From ae8beb900ceb16f9c89caa646676171ffb2accd9 Mon Sep 17 00:00:00 2001
From: Ariel Rolfo <arielr-lt+username@users.noreply.github.com>
Date: Thu, 19 Mar 2026 18:02:50 -0300
Subject: [PATCH 1/2] Remove unused OpenSearch and fix Elasticsearch to
 single-node in staging

- Remove opensearch-deployment.yaml and opensearch-pvc.yaml (unused, no app references)
- Set elasticsearch replicas to 1 and configure discovery.type=single-node
---
 .../elasticsearch-statefulset.yaml            |  6 +-
 .../opensearch-deployment.yaml                | 80 -------------------
 .../k8s-manifests-staging/opensearch-pvc.yaml | 12 ---
 3 files changed, 3 insertions(+), 95 deletions(-)
 delete mode 100644 terraform/environments/eks/k8s-manifests-staging/opensearch-deployment.yaml
 delete mode 100644 terraform/environments/eks/k8s-manifests-staging/opensearch-pvc.yaml

diff --git a/terraform/environments/eks/k8s-manifests-staging/elasticsearch-statefulset.yaml b/terraform/environments/eks/k8s-manifests-staging/elasticsearch-statefulset.yaml
index b845c13d..ed9b75ee 100644
--- a/terraform/environments/eks/k8s-manifests-staging/elasticsearch-statefulset.yaml
+++ b/terraform/environments/eks/k8s-manifests-staging/elasticsearch-statefulset.yaml
@@ -7,7 +7,7 @@ metadata:
     app: elasticsearch
 spec:
   serviceName: elasticsearch-discovery
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: elasticsearch
@@ -51,8 +51,8 @@ spec:
               value: "false"
             - name: network.host
               value: "0.0.0.0"
-            - name: discovery.seed_hosts
-              value: "elasticsearch-discovery"
+            - name: discovery.type
+              value: "single-node"
           volumeMounts:
             - name: elasticsearch-data
               mountPath: /usr/share/elasticsearch/data
diff --git a/terraform/environments/eks/k8s-manifests-staging/opensearch-deployment.yaml b/terraform/environments/eks/k8s-manifests-staging/opensearch-deployment.yaml
deleted file mode 100644
index 59590209..00000000
--- a/terraform/environments/eks/k8s-manifests-staging/opensearch-deployment.yaml
+++ /dev/null
@@ -1,80 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: credreg-staging
-  name: opensearch
-  labels:
-    app: opensearch
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: opensearch
-  template:
-    metadata:
-      labels:
-        app: opensearch
-    spec:
-      securityContext:
-        fsGroup: 1000   # ensure mounted volume is writable by OpenSearch user
-        runAsUser: 1000
-        runAsGroup: 1000
-      containers:
-        - name: opensearch
-          image: opensearchproject/opensearch:3.3.1
-          ports:
-            - containerPort: 9200 # OpenSearch HTTP port
-          resources:
-            requests:
-              cpu: "512m"
-              memory: "4096Mi" 
-            limits:
-              cpu: "512m"
-              memory: "4096Mi"
-          env:
-            - name: OPENSEARCH_JAVA_OPTS
-              value: "-Xms2048m -Xmx2048m"
-            - name: DISABLE_INSTALL_DEMO_CONFIG
-              value: "true"
-            - name: cluster.name
-              value: "opensearch"
-            - name: bootstrap.memory_lock
-              value: "true"
-            - name: discovery.type
-              value: "single-node"
-            - name: DISABLE_SECURITY_PLUGIN
-              value: "true"
-            - name: OPENSEARCH_INITIAL_ADMIN_PASSWORD
-              value: "password" 
-            - name: network.host
-              value: "0.0.0.0"
-            - name: http.cors.enabled
-              value: "true"
-            - name: http.cors.allow-origin
-              value: "*"
-            - name: indices.query.bool.max_clause_count
-              value: "4096"
-          securityContext:
-            capabilities:
-              add: ["IPC_LOCK"] 
-          volumeMounts:
-            - name: opensearch-data
-              mountPath: /usr/share/opensearch/data
-      restartPolicy: Always
-      volumes:
-        - name: opensearch-data
-          persistentVolumeClaim:
-            claimName: opensearch-data
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: opensearch
-spec:
-  selector:
-    app: opensearch
-  ports:
-    - protocol: TCP
-      port: 9200
-      targetPort: 9200
-  type: ClusterIP
diff --git a/terraform/environments/eks/k8s-manifests-staging/opensearch-pvc.yaml b/terraform/environments/eks/k8s-manifests-staging/opensearch-pvc.yaml
deleted file mode 100644
index 648817c3..00000000
--- a/terraform/environments/eks/k8s-manifests-staging/opensearch-pvc.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  namespace: credreg-staging
-  name: opensearch-data
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 20Gi
-  storageClassName: gp2

From 02ba07fde42634744ea8b19b071c5962c22b7ff9 Mon Sep 17 00:00:00 2001
From: Ariel Rolfo <arielr-lt+username@users.noreply.github.com>
Date: Mon, 23 Mar 2026 08:29:43 -0300
Subject: [PATCH 2/2] (#1011) Increase prod ingress max body size to 10m

Missing proxy-body-size annotation caused nginx to use its default 1m
limit, rejecting large publish payloads (~3.4MB) with 413 errors.
Matches the limit already set in sandbox and staging.
---
 terraform/environments/eks/k8s-manifests-prod/app-ingress.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/terraform/environments/eks/k8s-manifests-prod/app-ingress.yaml b/terraform/environments/eks/k8s-manifests-prod/app-ingress.yaml
index b54cfc72..985dfdfb 100644
--- a/terraform/environments/eks/k8s-manifests-prod/app-ingress.yaml
+++ b/terraform/environments/eks/k8s-manifests-prod/app-ingress.yaml
@@ -3,6 +3,8 @@ kind: Ingress
 metadata:
   name: main-app
   namespace: credreg-prod
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "10m"
 spec:
   ingressClassName: nginx
   tls: