From 718e540ed201c4c3dc743ebe044d077bb123966a Mon Sep 17 00:00:00 2001 From: Ariel Rolfo Date: Fri, 5 Dec 2025 17:57:42 -0300 Subject: [PATCH 1/2] Add elasticsearch endpoints --- .../k8s-manifests-prod/app-deployment.yaml | 4 +-- .../eks/k8s-manifests-prod/app-hpa.yaml | 26 ++++------------- .../eks/k8s-manifests-prod/certificate.yaml | 3 +- ...asticsearch-basic-auth-externalsecret.yaml | 18 ++++++++++++ .../elasticsearch-ingress.yaml | 28 +++++++++++++++++++ .../k8s-manifests-prod/redis-deployment.yaml | 4 +-- .../k8s-manifests-prod/worker-deployment.yaml | 8 +++--- .../k8s-manifests-sandbox/app-configmap.yaml | 8 +++--- .../k8s-manifests-sandbox/app-deployment.yaml | 4 +-- .../eks/k8s-manifests-sandbox/app-hpa.yaml | 4 +-- .../k8s-manifests-sandbox/certificate.yaml | 3 +- ...asticsearch-basic-auth-externalsecret.yaml | 18 ++++++++++++ .../elasticsearch-ingress.yaml | 28 +++++++++++++++++++ .../worker-deployment.yaml | 6 ++-- .../k8s-manifests-staging/app-deployment.yaml | 4 +-- .../eks/k8s-manifests-staging/app-hpa.yaml | 4 +-- .../k8s-manifests-staging/certificate.yaml | 3 +- ...asticsearch-basic-auth-externalsecret.yaml | 18 ++++++++++++ .../elasticsearch-ingress.yaml | 28 +++++++++++++++++++ terraform/environments/eks/terraform.tfvars | 4 +-- .../modules/eks/irsa-iam-policy-and-role.tf | 2 ++ 21 files changed, 176 insertions(+), 49 deletions(-) create mode 100644 terraform/environments/eks/k8s-manifests-prod/elasticsearch-basic-auth-externalsecret.yaml create mode 100644 terraform/environments/eks/k8s-manifests-prod/elasticsearch-ingress.yaml create mode 100644 terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-basic-auth-externalsecret.yaml create mode 100644 terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-ingress.yaml create mode 100644 terraform/environments/eks/k8s-manifests-staging/elasticsearch-basic-auth-externalsecret.yaml create mode 100644 terraform/environments/eks/k8s-manifests-staging/elasticsearch-ingress.yaml diff --git a/terraform/environments/eks/k8s-manifests-prod/app-deployment.yaml b/terraform/environments/eks/k8s-manifests-prod/app-deployment.yaml index cd6ff2d7..dff4cbce 100644 --- a/terraform/environments/eks/k8s-manifests-prod/app-deployment.yaml +++ b/terraform/environments/eks/k8s-manifests-prod/app-deployment.yaml @@ -46,8 +46,8 @@ spec: name: main-app-config resources: requests: - cpu: "500m" - memory: "512Mi" + cpu: "128m" + memory: "200Mi" limits: cpu: "1500m" memory: "1536Mi" diff --git a/terraform/environments/eks/k8s-manifests-prod/app-hpa.yaml b/terraform/environments/eks/k8s-manifests-prod/app-hpa.yaml index beb5af7d..e0da1f94 100644 --- a/terraform/environments/eks/k8s-manifests-prod/app-hpa.yaml +++ b/terraform/environments/eks/k8s-manifests-prod/app-hpa.yaml @@ -8,34 +8,18 @@ spec: apiVersion: apps/v1 kind: Deployment name: main-app - minReplicas: 2 - maxReplicas: 6 + minReplicas: 1 + maxReplicas: 5 metrics: - type: Resource resource: name: cpu target: type: Utilization - averageUtilization: 70 - ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: worker-app - namespace: credreg-prod -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: worker-app - minReplicas: 2 - maxReplicas: 10 - metrics: + averageUtilization: 80 - type: Resource resource: - name: cpu + name: memory target: type: Utilization - averageUtilization: 70 - + averageUtilization: 95 diff --git a/terraform/environments/eks/k8s-manifests-prod/certificate.yaml b/terraform/environments/eks/k8s-manifests-prod/certificate.yaml