
                   number: 80
             path: /api-explorer
diff --git a/kustomize/dev/patch-ingress-share.yaml b/kustomize/dev/patch-ingress-share.yaml
index 05e61d4..732b360 100644
--- a/kustomize/dev/patch-ingress-share.yaml
+++ b/kustomize/dev/patch-ingress-share.yaml
@@ -1,9 +1,9 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: alfresco-content-services-alfresco-cs-share
+  name: delius-alfresco-cs-share
   annotations:
-    external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfrsco-poc-green
+    external-dns.alpha.kubernetes.io/set-identifier: delius-alfresco-cs-share-hmpps-delius-alfrsco-poc-green
     nginx.ingress.kubernetes.io/whitelist-source-range: placeholder
 spec:
   rules:
@@ -12,14 +12,14 @@ spec:
         paths:
           - backend:
               service:
-                name: alfresco-content-services-alfresco-cs-share
+                name: delius-alfresco-cs-share
                 port:
                   number: 80
             path: /
             pathType: Prefix
           - backend:
               service:
-                name: alfresco-content-services-alfresco-cs-share
+                name: delius-alfresco-cs-share
                 port:
                   number: 80
             path: /share/page/