index 14679255..159f44d2 100644 --- a/terraform/environments/eks/k8s-manifests-prod/certificate.yaml +++ b/terraform/environments/eks/k8s-manifests-prod/certificate.yaml @@ -10,6 +10,7 @@ spec: kind: ClusterIssuer dnsNames: - registry-prod.credentialengineregistry.org + - es.registry-prod.credentialengineregistry.org --- apiVersion: cert-manager.io/v1 @@ -23,4 +24,4 @@ spec: name: letsencrypt-prod kind: ClusterIssuer dnsNames: - - credentialengineregistry.org \ No newline at end of file + - credentialengineregistry.org diff --git a/terraform/environments/eks/k8s-manifests-prod/elasticsearch-basic-auth-externalsecret.yaml b/terraform/environments/eks/k8s-manifests-prod/elasticsearch-basic-auth-externalsecret.yaml new file mode 100644 index 00000000..2c4b9884 --- /dev/null +++ b/terraform/environments/eks/k8s-manifests-prod/elasticsearch-basic-auth-externalsecret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: es-basic-auth + namespace: credreg-prod +spec: + refreshInterval: 1h + secretStoreRef: + name: aws-secret-manager + kind: ClusterSecretStore + target: + name: es-basic-auth + creationPolicy: Owner + data: + - secretKey: auth + remoteRef: + key: credreg-es-basic-auth-prod + property: auth diff --git a/terraform/environments/eks/k8s-manifests-prod/elasticsearch-ingress.yaml b/terraform/environments/eks/k8s-manifests-prod/elasticsearch-ingress.yaml new file mode 100644 index 00000000..1701ca7c --- /dev/null +++ b/terraform/environments/eks/k8s-manifests-prod/elasticsearch-ingress.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: elasticsearch + namespace: credreg-prod + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/auth-type: "basic" + nginx.ingress.kubernetes.io/auth-secret: "es-basic-auth" + nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" + nginx.ingress.kubernetes.io/whitelist-source-range: "67.40.27.250/32,98.13.197.1/32,98.193.126.147/32" +spec: + ingressClassName: nginx + tls: + - hosts: + - es.registry-prod.credentialengineregistry.org + secretName: registry-tls-temp + rules: + - host: es.registry-prod.credentialengineregistry.org + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: elasticsearch + port: + number: 9200 diff --git a/terraform/environments/eks/k8s-manifests-prod/redis-deployment.yaml b/terraform/environments/eks/k8s-manifests-prod/redis-deployment.yaml index 1f11891c..f9c86f7d 100644 --- a/terraform/environments/eks/k8s-manifests-prod/redis-deployment.yaml +++ b/terraform/environments/eks/k8s-manifests-prod/redis-deployment.yaml @@ -18,11 +18,11 @@ spec: spec: priorityClassName: prod-high nodeSelector: - env: sandbox + env: production tolerations: - key: "env" operator: "Equal" - value: "sandbox" + value: "production" effect: "NoSchedule" containers: - name: redis diff --git a/terraform/environments/eks/k8s-manifests-prod/worker-deployment.yaml b/terraform/environments/eks/k8s-manifests-prod/worker-deployment.yaml index b49b58d5..09df4f18 100644 --- a/terraform/environments/eks/k8s-manifests-prod/worker-deployment.yaml +++ b/terraform/environments/eks/k8s-manifests-prod/worker-deployment.yaml @@ -53,9 +53,9 @@ spec: name: main-app-config resources: requests: - cpu: "300m" - memory: "512Mi" + cpu: "1000m" + memory: "6Gi" limits: - cpu: "1500m" - memory: "1536Mi" + cpu: "2000m" + memory: "6Gi" diff --git a/terraform/environments/eks/k8s-manifests-sandbox/app-configmap.yaml b/terraform/environments/eks/k8s-manifests-sandbox/app-configmap.yaml index 12f2949f..ab617db7 100644 --- a/terraform/environments/eks/k8s-manifests-sandbox/app-configmap.yaml +++ b/terraform/environments/eks/k8s-manifests-sandbox/app-configmap.yaml @@ -2,20 +2,20 @@ apiVersion: v1 kind: ConfigMap metadata: name: main-app-config + namespace: credreg-sandbox data: POSTGRESQL_DATABASE: credential_registry_sandbox POSTGRESQL_USERNAME: credential_registry_sandbox RACK_ENV: sandbox DOCKER_ENV: "true" - ENVELOPE_GRAPHS_BUCKET: cer-envelope-graphs-sandbox + ENVELOPE_GRAPHS_BUCKET: cer-envelope-graphs-sandb ENVELOPE_DOWNLOADS_BUCKET: cer-envelope-downloads IAM_COMMUNITY_ROLE_ADMIN: ROLE_ADMINISTRATOR - IAM_COMMUNITY_ROLE_READEE: ROLE_READER + IAM_COMMUNITY_ROLE_READER: ROLE_READER IAM_COMMUNITY_ROLE_PUBLISHER: ROLE_PUBLISHER IAM_COMMUNITY_CLAIM_NAME: community_name IAM_CLIENT_ID: RegistryAPI - IAM_URL: https://test-ce-kc-002.credentialengine.org/realms/CE-Test - IAM_CLIENT: TestsandboxRegistryAPI + IAM_URL: https://login.sandbox.credentialengine.org/realms/CE-Sandbox AIRBRAKE_PROJECT_ID: '270205' SIDEKIQ_CONCURRENCY: '10' API_KEY_VALIDATION_ENDPOINT: https://sandbox.credentialengine.org/accountsAPI/Organization/ValidateCommunityAccess diff --git a/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml b/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml index c8265b87..9a440d7f 100644 --- a/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml +++ b/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml @@ -47,8 +47,8 @@ spec: name: main-app-config resources: requests: - cpu: "500m" - memory: "256Mi" + cpu: "128m" + memory: "128Mi" limits: cpu: "1000m" memory: "1024Mi" diff --git a/terraform/environments/eks/k8s-manifests-sandbox/app-hpa.yaml b/terraform/environments/eks/k8s-manifests-sandbox/app-hpa.yaml index 430647c4..1f89abde 100644 --- a/terraform/environments/eks/k8s-manifests-sandbox/app-hpa.yaml +++ b/terraform/environments/eks/k8s-manifests-sandbox/app-hpa.yaml @@ -18,10 +18,10 @@ spec: name: cpu target: type: Utilization - averageUtilization: 60 + averageUtilization: 80 - type: Resource resource: name: memory target: type: Utilization - averageUtilization: 70 + averageUtilization: 95 diff --git a/terraform/environments/eks/k8s-manifests-sandbox/certificate.yaml b/terraform/environments/eks/k8s-manifests-sandbox/certificate.yaml index 64425ad4..b9cf48aa 100644 --- a/terraform/environments/eks/k8s-manifests-sandbox/certificate.yaml +++ b/terraform/environments/eks/k8s-manifests-sandbox/certificate.yaml @@ -7,6 +7,7 @@ spec: secretName: sandbox-credentialengineregistry-org-tls dnsNames: - sandbox.credentialengineregistry.org + - es.sandbox.credentialengineregistry.org issuerRef: name: letsencrypt-prod - kind: ClusterIssuer \ No newline at end of file + kind: ClusterIssuer diff --git a/terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-basic-auth-externalsecret.yaml b/terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-basic-auth-externalsecret.yaml new file mode 100644 index 00000000..297eecc0 --- /dev/null +++ b/terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-basic-auth-externalsecret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: es-basic-auth + namespace: credreg-sandbox +spec: + refreshInterval: 1h + secretStoreRef: + name: aws-secret-manager + kind: ClusterSecretStore + target: + name: es-basic-auth + creationPolicy: Owner + data: + - secretKey: auth + remoteRef: + key: credreg-es-basic-auth-sandbox + property: auth diff --git a/terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-ingress.yaml b/terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-ingress.yaml new file mode 100644 index 00000000..6a0d5a5e --- /dev/null +++ b/terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-ingress.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: elasticsearch + namespace: credreg-sandbox + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/auth-type: "basic" + nginx.ingress.kubernetes.io/auth-secret: "es-basic-auth" + nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" + nginx.ingress.kubernetes.io/whitelist-source-range: "98.97.134.132/32,67.40.27.250/32,98.13.197.1/32,98.193.126.147/32" +spec: + ingressClassName: nginx + tls: + - hosts: + - es.sandbox.credentialengineregistry.org + secretName: sandbox-credentialengineregistry-org-tls + rules: + - host: es.sandbox.credentialengineregistry.org + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: elasticsearch + port: + number: 9200 diff --git a/terraform/environments/eks/k8s-manifests-sandbox/worker-deployment.yaml b/terraform/environments/eks/k8s-manifests-sandbox/worker-deployment.yaml index 4ab8590d..046705c4 100644 --- a/terraform/environments/eks/k8s-manifests-sandbox/worker-deployment.yaml +++ b/terraform/environments/eks/k8s-manifests-sandbox/worker-deployment.yaml @@ -53,8 +53,8 @@ spec: name: main-app-config resources: requests: - cpu: "200m" - memory: "256Mi" + cpu: "256m" + memory: "2Gi" limits: cpu: "1000m" - memory: "1024Mi" + memory: "2Gi" \ No newline at end of file diff --git a/terraform/environments/eks/k8s-manifests-staging/app-deployment.yaml b/terraform/environments/eks/k8s-manifests-staging/app-deployment.yaml index f28d8473..89a2d40f 100644 --- a/terraform/environments/eks/k8s-manifests-staging/app-deployment.yaml +++ b/terraform/environments/eks/k8s-manifests-staging/app-deployment.yaml @@ -47,8 +47,8 @@ spec: name: main-app-config resources: requests: - cpu: "500m" - memory: "256Mi" + cpu: "128m" + memory: "128Mi" limits: cpu: "1000m" memory: "1024Mi" diff --git a/terraform/environments/eks/k8s-manifests-staging/app-hpa.yaml b/terraform/environments/eks/k8s-manifests-staging/app-hpa.yaml index 261531df..a8b08df9 100644 --- a/terraform/environments/eks/k8s-manifests-staging/app-hpa.yaml +++ b/terraform/environments/eks/k8s-manifests-staging/app-hpa.yaml @@ -18,10 +18,10 @@ spec: name: cpu target: type: Utilization - averageUtilization: 60 + averageUtilization: 80 - type: Resource resource: name: memory target: type: Utilization - averageUtilization: 70 + averageUtilization: 95 diff --git a/terraform/environments/eks/k8s-manifests-staging/certificate.yaml b/terraform/environments/eks/k8s-manifests-staging/certificate.yaml index 7cf9fb0d..34f32eac 100644 --- a/terraform/environments/eks/k8s-manifests-staging/certificate.yaml +++ b/terraform/environments/eks/k8s-manifests-staging/certificate.yaml @@ -7,6 +7,7 @@ spec: secretName: staging-credentialengineregistry-org-tls dnsNames: - staging.credentialengineregistry.org + - es.staging.credentialengineregistry.org issuerRef: name: letsencrypt-prod - kind: ClusterIssuer \ No newline at end of file + kind: ClusterIssuer diff --git a/terraform/environments/eks/k8s-manifests-staging/elasticsearch-basic-auth-externalsecret.yaml b/terraform/environments/eks/k8s-manifests-staging/elasticsearch-basic-auth-externalsecret.yaml new file mode 100644 index 00000000..a9260270 --- /dev/null +++ b/terraform/environments/eks/k8s-manifests-staging/elasticsearch-basic-auth-externalsecret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: es-basic-auth + namespace: credreg-staging +spec: + refreshInterval: 1h + secretStoreRef: + name: aws-secret-manager + kind: ClusterSecretStore + target: + name: es-basic-auth + creationPolicy: Owner + data: + - secretKey: auth + remoteRef: + key: credreg-es-basic-auth-staging + property: auth diff --git a/terraform/environments/eks/k8s-manifests-staging/elasticsearch-ingress.yaml b/terraform/environments/eks/k8s-manifests-staging/elasticsearch-ingress.yaml new file mode 100644 index 00000000..5dfa3c2a --- /dev/null +++ b/terraform/environments/eks/k8s-manifests-staging/elasticsearch-ingress.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: elasticsearch + namespace: credreg-staging + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/auth-type: "basic" + nginx.ingress.kubernetes.io/auth-secret: "es-basic-auth" + nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" + nginx.ingress.kubernetes.io/whitelist-source-range: "67.40.27.250/32,98.13.197.1/32,98.193.126.147/32" +spec: + ingressClassName: nginx + tls: + - hosts: + - es.staging.credentialengineregistry.org + secretName: staging-credentialengineregistry-org-tls + rules: + - host: es.staging.credentialengineregistry.org + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: elasticsearch + port: + number: 9200 diff --git a/terraform/environments/eks/terraform.tfvars b/terraform/environments/eks/terraform.tfvars index 8f7c6ab0..c05f3863 100644 --- a/terraform/environments/eks/terraform.tfvars +++ b/terraform/environments/eks/terraform.tfvars @@ -33,10 +33,10 @@ ng_staging_desired_size = 1 ng_staging_max_size = 4 ng_sandbox_min_size = 1 ng_sandbox_desired_size = 1 -ng_sandbox_max_size = 4 +ng_sandbox_max_size = 5 ng_prod_min_size = 2 ng_prod_desired_size = 2 -ng_prod_max_size = 4 +ng_prod_max_size = 6 ecr_repository_name = "registry" # --------------------------------------------------------------------------- diff --git a/terraform/modules/eks/irsa-iam-policy-and-role.tf b/terraform/modules/eks/irsa-iam-policy-and-role.tf index 241035f5..df33dcba 100644 --- a/terraform/modules/eks/irsa-iam-policy-and-role.tf +++ b/terraform/modules/eks/irsa-iam-policy-and-role.tf @@ -121,6 +121,7 @@ resource "aws_iam_policy" "application_policy" { "Resource" : [ "arn:aws:s3:::cer-envelope-graphs-staging/*", "arn:aws:s3:::cer-envelope-graphs-sandbox/*", + "arn:aws:s3:::cer-envelope-graphs-sandb/*", "arn:aws:s3:::cer-envelope-graphs-prod/*", "arn:aws:s3:::cer-envelope-downloads/*" ] @@ -136,6 +137,7 @@ resource "aws_iam_policy" "application_policy" { "Resource" : [ "arn:aws:s3:::cer-envelope-graphs-staging", "arn:aws:s3:::cer-envelope-graphs-sandbox", + "arn:aws:s3:::cer-envelope-graphs-sandb", "arn:aws:s3:::cer-envelope-graphs-prod", "arn:aws:s3:::cer-envelope-downloads" ] From 413c56ae3e4ebf4b7dba39b6fa19a8221b3a1e35 Mon Sep 17 00:00:00 2001 From: Ariel Rolfo Date: Tue, 9 Dec 2025 15:46:31 -0300 Subject: [PATCH 2/2] elasticsearch endpoints set up --- .../k8s-manifests-prod/app-deployment.yaml | 2 +- .../eks/k8s-manifests-prod/app-hpa.yaml | 2 +- .../k8s-manifests-sandbox/app-deployment.yaml | 2 +- .../eks/k8s-manifests-sandbox/app-hpa.yaml | 2 +- .../elasticsearch-ingress.yaml | 6 +- .../opensearch-deployment.yaml | 80 ------------------- .../k8s-manifests-sandbox/opensearch-pvc.yaml | 12 --- .../k8s-manifests-staging/app-deployment.yaml | 2 +- .../eks/k8s-manifests-staging/app-hpa.yaml | 2 +- .../elasticsearch-ingress.yaml | 6 +- 10 files changed, 16 insertions(+), 100 deletions(-) delete mode 100644 terraform/environments/eks/k8s-manifests-sandbox/opensearch-deployment.yaml delete mode 100644 terraform/environments/eks/k8s-manifests-sandbox/opensearch-pvc.yaml diff --git a/terraform/environments/eks/k8s-manifests-prod/app-deployment.yaml b/terraform/environments/eks/k8s-manifests-prod/app-deployment.yaml index dff4cbce..b7011c70 100644 --- a/terraform/environments/eks/k8s-manifests-prod/app-deployment.yaml +++ b/terraform/environments/eks/k8s-manifests-prod/app-deployment.yaml @@ -47,7 +47,7 @@ spec: resources: requests: cpu: "128m" - memory: "200Mi" + memory: "512Mi" limits: cpu: "1500m" memory: "1536Mi" diff --git a/terraform/environments/eks/k8s-manifests-prod/app-hpa.yaml b/terraform/environments/eks/k8s-manifests-prod/app-hpa.yaml index e0da1f94..bde0ba03 100644 --- a/terraform/environments/eks/k8s-manifests-prod/app-hpa.yaml +++ b/terraform/environments/eks/k8s-manifests-prod/app-hpa.yaml @@ -16,7 +16,7 @@ spec: name: cpu target: type: Utilization - averageUtilization: 80 + averageUtilization: 90 - type: Resource resource: name: memory diff --git a/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml b/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml index 9a440d7f..a97c5505 100644 --- a/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml +++ b/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml @@ -48,7 +48,7 @@ spec: resources: requests: cpu: "128m" - memory: "128Mi" + memory: "512Mi" limits: cpu: "1000m" memory: "1024Mi" diff --git a/terraform/environments/eks/k8s-manifests-sandbox/app-hpa.yaml b/terraform/environments/eks/k8s-manifests-sandbox/app-hpa.yaml index 1f89abde..69d33492 100644 --- a/terraform/environments/eks/k8s-manifests-sandbox/app-hpa.yaml +++ b/terraform/environments/eks/k8s-manifests-sandbox/app-hpa.yaml @@ -18,7 +18,7 @@ spec: name: cpu target: type: Utilization - averageUtilization: 80 + averageUtilization: 90 - type: Resource resource: name: memory diff --git a/terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-ingress.yaml b/terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-ingress.yaml index 6a0d5a5e..948c8ef2 100644 --- a/terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-ingress.yaml +++ b/terraform/environments/eks/k8s-manifests-sandbox/elasticsearch-ingress.yaml @@ -8,7 +8,11 @@ metadata: nginx.ingress.kubernetes.io/auth-type: "basic" nginx.ingress.kubernetes.io/auth-secret: "es-basic-auth" nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" - nginx.ingress.kubernetes.io/whitelist-source-range: "98.97.134.132/32,67.40.27.250/32,98.13.197.1/32,98.193.126.147/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "98.97.134.132/32,71.212.64.155/32,98.13.197.1/32,98.193.126.147/32" + # 71.212.64.155 – Rohit + # 98.13.197.1 – Jenna + # 98.193.126.147 – Mike P. + # 98.97.134.132/32 - Ariel spec: ingressClassName: nginx tls: diff --git a/terraform/environments/eks/k8s-manifests-sandbox/opensearch-deployment.yaml b/terraform/environments/eks/k8s-manifests-sandbox/opensearch-deployment.yaml deleted file mode 100644 index 899b246e..00000000 --- a/terraform/environments/eks/k8s-manifests-sandbox/opensearch-deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: credreg-sandbox - name: opensearch - labels: - app: opensearch -spec: - replicas: 1 - selector: - matchLabels: - app: opensearch - template: - metadata: - labels: - app: opensearch - spec: - securityContext: - fsGroup: 1000 # ensure mounted volume is writable by OpenSearch user - runAsUser: 1000 - runAsGroup: 1000 - containers: - - name: opensearch - image: opensearchproject/opensearch:3.3.1 - ports: - - containerPort: 9200 # OpenSearch HTTP port - resources: - requests: - cpu: "512m" - memory: "4096Mi" - limits: - cpu: "512m" - memory: "4096Mi" - env: - - name: OPENSEARCH_JAVA_OPTS - value: "-Xms2048m -Xmx2048m" - - name: DISABLE_INSTALL_DEMO_CONFIG - value: "true" - - name: cluster.name - value: "opensearch" - - name: bootstrap.memory_lock - value: "true" - - name: discovery.type - value: "single-node" - - name: DISABLE_SECURITY_PLUGIN - value: "true" - - name: OPENSEARCH_INITIAL_ADMIN_PASSWORD - value: "password" - - name: network.host - value: "0.0.0.0" - - name: http.cors.enabled - value: "true" - - name: http.cors.allow-origin - value: "*" - - name: indices.query.bool.max_clause_count - value: "4096" - securityContext: - capabilities: - add: ["IPC_LOCK"] - volumeMounts: - - name: opensearch-data - mountPath: /usr/share/opensearch/data - restartPolicy: Always - volumes: - - name: opensearch-data - persistentVolumeClaim: - claimName: opensearch-data ---- -apiVersion: v1 -kind: Service -metadata: - name: opensearch -spec: - selector: - app: opensearch - ports: - - protocol: TCP - port: 9200 - targetPort: 9200 - type: ClusterIP diff --git a/terraform/environments/eks/k8s-manifests-sandbox/opensearch-pvc.yaml b/terraform/environments/eks/k8s-manifests-sandbox/opensearch-pvc.yaml deleted file mode 100644 index ca6a1f9b..00000000 --- a/terraform/environments/eks/k8s-manifests-sandbox/opensearch-pvc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - namespace: credreg-sandbox - name: opensearch-data -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - storageClassName: gp2 diff --git a/terraform/environments/eks/k8s-manifests-staging/app-deployment.yaml b/terraform/environments/eks/k8s-manifests-staging/app-deployment.yaml index 89a2d40f..1a048426 100644 --- a/terraform/environments/eks/k8s-manifests-staging/app-deployment.yaml +++ b/terraform/environments/eks/k8s-manifests-staging/app-deployment.yaml @@ -48,7 +48,7 @@ spec: resources: requests: cpu: "128m" - memory: "128Mi" + memory: "256Mi" limits: cpu: "1000m" memory: "1024Mi" diff --git a/terraform/environments/eks/k8s-manifests-staging/app-hpa.yaml b/terraform/environments/eks/k8s-manifests-staging/app-hpa.yaml index a8b08df9..284c5901 100644 --- a/terraform/environments/eks/k8s-manifests-staging/app-hpa.yaml +++ b/terraform/environments/eks/k8s-manifests-staging/app-hpa.yaml @@ -18,7 +18,7 @@ spec: name: cpu target: type: Utilization - averageUtilization: 80 + averageUtilization: 90 - type: Resource resource: name: memory diff --git a/terraform/environments/eks/k8s-manifests-staging/elasticsearch-ingress.yaml b/terraform/environments/eks/k8s-manifests-staging/elasticsearch-ingress.yaml index 5dfa3c2a..9f7a3f89 100644 --- a/terraform/environments/eks/k8s-manifests-staging/elasticsearch-ingress.yaml +++ b/terraform/environments/eks/k8s-manifests-staging/elasticsearch-ingress.yaml @@ -8,7 +8,11 @@ metadata: nginx.ingress.kubernetes.io/auth-type: "basic" nginx.ingress.kubernetes.io/auth-secret: "es-basic-auth" nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" - nginx.ingress.kubernetes.io/whitelist-source-range: "67.40.27.250/32,98.13.197.1/32,98.193.126.147/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "181.238.15.41/32,71.212.64.155/32,98.13.197.1/32,98.193.126.147/32" + # 71.212.64.155 – Rohit + # 98.13.197.1 – Jenna + # 98.193.126.147 – Mike P. + # 98.97.134.76/32 - Ariel spec: ingressClassName: nginx tls: