From 8063f726ccad91c8379ea655451a31baf0772675 Mon Sep 17 00:00:00 2001
From: Ben Larabie <benlarabie@gmail.com>
Date: Wed, 13 Mar 2024 14:34:35 -0400
Subject: [PATCH] chore: Kustomize update (#2459)

please work please work.
---
 .github/workflows/merge_to_main_staging.yaml  |   19 +-
 .github/workflows/syntax_check.yaml           |   27 +-
 .github/workflows/syntax_check_prod.yaml      |   33 +
 ...-email-send-primary-init-delete-patch.yaml |   11 +
 ...email-send-scalable-init-delete-patch.yaml |   11 +
 .../celery-primary-init-delete-patch.yaml     |   11 +
 .../celery-scalable-init-delete-patch.yaml    |   11 +
 ...ry-sms-send-primary-init-delete-patch.yaml |   11 +
 ...y-sms-send-scalable-init-delete-patch.yaml |   11 +
 env/dev/karpenter.yaml                        |   69 -
 .../karpenter/aws-node-template-patch.yaml    |   11 +
 env/dev/karpenter/configmap-patch.yaml        |   24 +
 env/dev/karpenter/provisioner-patch.yaml      |   19 +
 env/dev/karpenter/service-account-patch.yaml  |   11 +
 env/dev/kustomization.yaml                    |  763 +++++-----
 env/dev/node-selector-patch.yaml              |  197 ---
 .../admin-node-selector-patch.yaml            |   13 +
 .../celery-api-node-selector-patch.yaml       |   28 +
 .../celery-beat-node-selector-patch.yaml      |   13 +
 ...celery-email-send-node-selector-patch.yaml |   13 +
 ...ail-send-scalable-node-selector-patch.yaml |   13 +
 .../celery-primary-node-selector-patch.yaml   |   13 +
 .../celery-scalable-node-selector-patch.yaml  |   13 +
 .../celery-sms-node-selector-patch.yaml       |   14 +
 .../celery-sms-send-node-selector-patch.yaml  |   13 +
 ...sms-send-scalable-node-selector-patch.yaml |   13 +
 ...ment-download-api-node-selector-patch.yaml |   13 +
 .../documentation-node-selector-patch.yaml    |   13 +
 env/dev/performance.yaml                      |  218 ---
 env/dev/performance/admin-hpa-patch.yaml      |    8 +
 env/dev/performance/api-hpa-patch.yaml        |    8 +
 ...y-email-send-primary-deployment-patch.yaml |   20 +
 ...-email-send-scalable-deployment-patch.yaml |   20 +
 .../celery-email-send-scalable-hpa-patch.yaml |   23 +
 .../celery-primary-deployment-patch.yaml      |   20 +
 .../celery-scalable-deployment-patch.yaml     |   20 +
 .../celery-scalable-hpa-patch.yaml            |   23 +
 ...ery-sms-send-primary-deployment-patch.yaml |   20 +
 ...ry-sms-send-scalable-deployment-patch.yaml |   20 +
 .../celery-sms-send-scalable-hpa-patch.yaml   |   23 +
 env/dev/remove-celery-init-patch.yaml         |   72 -
 env/dev/services.yaml                         |   39 -
 env/dev/services/admin-service-patch.yaml     |    9 +
 env/dev/services/api-service-patch.yaml       |    9 +
 .../document-download-api-service-patch.yaml  |    9 +
 .../services/documentation-service-patch.yaml |    9 +
 env/scratch/.env.enc.aws                      |  Bin 3521 -> 0 bytes
 env/scratch/.env.zip.enc.aws                  |  Bin 2470 -> 0 bytes
 env/scratch/admin-target-group.yaml           |   10 -
 env/scratch/api-target-group.yaml             |   10 -
 env/scratch/aws-auth-configmap.yaml           |   36 -
 env/scratch/celery-deployment.yaml            |  138 --
 env/scratch/cwagent-configmap.yaml            |   71 -
 env/scratch/cwagent.yaml                      |  207 ---
 .../document-download-api-target-group.yaml   |   10 -
 env/scratch/documentation-target-group.yaml   |   10 -
 env/scratch/fluentbit.yaml                    |  437 ------
 env/scratch/karpenter.yaml                    |   69 -
 env/scratch/kustomization.yaml                |  609 --------
 env/scratch/node-selector-patch.yaml          |  132 --
 env/scratch/notification-service-account.yaml |    7 -
 env/scratch/performance.yaml                  |  191 ---
 env/scratch/services.yaml                     |   39 -
 .../cwagent/cwagent-deployment-patch.yaml}    |    0
 env/staging/karpenter.yaml                    |   69 -
 .../karpenter/aws-node-template-patch.yaml    |   11 +
 env/staging/karpenter/configmap-patch.yaml    |   24 +
 env/staging/karpenter/provisioner-patch.yaml  |   19 +
 .../karpenter/service-account-patch.yaml      |   11 +
 env/staging/kustomization.yaml                | 1250 +++++++++--------
 env/staging/node-selector-patch.yaml          |  182 ---
 .../admin-node-selector-patch.yaml            |   13 +
 .../api-node-selector-patch.yaml              |   13 +
 .../celery-api-node-selector-patch.yaml       |   28 +
 .../celery-beat-node-selector-patch.yaml      |   13 +
 ...celery-email-send-node-selector-patch.yaml |   13 +
 ...ail-send-scalable-node-selector-patch.yaml |   13 +
 .../celery-primary-node-selector-patch.yaml   |   14 +
 .../celery-scalable-node-selector-patch.yaml  |   13 +
 .../celery-sms-node-selector-patch.yaml       |   14 +
 .../celery-sms-send-node-selector-patch.yaml  |   13 +
 ...sms-send-scalable-node-selector-patch.yaml |   13 +
 ...ment-download-api-node-selector-patch.yaml |   13 +
 .../documentation-node-selector-patch.yaml    |   13 +
 .../hasura-node-selector-patch.yaml}          |    0
 .../jump-box-node-selector-patch.yaml}        |    0
 env/staging/performance.yaml                  |  266 ----
 .../performance/admin-deployment-patch.yaml   |    9 +
 env/staging/performance/admin-hpa-patch.yaml  |    8 +
 .../performance/api-deployment-patch.yaml     |    9 +
 env/staging/performance/api-hpa-patch.yaml    |    8 +
 ...y-email-send-primary-deployment-patch.yaml |   20 +
 ...-email-send-scalable-deployment-patch.yaml |   20 +
 .../celery-email-send-scalable-hpa-patch.yaml |   23 +
 .../celery-primary-deployment-patch.yaml      |   20 +
 .../celery-scalable-deployment-patch.yaml     |   20 +
 .../celery-scalable-hpa-patch.yaml            |   23 +
 ...ery-sms-send-primary-deployment-patch.yaml |   20 +
 ...ry-sms-send-scalable-deployment-patch.yaml |   20 +
 .../celery-sms-send-scalable-hpa-patch.yaml   |   23 +
 .../document-download-api-hpa-patch.yaml      |    8 +
 .../documentation-deployment-patch.yaml       |    9 +
 env/staging/services/admin-service-patch.yaml |    9 +
 env/staging/services/api-service-patch.yaml   |    9 +
 .../document-download-api-service-patch.yaml  |    9 +
 .../services/documentation-service-patch.yaml |    9 +
 106 files changed, 2164 insertions(+), 4087 deletions(-)
 create mode 100644 .github/workflows/syntax_check_prod.yaml
 create mode 100644 env/dev/celery-init-delete/celery-email-send-primary-init-delete-patch.yaml
 create mode 100644 env/dev/celery-init-delete/celery-email-send-scalable-init-delete-patch.yaml
 create mode 100644 env/dev/celery-init-delete/celery-primary-init-delete-patch.yaml
 create mode 100644 env/dev/celery-init-delete/celery-scalable-init-delete-patch.yaml
 create mode 100644 env/dev/celery-init-delete/celery-sms-send-primary-init-delete-patch.yaml
 create mode 100644 env/dev/celery-init-delete/celery-sms-send-scalable-init-delete-patch.yaml
 delete mode 100644 env/dev/karpenter.yaml
 create mode 100644 env/dev/karpenter/aws-node-template-patch.yaml
 create mode 100644 env/dev/karpenter/configmap-patch.yaml
 create mode 100644 env/dev/karpenter/provisioner-patch.yaml
 create mode 100644 env/dev/karpenter/service-account-patch.yaml
 delete mode 100644 env/dev/node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/admin-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/celery-api-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/celery-beat-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/celery-email-send-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/celery-email-send-scalable-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/celery-primary-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/celery-scalable-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/celery-sms-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/celery-sms-send-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/celery-sms-send-scalable-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/document-download-api-node-selector-patch.yaml
 create mode 100644 env/dev/nodeselectors/documentation-node-selector-patch.yaml
 delete mode 100644 env/dev/performance.yaml
 create mode 100644 env/dev/performance/admin-hpa-patch.yaml
 create mode 100644 env/dev/performance/api-hpa-patch.yaml
 create mode 100644 env/dev/performance/celery-email-send-primary-deployment-patch.yaml
 create mode 100644 env/dev/performance/celery-email-send-scalable-deployment-patch.yaml
 create mode 100644 env/dev/performance/celery-email-send-scalable-hpa-patch.yaml
 create mode 100644 env/dev/performance/celery-primary-deployment-patch.yaml
 create mode 100644 env/dev/performance/celery-scalable-deployment-patch.yaml
 create mode 100644 env/dev/performance/celery-scalable-hpa-patch.yaml
 create mode 100644 env/dev/performance/celery-sms-send-primary-deployment-patch.yaml
 create mode 100644 env/dev/performance/celery-sms-send-scalable-deployment-patch.yaml
 create mode 100644 env/dev/performance/celery-sms-send-scalable-hpa-patch.yaml
 delete mode 100644 env/dev/remove-celery-init-patch.yaml
 delete mode 100644 env/dev/services.yaml
 create mode 100644 env/dev/services/admin-service-patch.yaml
 create mode 100644 env/dev/services/api-service-patch.yaml
 create mode 100644 env/dev/services/document-download-api-service-patch.yaml
 create mode 100644 env/dev/services/documentation-service-patch.yaml
 delete mode 100644 env/scratch/.env.enc.aws
 delete mode 100644 env/scratch/.env.zip.enc.aws
 delete mode 100644 env/scratch/admin-target-group.yaml
 delete mode 100644 env/scratch/api-target-group.yaml
 delete mode 100644 env/scratch/aws-auth-configmap.yaml
 delete mode 100644 env/scratch/celery-deployment.yaml
 delete mode 100644 env/scratch/cwagent-configmap.yaml
 delete mode 100644 env/scratch/cwagent.yaml
 delete mode 100644 env/scratch/document-download-api-target-group.yaml
 delete mode 100644 env/scratch/documentation-target-group.yaml
 delete mode 100644 env/scratch/fluentbit.yaml
 delete mode 100644 env/scratch/karpenter.yaml
 delete mode 100644 env/scratch/kustomization.yaml
 delete mode 100644 env/scratch/node-selector-patch.yaml
 delete mode 100644 env/scratch/notification-service-account.yaml
 delete mode 100644 env/scratch/performance.yaml
 delete mode 100644 env/scratch/services.yaml
 rename env/{scratch/cwagent-patch.yaml => staging/cwagent/cwagent-deployment-patch.yaml} (100%)
 delete mode 100644 env/staging/karpenter.yaml
 create mode 100644 env/staging/karpenter/aws-node-template-patch.yaml
 create mode 100644 env/staging/karpenter/configmap-patch.yaml
 create mode 100644 env/staging/karpenter/provisioner-patch.yaml
 create mode 100644 env/staging/karpenter/service-account-patch.yaml
 delete mode 100644 env/staging/node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/admin-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/api-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/celery-api-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/celery-beat-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/celery-email-send-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/celery-email-send-scalable-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/celery-primary-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/celery-scalable-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/celery-sms-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/celery-sms-send-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/celery-sms-send-scalable-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/document-download-api-node-selector-patch.yaml
 create mode 100644 env/staging/nodeselectors/documentation-node-selector-patch.yaml
 rename env/staging/{hasura-patch.yaml => nodeselectors/hasura-node-selector-patch.yaml} (100%)
 rename env/staging/{jump-box-patch.yaml => nodeselectors/jump-box-node-selector-patch.yaml} (100%)
 delete mode 100644 env/staging/performance.yaml
 create mode 100644 env/staging/performance/admin-deployment-patch.yaml
 create mode 100644 env/staging/performance/admin-hpa-patch.yaml
 create mode 100644 env/staging/performance/api-deployment-patch.yaml
 create mode 100644 env/staging/performance/api-hpa-patch.yaml
 create mode 100644 env/staging/performance/celery-email-send-primary-deployment-patch.yaml
 create mode 100644 env/staging/performance/celery-email-send-scalable-deployment-patch.yaml
 create mode 100644 env/staging/performance/celery-email-send-scalable-hpa-patch.yaml
 create mode 100644 env/staging/performance/celery-primary-deployment-patch.yaml
 create mode 100644 env/staging/performance/celery-scalable-deployment-patch.yaml
 create mode 100644 env/staging/performance/celery-scalable-hpa-patch.yaml
 create mode 100644 env/staging/performance/celery-sms-send-primary-deployment-patch.yaml
 create mode 100644 env/staging/performance/celery-sms-send-scalable-deployment-patch.yaml
 create mode 100644 env/staging/performance/celery-sms-send-scalable-hpa-patch.yaml
 create mode 100644 env/staging/performance/document-download-api-hpa-patch.yaml
 create mode 100644 env/staging/performance/documentation-deployment-patch.yaml
 create mode 100644 env/staging/services/admin-service-patch.yaml
 create mode 100644 env/staging/services/api-service-patch.yaml
 create mode 100644 env/staging/services/document-download-api-service-patch.yaml
 create mode 100644 env/staging/services/documentation-service-patch.yaml

diff --git a/.github/workflows/merge_to_main_staging.yaml b/.github/workflows/merge_to_main_staging.yaml
index c7a2c96df..40dc71b1e 100644
--- a/.github/workflows/merge_to_main_staging.yaml
+++ b/.github/workflows/merge_to_main_staging.yaml
@@ -9,16 +9,13 @@ on:
       - ".github/workflows/merge_to_main_staging.yaml"
       - "env/staging/**"
 
-env:
-  KUBECTL_VERSION: 1.23.6
-
 defaults:
   run:
     shell: bash
 
 jobs:
   kubectl-apply:
-    runs-on: ubuntu-latest
+    runs-on: github-arc-ss-staging
 
     steps:
       - name: Checkout
@@ -34,12 +31,12 @@ jobs:
           aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}
           aws-region: ca-central-1
 
-      - name: Install kubectl
-        run: |
-          curl -LO https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
-          chmod +x kubectl
-          mv kubectl /usr/local/bin/
-          kubectl version --client
+      # I'm cheating and using this action to install kubectl
+      - name: Setup helmfile
+        uses: mamezou-tech/setup-helmfile@v2.0.0
+        with:
+          install-kubectl: yes
+          install-helm: yes
 
       - name: Decrypt staging env
         run: |
@@ -106,5 +103,5 @@ jobs:
       - name: Notify Slack channel if this job failed
         if: ${{ failure() }}
         run: |
-          json="{'text':'<!here> CI is failing in <https://github.com/cds-snc/notification-manifests/|notification-manifests> !'}"
+          json="{'text':'<!here> Manifests Merge To Staging CI is failing in <https://github.com/cds-snc/notification-manifests/|notification-manifests> !'}"
           curl -X POST -H 'Content-type: application/json' --data "$json"  ${{ secrets.SLACK_WEBHOOK }}
\ No newline at end of file
diff --git a/.github/workflows/syntax_check.yaml b/.github/workflows/syntax_check.yaml
index 49ac6a836..1b437680b 100644
--- a/.github/workflows/syntax_check.yaml
+++ b/.github/workflows/syntax_check.yaml
@@ -1,11 +1,8 @@
-name: Testing manifest
+name: Testing Staging Manifest
 
 on: 
   - pull_request
 
-env:
-  KUBECTL_VERSION: 1.23.6
-
 jobs:
   testing_manifest:
     runs-on: ubuntu-latest
@@ -14,28 +11,20 @@ jobs:
       - name: Checkout
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
-      - name: Install kubectl
-        run: |
-          curl -LO https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
-          chmod +x kubectl
-          mv kubectl /usr/local/bin/
-          kubectl version --client
+      # I'm cheating and using this action to install kubectl
+      - name: Setup helmfile
+        uses: mamezou-tech/setup-helmfile@v2.0.0
+        with:
+          install-kubectl: yes
+          install-helm: yes
 
       - name: Add fake .env
         run: |
           cp env.example env/staging/.env
-          cp env.example env/production/.env
 
       - name: Test staging manifest build
         uses: ./.github/actions/test-manifest
         if: always()
         with:
           build-target: staging-debug
-          echo-manifest: true
-
-      - name: Test production manifest build
-        uses: ./.github/actions/test-manifest
-        if: always()
-        with:
-          build-target: production-debug          
-  
\ No newline at end of file
+          echo-manifest: true
\ No newline at end of file
diff --git a/.github/workflows/syntax_check_prod.yaml b/.github/workflows/syntax_check_prod.yaml
new file mode 100644
index 000000000..1170df519
--- /dev/null
+++ b/.github/workflows/syntax_check_prod.yaml
@@ -0,0 +1,33 @@
+name: Testing Prod Manifest
+
+on: 
+  - pull_request
+
+env:
+  KUBECTL_VERSION: 1.23.6
+
+jobs:
+  testing_manifest:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+
+      - name: Install kubectl
+        run: |
+          curl -LO https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
+          chmod +x kubectl
+          mv kubectl /usr/local/bin/
+          kubectl version --client
+
+      - name: Add fake .env
+        run: |
+          cp env.example env/production/.env
+
+      - name: Test production manifest build
+        uses: ./.github/actions/test-manifest
+        if: always()
+        with:
+          build-target: production-debug          
+  
\ No newline at end of file
diff --git a/env/dev/celery-init-delete/celery-email-send-primary-init-delete-patch.yaml b/env/dev/celery-init-delete/celery-email-send-primary-init-delete-patch.yaml
new file mode 100644
index 000000000..6ee6e1632
--- /dev/null
+++ b/env/dev/celery-init-delete/celery-email-send-primary-init-delete-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-email-send-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete
\ No newline at end of file
diff --git a/env/dev/celery-init-delete/celery-email-send-scalable-init-delete-patch.yaml b/env/dev/celery-init-delete/celery-email-send-scalable-init-delete-patch.yaml
new file mode 100644
index 000000000..1bfb98a07
--- /dev/null
+++ b/env/dev/celery-init-delete/celery-email-send-scalable-init-delete-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-email-send-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete
\ No newline at end of file
diff --git a/env/dev/celery-init-delete/celery-primary-init-delete-patch.yaml b/env/dev/celery-init-delete/celery-primary-init-delete-patch.yaml
new file mode 100644
index 000000000..a44fefa3b
--- /dev/null
+++ b/env/dev/celery-init-delete/celery-primary-init-delete-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete
\ No newline at end of file
diff --git a/env/dev/celery-init-delete/celery-scalable-init-delete-patch.yaml b/env/dev/celery-init-delete/celery-scalable-init-delete-patch.yaml
new file mode 100644
index 000000000..c34907866
--- /dev/null
+++ b/env/dev/celery-init-delete/celery-scalable-init-delete-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete
\ No newline at end of file
diff --git a/env/dev/celery-init-delete/celery-sms-send-primary-init-delete-patch.yaml b/env/dev/celery-init-delete/celery-sms-send-primary-init-delete-patch.yaml
new file mode 100644
index 000000000..18f1d735c
--- /dev/null
+++ b/env/dev/celery-init-delete/celery-sms-send-primary-init-delete-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-sms-send-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete
\ No newline at end of file
diff --git a/env/dev/celery-init-delete/celery-sms-send-scalable-init-delete-patch.yaml b/env/dev/celery-init-delete/celery-sms-send-scalable-init-delete-patch.yaml
new file mode 100644
index 000000000..dd3cd14e7
--- /dev/null
+++ b/env/dev/celery-init-delete/celery-sms-send-scalable-init-delete-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: celery-sms-send-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: wait-cwagent-ready
+          $patch: delete
\ No newline at end of file
diff --git a/env/dev/karpenter.yaml b/env/dev/karpenter.yaml
deleted file mode 100644
index 36f54015e..000000000
--- a/env/dev/karpenter.yaml
+++ /dev/null
@@ -1,69 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: karpenter
-  namespace: karpenter
-  labels:
-    app.kubernetes.io/name: karpenter
-    app.kubernetes.io/instance: karpenter
-    app.kubernetes.io/version: "0.30.0"
-  annotations:
-    eks.amazonaws.com/role-arn: arn:aws:iam::800095993820:role/karpenter-controller-eks
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: karpenter-global-settings
-  namespace: karpenter
-  labels:
-    app.kubernetes.io/name: karpenter
-    app.kubernetes.io/instance: karpenter
-    app.kubernetes.io/version: "0.30.0"
-data:  
-    "aws.assumeRoleARN": ""
-    "aws.assumeRoleDuration": "15m"
-    "aws.clusterCABundle": ""
-    "aws.clusterEndpoint": ""
-    "aws.clusterName": "notification-canada-ca-dev-eks-cluster"
-    "aws.defaultInstanceProfile": "KarpenterNodeInstanceProfile-karpenter-controller-eks"
-    "aws.enableENILimitedPodDensity": "true"
-    "aws.enablePodENI": "false"
-    "aws.interruptionQueueName": ""
-    "aws.isolatedVPC": "false"
-    "aws.vmMemoryOverheadPercent": "0.075"
-    "batchIdleDuration": "1s"
-    "batchMaxDuration": "10s"
-    "featureGates.driftEnabled": "false"
----
-apiVersion: karpenter.sh/v1alpha5
-kind: Provisioner
-metadata:
-  name: default
-spec:
-  requirements:
-    - key: karpenter.sh/capacity-type
-      operator: In
-      values: ["spot"]
-    - key: node.kubernetes.io/instance-type
-      operator: In
-      values: ["m5.large", "r5.large"]      
-  limits:
-    resources:
-      cpu: 1000
-  providerRef:
-    name: default
-  consolidation: 
-    enabled: true
----
-apiVersion: karpenter.k8s.aws/v1alpha1
-kind: AWSNodeTemplate
-metadata:
-  name: default
-spec:
-  subnetSelector:
-    karpenter.sh/discovery: notification-canada-ca-dev-eks-cluster
-  securityGroupSelector:
-    karpenter.sh/discovery: notification-canada-ca-dev-eks-cluster    
-  metadataOptions:
-    httpTokens: optional
\ No newline at end of file
diff --git a/env/dev/karpenter/aws-node-template-patch.yaml b/env/dev/karpenter/aws-node-template-patch.yaml
new file mode 100644
index 000000000..2f17434c7
--- /dev/null
+++ b/env/dev/karpenter/aws-node-template-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: karpenter.k8s.aws/v1alpha1
+kind: AWSNodeTemplate
+metadata:
+  name: default
+spec:
+  subnetSelector:
+    karpenter.sh/discovery: notification-canada-ca-dev-eks-cluster
+  securityGroupSelector:
+    karpenter.sh/discovery: notification-canada-ca-dev-eks-cluster    
+  metadataOptions:
+    httpTokens: optional
\ No newline at end of file
diff --git a/env/dev/karpenter/configmap-patch.yaml b/env/dev/karpenter/configmap-patch.yaml
new file mode 100644
index 000000000..989b118d4
--- /dev/null
+++ b/env/dev/karpenter/configmap-patch.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: karpenter-global-settings
+  namespace: karpenter
+  labels:
+    app.kubernetes.io/name: karpenter
+    app.kubernetes.io/instance: karpenter
+    app.kubernetes.io/version: "0.30.0"
+data:  
+    "aws.assumeRoleARN": ""
+    "aws.assumeRoleDuration": "15m"
+    "aws.clusterCABundle": ""
+    "aws.clusterEndpoint": ""
+    "aws.clusterName": "notification-canada-ca-dev-eks-cluster"
+    "aws.defaultInstanceProfile": "KarpenterNodeInstanceProfile-karpenter-controller-eks"
+    "aws.enableENILimitedPodDensity": "true"
+    "aws.enablePodENI": "false"
+    "aws.interruptionQueueName": ""
+    "aws.isolatedVPC": "false"
+    "aws.vmMemoryOverheadPercent": "0.075"
+    "batchIdleDuration": "1s"
+    "batchMaxDuration": "10s"
+    "featureGates.driftEnabled": "false"
\ No newline at end of file
diff --git a/env/dev/karpenter/provisioner-patch.yaml b/env/dev/karpenter/provisioner-patch.yaml
new file mode 100644
index 000000000..eb22936d8
--- /dev/null
+++ b/env/dev/karpenter/provisioner-patch.yaml
@@ -0,0 +1,19 @@
+apiVersion: karpenter.sh/v1alpha5
+kind: Provisioner
+metadata:
+  name: default
+spec:
+  requirements:
+    - key: karpenter.sh/capacity-type
+      operator: In
+      values: ["spot"]
+    - key: node.kubernetes.io/instance-type
+      operator: In
+      values: ["m5.large", "r5.large"]      
+  limits:
+    resources:
+      cpu: 1000
+  providerRef:
+    name: default
+  consolidation: 
+    enabled: true
\ No newline at end of file
diff --git a/env/dev/karpenter/service-account-patch.yaml b/env/dev/karpenter/service-account-patch.yaml
new file mode 100644
index 000000000..2ac6aebf3
--- /dev/null
+++ b/env/dev/karpenter/service-account-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: karpenter
+  namespace: karpenter
+  labels:
+    app.kubernetes.io/name: karpenter
+    app.kubernetes.io/instance: karpenter
+    app.kubernetes.io/version: "0.30.0"
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::800095993820:role/karpenter-controller-eks
\ No newline at end of file
diff --git a/env/dev/kustomization.yaml b/env/dev/kustomization.yaml
index 8a40b731f..6ff9832e6 100644
--- a/env/dev/kustomization.yaml
+++ b/env/dev/kustomization.yaml
@@ -1,613 +1,648 @@
-bases:
-  - ../../base/karpenter
-  - ../../base/kube-state-metrics
-  #- ../../base/prometheus-cloudwatch
-  #- ../../base/k8s-event-logger
-  - ../../base/utils
-  - ../../base/notify-admin
-  - ../../base/notify-api
-  - ../../base/notify-celery-other
-  - ../../base/notify-celery-main-primary
-  - ../../base/notify-celery-sms-send-primary
-  - ../../base/notify-celery-email-send-primary
-  - ../../base/notify-celery-main-scalable
-  - ../../base/notify-celery-sms-send-scalable
-  - ../../base/notify-celery-email-send-scalable
-  - ../../base/notify-document-download
-  - ../../base/notify-documentation
-  - ../../base/notify-system
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 
 resources:
-  #- cwagent.yaml
-  #- fluentbit.yaml
-  #- cwagent-configmap.yaml
-  - notification-service-account.yaml
-  - api-target-group.yaml
-  - admin-target-group.yaml
-  - document-download-api-target-group.yaml
-  - documentation-target-group.yaml
-  - aws-auth-configmap.yaml
-  - hasura-ingress.yaml
+- notification-service-account.yaml
+- api-target-group.yaml
+- admin-target-group.yaml
+- document-download-api-target-group.yaml
+- documentation-target-group.yaml
+- aws-auth-configmap.yaml
+- hasura-ingress.yaml
+- ../../base/karpenter
+- ../../base/kube-state-metrics
+- ../../base/utils
+- ../../base/notify-admin
+- ../../base/notify-api
+- ../../base/notify-celery-other
+- ../../base/notify-celery-main-primary
+- ../../base/notify-celery-sms-send-primary
+- ../../base/notify-celery-email-send-primary
+- ../../base/notify-celery-main-scalable
+- ../../base/notify-celery-sms-send-scalable
+- ../../base/notify-celery-email-send-scalable
+- ../../base/notify-document-download
+- ../../base/notify-documentation
+- ../../base/notify-system
 
 images:
-  - name: admin
-    newName: public.ecr.aws/cds-snc/notify-admin:latest
-  - name: api
-    newName: public.ecr.aws/cds-snc/notify-api:latest
-  - name: document-download-api
-    newName: public.ecr.aws/cds-snc/notify-document-download-api:latest
-  - name: documentation
-    newName: public.ecr.aws/cds-snc/notify-documentation:latest
+- name: admin
+  newName: public.ecr.aws/cds-snc/notify-admin:latest
+- name: api
+  newName: public.ecr.aws/cds-snc/notify-api:latest
+- name: document-download-api
+  newName: public.ecr.aws/cds-snc/notify-document-download-api:latest
+- name: documentation
+  newName: public.ecr.aws/cds-snc/notify-documentation:latest
+
+patches:
+- path: performance/admin-hpa-patch.yaml
+- path: performance/api-hpa-patch.yaml
+- path: performance/celery-email-send-primary-deployment-patch.yaml
+- path: performance/celery-email-send-scalable-deployment-patch.yaml
+- path: performance/celery-email-send-scalable-hpa-patch.yaml
+- path: performance/celery-primary-deployment-patch.yaml
+- path: performance/celery-scalable-deployment-patch.yaml
+- path: performance/celery-scalable-hpa-patch.yaml
+- path: performance/celery-sms-send-primary-deployment-patch.yaml
+- path: performance/celery-sms-send-scalable-deployment-patch.yaml
+- path: performance/celery-sms-send-scalable-hpa-patch.yaml
+
+- path: services/admin-service-patch.yaml
+- path: services/api-service-patch.yaml
+- path: services/document-download-api-service-patch.yaml
+- path: services/documentation-service-patch.yaml
+
+- path: karpenter/aws-node-template-patch.yaml
+- path: karpenter/configmap-patch.yaml
+- path: karpenter/provisioner-patch.yaml
+- path: karpenter/service-account-patch.yaml
+
+- path: nodeselectors/admin-node-selector-patch.yaml
+- path: nodeselectors/celery-api-node-selector-patch.yaml
+- path: nodeselectors/celery-beat-node-selector-patch.yaml
+- path: nodeselectors/celery-email-send-node-selector-patch.yaml
+- path: nodeselectors/celery-email-send-scalable-node-selector-patch.yaml
+- path: nodeselectors/celery-primary-node-selector-patch.yaml
+- path: nodeselectors/celery-scalable-node-selector-patch.yaml
+- path: nodeselectors/celery-sms-node-selector-patch.yaml
+- path: nodeselectors/celery-sms-send-node-selector-patch.yaml
+- path: nodeselectors/celery-sms-send-scalable-node-selector-patch.yaml
+- path: nodeselectors/document-download-api-node-selector-patch.yaml
+- path: nodeselectors/documentation-node-selector-patch.yaml
+
+- path: celery-init-delete/celery-email-send-primary-init-delete-patch.yaml
+- path: celery-init-delete/celery-email-send-scalable-init-delete-patch.yaml
+- path: celery-init-delete/celery-primary-init-delete-patch.yaml
+- path: celery-init-delete/celery-scalable-init-delete-patch.yaml
+- path: celery-init-delete/celery-sms-send-primary-init-delete-patch.yaml
+- path: celery-init-delete/celery-sms-send-scalable-init-delete-patch.yaml
 
 configMapGenerator:
-- name: application-config
-  env: .env
+- envs:
+  - .env
+  name: application-config
 
-patchesStrategicMerge:
-  - performance.yaml
-  - services.yaml
-  - karpenter.yaml
-  - node-selector-patch.yaml
-  - remove-celery-init-patch.yaml
 
 vars:
-- name: ADMIN_CLIENT_SECRET
+- fieldref:
+    fieldPath: data.ADMIN_CLIENT_SECRET
+  name: ADMIN_CLIENT_SECRET
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ADMIN_CLIENT_SECRET
-- name: ALLOW_DEBUG_ROUTE
+- fieldref:
+    fieldPath: data.ALLOW_DEBUG_ROUTE
+  name: ALLOW_DEBUG_ROUTE
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ALLOW_DEBUG_ROUTE
-- name: ALLOW_HTML_SERVICE_IDS
+- fieldref:
+    fieldPath: data.ALLOW_HTML_SERVICE_IDS
+  name: ALLOW_HTML_SERVICE_IDS
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ALLOW_HTML_SERVICE_IDS
-- name: API_HOST_NAME
+- fieldref:
+    fieldPath: data.API_HOST_NAME
+  name: API_HOST_NAME
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.API_HOST_NAME
-- name: ASSET_UPLOAD_BUCKET_NAME
+- fieldref:
+    fieldPath: data.ASSET_UPLOAD_BUCKET_NAME
+  name: ASSET_UPLOAD_BUCKET_NAME
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ASSET_UPLOAD_BUCKET_NAME
-- name: ASSET_DOMAIN
+- fieldref:
+    fieldPath: data.ASSET_DOMAIN
+  name: ASSET_DOMAIN
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ASSET_DOMAIN
-- name: AUTH_TOKENS
+- fieldref:
+    fieldPath: data.AUTH_TOKENS
+  name: AUTH_TOKENS
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AUTH_TOKENS
-- name: AWS_PINPOINT_REGION
+- fieldref:
+    fieldPath: data.AWS_PINPOINT_REGION
+  name: AWS_PINPOINT_REGION
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_PINPOINT_REGION
-- name: AWS_REGION
+- fieldref:
+    fieldPath: data.AWS_REGION
+  name: AWS_REGION
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_REGION
-- name: AWS_ROUTE53_ZONE
+- fieldref:
+    fieldPath: data.AWS_ROUTE53_ZONE
+  name: AWS_ROUTE53_ZONE
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_ROUTE53_ZONE
-- name: AWS_SES_REGION
+- fieldref:
+    fieldPath: data.AWS_SES_REGION
+  name: AWS_SES_REGION
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_SES_REGION
-- name: AWS_SES_SMTP
+- fieldref:
+    fieldPath: data.AWS_SES_SMTP
+  name: AWS_SES_SMTP
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_SES_SMTP
-- name: AWS_SES_ACCESS_KEY
+- fieldref:
+    fieldPath: data.AWS_SES_ACCESS_KEY
+  name: AWS_SES_ACCESS_KEY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_SES_ACCESS_KEY
-- name: AWS_SES_SECRET_KEY
+- fieldref:
+    fieldPath: data.AWS_SES_SECRET_KEY
+  name: AWS_SES_SECRET_KEY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_SES_SECRET_KEY
-- name: BASE_DOMAIN
+- fieldref:
+    fieldPath: data.BASE_DOMAIN
+  name: BASE_DOMAIN
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.BASE_DOMAIN
-- name: BULK_SEND_AWS_BUCKET
+- fieldref:
+    fieldPath: data.BULK_SEND_AWS_BUCKET
+  name: BULK_SEND_AWS_BUCKET
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.BULK_SEND_AWS_BUCKET
-- name: BULK_SEND_TEST_SERVICE_ID
+- fieldref:
+    fieldPath: data.BULK_SEND_TEST_SERVICE_ID
+  name: BULK_SEND_TEST_SERVICE_ID
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.BULK_SEND_TEST_SERVICE_ID
-- name: CELERY_CONCURRENCY
+- fieldref:
+    fieldPath: data.CELERY_CONCURRENCY
+  name: CELERY_CONCURRENCY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CELERY_CONCURRENCY
-- name: CELERY_DELIVER_SMS_RATE_LIMIT
+- fieldref:
+    fieldPath: data.CELERY_DELIVER_SMS_RATE_LIMIT
+  name: CELERY_DELIVER_SMS_RATE_LIMIT
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CELERY_DELIVER_SMS_RATE_LIMIT
-- name: CONTACT_EMAIL
+- fieldref:
+    fieldPath: data.CONTACT_EMAIL
+  name: CONTACT_EMAIL
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CONTACT_EMAIL
-- name: CSV_UPLOAD_BUCKET_NAME
+- fieldref:
+    fieldPath: data.CSV_UPLOAD_BUCKET_NAME
+  name: CSV_UPLOAD_BUCKET_NAME
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CSV_UPLOAD_BUCKET_NAME
-- name: CLUSTER_NAME
+- fieldref:
+    fieldPath: data.CLUSTER_NAME
+  name: CLUSTER_NAME
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CLUSTER_NAME
-- name: DEBUG_KEY
+- fieldref:
+    fieldPath: data.DEBUG_KEY
+  name: DEBUG_KEY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.DEBUG_KEY
-- name: DOCUMENTS_BUCKET
+- fieldref:
+    fieldPath: data.DOCUMENTS_BUCKET
+  name: DOCUMENTS_BUCKET
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.DOCUMENTS_BUCKET
-- name: DANGEROUS_SALT
+- fieldref:
+    fieldPath: data.DANGEROUS_SALT
+  name: DANGEROUS_SALT
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.DANGEROUS_SALT
-- name: ENVIRONMENT
+- fieldref:
+    fieldPath: data.ENVIRONMENT
+  name: ENVIRONMENT
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ENVIRONMENT
-- name: FF_SPIKE_SMS_DAILY_LIMIT
+- fieldref:
+    fieldPath: data.FF_SPIKE_SMS_DAILY_LIMIT
+  name: FF_SPIKE_SMS_DAILY_LIMIT
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_SPIKE_SMS_DAILY_LIMIT
-- name: FF_SMS_PARTS_UI
+- fieldref:
+    fieldPath: data.FF_SMS_PARTS_UI
+  name: FF_SMS_PARTS_UI
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_SMS_PARTS_UI
-- name: FIDO2_DOMAIN
+- fieldref:
+    fieldPath: data.FIDO2_DOMAIN
+  name: FIDO2_DOMAIN
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FIDO2_DOMAIN
-- name: FRESH_DESK_API_URL
+- fieldref:
+    fieldPath: data.FRESH_DESK_API_URL
+  name: FRESH_DESK_API_URL
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FRESH_DESK_API_URL
-- name: FRESH_DESK_API_KEY
+- fieldref:
+    fieldPath: data.FRESH_DESK_API_KEY
+  name: FRESH_DESK_API_KEY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FRESH_DESK_API_KEY
-- name: FRESH_DESK_PRODUCT_ID
+- fieldref:
+    fieldPath: data.FRESH_DESK_PRODUCT_ID
+  name: FRESH_DESK_PRODUCT_ID
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FRESH_DESK_PRODUCT_ID
-- name: HASURA_ACCESS_KEY
+- fieldref:
+    fieldPath: data.HASURA_ACCESS_KEY
+  name: HASURA_ACCESS_KEY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.HASURA_ACCESS_KEY
-- name: HC_EN_SERVICE_ID
+- fieldref:
+    fieldPath: data.HC_EN_SERVICE_ID
+  name: HC_EN_SERVICE_ID
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.HC_EN_SERVICE_ID
-- name: HC_FR_SERVICE_ID
+- fieldref:
+    fieldPath: data.HC_FR_SERVICE_ID
+  name: HC_FR_SERVICE_ID
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.HC_FR_SERVICE_ID
-- name: MIXPANEL_PROJECT_TOKEN
+- fieldref:
+    fieldPath: data.MIXPANEL_PROJECT_TOKEN
+  name: MIXPANEL_PROJECT_TOKEN
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.MIXPANEL_PROJECT_TOKEN
-- name: NEW_RELIC_LICENSE_KEY
+- fieldref:
+    fieldPath: data.NEW_RELIC_LICENSE_KEY
+  name: NEW_RELIC_LICENSE_KEY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.NEW_RELIC_LICENSE_KEY
-- name: NEW_RELIC_MONITOR_MODE
+- fieldref:
+    fieldPath: data.NEW_RELIC_MONITOR_MODE
+  name: NEW_RELIC_MONITOR_MODE
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.NEW_RELIC_MONITOR_MODE
-- name: POSTGRES_HOST
+- fieldref:
+    fieldPath: data.POSTGRES_HOST
+  name: POSTGRES_HOST
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.POSTGRES_HOST
-- name: POSTGRES_SQL
+- fieldref:
+    fieldPath: data.POSTGRES_SQL
+  name: POSTGRES_SQL
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.POSTGRES_SQL
-- name: REDIS_URL
+- fieldref:
+    fieldPath: data.REDIS_URL
+  name: REDIS_URL
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.REDIS_URL
-- name: REDIS_PUBLISH_URL
+- fieldref:
+    fieldPath: data.REDIS_PUBLISH_URL
+  name: REDIS_PUBLISH_URL
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.REDIS_PUBLISH_URL
-- name: SCAN_FILES_DOCUMENTS_BUCKET
+- fieldref:
+    fieldPath: data.SCAN_FILES_DOCUMENTS_BUCKET
+  name: SCAN_FILES_DOCUMENTS_BUCKET
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SCAN_FILES_DOCUMENTS_BUCKET
-- name: SECRET_KEY
+- fieldref:
+    fieldPath: data.SECRET_KEY
+  name: SECRET_KEY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SECRET_KEY
-- name: SENDGRID_API_KEY
+- fieldref:
+    fieldPath: data.SENDGRID_API_KEY
+  name: SENDGRID_API_KEY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SENDGRID_API_KEY
-- name: SENSITIVE_SERVICES
+- fieldref:
+    fieldPath: data.SENSITIVE_SERVICES
+  name: SENSITIVE_SERVICES
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SENSITIVE_SERVICES
-- name: SQLALCHEMY_DATABASE_READER_URI
+- fieldref:
+    fieldPath: data.SQLALCHEMY_DATABASE_READER_URI
+  name: SQLALCHEMY_DATABASE_READER_URI
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SQLALCHEMY_DATABASE_READER_URI
-- name: SQLALCHEMY_POOL_SIZE
+- fieldref:
+    fieldPath: data.SQLALCHEMY_POOL_SIZE
+  name: SQLALCHEMY_POOL_SIZE
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SQLALCHEMY_POOL_SIZE
-- name: TWILIO_ACCOUNT_SID
+- fieldref:
+    fieldPath: data.TWILIO_ACCOUNT_SID
+  name: TWILIO_ACCOUNT_SID
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.TWILIO_ACCOUNT_SID
-- name: TWILIO_AUTH_TOKEN
+- fieldref:
+    fieldPath: data.TWILIO_AUTH_TOKEN
+  name: TWILIO_AUTH_TOKEN
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.TWILIO_AUTH_TOKEN
-- name: TWILIO_FROM_NUMBER
+- fieldref:
+    fieldPath: data.TWILIO_FROM_NUMBER
+  name: TWILIO_FROM_NUMBER
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.TWILIO_FROM_NUMBER
-- name: SENTRY_URL
+- fieldref:
+    fieldPath: data.SENTRY_URL
+  name: SENTRY_URL
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SENTRY_URL
-- name: EXTRA_MIME_TYPES
+- fieldref:
+    fieldPath: data.EXTRA_MIME_TYPES
+  name: EXTRA_MIME_TYPES
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.EXTRA_MIME_TYPES
-- name: IP_GEOLOCATE_SERVICE
+- fieldref:
+    fieldPath: data.IP_GEOLOCATE_SERVICE
+  name: IP_GEOLOCATE_SERVICE
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.IP_GEOLOCATE_SERVICE
-- name: ZENDESK_SELL_API_URL
+- fieldref:
+    fieldPath: data.ZENDESK_SELL_API_URL
+  name: ZENDESK_SELL_API_URL
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ZENDESK_SELL_API_URL
-- name: ZENDESK_SELL_API_KEY
+- fieldref:
+    fieldPath: data.ZENDESK_SELL_API_KEY
+  name: ZENDESK_SELL_API_KEY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ZENDESK_SELL_API_KEY
-- name: ZENDESK_API_URL
+- fieldref:
+    fieldPath: data.ZENDESK_API_URL
+  name: ZENDESK_API_URL
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ZENDESK_API_URL
-- name: ZENDESK_API_KEY
+- fieldref:
+    fieldPath: data.ZENDESK_API_KEY
+  name: ZENDESK_API_KEY
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ZENDESK_API_KEY
-- name: AWS_US_TOLL_FREE_NUMBER
+- fieldref:
+    fieldPath: data.AWS_US_TOLL_FREE_NUMBER
+  name: AWS_US_TOLL_FREE_NUMBER
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_US_TOLL_FREE_NUMBER
-- name: BATCH_INSERTION_CHUNK_SIZE
+- fieldref:
+    fieldPath: data.BATCH_INSERTION_CHUNK_SIZE
+  name: BATCH_INSERTION_CHUNK_SIZE
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.BATCH_INSERTION_CHUNK_SIZE
-- name: GC_ARTICLES_API
+- fieldref:
+    fieldPath: data.GC_ARTICLES_API
+  name: GC_ARTICLES_API
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.GC_ARTICLES_API
-- name: GC_ARTICLES_API_AUTH_USERNAME
+- fieldref:
+    fieldPath: data.GC_ARTICLES_API_AUTH_USERNAME
+  name: GC_ARTICLES_API_AUTH_USERNAME
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.GC_ARTICLES_API_AUTH_USERNAME
-- name: GC_ARTICLES_API_AUTH_PASSWORD
+- fieldref:
+    fieldPath: data.GC_ARTICLES_API_AUTH_PASSWORD
+  name: GC_ARTICLES_API_AUTH_PASSWORD
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.GC_ARTICLES_API_AUTH_PASSWORD
-- name: WAF_SECRET
+- fieldref:
+    fieldPath: data.WAF_SECRET
+  name: WAF_SECRET
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.WAF_SECRET
-- name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
+- fieldref:
+    fieldPath: data.CRM_GITHUB_PERSONAL_ACCESS_TOKEN
+  name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CRM_GITHUB_PERSONAL_ACCESS_TOKEN
-- name: CRM_ORG_LIST_URL
+- fieldref:
+    fieldPath: data.CRM_ORG_LIST_URL
+  name: CRM_ORG_LIST_URL
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CRM_ORG_LIST_URL
-- name: FF_SALESFORCE_CONTACT
+- fieldref:
+    fieldPath: data.FF_SALESFORCE_CONTACT
+  name: FF_SALESFORCE_CONTACT
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_SALESFORCE_CONTACT
-- name: SALESFORCE_USERNAME
+- fieldref:
+    fieldPath: data.SALESFORCE_USERNAME
+  name: SALESFORCE_USERNAME
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_USERNAME
-- name: SALESFORCE_PASSWORD
+- fieldref:
+    fieldPath: data.SALESFORCE_PASSWORD
+  name: SALESFORCE_PASSWORD
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_PASSWORD
-- name: SALESFORCE_SECURITY_TOKEN
+- fieldref:
+    fieldPath: data.SALESFORCE_SECURITY_TOKEN
+  name: SALESFORCE_SECURITY_TOKEN
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_SECURITY_TOKEN
-- name: SALESFORCE_DOMAIN
+- fieldref:
+    fieldPath: data.SALESFORCE_DOMAIN
+  name: SALESFORCE_DOMAIN
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_DOMAIN
-- name: SALESFORCE_ENGAGEMENT_PRODUCT_ID
+- fieldref:
+    fieldPath: data.SALESFORCE_ENGAGEMENT_PRODUCT_ID
+  name: SALESFORCE_ENGAGEMENT_PRODUCT_ID
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_ENGAGEMENT_PRODUCT_ID
-- name: SALESFORCE_ENGAGEMENT_RECORD_TYPE
+- fieldref:
+    fieldPath: data.SALESFORCE_ENGAGEMENT_RECORD_TYPE
+  name: SALESFORCE_ENGAGEMENT_RECORD_TYPE
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_ENGAGEMENT_RECORD_TYPE
-- name: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
+- fieldref:
+    fieldPath: data.SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
+  name: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
-- name: SALESFORCE_GENERIC_ACCOUNT_ID
+- fieldref:
+    fieldPath: data.SALESFORCE_GENERIC_ACCOUNT_ID
+  name: SALESFORCE_GENERIC_ACCOUNT_ID
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_GENERIC_ACCOUNT_ID
-- name: FF_BOUNCE_RATE_V1
+- fieldref:
+    fieldPath: data.FF_BOUNCE_RATE_V1
+  name: FF_BOUNCE_RATE_V1
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_BOUNCE_RATE_V1
-- name: FF_BOUNCE_RATE_V15
+- fieldref:
+    fieldPath: data.FF_BOUNCE_RATE_V15
+  name: FF_BOUNCE_RATE_V15
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_BOUNCE_RATE_V15
-- name: FF_BOUNCE_RATE_BACKEND
+- fieldref:
+    fieldPath: data.FF_BOUNCE_RATE_BACKEND
+  name: FF_BOUNCE_RATE_BACKEND
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_BOUNCE_RATE_BACKEND
-- name: FF_ABTEST_SERVICE_ID
+- fieldref:
+    fieldPath: data.FF_ABTEST_SERVICE_ID
+  name: FF_ABTEST_SERVICE_ID
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_ABTEST_SERVICE_ID
-- name: SRE_CLIENT_SECRET
+- fieldref:
+    fieldPath: data.SRE_CLIENT_SECRET
+  name: SRE_CLIENT_SECRET
   objref:
+    apiVersion: v1
     kind: ConfigMap
     name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SRE_CLIENT_SECRET
+
diff --git a/env/dev/node-selector-patch.yaml b/env/dev/node-selector-patch.yaml
deleted file mode 100644
index 394f621d3..000000000
--- a/env/dev/node-selector-patch.yaml
+++ /dev/null
@@ -1,197 +0,0 @@
-#### Change what type of node each deployment should be deployed to
-
-#### KARPENTER SPOT INSTANCES - EPHEMERAL, STATE NOT REQUIRED
-
-# Celery
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-scalable
-  name:  celery-scalable
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        karpenter.sh/capacity-type: spot    
-
----
-# Celery SMS Send
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms-send-scalable
-  name:  celery-sms-send-scalable
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        karpenter.sh/capacity-type: spot    
-   
----
-# Celery Email Send
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-email-send-scalable
-  name:  celery-email-send-scalable
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        karpenter.sh/capacity-type: spot    
-
-
----
-# Notification API K8s
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: api
-  name:  api
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      affinity:
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 90
-            preference:
-              matchExpressions:
-              - key: eks.amazonaws.com/capacityType
-                operator: In
-                values:
-                - ON_DEMAND
-          - weight: 10
-            preference:
-              matchExpressions:
-              - key: karpenter.sh/capacity-type
-                operator: In
-                values:
-                - spot    
----
-### ON DEMAND (PRIMARY) NODES - ALWAYS AVAILABLE
-
-# Celery
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-primary
-  name:  celery-primary
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
-
----
-# Celery SMS Send
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms-send-primary
-  name:  celery-sms-send-primary
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
-   
----
-# Celery Email Send
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-email-send-primary
-  name:  celery-email-send-primary
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
-
----
-
-# Celery Beat
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-beat
-  name:  celery-beat
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
----
-# Celery SMS
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms
-    profile: fargate
-  name:  celery-sms
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND
----
-# Notify Admin
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: admin
-  name:  admin
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND
----
-# Document Download API
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: document-download-api
-  name: document-download-api
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
----
-# Documentation
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: documentation
-  namespace: notification-canada-ca
-  labels:
-    app: documentation
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND   
diff --git a/env/dev/nodeselectors/admin-node-selector-patch.yaml b/env/dev/nodeselectors/admin-node-selector-patch.yaml
new file mode 100644
index 000000000..b2b2d62c2
--- /dev/null
+++ b/env/dev/nodeselectors/admin-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Notify Admin
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: admin
+  name:  admin
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND
\ No newline at end of file
diff --git a/env/dev/nodeselectors/celery-api-node-selector-patch.yaml b/env/dev/nodeselectors/celery-api-node-selector-patch.yaml
new file mode 100644
index 000000000..1edae1f3d
--- /dev/null
+++ b/env/dev/nodeselectors/celery-api-node-selector-patch.yaml
@@ -0,0 +1,28 @@
+# Notification API K8s
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: api
+  name:  api
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 90
+            preference:
+              matchExpressions:
+              - key: eks.amazonaws.com/capacityType
+                operator: In
+                values:
+                - ON_DEMAND
+          - weight: 10
+            preference:
+              matchExpressions:
+              - key: karpenter.sh/capacity-type
+                operator: In
+                values:
+                - spot    
\ No newline at end of file
diff --git a/env/dev/nodeselectors/celery-beat-node-selector-patch.yaml b/env/dev/nodeselectors/celery-beat-node-selector-patch.yaml
new file mode 100644
index 000000000..5b17eec2b
--- /dev/null
+++ b/env/dev/nodeselectors/celery-beat-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery Beat
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-beat
+  name:  celery-beat
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND    
\ No newline at end of file
diff --git a/env/dev/nodeselectors/celery-email-send-node-selector-patch.yaml b/env/dev/nodeselectors/celery-email-send-node-selector-patch.yaml
new file mode 100644
index 000000000..0b544bd97
--- /dev/null
+++ b/env/dev/nodeselectors/celery-email-send-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery Email Send
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-email-send-primary
+  name:  celery-email-send-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND    
\ No newline at end of file
diff --git a/env/dev/nodeselectors/celery-email-send-scalable-node-selector-patch.yaml b/env/dev/nodeselectors/celery-email-send-scalable-node-selector-patch.yaml
new file mode 100644
index 000000000..7adad94d8
--- /dev/null
+++ b/env/dev/nodeselectors/celery-email-send-scalable-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery Email Send
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-email-send-scalable
+  name:  celery-email-send-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        karpenter.sh/capacity-type: spot    
diff --git a/env/dev/nodeselectors/celery-primary-node-selector-patch.yaml b/env/dev/nodeselectors/celery-primary-node-selector-patch.yaml
new file mode 100644
index 000000000..b217b31ff
--- /dev/null
+++ b/env/dev/nodeselectors/celery-primary-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-primary
+  name:  celery-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND  
\ No newline at end of file
diff --git a/env/dev/nodeselectors/celery-scalable-node-selector-patch.yaml b/env/dev/nodeselectors/celery-scalable-node-selector-patch.yaml
new file mode 100644
index 000000000..8b1fb3e78
--- /dev/null
+++ b/env/dev/nodeselectors/celery-scalable-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-scalable
+  name:  celery-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        karpenter.sh/capacity-type: spot    
\ No newline at end of file
diff --git a/env/dev/nodeselectors/celery-sms-node-selector-patch.yaml b/env/dev/nodeselectors/celery-sms-node-selector-patch.yaml
new file mode 100644
index 000000000..5a72b7b44
--- /dev/null
+++ b/env/dev/nodeselectors/celery-sms-node-selector-patch.yaml
@@ -0,0 +1,14 @@
+# Celery SMS
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-sms
+    profile: fargate
+  name:  celery-sms
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND
\ No newline at end of file
diff --git a/env/dev/nodeselectors/celery-sms-send-node-selector-patch.yaml b/env/dev/nodeselectors/celery-sms-send-node-selector-patch.yaml
new file mode 100644
index 000000000..c3ff2f2fb
--- /dev/null
+++ b/env/dev/nodeselectors/celery-sms-send-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery SMS Send
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-sms-send-primary
+  name:  celery-sms-send-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND    
\ No newline at end of file
diff --git a/env/dev/nodeselectors/celery-sms-send-scalable-node-selector-patch.yaml b/env/dev/nodeselectors/celery-sms-send-scalable-node-selector-patch.yaml
new file mode 100644
index 000000000..589750ca7
--- /dev/null
+++ b/env/dev/nodeselectors/celery-sms-send-scalable-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery SMS Send
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-sms-send-scalable
+  name:  celery-sms-send-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        karpenter.sh/capacity-type: spot    
\ No newline at end of file
diff --git a/env/dev/nodeselectors/document-download-api-node-selector-patch.yaml b/env/dev/nodeselectors/document-download-api-node-selector-patch.yaml
new file mode 100644
index 000000000..ff94fdcf8
--- /dev/null
+++ b/env/dev/nodeselectors/document-download-api-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Document Download API
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: document-download-api
+  name: document-download-api
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND    
\ No newline at end of file
diff --git a/env/dev/nodeselectors/documentation-node-selector-patch.yaml b/env/dev/nodeselectors/documentation-node-selector-patch.yaml
new file mode 100644
index 000000000..e78955e6e
--- /dev/null
+++ b/env/dev/nodeselectors/documentation-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Documentation
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: documentation
+  namespace: notification-canada-ca
+  labels:
+    app: documentation
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND   
diff --git a/env/dev/performance.yaml b/env/dev/performance.yaml
deleted file mode 100644
index e77256751..000000000
--- a/env/dev/performance.yaml
+++ /dev/null
@@ -1,218 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-primary
-  name:  celery-primary
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-primary
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms-send-primary
-  name:  celery-sms-send-primary
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-sms-send-primary
-        resources:
-          requests:
-            cpu: "50m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-email-send-primary
-  name:  celery-email-send-primary
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-email-send-primary
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-# SCALABLE CELERIES
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-scalable
-  name:  celery-scalable
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-scalable
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms-send-scalable
-  name:  celery-sms-send-scalable
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-sms-send-scalable
-        resources:
-          requests:
-            cpu: "50m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-email-send-scalable
-  name:  celery-email-send-scalable
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-email-send-scalable
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"     
-  
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: admin-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 2
-  maxReplicas: 2
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: api-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 4
-  maxReplicas: 4
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: celery-scalable-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 3
-  maxReplicas: 10
-  metrics:
-  - resource:
-      name: cpu
-      target:
-        averageUtilization: 50
-        type: Utilization
-    type: Resource
-  behavior:
-    scaleUp:
-      stabilizationWindowSeconds: 0
-      policies:
-      - type: Pods
-        value: 4
-        periodSeconds: 60
-      selectPolicy: Max            
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: celery-sms-send-scalable-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 3
-  maxReplicas: 10
-  metrics:
-  - resource:
-      name: cpu
-      target:
-        averageUtilization: 50
-        type: Utilization
-    type: Resource
-  behavior:
-    scaleUp:
-      stabilizationWindowSeconds: 0
-      policies:
-      - type: Pods
-        value: 6
-        periodSeconds: 45
-      selectPolicy: Max
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: celery-email-send-scalable-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 3
-  maxReplicas: 30
-  metrics:
-  - resource:
-      name: cpu
-      target:
-        averageUtilization: 50
-        type: Utilization
-    type: Resource
-  behavior:
-    scaleUp:
-      stabilizationWindowSeconds: 0
-      policies:
-      - type: Pods
-        value: 6
-        periodSeconds: 45
-      selectPolicy: Max
diff --git a/env/dev/performance/admin-hpa-patch.yaml b/env/dev/performance/admin-hpa-patch.yaml
new file mode 100644
index 000000000..a9651c3b3
--- /dev/null
+++ b/env/dev/performance/admin-hpa-patch.yaml
@@ -0,0 +1,8 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: admin-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 2
+  maxReplicas: 2
\ No newline at end of file
diff --git a/env/dev/performance/api-hpa-patch.yaml b/env/dev/performance/api-hpa-patch.yaml
new file mode 100644
index 000000000..37f4cdb80
--- /dev/null
+++ b/env/dev/performance/api-hpa-patch.yaml
@@ -0,0 +1,8 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: api-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 4
+  maxReplicas: 4
\ No newline at end of file
diff --git a/env/dev/performance/celery-email-send-primary-deployment-patch.yaml b/env/dev/performance/celery-email-send-primary-deployment-patch.yaml
new file mode 100644
index 000000000..9eaef5a97
--- /dev/null
+++ b/env/dev/performance/celery-email-send-primary-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-email-send-primary
+  name:  celery-email-send-primary
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-email-send-primary
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"
\ No newline at end of file
diff --git a/env/dev/performance/celery-email-send-scalable-deployment-patch.yaml b/env/dev/performance/celery-email-send-scalable-deployment-patch.yaml
new file mode 100644
index 000000000..81ff809c0
--- /dev/null
+++ b/env/dev/performance/celery-email-send-scalable-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-email-send-scalable
+  name:  celery-email-send-scalable
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-email-send-scalable
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"  
\ No newline at end of file
diff --git a/env/dev/performance/celery-email-send-scalable-hpa-patch.yaml b/env/dev/performance/celery-email-send-scalable-hpa-patch.yaml
new file mode 100644
index 000000000..a3ed9fe6f
--- /dev/null
+++ b/env/dev/performance/celery-email-send-scalable-hpa-patch.yaml
@@ -0,0 +1,23 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: celery-email-send-scalable-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 3
+  maxReplicas: 30
+  metrics:
+  - resource:
+      name: cpu
+      target:
+        averageUtilization: 50
+        type: Utilization
+    type: Resource
+  behavior:
+    scaleUp:
+      stabilizationWindowSeconds: 0
+      policies:
+      - type: Pods
+        value: 6
+        periodSeconds: 45
+      selectPolicy: Max
diff --git a/env/dev/performance/celery-primary-deployment-patch.yaml b/env/dev/performance/celery-primary-deployment-patch.yaml
new file mode 100644
index 000000000..269b75c01
--- /dev/null
+++ b/env/dev/performance/celery-primary-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-primary
+  name:  celery-primary
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-primary
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"
\ No newline at end of file
diff --git a/env/dev/performance/celery-scalable-deployment-patch.yaml b/env/dev/performance/celery-scalable-deployment-patch.yaml
new file mode 100644
index 000000000..01dfa1062
--- /dev/null
+++ b/env/dev/performance/celery-scalable-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-scalable
+  name:  celery-scalable
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-scalable
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"
\ No newline at end of file
diff --git a/env/dev/performance/celery-scalable-hpa-patch.yaml b/env/dev/performance/celery-scalable-hpa-patch.yaml
new file mode 100644
index 000000000..f770f9bc3
--- /dev/null
+++ b/env/dev/performance/celery-scalable-hpa-patch.yaml
@@ -0,0 +1,23 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: celery-scalable-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+  - resource:
+      name: cpu
+      target:
+        averageUtilization: 50
+        type: Utilization
+    type: Resource
+  behavior:
+    scaleUp:
+      stabilizationWindowSeconds: 0
+      policies:
+      - type: Pods
+        value: 4
+        periodSeconds: 60
+      selectPolicy: Max       
\ No newline at end of file
diff --git a/env/dev/performance/celery-sms-send-primary-deployment-patch.yaml b/env/dev/performance/celery-sms-send-primary-deployment-patch.yaml
new file mode 100644
index 000000000..c13404d5e
--- /dev/null
+++ b/env/dev/performance/celery-sms-send-primary-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-sms-send-primary
+  name:  celery-sms-send-primary
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-sms-send-primary
+        resources:
+          requests:
+            cpu: "50m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"      
\ No newline at end of file
diff --git a/env/dev/performance/celery-sms-send-scalable-deployment-patch.yaml b/env/dev/performance/celery-sms-send-scalable-deployment-patch.yaml
new file mode 100644
index 000000000..92fc1af7a
--- /dev/null
+++ b/env/dev/performance/celery-sms-send-scalable-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-sms-send-scalable
+  name:  celery-sms-send-scalable
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-sms-send-scalable
+        resources:
+          requests:
+            cpu: "50m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"
\ No newline at end of file
diff --git a/env/dev/performance/celery-sms-send-scalable-hpa-patch.yaml b/env/dev/performance/celery-sms-send-scalable-hpa-patch.yaml
new file mode 100644
index 000000000..17fafe122
--- /dev/null
+++ b/env/dev/performance/celery-sms-send-scalable-hpa-patch.yaml
@@ -0,0 +1,23 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: celery-sms-send-scalable-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+  - resource:
+      name: cpu
+      target:
+        averageUtilization: 50
+        type: Utilization
+    type: Resource
+  behavior:
+    scaleUp:
+      stabilizationWindowSeconds: 0
+      policies:
+      - type: Pods
+        value: 6
+        periodSeconds: 45
+      selectPolicy: Max
\ No newline at end of file
diff --git a/env/dev/remove-celery-init-patch.yaml b/env/dev/remove-celery-init-patch.yaml
deleted file mode 100644
index e1fb30d9d..000000000
--- a/env/dev/remove-celery-init-patch.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: celery-primary
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      initContainers:
-        - name: wait-cwagent-ready
-          $patch: delete
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: celery-scalable
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      initContainers:
-        - name: wait-cwagent-ready
-          $patch: delete
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: celery-email-send-primary
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      initContainers:
-        - name: wait-cwagent-ready
-          $patch: delete
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: celery-email-send-scalable
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      initContainers:
-        - name: wait-cwagent-ready
-          $patch: delete
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: celery-sms-send-primary
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      initContainers:
-        - name: wait-cwagent-ready
-          $patch: delete
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: celery-sms-send-scalable
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      initContainers:
-        - name: wait-cwagent-ready
-          $patch: delete
-
diff --git a/env/dev/services.yaml b/env/dev/services.yaml
deleted file mode 100644
index 85835791a..000000000
--- a/env/dev/services.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    name: admin
-  name: admin
-  namespace: notification-canada-ca
-  annotations:
-    service.beta.kubernetes.io/aws-load-balancer-internal: "true"    
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    name: api
-  name: api
-  namespace: notification-canada-ca
-  annotations:
-    service.beta.kubernetes.io/aws-load-balancer-internal: "true"  
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    name: document-download-api
-  name: document-download-api
-  namespace: notification-canada-ca
-  annotations:
-    service.beta.kubernetes.io/aws-load-balancer-internal: "true"  
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    name: documentation
-  name: documentation
-  namespace: notification-canada-ca
-  annotations:
-    service.beta.kubernetes.io/aws-load-balancer-internal: "true"      
\ No newline at end of file
diff --git a/env/dev/services/admin-service-patch.yaml b/env/dev/services/admin-service-patch.yaml
new file mode 100644
index 000000000..13573961d
--- /dev/null
+++ b/env/dev/services/admin-service-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: admin
+  name: admin
+  namespace: notification-canada-ca
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-internal: "true"    
\ No newline at end of file
diff --git a/env/dev/services/api-service-patch.yaml b/env/dev/services/api-service-patch.yaml
new file mode 100644
index 000000000..48bce8f93
--- /dev/null
+++ b/env/dev/services/api-service-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: api
+  name: api
+  namespace: notification-canada-ca
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-internal: "true"  
\ No newline at end of file
diff --git a/env/dev/services/document-download-api-service-patch.yaml b/env/dev/services/document-download-api-service-patch.yaml
new file mode 100644
index 000000000..f034deb41
--- /dev/null
+++ b/env/dev/services/document-download-api-service-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: document-download-api
+  name: document-download-api
+  namespace: notification-canada-ca
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-internal: "true"  
\ No newline at end of file
diff --git a/env/dev/services/documentation-service-patch.yaml b/env/dev/services/documentation-service-patch.yaml
new file mode 100644
index 000000000..8cd2bebf9
--- /dev/null
+++ b/env/dev/services/documentation-service-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: documentation
+  name: documentation
+  namespace: notification-canada-ca
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-internal: "true"      
\ No newline at end of file
diff --git a/env/scratch/.env.enc.aws b/env/scratch/.env.enc.aws
deleted file mode 100644
index 47fe99a4572bb6e0c75930e690ffb69050f6a746..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3521
zcmV;y4L<S#0s;Vd72dE~AAlvsJP-ZvKHSd@09532fS2@GhU-Xfg8!&=0o)(Ci@|;R
zDaacIh)8PbX8-^VhcJQ-g9ZsIhDe6@4FLxRpn?r_FoF$m0s#Opf(>Z~2`Yw2hW8Bt
z2LUi11_@w>NC9O71OYBE5d;iE-j_uf%)mJ?Xb*(~0T6(K4LX|*V|IS8)C}342!d~2
zkeYcX*lutu<0`1Ic%3|Gz6rt@D0+)sIkJp-*{=pqNaC03EZHNm9MZ1zf)MVD(+3Qe
zs?+^Gap{#14+QN08aEl)XbAEVY4;Lgu<yBn7{03vlaNI@^Xdj%AVfdT9=%@g56>RV
z+N|#lt)U`UppISX+2TLNO#sK}bQnK~4for$b+1;a#-VkIZf@IeCIkx|NoUp5WW4`9
zh@l4;VeN1wX9!k??A2{Bv(f7hD%1g^c2_YQ@EET<VYLkFHn5*~%ai;mxxd>16CYP#
zH$P=zba|c{IrzdRHxE))f!j28euxe==#}D9?3fgTY)uE-fY{F4a-$k;O!<A352I=i
zJx0Xr>t7L9kIau6g^g{ARB~tYFAQc+t^viN<U0)RudZk0k4-wn1KR0t&+Dv3PgD~l
zy-K2+(f=wBMg-)!h)oNyw!ucd36^9}5g>jSMKSUh<Yx*v?lnFthXu}g*6spFD+-6L
z5I|7DcxrHX{5sl7S5TREB0=!Kq{AcCYG4a<Tsw9@f`02i+H&*|X=zGhZz=2?ma-3Q
zhfV|CZ(7Y$K3A!cI)GJCQLs(W^z{l7@bqCPxM#)baugrF8<K((j}VllNGaU&E3O5j
z;Fzs}>^xEw7X>Ku#U83wUh&V&Ph7%kl#0{3H0wQdZ=n|Wq~GNJ@4Sy&++`E!=Ox%I
z>g2z^f*#h7g(~UCV7eMrG5p0a%a*-qiQ8#PQ^hk|D@zl;POZ-gX}&R)i<U8AqjauS
zMMAUZt<(<K<&!zzAVf5(IgJ5iv+K+a2|$<PkTRCub*?F*9Jg$a2+JnB(t6c14>^4a
z%}8?UQ9r>%vN(JLs}pA!f^bY7h5x)hjICt{3?{|NvYG(CdU+?zKN;_9&<(y-n5_VR
z=e=k6>hXi2{KJ%e1;n2>c5Jq*PS+@pe-)UVb%trGuja_#!C#z|IN3sFCf9}K-;XG=
zEr-bRZ;MC2)5$^PT3RN+JwS58i_ZAys}8s->;KI?qo@vZ>%|tLMFAMQlb3DAPD!4|
zWnK{7cd)N3-zy*H)x$&8oyuZ$)OYt`2p9zHhunU^lSsPJ^ETZrBF{=HlflAHdlGbC
zW7I;Te{3z$jjpRGk4elKFpoOEL3OC?T#Yk;*1q+j*3I^so$$&|*&%K)#a1bFg>@Na
zkc{F)T;t!-SEM7m3q0+6N|06>IVjAL8C~-V`Pp(0S(6Z{&`mFRfGR#e*#T3?4@91^
zXgS}o$>|$M3oV<Uis%sa?9^OdSoAFO37_qRY6FPqFYCq@(cdl$q%lSMpUsk7sjzxs
zTUhkL#}qA45nP1#tDzMQF>bH{k#-MVLI4XX{8B-K-iqI-Q%h4l$t$o&_ii33WRBM-
zFPiKF@Ars{3rk)-5uf%jk^pxv?YmT>X&y<TL+%?Tf3CK4vT0)jR)~a_7kVf!l;@(n
z?iWP)f?+Ph^{MIW7^K|^P90R+a_Y-pR>YeSbG(_h{%j*x)PAjxwGcRY1ptM5sIL@^
zdJgdmDthd7wTRv)M#2+s7=k-Q$%Gj6jh18m4oJUS(aW>`3^v7ML84eTU*kzrg$WQ{
zYepKu!R1GPS9{cLqgDclba`+BEGGbDUF@W=u!`Da^V7J!O6NSl%)*t;o$>O|BFfp-
z<~#tbj-qj?*PkG62y%7QlrxXIG)5Kw_A>%SrfG2Jd2n>{`=j}Ezj<N_I8#BEzD~5w
z)9Ig_S90ObQFQgerr^dRTN6JGZk(BPG+3gShy^f<VE-I0XPEjQ_!aQfYz<ZP<BEX;
z#VaVz0l#Ph{4nX<-tD((lmSSPgv9eVl6uv~hemiIHixIpD9KI=L%gu)TNF0kvbk4;
zS@{8q(nE0|P7?Y#$^#|4E!In_TRfN{M0YqTBDBtiOCbLxW}4~s_MF|n89(Z*sW)b6
z8j$VbS$F<oonEf?Fn%vAuedG5(|7J^f3Z?v{%)+{U?j{r>@L$C2i(GXKRT=1!o#3e
z+04Is>{tj1-B?dlTHSn5J&Y*0_?SqwaKq5*D>#~x)#BaU!Z98F_Me^<jK+}u7?EPo
zskXxw-I0KQGb+cN*)j+CFS(Q5V2jR{*$XSxjXk2>_@tunb<IoryowhFrT-9s0QuHh
zd}1^EyK;}BnM+n{*F>2X&&qZc0Qr;D8-A5krBj~;40_ohdVww33zVP#Ot&HLZa_`8
zp1kWMoi}M~;cBuc(LmSi(c<5u%Hw>;uQyjML|ZLgL<BbJ*U%X?>|WsuNq>w+vTnvX
z2`_hTUNdeLTf+FW^pV*G*65{WthfsRKLSzak@j-IxP!mKK|$<-DXdiXmIEsqzVwt3
z#nE`=)Q6|AH~A|&clojQJ?vXu$@7ITuIR)VKctIFLbCTxkhw-d3E~Rw!3z<VN~VE6
zSZ|sP0c@Q;yWsP&H01m#xSr+X%V?M9AE{E0H1RP4WNGQg-fQ{@_WYULlSql$(;kqe
z<P6A%qIwkpKru(m(>@CGlnQQEi1E1k&*wI=CB1z3bIfYJCmY%0v`SzoPiFCD8&Y*h
z8X$9de`lBFw0KA<(KZGnYLaZ)`cJx<EOF7?`wB3eXK<Ncy;#q{%d5~;^gAyq=?xcg
zklc1)6!uH@BA%g2u4(7!mB!W!?94P?u;Hf9Og<<g-&+)Z3P*@#_k;i-3$|02hUlB@
z-ZWOfXxiYA>JvLAwDT=*XJbwuv2BywAsC0j>P;>V;1mzYs5BGrzYhW^y-H-!chVQ#
zi$fx$7bsQ&#J9^2V&{B}DWe||{({Xc3JUkaWL%XKZJTH+L7al5w)S4=4=RW11Gx;{
z{d=A!<|>^4jVfT5U|x$V<Def-Yq(>PCto6iGA<^~q;e4SYcw~gAZ*_&CLLWxnLxx$
zXsthFtZEsZ033kZ($r81dhhYdD-|;W-yOAwy-MvuW&kKjJf3?{o>sDXAuKCymfp{(
zl+43N!}1YTe&vmvFmV@>0!x%(8bpZxEUX$}+3kg~>8wxaA<8M_M7wQ(`(V}(4VWcY
z&UG+lyXnKTIMY?ZzJ(WW5~>u-Tau9o5J~M(Z-BD&N&F-Wc7h}r;`)<hHQ1lZxnzz1
zB`RopXC_Iznl?25{8Z)AkiO+gPu8v0$uKgYKPU?em9X36h)tt=)_d)K6m{K~e#s92
zCBx$x^MRejPa<pOQm)=YViNK2kj~+_7sUY82TH1&3*->YSK;cXv)=YD;Zn~E(rV|#
z7)av6mM`j@6^7?ME!nW19h<~?-59ZZ&&dzU+*w<hm+-Bj7_PHrzs(z9^I~|!wj<IH
zQaZVZwTzSj;G%(!5Nt$#3etikeaxzbvtJbC9s}>#VYhQvgG{B|w37hh;ZEjG>-y#M
zVD4$cPa0^25pLf7=EU!rRU77_%d4Z4kh7Yikm`XWyTtEG(Vrmh372^k@@E7*8&Bu>
z(@li3_;FudjWFvH<%~wSs?~lOwZ*38%f#3e2!#l!3CaPSHBY>Fux@*tK*FDg*WSLA
zJ7XVwvBe>%R{IQv!mw+QWh*Ix=jo7R69CYJ1aOw&5q-9Ess>-)FQRYdgmMAfI;RUf
z;0n3Q9|ZW8%|1N+40%AQy_lr8M!-eoBeRmQ82U^o_)?d4)%GheU}Fz47-z-R89_L;
zJ(ID8G^%A8E&4+ltsfLI!dEvjVh~dVxa;iYFmM}<X&AF8Tb0U<-o16y4;xi)QLjQc
z?ZMH`aS`C3)1$NUK-Yv<uPz<G3~U>#UqJJNyu}<|dn_^VL`&X;?op2vbIYw<Bz<H*
z4R=E>$s5~UM;qD!<#R)3>yo0T^r)S))J9_3Sh#jH=&{<`s?i;$Xv9f-E#pU*h%9wk
z`v&WH00x#xKrcTQ&s%lnHbrW)n|)fUT52aWHR95uOXXaYCwP+U<rLimY4BrMSVJ6d
zPP|$RN!`Zman1-Vi}y;dje&!;0lI&>WW0rcN}5aWdPXS7<t;^n58a-RC6Y<-peun~
zLvrM^YwR*s_A7cQ&7_ck9(3qdJxjO~L%a3IGZ0<EfcZ;lb=C)uSy=#*&|Ikr<}1Cv
z`54&)J17}~<P9-P`o$`SgT~X$`cF>nLW0}Iys**1u+Jezj>qAm4q*Qbdr3i8v8hzI
zOl?3u<xcM@t19zdQ4n46_)h9@t7afP^>w%AYWutf;;+A&s<TxaqStqer(s_VF$Jwp
zX#pwj9Y+{2f%F8tD9m{bYEHE1M*!drKVon``C$kO;@_^J)-Hdvf^l)q351C7Bw6}(
zBtA>HChjtH<%hw1wsOsNX$orN=5C&2Km~KO!H=X4F~e{<S;j^2P19~uPSZPK8FP+L
zDbf1YBpf)W{PtOI(N!}cKachmGdYude;pTk2H(-f=@+@vpj7N&<`A9YD#r|;Kod@5
vbehjRIH*z181(n4pAy7>h<~+};!gAa(bS$8+6H8um^&-xA7*zrfEHsPzox-w

diff --git a/env/scratch/.env.zip.enc.aws b/env/scratch/.env.zip.enc.aws
deleted file mode 100644
index 5ac86a94e3d7ece2872964b9221356505df2372a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2470
zcmV;X30d|50s;Vd0XBv2IKhq%ogQAIMN^!~fKf#hy5)O=qlDLFAGnVt0imWI8%zrE
z)mpMmJ6=Ir7XSbWY%qceXa)%?hDe6@4FLxRpn?fmFoFqH0s#Opf(cFr2`Yw2hW8Bt
z2LUi11_@w>NC9O71OYBE5d;i?BEWI)>7VQU3U3$!0T6(K2_GbgX7-&)%ql#yV`#Ww
zkwuWe8!<2F^RFG|RrdR!tZcNR{k#?SSO`lJa8n_v&#l&Ag^M$~u}$ZQ6F#RK7Xfi~
z3U<vo3z2FjVyCI6nN)I5ml=krsDx+$sN5%t^6YwvvxKOvP(#CuM24r|g3Hi>g8?8N
z8>=~89^IkaoxE)t9W5N(v_PEAA3s1vZ-VVr^k!dci8b4LVpN<?hG^0%QW_RWrz7`?
z;L4l4E<}#1)dCz0hqaV;=cHZ(fgq=k!8IoB9o2$dr%)|nh-3%^Q=dyHp{F_vQ|zgm
zoZBNbTu!VJO;C6+p%Und|DOe?9T6iiQTo^n{6v2mIG%t2j03K+yotSWONN|xYw;>R
zSi&DM8kzh9Q1XI*n7*dkjM?2>!duOPjU=5UP)cy0Xs%*AUGe<#W3J;@%_S+1MW121
zl#llq>y`dg|2W`HWUI=Jg?obaeS85Nk#GA_v5RxzIGHyt(l0AnXz06P_e@&f$3#Qf
z`j_R?`Y?+h)J{=kI%W0~;yHtD3;LpzYL1Xgl6<6uzwo=Q&RPc$3p%J_kJ9_$mq-3x
zW6O?80jx?u4o%){k0fKGfO=J%fk7xSs1{0?hfK^6ud{&qY!J0dmnQQis>?Iu>A@cY
zqJyw1vQSpXKaa%-=2m;fy|guKoW{2wj^?>qp0@eVuAzVx={RJ@>&(OgA(SL=4+wyZ
z@yiX5B?u50Iz&%eO^XUVPYHiD`XIe5GQ?ktteUEo*FciiRagjh3Bp$`f6c*clpfSK
zbG+#(NP`rs?|D6B^m4*Uv|i7Ux6H3F0m7|VpV=nAhML5zl?1VElN37yMLM(t#zt~l
z*px8kMax>p*7DFqRyo0Q4XziMTN3lP7$$r@u&<O8Wf6%q#w>QI(BE9CkNHC!D^g@}
zjvm0$^85g~Fac2@Cz)+#RD$fmK64eSUvb|{b>#xRw6-Qi{;UmI1bKIs-#gtI)ro&R
z%Y|t-^-w6J^>f-XB;bi7L=v{Bg`Tg@sn92Xi9%)<{@I4-!YQxqe6}u=bABB0IsnFi
zFFZzFy4Z8qnxm}0QVJ=T#sB#t{oorEq|D99w|OYi97yJJ#=NfHQq^)oU@pp=Efv1a
z9`#21VNr1St1`s(RhEK)pTY8PY*oJe7YN2{xltH8kzu;iA9Yq4Te5-9i<a46<v+SC
z4kvQuR`!6zD(4VsQFjJ_;=f#%4O&M^RYm`XLzH&RpM<;;=oV3zumz}a3NZ-9R{_$W
zwFyZdQ{05mX<ral+z6Zmb6~$s0fj%Fip<TWLL0r_Y^0JB`;L|I+$=6>>LFQ!rxN@?
zGwb6p5WO;B4>$d2VU<Hi3&40Ax)DFtO`Yg?!v8}EeBxQPUwW`fk}0}DO`<PyjAeUB
zgD&NfcY>5My%qR`cZb6^(;uSEZXpQ>u5IK~Q=5|9GlD;z`l`Ka{`*%Vk8!MONlPEb
zAjS<ZpNYs**%fRnZznNQst8viT0-N-(tBHe9(<B*{4CyWdmD9fQ6kRhDk-k&YJyhI
zqp(JdNfM54IMX?sfIVkC<B?&vi!oVV2oe!`+{SJ_p(!-#Ol#7WmCi5U%Ah=jZt!oW
z>Ja|QYP2oLA0L5oBR5X-1*cm-XK;~@)+UU3jQn><feU9bPw?8qayfbtjB@F#wkHt<
zaXO{gZNX2wgBQTPIek+vL!mb2u_k1m`Wx^s^||?G0KI^+E`~Kr&^0tl-aLcT?q;fY
z0@BtqT;q9{qM0Q{GO%hRu)aqxRhae{HFUpUf~s)pB2t5)3lCVjQs2RuFB--<_rM}=
z5IeD`q<}m?XiM1;+Ab6jbH}-As$vsrNTvm!1dg_he}VaJ!<c9BwCZ2mB4EqgZ~@%`
zH2|G@)X+kl0VehXC4sZgM>yjvHJSftQ`Wv42bO3h6Uy5BEUTm^&!lK!@ghP+&Oj8#
zeF^Y#fbG&XI1Z_#yJh@@UduTuu`_ke8nb+AB6*pp1=D|SZ0-Y@hhLkUs(iyIO?!D<
zvw(}lyv=6tZ_`j!QEZs!3$bXTV8K|z>_`iuNwf+I{4{ywnMz}Kh`1*m7Pt+qnj@sv
zxl7WVt71l3IcH(*I-kW;%`~;8<5}ep>KdX|P|8dA6gjOB=<J~a^Ygcf#-PPHVxR5g
z_Mc_4Wnv3W=ZA9lo5jS_*wF|8xipREdn7eb2uDBa(D2BHSDckzj7!!@ndN@F);DVI
z{E4-Lk;>#g$hc`*K=%ovr*Qq$#&+7cq(w9%YxNl0_>t}83j}x$`K!JL6<d2f-%&%6
zL6k(q3-QZWZbTgoFW=fYvV>+&>){JXy)gE}Z3AL+mx}&ONAf&J>vrHdZV2{B6H+YL
z&sl{wT!?RIrtJ+#@LnGEL1wX7zb>7?+vy`7)<Ez`2LZ|mayM=BsxP}$AAoN2D5+k~
zAa@Suw;>{SrUBY2UT?{_(4OTf<A*4=$PHR%Z2-?I*AFW}1+bmhxeLznlBs!3-w;*|
zgS9>Z_aHI0MJJ=?E%J4Eh#;H<^~h4dlq3S*lrk7lbAyLLQfL%TqAOl9e~G3#{YCW7
zeL@`=szyRt`5Huy@}oU&Q?3Jl1Q0O<Qew=a14V%wp(lxl00FdBn~R3UxG789zyp*%
z)}b92`t;2q@Ic>KPHt7g-f=mIcL*Zox8r*-ts3!}SMR3m27Xl4W$>%XgaWT30@uE(
zHk$<t&jl9LwECYQNCngF;1jG4gVHa;+`mWnm?C^$lD?mbDNX;3;okV6zHl2Tb5iBT
z8WqpMliRj=+`-t$B?VY5$`TYqTX_NJ0-{vE(GAr+1Fpg)M#ppWLr6vo^W=RMAC#M!
zoPL9a1k*872ozQcJv`kX@P^p<Kb@q;OaChkWH)KvMgG%|MauEo6d}8FEkhDt{P>L~
zB{i*A{iz^s#gm_Ue!a8HatmyrsE_4%1gU__nEsmzB$GJa;Z2U1aH4WI06S6U@^w)2
z|GEt~u<B4H3?k?IeIJl3W;(4pSMe>#(JT%tn`bxsw^-v4AWh(_7K6a%pMLkQ;_YML
kMcPmV^<|wH^3U%MpToZmGFU;@xH@dHTl7=Ix@d*bZD$Rf?f?J)

diff --git a/env/scratch/admin-target-group.yaml b/env/scratch/admin-target-group.yaml
deleted file mode 100644
index 6a59f5188..000000000
--- a/env/scratch/admin-target-group.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: elbv2.k8s.aws/v1beta1
-kind: TargetGroupBinding
-metadata:
-  name: admin-targetgroup
-  namespace: notification-canada-ca
-spec:
-  serviceRef:
-    name: admin
-    port: 6012
-  targetGroupARN: arn:aws:elasticloadbalancing:ca-central-1:419291849580:targetgroup/notification-canada-ca-alb-admin/0b3c0a6cb05f4ddb
diff --git a/env/scratch/api-target-group.yaml b/env/scratch/api-target-group.yaml
deleted file mode 100644
index ee417e59f..000000000
--- a/env/scratch/api-target-group.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: elbv2.k8s.aws/v1beta1
-kind: TargetGroupBinding
-metadata:
-  name: api-targetgroup
-  namespace: notification-canada-ca
-spec:
-  serviceRef:
-    name: api
-    port: 6011
-  targetGroupARN: arn:aws:elasticloadbalancing:ca-central-1:419291849580:targetgroup/notification-canada-ca-alb-api/a6208db60365adfc
diff --git a/env/scratch/aws-auth-configmap.yaml b/env/scratch/aws-auth-configmap.yaml
deleted file mode 100644
index 519e28066..000000000
--- a/env/scratch/aws-auth-configmap.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-kind: ConfigMap
-metadata:
-  name: aws-auth
-  namespace: kube-system
-apiVersion: v1
-data:
-  mapRoles: |
-    - groups:
-      - system:bootstrappers
-      - system:nodes
-      rolearn: arn:aws:iam::419291849580:role/eks-worker-role
-      username: system:node:{{EC2PrivateDNSName}}
-    - groups:
-      - system:masters
-      rolearn: arn:aws:iam::419291849580:role/AWSReservedSSO_AWSAdministratorAccess_4085b2fdb6f29f43
-      username: AWSAdministratorAccess:{{SessionName}}
-    - rolearn: arn:aws:iam::419291849580:role/notification-admin-apply
-      username: notification-admin-apply
-      groups:
-        - system:masters
-    - rolearn: arn:aws:iam::419291849580:role/notification-api-apply
-      username: notification-api-apply
-      groups:
-        - system:masters
-    - rolearn: arn:aws:iam::419291849580:role/notification-document-download-api-apply
-      username: notification-document-download-api-apply
-      groups:
-        - system:masters
-    - rolearn: arn:aws:iam::419291849580:role/notification-documentation-apply
-      username: notification-documentation-apply
-      groups:
-        - system:masters
-    - rolearn: arn:aws:iam::419291849580:role/notification-manifests-apply
-      username: notification-manifests-apply
-      groups:
-        - system:masters
diff --git a/env/scratch/celery-deployment.yaml b/env/scratch/celery-deployment.yaml
deleted file mode 100644
index 980907f82..000000000
--- a/env/scratch/celery-deployment.yaml
+++ /dev/null
@@ -1,138 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery
-    # profile: fargate
-  name:  celery
-  namespace: notification-canada-ca
-spec:
-  replicas: 1
-  revisionHistoryLimit: 5
-  selector:
-    matchLabels:
-      app: celery
-  strategy:
-    rollingUpdate:
-      maxSurge: 25%
-      maxUnavailable: 25%
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: celery
-        # profile: fargate
-    spec:
-      containers:
-        - image: api
-          imagePullPolicy: Always
-          name: celery
-          env:
-            - name: ADMIN_BASE_URL
-              value: https://$(BASE_DOMAIN)
-            - name: ADMIN_CLIENT_SECRET
-              value: '$(ADMIN_CLIENT_SECRET)'
-            - name: ALLOW_HTML_SERVICE_IDS
-              value: '$(ALLOW_HTML_SERVICE_IDS)'
-            - name: API_HOST_NAME
-              value: '$(API_HOST_NAME)'
-            - name: ASSET_DOMAIN
-              value: '$(ASSET_DOMAIN)'
-            - name: ASSET_UPLOAD_BUCKET_NAME
-              value: '$(ASSET_UPLOAD_BUCKET_NAME)'
-            - name: AWS_PINPOINT_REGION
-              value: '$(AWS_PINPOINT_REGION)'
-            - name: AWS_REGION
-              value: '$(AWS_REGION)'
-            - name: BATCH_INSERTION_CHUNK_SIZE
-              value: '$(BATCH_INSERTION_CHUNK_SIZE)'
-            - name: BULK_SEND_TEST_SERVICE_ID
-              value: '$(BULK_SEND_TEST_SERVICE_ID)'
-            - name: CELERY_CONCURRENCY
-              value: '$(CELERY_CONCURRENCY)'
-            - name: CSV_UPLOAD_BUCKET_NAME
-              value: '$(CSV_UPLOAD_BUCKET_NAME)'
-            - name: DANGEROUS_SALT
-              value: '$(DANGEROUS_SALT)'
-            - name: DOCUMENT_DOWNLOAD_API_HOST
-              value: 'http://document-download-api.notification-canada-ca.svc.cluster.local:7000'
-            - name: FF_SPIKE_SMS_DAILY_LIMIT
-              value: '$(FF_SPIKE_SMS_DAILY_LIMIT)'
-            - name: FF_SMS_PARTS_UI
-              value: '$(FF_SMS_PARTS_UI)'
-            - name: FIDO2_DOMAIN
-              value: '$(FIDO2_DOMAIN)'
-            - name: HC_EN_SERVICE_ID
-              value: '$(HC_EN_SERVICE_ID)'
-            - name: HC_FR_SERVICE_ID
-              value: '$(HC_FR_SERVICE_ID)'
-            - name: NOTIFY_EMAIL_DOMAIN
-              value: '$(BASE_DOMAIN)'
-            - name: NOTIFY_ENVIRONMENT
-              value: '$(ENVIRONMENT)'
-            - name: NOTIFICATION_QUEUE_PREFIX
-              value: 'eks-notification-canada-ca'
-            - name: REDIS_URL
-              value: '$(REDIS_URL)'
-            - name: REDIS_PUBLISH_URL
-              value: '$(REDIS_PUBLISH_URL)'
-            - name: REDIS_ENABLED
-              value: '1'
-            - name: SECRET_KEY
-              value: '$(SECRET_KEY)'
-            - name: SENDGRID_API_KEY
-              value: '$(SENDGRID_API_KEY)'
-            - name: SQLALCHEMY_DATABASE_URI
-              value: '$(POSTGRES_SQL)'
-            - name: SQLALCHEMY_DATABASE_READER_URI
-              value: '$(SQLALCHEMY_DATABASE_READER_URI)'
-            - name: STATSD_HOST
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: TWILIO_ACCOUNT_SID
-              value: '$(TWILIO_ACCOUNT_SID)'
-            - name: TWILIO_AUTH_TOKEN
-              value: '$(TWILIO_AUTH_TOKEN)'
-            - name: TWILIO_FROM_NUMBER
-              value: '$(TWILIO_FROM_NUMBER)'
-            - name: AWS_US_TOLL_FREE_NUMBER
-              value: '$(AWS_US_TOLL_FREE_NUMBER)'
-            - name: SENTRY_URL
-              value: '$(SENTRY_URL)'
-            - name: NEW_RELIC_APP_NAME
-              value: 'notification-celery-$(ENVIRONMENT)'
-            - name: NEW_RELIC_DISTRIBUTED_TRACING_ENABLED
-              value: 'true'
-            - name: NEW_RELIC_LICENSE_KEY
-              value: '$(NEW_RELIC_LICENSE_KEY)'
-            - name: NEW_RELIC_MONITOR_MODE
-              value: '$(NEW_RELIC_MONITOR_MODE)'
-            - name: FF_CLOUDWATCH_METRICS_ENABLED
-              value: 'True'
-            - name: FF_BOUNCE_RATE_V1
-              value: '$(FF_BOUNCE_RATE_V1)'
-            - name: FF_BOUNCE_RATE_BACKEND
-              value: '$(FF_BOUNCE_RATE_BACKEND)'
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                - /bin/bash
-                - -c
-                - /app/scripts/run_celery_exit.sh
-          command: ["/bin/sh"]
-          args: ["-c", "sh /app/scripts/run_celery_no_sms_sending.sh"]
-          resources:
-            requests:
-              cpu: "100m"
-              memory: "500Mi"
-            limits:
-              cpu: "550m"
-              memory: "1024Mi"
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      schedulerName: default-scheduler
-      securityContext: {}
-      terminationGracePeriodSeconds: 60
-status: {}
diff --git a/env/scratch/cwagent-configmap.yaml b/env/scratch/cwagent-configmap.yaml
deleted file mode 100644
index cfbd223b4..000000000
--- a/env/scratch/cwagent-configmap.yaml
+++ /dev/null
@@ -1,71 +0,0 @@
-kind: ConfigMap
-metadata:
-  name: prometheus-cwagentconfig
-  namespace: amazon-cloudwatch
-apiVersion: v1
-data:
-  # cwagent json config
-  cwagentconfig.json: |
-    {
-      "agent": {
-        "region": "ca-central-1",
-        "debug": true
-      },
-      "logs": {
-        "metrics_collected": {
-          "prometheus": {
-            "cluster_name": "notification-canada-ca-scratch-eks-cluster",
-            "log_group_name": "/aws/containerinsights/notification-canada-ca-scratch-eks-cluster/prometheus",
-            "prometheus_config_path": "/etc/prometheusconfig/prometheus.yaml",
-            "emf_processor": {
-              "metric_declaration": [
-                {"source_labels": ["job", "resource"],
-                  "label_matcher": "^kubernetes-apiservers;(services|daemonsets.apps|deployments.apps|configmaps|endpoints|secrets|serviceaccounts|replicasets.apps)",
-                  "dimensions": [["ClusterName","Service","resource"]],
-                  "metric_selectors": [
-                  ".*"
-                  ]
-                },
-                {"source_labels": ["job", "name"],
-                  "label_matcher": "^kubernetes-apiservers;APIServiceRegistrationController$",
-                  "dimensions": [["ClusterName","Service","name"]],
-                  "metric_selectors": [
-                  ".*"
-                  ]
-                },
-                {"source_labels": ["job","code"],
-                  "label_matcher": "^kubernetes-apiservers;2[0-9]{2}$",
-                  "dimensions": [["ClusterName","Service","code"]],
-                  "metric_selectors": [
-                  ".*"
-                  ]
-                },
-                {"source_labels": ["job"],
-                  "label_matcher": "^kubernetes-apiservers",
-                  "dimensions": [["ClusterName","Service"]],
-                  "metric_selectors": [
-                  ".*"
-                  ]
-                },
-                {"source_labels": ["job", "resource"],
-                  "label_matcher": ".*kube-state-metrics.*",
-                  "dimensions": [["ClusterName","namespace", "deployment"]],
-                  "metric_selectors": [
-                  "^kube_deployment_.*"
-                  ]
-                },
-                {"source_labels": ["job", "resource"],
-                  "label_matcher": ".*kube-state-metrics.*",
-                  "dimensions": [["ClusterName","namespace", "pod"]],
-                  "metric_selectors": [
-                  "^kube_pod_.*"
-                  ]
-                }
-              ]
-            }
-          }
-        },
-        "force_flush_interval": 5
-      }
-    }
-
diff --git a/env/scratch/cwagent.yaml b/env/scratch/cwagent.yaml
deleted file mode 100644
index 6b381bb94..000000000
--- a/env/scratch/cwagent.yaml
+++ /dev/null
@@ -1,207 +0,0 @@
-# create amazon-cloudwatch namespace
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: amazon-cloudwatch
-  labels:
-    name: amazon-cloudwatch
----
-
-# create cwagent service account and role binding
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cloudwatch-agent
-  namespace: amazon-cloudwatch
-
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cloudwatch-agent-role
-rules:
-  - apiGroups: [""]
-    resources: ["pods", "nodes", "endpoints"]
-    verbs: ["list", "watch"]
-  - apiGroups: ["apps"]
-    resources: ["replicasets"]
-    verbs: ["list", "watch"]
-  - apiGroups: ["batch"]
-    resources: ["jobs"]
-    verbs: ["list", "watch"]
-  - apiGroups: [""]
-    resources: ["nodes/proxy"]
-    verbs: ["get"]
-  - apiGroups: [""]
-    resources: ["nodes/stats", "configmaps", "events"]
-    verbs: ["create"]
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    resourceNames: ["cwagent-clusterleader"]
-    verbs: ["get","update"]
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cloudwatch-agent-role-binding
-subjects:
-  - kind: ServiceAccount
-    name: cloudwatch-agent
-    namespace: amazon-cloudwatch
-roleRef:
-  kind: ClusterRole
-  name: cloudwatch-agent-role
-  apiGroup: rbac.authorization.k8s.io
----
-
-# create configmap for cwagent config
-apiVersion: v1
-data:
-  # Configuration is in Json format. No matter what configure change you make,
-  # please keep the Json blob valid.
-  cwagentconfig.json: |
-    {	
-      "agent":{	
-          "region":"ca-central-1"	
-      },	
-      "logs":{	
-          "metrics_collected":{	
-            "kubernetes":{	
-                "cluster_name":"notification-canada-ca-scratch-eks-cluster",	
-                "metrics_collection_interval":60	
-            },	
-            "emf": { }	
-          },	
-          "force_flush_interval":5	
-      },	
-      "metrics":{	
-          "namespace": "NotificationCanadaCa",	
-          "metrics_collected":{	
-            "statsd":{	
-                "service_address":":8125",	
-                "metrics_collection_interval":15,	
-                "metrics_aggregation_interval":60	
-            }	
-          }	
-      }	
-    }
-kind: ConfigMap
-metadata:
-  name: cwagentconfig
-  namespace: amazon-cloudwatch
----
-
-# deploy cwagent as daemonset
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: cloudwatch-agent
-  namespace: amazon-cloudwatch
-spec:
-  selector:
-    matchLabels:
-      name: cloudwatch-agent
-  template:
-    metadata:
-      labels:
-        name: cloudwatch-agent
-    spec:
-      priorityClassName: system-node-critical
-      containers:
-        - name: cloudwatch-agent
-          image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:1.300026.3b189
-          ports:
-            - containerPort: 8125
-              hostPort: 8125
-              protocol: UDP
-            - containerPort: 25888
-              hostPort: 25888
-              protocol: TCP
-            - containerPort: 25888
-              hostPort: 25888
-              protocol: UDP   
-          resources:
-            limits:
-              cpu:  200m
-              memory: 200Mi
-            requests:
-              cpu: 200m
-              memory: 200Mi
-          # Please don't change below envs
-          env:
-            - name: HOST_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.hostIP
-            - name: HOST_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: K8S_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: CI_VERSION
-              value: "k8s/1.3.15"
-          # Please don't change the mountPath
-          volumeMounts:
-            - name: cwagentconfig
-              mountPath: /etc/cwagentconfig
-            - name: rootfs
-              mountPath: /rootfs
-              readOnly: true
-            - name: dockersock
-              mountPath: /var/run/docker.sock
-              readOnly: true
-            - name: varlibdocker
-              mountPath: /var/lib/docker
-              readOnly: true
-            - name: containerdsock
-              mountPath: /run/containerd/containerd.sock
-              readOnly: true
-            - name: sys
-              mountPath: /sys
-              readOnly: true
-            - name: devdisk
-              mountPath: /dev/disk
-              readOnly: true
-      nodeSelector:
-        kubernetes.io/os: linux
-      volumes:
-        - name: cwagentconfig
-          configMap:
-            name: cwagentconfig
-        - name: rootfs
-          hostPath:
-            path: /
-        - name: dockersock
-          hostPath:
-            path: /var/run/docker.sock
-        - name: varlibdocker
-          hostPath:
-            path: /var/lib/docker
-        - name: containerdsock
-          hostPath:
-            path: /run/containerd/containerd.sock
-        - name: sys
-          hostPath:
-            path: /sys
-        - name: devdisk
-          hostPath:
-            path: /dev/disk/
-      terminationGracePeriodSeconds: 60
-      serviceAccountName: cloudwatch-agent
-
----
-
-# create configmap for cluster name and aws region for CloudWatch Logs
-# need to replace the placeholders {{cluster_name}} and {{region_name}}
-apiVersion: v1
-data:
-  cluster.name: "notification-canada-ca-scratch-eks-cluster"
-  logs.region: "ca-central-1"
-kind: ConfigMap
-metadata:
-  name: cluster-info
-  namespace: amazon-cloudwatch
diff --git a/env/scratch/document-download-api-target-group.yaml b/env/scratch/document-download-api-target-group.yaml
deleted file mode 100644
index e15732b29..000000000
--- a/env/scratch/document-download-api-target-group.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: elbv2.k8s.aws/v1beta1
-kind: TargetGroupBinding
-metadata:
-  name: document-download-api-targetgroup
-  namespace: notification-canada-ca
-spec:
-  serviceRef:
-    name: document-download-api
-    port: 7000
-  targetGroupARN: arn:aws:elasticloadbalancing:ca-central-1:419291849580:targetgroup/notification-document-api/3aa27e25c9f634f8
diff --git a/env/scratch/documentation-target-group.yaml b/env/scratch/documentation-target-group.yaml
deleted file mode 100644
index 431afd684..000000000
--- a/env/scratch/documentation-target-group.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: elbv2.k8s.aws/v1beta1
-kind: TargetGroupBinding
-metadata:
-  name: documentation-targetgroup
-  namespace: notification-canada-ca
-spec:
-  serviceRef:
-    name: documentation
-    port: 80
-  targetGroupARN: arn:aws:elasticloadbalancing:ca-central-1:419291849580:targetgroup/notification-documentation/58f25dcdbe9cbd66
diff --git a/env/scratch/fluentbit.yaml b/env/scratch/fluentbit.yaml
deleted file mode 100644
index fa458f8c5..000000000
--- a/env/scratch/fluentbit.yaml
+++ /dev/null
@@ -1,437 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: fluent-bit
-  namespace: amazon-cloudwatch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: fluent-bit-role
-rules:
-  - nonResourceURLs:
-      - /metrics
-    verbs:
-      - get
-  - apiGroups: [""]
-    resources:
-      - namespaces
-      - pods
-      - pods/logs
-      - nodes
-      - nodes/proxy
-    verbs: ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: fluent-bit-role-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: fluent-bit-role
-subjects:
-  - kind: ServiceAccount
-    name: fluent-bit
-    namespace: amazon-cloudwatch
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: fluent-bit-cluster-info
-  namespace: amazon-cloudwatch
-data:
-  cluster.name: notification-canada-ca-scratch-eks-cluster
-  http.port: "2020"
-  http.server: "On"
-  logs.region: ca-central-1
-  read.head: "Off"
-  read.tail: "On"
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: fluent-bit-config
-  namespace: amazon-cloudwatch
-  labels:
-    k8s-app: fluent-bit
-data:
-  fluent-bit.conf: |
-    [SERVICE]
-        Flush                     5
-        Grace                     30
-        Log_Level                 info
-        Daemon                    off
-        Parsers_File              parsers.conf
-        HTTP_Server               ${HTTP_SERVER}
-        HTTP_Listen               0.0.0.0
-        HTTP_Port                 ${HTTP_PORT}
-        storage.path              /var/fluent-bit/state/flb-storage/
-        storage.sync              normal
-        storage.checksum          off
-        storage.backlog.mem_limit 5M
-        
-    @INCLUDE celery-log.conf
-    @INCLUDE notify-log.conf
-    @INCLUDE dataplane-log.conf
-    @INCLUDE host-log.conf
-
-
-
-  notify-log.conf: |
-    [INPUT]
-        Name                tail
-        Tag                 application.*
-        Exclude_Path        /var/log/containers/cloudwatch-agent*, /var/log/containers/fluent-bit*, /var/log/containers/aws-node*, /var/log/containers/kube-proxy*, /var/log/containers/celery*
-        Path                /var/log/containers/*.log
-        multiline.parser    docker, cri
-        DB                  /var/fluent-bit/state/flb_container.db
-        Mem_Buf_Limit       50MB
-        Skip_Long_Lines     Off
-        Refresh_Interval    10
-        Rotate_Wait         30
-        storage.type        filesystem
-        Read_from_Head      ${READ_FROM_HEAD}
-
-    [INPUT]
-        Name                tail
-        Tag                 application.*
-        Path                /var/log/containers/fluent-bit*
-        multiline.parser    docker, cri
-        DB                  /var/fluent-bit/state/flb_log.db
-        Mem_Buf_Limit       5MB
-        Skip_Long_Lines     On
-        Refresh_Interval    10
-        Read_from_Head      ${READ_FROM_HEAD}
-
-    [INPUT]
-        Name                tail
-        Tag                 application.*
-        Path                /var/log/containers/cloudwatch-agent*
-        multiline.parser    docker, cri
-        DB                  /var/fluent-bit/state/flb_cwagent.db
-        Mem_Buf_Limit       5MB
-        Skip_Long_Lines     On
-        Refresh_Interval    10
-        Read_from_Head      ${READ_FROM_HEAD}
-
-    [FILTER]
-        Name                kubernetes
-        Match               application.*
-        Kube_URL            https://kubernetes.default.svc:443
-        Kube_Tag_Prefix     application.var.log.containers.
-        Merge_Log           On
-        Merge_Log_Key       log_processed
-        K8S-Logging.Parser  On
-        K8S-Logging.Exclude Off
-        Labels              On
-        Annotations         On
-        Use_Kubelet         On
-        Kubelet_Port        10250
-        Buffer_Size         0
-
-    [OUTPUT]
-        Name                cloudwatch
-        Match               application.*
-        region              ${AWS_REGION}
-        log_group_name      /aws/containerinsights/${CLUSTER_NAME}/application
-        log_stream_name     $(tag[4])
-        auto_create_group   true
-        extra_user_agent    container-insights
-
-  celery-log.conf: |
-    [INPUT]
-        Name                tail
-        Tag                 celery.*
-        Path                /var/log/containers/celery*
-        multiline.parser    docker, cri
-        DB                  /var/fluent-bit/state/celery.db
-        Mem_Buf_Limit       50MB
-        Skip_Long_Lines     Off
-        Refresh_Interval    10
-        Rotate_Wait         30
-        storage.type        filesystem
-        Read_from_Head      ${READ_FROM_HEAD}
-
-
-    [FILTER]
-        Name                kubernetes
-        Match               celery.*
-        Kube_URL            https://kubernetes.default.svc:443
-        Kube_Tag_Prefix     celery.var.log.containers.
-        Merge_Log           On
-        Merge_Log_Key       log_processed
-        K8S-Logging.Parser  On
-        K8S-Logging.Exclude Off
-        Labels              On
-        Annotations         On
-        Use_Kubelet         On
-        Kubelet_Port        10250
-        Buffer_Size         0
-
-    [FILTER]
-        name                  multiline
-        match                 celery.*
-        multiline.key_content log
-        multiline.parser      multiline-notify-python
-
-    [OUTPUT]
-        Name                cloudwatch
-        Match               celery.*
-        region              ${AWS_REGION}
-        log_group_name      /aws/containerinsights/${CLUSTER_NAME}/application
-        log_stream_name     $(tag[4])
-        auto_create_group   true
-        extra_user_agent    container-insights
-
-  dataplane-log.conf: |
-    [INPUT]
-        Name                systemd
-        Tag                 dataplane.systemd.*
-        Systemd_Filter      _SYSTEMD_UNIT=docker.service
-        Systemd_Filter      _SYSTEMD_UNIT=containerd.service
-        Systemd_Filter      _SYSTEMD_UNIT=kubelet.service
-        DB                  /var/fluent-bit/state/systemd.db
-        Path                /var/log/journal
-        Read_From_Tail      ${READ_FROM_TAIL}
-
-    [INPUT]
-        Name                tail
-        Tag                 dataplane.tail.*
-        Path                /var/log/containers/aws-node*, /var/log/containers/kube-proxy*
-        multiline.parser    docker, cri
-        DB                  /var/fluent-bit/state/flb_dataplane_tail.db
-        Mem_Buf_Limit       50MB
-        Skip_Long_Lines     On
-        Refresh_Interval    10
-        Rotate_Wait         30
-        storage.type        filesystem
-        Read_from_Head      ${READ_FROM_HEAD}
-
-    [FILTER]
-        Name                modify
-        Match               dataplane.systemd.*
-        Rename              _HOSTNAME                   hostname
-        Rename              _SYSTEMD_UNIT               systemd_unit
-        Rename              MESSAGE                     message
-        Remove_regex        ^((?!hostname|systemd_unit|message).)*$
-
-    [FILTER]
-        Name                aws
-        Match               dataplane.*
-        imds_version        v1
-
-    [OUTPUT]
-        Name                cloudwatch_logs
-        Match               dataplane.*
-        region              ${AWS_REGION}
-        log_group_name      /aws/containerinsights/${CLUSTER_NAME}/dataplane
-        log_stream_prefix   ${HOST_NAME}-
-        auto_create_group   true
-        extra_user_agent    container-insights
-
-  host-log.conf: |
-    [INPUT]
-        Name                tail
-        Tag                 host.dmesg
-        Path                /var/log/dmesg
-        Key                 message
-        DB                  /var/fluent-bit/state/flb_dmesg.db
-        Mem_Buf_Limit       5MB
-        Skip_Long_Lines     On
-        Refresh_Interval    10
-        Read_from_Head      ${READ_FROM_HEAD}
-
-    [INPUT]
-        Name                tail
-        Tag                 host.messages
-        Path                /var/log/messages
-        Parser              syslog
-        DB                  /var/fluent-bit/state/flb_messages.db
-        Mem_Buf_Limit       5MB
-        Skip_Long_Lines     On
-        Refresh_Interval    10
-        Read_from_Head      ${READ_FROM_HEAD}
-
-    [INPUT]
-        Name                tail
-        Tag                 host.secure
-        Path                /var/log/secure
-        Parser              syslog
-        DB                  /var/fluent-bit/state/flb_secure.db
-        Mem_Buf_Limit       5MB
-        Skip_Long_Lines     On
-        Refresh_Interval    10
-        Read_from_Head      ${READ_FROM_HEAD}
-
-    [FILTER]
-        Name                aws
-        Match               host.*
-        imds_version        v1
-
-    [OUTPUT]
-        Name                cloudwatch_logs
-        Match               host.*
-        region              ${AWS_REGION}
-        log_group_name      /aws/containerinsights/${CLUSTER_NAME}/host
-        log_stream_prefix   ${HOST_NAME}.
-        auto_create_group   true
-        extra_user_agent    container-insights
-
-  parsers.conf: |
-    [PARSER]
-        Name                syslog
-        Format              regex
-        Regex               ^(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
-        Time_Key            time
-        Time_Format         %b %d %H:%M:%S
-
-    [PARSER]
-        Name                container_firstline
-        Format              regex
-        Regex               (?<log>(?<="log":")\S(?!\.).*?)(?<!\\)".*(?<stream>(?<="stream":").*?)".*(?<time>\d{4}-\d{1,2}-\d{1,2}T\d{2}:\d{2}:\d{2}\.\w*).*(?=})
-        Time_Key            time
-        Time_Format         %Y-%m-%dT%H:%M:%S.%LZ
-
-    [PARSER]
-        Name                cwagent_firstline
-        Format              regex
-        Regex               (?<log>(?<="log":")\d{4}[\/-]\d{1,2}[\/-]\d{1,2}[ T]\d{2}:\d{2}:\d{2}(?!\.).*?)(?<!\\)".*(?<stream>(?<="stream":").*?)".*(?<time>\d{4}-\d{1,2}-\d{1,2}T\d{2}:\d{2}:\d{2}\.\w*).*(?=})
-        Time_Key            time
-        Time_Format         %Y-%m-%dT%H:%M:%S.%LZ
-
-    [MULTILINE_PARSER]
-        name          multiline-notify-python
-        type          regex
-        flush_timeout 1000
-        # rules |   state name  | regex pattern         | next state
-        # ------|---------------|-----------------------------------
-        rule      "start_state"   "/^\[.*\].*/"                "cont"
-        rule      "cont"          "/^[^\[].*/"           "cont"
-
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: fluent-bit
-  namespace: amazon-cloudwatch
-  labels:
-    k8s-app: fluent-bit
-    version: v1
-    kubernetes.io/cluster-service: "true"
-spec:
-  selector:
-    matchLabels:
-      k8s-app: fluent-bit
-  template:
-    metadata:
-      labels:
-        k8s-app: fluent-bit
-        version: v1
-        kubernetes.io/cluster-service: "true"
-    spec:
-      initContainers:
-      - name: wait-for-init
-        image: busybox:1.28
-        command: ['sh', '-c', 'echo "Waiting for 10 seconds for node to sort itself out" && sleep 10']          
-      containers:
-      - name: fluent-bit
-        image: public.ecr.aws/aws-observability/aws-for-fluent-bit:stable
-        imagePullPolicy: Always
-        env:
-            - name: AWS_REGION
-              valueFrom:
-                configMapKeyRef:
-                  name: fluent-bit-cluster-info
-                  key: logs.region
-            - name: CLUSTER_NAME
-              valueFrom:
-                configMapKeyRef:
-                  name: fluent-bit-cluster-info
-                  key: cluster.name
-            - name: HTTP_SERVER
-              valueFrom:
-                configMapKeyRef:
-                  name: fluent-bit-cluster-info
-                  key: http.server
-            - name: HTTP_PORT
-              valueFrom:
-                configMapKeyRef:
-                  name: fluent-bit-cluster-info
-                  key: http.port
-            - name: READ_FROM_HEAD
-              valueFrom:
-                configMapKeyRef:
-                  name: fluent-bit-cluster-info
-                  key: read.head
-            - name: READ_FROM_TAIL
-              valueFrom:
-                configMapKeyRef:
-                  name: fluent-bit-cluster-info
-                  key: read.tail
-            - name: HOST_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: HOSTNAME
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.name
-            - name: CI_VERSION
-              value: "k8s/1.3.15"
-        resources:
-            limits:
-              memory: 200Mi
-            requests:
-              cpu: 100m
-              memory: 100Mi
-        volumeMounts:
-        # Please don't change below read-only permissions
-        - name: fluentbitstate
-          mountPath: /var/fluent-bit/state
-        - name: varlog
-          mountPath: /var/log
-          readOnly: true
-        - name: varlibdockercontainers
-          mountPath: /var/lib/docker/containers
-          readOnly: true
-        - name: fluent-bit-config
-          mountPath: /fluent-bit/etc/
-        - name: runlogjournal
-          mountPath: /run/log/journal
-          readOnly: true
-        - name: dmesg
-          mountPath: /var/log/dmesg
-          readOnly: true
-      terminationGracePeriodSeconds: 10
-      hostNetwork: true
-      dnsPolicy: ClusterFirstWithHostNet
-      volumes:
-      - name: fluentbitstate
-        hostPath:
-          path: /var/fluent-bit/state
-      - name: varlog
-        hostPath:
-          path: /var/log
-      - name: varlibdockercontainers
-        hostPath:
-          path: /var/lib/docker/containers
-      - name: fluent-bit-config
-        configMap:
-          name: fluent-bit-config
-      - name: runlogjournal
-        hostPath:
-          path: /run/log/journal
-      - name: dmesg
-        hostPath:
-          path: /var/log/dmesg
-      serviceAccountName: fluent-bit
-      tolerations:
-      - key: node-role.kubernetes.io/master
-        operator: Exists
-        effect: NoSchedule
-      - operator: "Exists"
-        effect: "NoExecute"
-      - operator: "Exists"
-        effect: "NoSchedule"
\ No newline at end of file
diff --git a/env/scratch/karpenter.yaml b/env/scratch/karpenter.yaml
deleted file mode 100644
index 241cb3352..000000000
--- a/env/scratch/karpenter.yaml
+++ /dev/null
@@ -1,69 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: karpenter
-  namespace: karpenter
-  labels:
-    app.kubernetes.io/name: karpenter
-    app.kubernetes.io/instance: karpenter
-    app.kubernetes.io/version: "0.30.0"
-  annotations:
-    eks.amazonaws.com/role-arn: arn:aws:iam::419291849580:role/karpenter-controller-eks
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: karpenter-global-settings
-  namespace: karpenter
-  labels:
-    app.kubernetes.io/name: karpenter
-    app.kubernetes.io/instance: karpenter
-    app.kubernetes.io/version: "0.30.0"
-data:  
-    "aws.assumeRoleARN": ""
-    "aws.assumeRoleDuration": "15m"
-    "aws.clusterCABundle": ""
-    "aws.clusterEndpoint": ""
-    "aws.clusterName": "notification-canada-ca-scratch-eks-cluster"
-    "aws.defaultInstanceProfile": "KarpenterNodeInstanceProfile-karpenter-controller-eks"
-    "aws.enableENILimitedPodDensity": "true"
-    "aws.enablePodENI": "false"
-    "aws.interruptionQueueName": ""
-    "aws.isolatedVPC": "false"
-    "aws.vmMemoryOverheadPercent": "0.075"
-    "batchIdleDuration": "1s"
-    "batchMaxDuration": "10s"
-    "featureGates.driftEnabled": "false"
----
-apiVersion: karpenter.sh/v1alpha5
-kind: Provisioner
-metadata:
-  name: default
-spec:
-  requirements:
-    - key: karpenter.sh/capacity-type
-      operator: In
-      values: ["spot"]
-    - key: node.kubernetes.io/instance-type
-      operator: In
-      values: ["m5.large", "r5.large"]      
-  limits:
-    resources:
-      cpu: 1000
-  providerRef:
-    name: default
-  consolidation: 
-    enabled: true
----
-apiVersion: karpenter.k8s.aws/v1alpha1
-kind: AWSNodeTemplate
-metadata:
-  name: default
-spec:
-  subnetSelector:
-    karpenter.sh/discovery: notification-canada-ca-scratch-eks-cluster
-  securityGroupSelector:
-    karpenter.sh/discovery: notification-canada-ca-scratch-eks-cluster    
-  metadataOptions:
-    httpTokens: optional
\ No newline at end of file
diff --git a/env/scratch/kustomization.yaml b/env/scratch/kustomization.yaml
deleted file mode 100644
index b4f236363..000000000
--- a/env/scratch/kustomization.yaml
+++ /dev/null
@@ -1,609 +0,0 @@
-bases:
-  - ../../base/karpenter
-  - ../../base/kube-state-metrics
-  - ../../base/prometheus-cloudwatch
-  - ../../base/k8s-event-logger
-  - ../../base/utils
-  - ../../base/notify-admin
-  - ../../base/notify-api
-  - ../../base/notify-celery-main
-  - ../../base/notify-celery-sms-send
-  - ../../base/notify-celery-email-send
-  - ../../base/notify-document-download
-  - ../../base/notify-documentation
-  - ../../base/notify-system
-
-resources:
-  - cwagent.yaml
-  - fluentbit.yaml
-  - cwagent-configmap.yaml
-  - notification-service-account.yaml
-  - api-target-group.yaml
-  - admin-target-group.yaml
-  - document-download-api-target-group.yaml
-  - documentation-target-group.yaml
-  - aws-auth-configmap.yaml
-
-images:
-  - name: admin
-    newName: public.ecr.aws/cds-snc/notify-admin:latest
-  - name: api
-    newName: public.ecr.aws/cds-snc/notify-api:latest
-  - name: document-download-api
-    newName: public.ecr.aws/cds-snc/notify-document-download-api:latest
-  - name: documentation
-    newName: public.ecr.aws/cds-snc/notify-documentation:latest
-
-configMapGenerator:
-- name: application-config
-  env: .env
-
-patches:
-  - performance.yaml
-  - services.yaml
-#  - cwagent-patch.yaml
-  - celery-deployment.yaml
-  - karpenter.yaml
-  - node-selector-patch.yaml
-
-vars:
-- name: ADMIN_CLIENT_SECRET
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ADMIN_CLIENT_SECRET
-- name: ALLOW_DEBUG_ROUTE
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ALLOW_DEBUG_ROUTE
-- name: ALLOW_HTML_SERVICE_IDS
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ALLOW_HTML_SERVICE_IDS
-- name: API_HOST_NAME
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.API_HOST_NAME
-- name: ASSET_UPLOAD_BUCKET_NAME
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ASSET_UPLOAD_BUCKET_NAME
-- name: ASSET_DOMAIN
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ASSET_DOMAIN
-- name: AUTH_TOKENS
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AUTH_TOKENS
-- name: AWS_PINPOINT_REGION
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_PINPOINT_REGION
-- name: AWS_REGION
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_REGION
-- name: AWS_ROUTE53_ZONE
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_ROUTE53_ZONE
-- name: AWS_SES_REGION
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_SES_REGION
-- name: AWS_SES_SMTP
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_SES_SMTP
-- name: AWS_SES_ACCESS_KEY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_SES_ACCESS_KEY
-- name: AWS_SES_SECRET_KEY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_SES_SECRET_KEY
-- name: BASE_DOMAIN
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.BASE_DOMAIN
-- name: BULK_SEND_AWS_BUCKET
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.BULK_SEND_AWS_BUCKET
-- name: BULK_SEND_TEST_SERVICE_ID
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.BULK_SEND_TEST_SERVICE_ID
-- name: CELERY_CONCURRENCY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CELERY_CONCURRENCY
-- name: CELERY_DELIVER_SMS_RATE_LIMIT
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CELERY_DELIVER_SMS_RATE_LIMIT
-- name: CONTACT_EMAIL
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CONTACT_EMAIL
-- name: CSV_UPLOAD_BUCKET_NAME
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CSV_UPLOAD_BUCKET_NAME
-- name: CLUSTER_NAME
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CLUSTER_NAME
-- name: DEBUG_KEY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.DEBUG_KEY
-- name: DOCUMENTS_BUCKET
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.DOCUMENTS_BUCKET
-- name: DANGEROUS_SALT
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.DANGEROUS_SALT
-- name: ENVIRONMENT
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ENVIRONMENT
-- name: FF_SPIKE_SMS_DAILY_LIMIT
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_SPIKE_SMS_DAILY_LIMIT
-- name: FF_SMS_PARTS_UI
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_SMS_PARTS_UI
-- name: FIDO2_DOMAIN
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FIDO2_DOMAIN
-- name: FRESH_DESK_API_URL
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FRESH_DESK_API_URL
-- name: FRESH_DESK_API_KEY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FRESH_DESK_API_KEY
-- name: FRESH_DESK_PRODUCT_ID
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FRESH_DESK_PRODUCT_ID
-- name: HASURA_ACCESS_KEY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.HASURA_ACCESS_KEY
-- name: HC_EN_SERVICE_ID
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.HC_EN_SERVICE_ID
-- name: HC_FR_SERVICE_ID
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.HC_FR_SERVICE_ID
-- name: MIXPANEL_PROJECT_TOKEN
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.MIXPANEL_PROJECT_TOKEN
-- name: NEW_RELIC_LICENSE_KEY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.NEW_RELIC_LICENSE_KEY
-- name: NEW_RELIC_MONITOR_MODE
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.NEW_RELIC_MONITOR_MODE
-- name: POSTGRES_HOST
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.POSTGRES_HOST
-- name: POSTGRES_SQL
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.POSTGRES_SQL
-- name: REDIS_URL
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.REDIS_URL
-- name: REDIS_PUBLISH_URL
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.REDIS_PUBLISH_URL
-- name: SCAN_FILES_DOCUMENTS_BUCKET
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SCAN_FILES_DOCUMENTS_BUCKET
-- name: SECRET_KEY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SECRET_KEY
-- name: SENDGRID_API_KEY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SENDGRID_API_KEY
-- name: SENSITIVE_SERVICES
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SENSITIVE_SERVICES
-- name: SQLALCHEMY_DATABASE_READER_URI
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SQLALCHEMY_DATABASE_READER_URI
-- name: SQLALCHEMY_POOL_SIZE
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SQLALCHEMY_POOL_SIZE
-- name: TWILIO_ACCOUNT_SID
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.TWILIO_ACCOUNT_SID
-- name: TWILIO_AUTH_TOKEN
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.TWILIO_AUTH_TOKEN
-- name: TWILIO_FROM_NUMBER
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.TWILIO_FROM_NUMBER
-- name: SENTRY_URL
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SENTRY_URL
-- name: EXTRA_MIME_TYPES
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.EXTRA_MIME_TYPES
-- name: IP_GEOLOCATE_SERVICE
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.IP_GEOLOCATE_SERVICE
-- name: ZENDESK_SELL_API_URL
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ZENDESK_SELL_API_URL
-- name: ZENDESK_SELL_API_KEY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ZENDESK_SELL_API_KEY
-- name: ZENDESK_API_URL
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ZENDESK_API_URL
-- name: ZENDESK_API_KEY
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.ZENDESK_API_KEY
-- name: AWS_US_TOLL_FREE_NUMBER
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.AWS_US_TOLL_FREE_NUMBER
-- name: BATCH_INSERTION_CHUNK_SIZE
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.BATCH_INSERTION_CHUNK_SIZE
-- name: GC_ARTICLES_API
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.GC_ARTICLES_API
-- name: GC_ARTICLES_API_AUTH_USERNAME
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.GC_ARTICLES_API_AUTH_USERNAME
-- name: GC_ARTICLES_API_AUTH_PASSWORD
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.GC_ARTICLES_API_AUTH_PASSWORD
-- name: WAF_SECRET
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.WAF_SECRET
-- name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CRM_GITHUB_PERSONAL_ACCESS_TOKEN
-- name: CRM_ORG_LIST_URL
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.CRM_ORG_LIST_URL
-- name: FF_SALESFORCE_CONTACT
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_SALESFORCE_CONTACT
-- name: SALESFORCE_USERNAME
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_USERNAME
-- name: SALESFORCE_PASSWORD
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_PASSWORD
-- name: SALESFORCE_SECURITY_TOKEN
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_SECURITY_TOKEN
-- name: SALESFORCE_DOMAIN
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_DOMAIN
-- name: SALESFORCE_ENGAGEMENT_PRODUCT_ID
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_ENGAGEMENT_PRODUCT_ID
-- name: SALESFORCE_ENGAGEMENT_RECORD_TYPE
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_ENGAGEMENT_RECORD_TYPE
-- name: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
-- name: SALESFORCE_GENERIC_ACCOUNT_ID
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SALESFORCE_GENERIC_ACCOUNT_ID
-- name: FF_BOUNCE_RATE_V1
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_BOUNCE_RATE_V1
-- name: FF_BOUNCE_RATE_V15
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_BOUNCE_RATE_V15
-- name: FF_BOUNCE_RATE_BACKEND
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_BOUNCE_RATE_BACKEND
-- name: FF_ABTEST_SERVICE_ID
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.FF_ABTEST_SERVICE_ID
-- name: SRE_CLIENT_SECRET
-  objref:
-    kind: ConfigMap
-    name: application-config
-    apiVersion: v1
-  fieldref:
-    fieldpath: data.SRE_CLIENT_SECRET
diff --git a/env/scratch/node-selector-patch.yaml b/env/scratch/node-selector-patch.yaml
deleted file mode 100644
index b4304a8c5..000000000
--- a/env/scratch/node-selector-patch.yaml
+++ /dev/null
@@ -1,132 +0,0 @@
-#### Change what type of node each deployment should be deployed to
-
-#### KARPENTER SPOT INSTANCES - EPHEMERAL, STATE NOT REQUIRED
-
-# Celery Email
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery
-  name:  celery
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        karpenter.sh/provisioner-name: default
----
-# Celery SMS Send
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms-send
-  name:  celery-sms-send
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        karpenter.sh/provisioner-name: default
----
-# Celery Email Send
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-email-send
-  name:  celery-email-send
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        karpenter.sh/provisioner-name: default
----
-# Notification API K8s
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: api
-  name:  api
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        karpenter.sh/provisioner-name: default
----
-
-### ON DEMAND (PRIMARY) NODES - ALWAYS AVAILABLE
-# Celery Beat
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-beat
-  name:  celery-beat
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
----
-# Celery SMS
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms
-    profile: fargate
-  name:  celery-sms
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND
----
-# Notify Admin
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: admin
-  name:  admin
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND
----
-# Document Download API
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: document-download-api
-  name: document-download-api
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
----
-# Documentation
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: documentation
-  namespace: notification-canada-ca
-  labels:
-    app: documentation
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND   
\ No newline at end of file
diff --git a/env/scratch/notification-service-account.yaml b/env/scratch/notification-service-account.yaml
deleted file mode 100644
index e74b81332..000000000
--- a/env/scratch/notification-service-account.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  namespace: notification-canada-ca
-  name: notification-service-account
-  annotations:
-    eks.amazonaws.com/role-arn: arn:aws:iam::419291849580:role/notification-service-account-role
\ No newline at end of file
diff --git a/env/scratch/performance.yaml b/env/scratch/performance.yaml
deleted file mode 100644
index 888898160..000000000
--- a/env/scratch/performance.yaml
+++ /dev/null
@@ -1,191 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: api
-  name:  api
-  namespace: notification-canada-ca
-spec:
-  replicas: 4
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: admin
-  name:  admin
-  namespace: notification-canada-ca
-spec:
-  replicas: 2
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery
-  name:  celery
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery
-        resources:
-          requests:
-            cpu: "300m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms-send
-  name:  celery-sms-send
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-sms-send
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-email-send
-  name:  celery-email-send
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-email-send
-        resources:
-          requests:
-            cpu: "50m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: documentation
-  name:  documentation
-  namespace: notification-canada-ca
-spec:
-  replicas: 2
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: admin-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 2
-  maxReplicas: 2
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: api-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 4
-  maxReplicas: 4
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: celery-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 3
-  maxReplicas: 10
-  metrics:
-  - resource:
-      name: cpu
-      target:
-        averageUtilization: 50
-        type: Utilization
-    type: Resource
-  behavior:
-    scaleUp:
-      stabilizationWindowSeconds: 0
-      policies:
-      - type: Pods
-        value: 4
-        periodSeconds: 60
-      selectPolicy: Max            
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: celery-sms-send-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 3
-  maxReplicas: 10
-  metrics:
-  - resource:
-      name: cpu
-      target:
-        averageUtilization: 50
-        type: Utilization
-    type: Resource
-  behavior:
-    scaleUp:
-      stabilizationWindowSeconds: 0
-      policies:
-      - type: Pods
-        value: 12
-        periodSeconds: 45
-      selectPolicy: Max
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: celery-email-send-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 3
-  maxReplicas: 30
-  metrics:
-  - resource:
-      name: cpu
-      target:
-        averageUtilization: 25
-        type: Utilization
-    type: Resource
-  behavior:
-    scaleUp:
-      stabilizationWindowSeconds: 0
-      policies:
-      - type: Pods
-        value: 12
-        periodSeconds: 45
-      selectPolicy: Max
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: document-download-api-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 2
-  maxReplicas: 4
diff --git a/env/scratch/services.yaml b/env/scratch/services.yaml
deleted file mode 100644
index 85835791a..000000000
--- a/env/scratch/services.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    name: admin
-  name: admin
-  namespace: notification-canada-ca
-  annotations:
-    service.beta.kubernetes.io/aws-load-balancer-internal: "true"    
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    name: api
-  name: api
-  namespace: notification-canada-ca
-  annotations:
-    service.beta.kubernetes.io/aws-load-balancer-internal: "true"  
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    name: document-download-api
-  name: document-download-api
-  namespace: notification-canada-ca
-  annotations:
-    service.beta.kubernetes.io/aws-load-balancer-internal: "true"  
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    name: documentation
-  name: documentation
-  namespace: notification-canada-ca
-  annotations:
-    service.beta.kubernetes.io/aws-load-balancer-internal: "true"      
\ No newline at end of file
diff --git a/env/scratch/cwagent-patch.yaml b/env/staging/cwagent/cwagent-deployment-patch.yaml
similarity index 100%
rename from env/scratch/cwagent-patch.yaml
rename to env/staging/cwagent/cwagent-deployment-patch.yaml
diff --git a/env/staging/karpenter.yaml b/env/staging/karpenter.yaml
deleted file mode 100644
index 37c5742dc..000000000
--- a/env/staging/karpenter.yaml
+++ /dev/null
@@ -1,69 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: karpenter
-  namespace: karpenter
-  labels:
-    app.kubernetes.io/name: karpenter
-    app.kubernetes.io/instance: karpenter
-    app.kubernetes.io/version: "0.30.0"
-  annotations:
-    eks.amazonaws.com/role-arn: arn:aws:iam::239043911459:role/karpenter-controller-eks
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: karpenter-global-settings
-  namespace: karpenter
-  labels:
-    app.kubernetes.io/name: karpenter
-    app.kubernetes.io/instance: karpenter
-    app.kubernetes.io/version: "0.30.0"
-data:  
-    "aws.assumeRoleARN": ""
-    "aws.assumeRoleDuration": "15m"
-    "aws.clusterCABundle": ""
-    "aws.clusterEndpoint": ""
-    "aws.clusterName": "notification-canada-ca-staging-eks-cluster"
-    "aws.defaultInstanceProfile": "KarpenterNodeInstanceProfile-karpenter-controller-eks"
-    "aws.enableENILimitedPodDensity": "true"
-    "aws.enablePodENI": "false"
-    "aws.interruptionQueueName": ""
-    "aws.isolatedVPC": "false"
-    "aws.vmMemoryOverheadPercent": "0.075"
-    "batchIdleDuration": "1s"
-    "batchMaxDuration": "10s"
-    "featureGates.driftEnabled": "false"
----
-apiVersion: karpenter.sh/v1alpha5
-kind: Provisioner
-metadata:
-  name: default
-spec:
-  requirements:
-    - key: karpenter.sh/capacity-type
-      operator: In
-      values: ["spot"]
-    - key: node.kubernetes.io/instance-type
-      operator: In
-      values: ["r5.xlarge", "r5.large"]      
-  limits:
-    resources:
-      cpu: 1000
-  providerRef:
-    name: default
-  consolidation:
-    enabled: true
----
-apiVersion: karpenter.k8s.aws/v1alpha1
-kind: AWSNodeTemplate
-metadata:
-  name: default
-spec:
-  subnetSelector:
-    karpenter.sh/discovery: notification-canada-ca-staging-eks-cluster
-  securityGroupSelector:
-    karpenter.sh/discovery: notification-canada-ca-staging-eks-cluster    
-  metadataOptions:
-    httpTokens: optional
diff --git a/env/staging/karpenter/aws-node-template-patch.yaml b/env/staging/karpenter/aws-node-template-patch.yaml
new file mode 100644
index 000000000..30b6602a8
--- /dev/null
+++ b/env/staging/karpenter/aws-node-template-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: karpenter.k8s.aws/v1alpha1
+kind: AWSNodeTemplate
+metadata:
+  name: default
+spec:
+  subnetSelector:
+    karpenter.sh/discovery: notification-canada-ca-staging-eks-cluster
+  securityGroupSelector:
+    karpenter.sh/discovery: notification-canada-ca-staging-eks-cluster    
+  metadataOptions:
+    httpTokens: optional
diff --git a/env/staging/karpenter/configmap-patch.yaml b/env/staging/karpenter/configmap-patch.yaml
new file mode 100644
index 000000000..97bec9630
--- /dev/null
+++ b/env/staging/karpenter/configmap-patch.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: karpenter-global-settings
+  namespace: karpenter
+  labels:
+    app.kubernetes.io/name: karpenter
+    app.kubernetes.io/instance: karpenter
+    app.kubernetes.io/version: "0.30.0"
+data:  
+    "aws.assumeRoleARN": ""
+    "aws.assumeRoleDuration": "15m"
+    "aws.clusterCABundle": ""
+    "aws.clusterEndpoint": ""
+    "aws.clusterName": "notification-canada-ca-staging-eks-cluster"
+    "aws.defaultInstanceProfile": "KarpenterNodeInstanceProfile-karpenter-controller-eks"
+    "aws.enableENILimitedPodDensity": "true"
+    "aws.enablePodENI": "false"
+    "aws.interruptionQueueName": ""
+    "aws.isolatedVPC": "false"
+    "aws.vmMemoryOverheadPercent": "0.075"
+    "batchIdleDuration": "1s"
+    "batchMaxDuration": "10s"
+    "featureGates.driftEnabled": "false"
\ No newline at end of file
diff --git a/env/staging/karpenter/provisioner-patch.yaml b/env/staging/karpenter/provisioner-patch.yaml
new file mode 100644
index 000000000..642d0302f
--- /dev/null
+++ b/env/staging/karpenter/provisioner-patch.yaml
@@ -0,0 +1,19 @@
+apiVersion: karpenter.sh/v1alpha5
+kind: Provisioner
+metadata:
+  name: default
+spec:
+  requirements:
+    - key: karpenter.sh/capacity-type
+      operator: In
+      values: ["spot"]
+    - key: node.kubernetes.io/instance-type
+      operator: In
+      values: ["r5.xlarge", "r5.large"]      
+  limits:
+    resources:
+      cpu: 1000
+  providerRef:
+    name: default
+  consolidation:
+    enabled: true
\ No newline at end of file
diff --git a/env/staging/karpenter/service-account-patch.yaml b/env/staging/karpenter/service-account-patch.yaml
new file mode 100644
index 000000000..b1100174b
--- /dev/null
+++ b/env/staging/karpenter/service-account-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: karpenter
+  namespace: karpenter
+  labels:
+    app.kubernetes.io/name: karpenter
+    app.kubernetes.io/instance: karpenter
+    app.kubernetes.io/version: "0.30.0"
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::239043911459:role/karpenter-controller-eks
\ No newline at end of file
diff --git a/env/staging/kustomization.yaml b/env/staging/kustomization.yaml
index 301d27e16..3dab293ce 100644
--- a/env/staging/kustomization.yaml
+++ b/env/staging/kustomization.yaml
@@ -1,615 +1,655 @@
-bases:
-  - ../../base/karpenter
-  - ../../base/kube-state-metrics
-  - ../../base/prometheus-cloudwatch
-  - ../../base/k8s-event-logger
-  - ../../base/utils
-  - ../../base/notify-admin
-  - ../../base/notify-api
-  - ../../base/notify-celery-other
-  - ../../base/notify-celery-main-primary
-  - ../../base/notify-celery-sms-send-primary
-  - ../../base/notify-celery-email-send-primary
-  - ../../base/notify-celery-main-scalable
-  - ../../base/notify-celery-sms-send-scalable
-  - ../../base/notify-celery-email-send-scalable
-  - ../../base/notify-document-download
-  - ../../base/notify-documentation
-  - ../../base/notify-system
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 
 resources:
-  - fluentbit.yaml
-  - cwagent.yaml
-  - cwagent-configmap.yaml
-  - notification-service-account.yaml
-  - api-target-group.yaml
-  - admin-target-group.yaml
-  - document-download-api-target-group.yaml
-  - documentation-target-group.yaml
-  - aws-auth-configmap.yaml
-  - hasura-ingress.yaml  
+- fluentbit.yaml
+- cwagent.yaml
+- cwagent-configmap.yaml
+- notification-service-account.yaml
+- api-target-group.yaml
+- admin-target-group.yaml
+- document-download-api-target-group.yaml
+- documentation-target-group.yaml
+- aws-auth-configmap.yaml
+- hasura-ingress.yaml
+- ../../base/karpenter
+- ../../base/kube-state-metrics
+- ../../base/prometheus-cloudwatch
+- ../../base/k8s-event-logger
+- ../../base/utils
+- ../../base/notify-admin
+- ../../base/notify-api
+- ../../base/notify-celery-other
+- ../../base/notify-celery-main-primary
+- ../../base/notify-celery-sms-send-primary
+- ../../base/notify-celery-email-send-primary
+- ../../base/notify-celery-main-scalable
+- ../../base/notify-celery-sms-send-scalable
+- ../../base/notify-celery-email-send-scalable
+- ../../base/notify-document-download
+- ../../base/notify-documentation
+- ../../base/notify-system
 
 patches:
-  - performance.yaml
-  - services.yaml
-  - cwagent-patch.yaml
-  - karpenter.yaml
-  - hasura-patch.yaml
-  - jump-box-patch.yaml
-  - node-selector-patch.yaml
+- path: performance/admin-hpa-patch.yaml
+- path: performance/admin-deployment-patch.yaml
+- path: performance/api-hpa-patch.yaml
+- path: performance/api-deployment-patch.yaml
+- path: performance/celery-email-send-primary-deployment-patch.yaml
+- path: performance/celery-email-send-scalable-deployment-patch.yaml
+- path: performance/celery-email-send-scalable-hpa-patch.yaml
+- path: performance/celery-primary-deployment-patch.yaml
+- path: performance/celery-scalable-deployment-patch.yaml
+- path: performance/celery-scalable-hpa-patch.yaml
+- path: performance/celery-sms-send-primary-deployment-patch.yaml
+- path: performance/celery-sms-send-scalable-deployment-patch.yaml
+- path: performance/celery-sms-send-scalable-hpa-patch.yaml
+- path: performance/document-download-api-hpa-patch.yaml
+- path: performance/documentation-deployment-patch.yaml
+
+
+- path: services/admin-service-patch.yaml
+- path: services/api-service-patch.yaml
+- path: services/document-download-api-service-patch.yaml
+- path: services/documentation-service-patch.yaml
+
+- path: cwagent/cwagent-deployment-patch.yaml
+
+- path: karpenter/aws-node-template-patch.yaml
+- path: karpenter/configmap-patch.yaml
+- path: karpenter/provisioner-patch.yaml
+- path: karpenter/service-account-patch.yaml
+
+- path: nodeselectors/admin-node-selector-patch.yaml
+- path: nodeselectors/api-node-selector-patch.yaml
+- path: nodeselectors/celery-api-node-selector-patch.yaml
+- path: nodeselectors/celery-beat-node-selector-patch.yaml
+- path: nodeselectors/celery-email-send-node-selector-patch.yaml
+- path: nodeselectors/celery-email-send-scalable-node-selector-patch.yaml
+- path: nodeselectors/celery-primary-node-selector-patch.yaml
+- path: nodeselectors/celery-scalable-node-selector-patch.yaml
+- path: nodeselectors/celery-sms-node-selector-patch.yaml
+- path: nodeselectors/celery-sms-send-node-selector-patch.yaml
+- path: nodeselectors/celery-sms-send-scalable-node-selector-patch.yaml
+- path: nodeselectors/document-download-api-node-selector-patch.yaml
+- path: nodeselectors/documentation-node-selector-patch.yaml
+- path: nodeselectors/hasura-node-selector-patch.yaml
+- path: nodeselectors/jump-box-node-selector-patch.yaml
 
 images:
-  - name: admin
-    newName: public.ecr.aws/cds-snc/notify-admin:latest
-  - name: api
-    newName: public.ecr.aws/cds-snc/notify-api:latest
-  - name: document-download-api
-    newName: public.ecr.aws/cds-snc/notify-document-download-api:latest
-  - name: documentation
-    newName: public.ecr.aws/cds-snc/notify-documentation:latest
+- name: admin
+  newName: public.ecr.aws/cds-snc/notify-admin:latest
+- name: api
+  newName: public.ecr.aws/cds-snc/notify-api:latest
+- name: document-download-api
+  newName: public.ecr.aws/cds-snc/notify-document-download-api:latest
+- name: documentation
+  newName: public.ecr.aws/cds-snc/notify-documentation:latest
 
 configMapGenerator:
-  - name: application-config
-    env: .env
+- envs:
+  - .env
+  name: application-config
 
 vars:
-  - name: ADMIN_CLIENT_SECRET
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.ADMIN_CLIENT_SECRET
-  - name: ALLOW_DEBUG_ROUTE
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.ALLOW_DEBUG_ROUTE
-  - name: ALLOW_HTML_SERVICE_IDS
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.ALLOW_HTML_SERVICE_IDS
-  - name: API_HOST_NAME
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.API_HOST_NAME
-  - name: ASSET_UPLOAD_BUCKET_NAME
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.ASSET_UPLOAD_BUCKET_NAME
-  - name: ASSET_DOMAIN
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.ASSET_DOMAIN
-  - name: AUTH_TOKENS
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.AUTH_TOKENS
-  - name: AWS_PINPOINT_REGION
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.AWS_PINPOINT_REGION
-  - name: AWS_REGION
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.AWS_REGION
-  - name: AWS_ROUTE53_ZONE
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.AWS_ROUTE53_ZONE
-  - name: AWS_SES_REGION
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.AWS_SES_REGION
-  - name: AWS_SES_SMTP
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.AWS_SES_SMTP
-  - name: AWS_SES_ACCESS_KEY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.AWS_SES_ACCESS_KEY
-  - name: AWS_SES_SECRET_KEY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.AWS_SES_SECRET_KEY
-  - name: BASE_DOMAIN
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.BASE_DOMAIN
-  - name: BULK_SEND_AWS_BUCKET
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.BULK_SEND_AWS_BUCKET
-  - name: BULK_SEND_TEST_SERVICE_ID
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.BULK_SEND_TEST_SERVICE_ID
-  - name: CELERY_CONCURRENCY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.CELERY_CONCURRENCY
-  - name: CELERY_DELIVER_SMS_RATE_LIMIT
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.CELERY_DELIVER_SMS_RATE_LIMIT
-  - name: CONTACT_EMAIL
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.CONTACT_EMAIL
-  - name: CSV_UPLOAD_BUCKET_NAME
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.CSV_UPLOAD_BUCKET_NAME
-  - name: CLUSTER_NAME
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.CLUSTER_NAME
-  - name: DOCUMENTS_BUCKET
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.DOCUMENTS_BUCKET
-  - name: DEBUG_KEY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.DEBUG_KEY
-  - name: DANGEROUS_SALT
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.DANGEROUS_SALT
-  - name: ENVIRONMENT
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.ENVIRONMENT
-  - name: FF_SPIKE_SMS_DAILY_LIMIT
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FF_SPIKE_SMS_DAILY_LIMIT
-  - name: FF_SMS_PARTS_UI
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FF_SMS_PARTS_UI
-  - name: FIDO2_DOMAIN
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FIDO2_DOMAIN
-  - name: FRESH_DESK_API_URL
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FRESH_DESK_API_URL
-  - name: FRESH_DESK_API_KEY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FRESH_DESK_API_KEY
-  - name: FRESH_DESK_PRODUCT_ID
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FRESH_DESK_PRODUCT_ID
-  - name: HASURA_ACCESS_KEY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.HASURA_ACCESS_KEY
-  - name: HC_EN_SERVICE_ID
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.HC_EN_SERVICE_ID
-  - name: HC_FR_SERVICE_ID
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.HC_FR_SERVICE_ID
-  - name: MIXPANEL_PROJECT_TOKEN
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.MIXPANEL_PROJECT_TOKEN
-  - name: NEW_RELIC_LICENSE_KEY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.NEW_RELIC_LICENSE_KEY
-  - name: NEW_RELIC_MONITOR_MODE
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.NEW_RELIC_MONITOR_MODE
-  - name: POSTGRES_HOST
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.POSTGRES_HOST
-  - name: POSTGRES_SQL
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.POSTGRES_SQL
-  - name: REDIS_URL
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.REDIS_URL
-  - name: REDIS_PUBLISH_URL
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.REDIS_PUBLISH_URL
-  - name: SCAN_FILES_DOCUMENTS_BUCKET
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SCAN_FILES_DOCUMENTS_BUCKET
-  - name: SECRET_KEY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SECRET_KEY
-  - name: SENDGRID_API_KEY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SENDGRID_API_KEY
-  - name: SENSITIVE_SERVICES
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SENSITIVE_SERVICES
-  - name: SQLALCHEMY_DATABASE_READER_URI
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SQLALCHEMY_DATABASE_READER_URI
-  - name: SQLALCHEMY_POOL_SIZE
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SQLALCHEMY_POOL_SIZE
-  - name: TWILIO_ACCOUNT_SID
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.TWILIO_ACCOUNT_SID
-  - name: TWILIO_AUTH_TOKEN
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.TWILIO_AUTH_TOKEN
-  - name: TWILIO_FROM_NUMBER
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.TWILIO_FROM_NUMBER
-  - name: SENTRY_URL
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SENTRY_URL
-  - name: EXTRA_MIME_TYPES
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.EXTRA_MIME_TYPES
-  - name: IP_GEOLOCATE_SERVICE
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.IP_GEOLOCATE_SERVICE
-  - name: ZENDESK_SELL_API_URL
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.ZENDESK_SELL_API_URL
-  - name: ZENDESK_SELL_API_KEY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.ZENDESK_SELL_API_KEY
-  - name: ZENDESK_API_URL
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.ZENDESK_API_URL
-  - name: ZENDESK_API_KEY
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.ZENDESK_API_KEY
-  - name: AWS_US_TOLL_FREE_NUMBER
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.AWS_US_TOLL_FREE_NUMBER
-  - name: BATCH_INSERTION_CHUNK_SIZE
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.BATCH_INSERTION_CHUNK_SIZE
-  - name: GC_ARTICLES_API
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.GC_ARTICLES_API
-  - name: GC_ARTICLES_API_AUTH_USERNAME
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.GC_ARTICLES_API_AUTH_USERNAME
-  - name: GC_ARTICLES_API_AUTH_PASSWORD
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.GC_ARTICLES_API_AUTH_PASSWORD
-  - name: WAF_SECRET
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.WAF_SECRET
-  - name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.CRM_GITHUB_PERSONAL_ACCESS_TOKEN
-  - name: CRM_ORG_LIST_URL
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.CRM_ORG_LIST_URL
-  - name: FF_SALESFORCE_CONTACT
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FF_SALESFORCE_CONTACT
-  - name: SALESFORCE_USERNAME
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SALESFORCE_USERNAME
-  - name: SALESFORCE_PASSWORD
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SALESFORCE_PASSWORD
-  - name: SALESFORCE_SECURITY_TOKEN
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SALESFORCE_SECURITY_TOKEN
-  - name: SALESFORCE_DOMAIN
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SALESFORCE_DOMAIN
-  - name: SALESFORCE_ENGAGEMENT_PRODUCT_ID
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SALESFORCE_ENGAGEMENT_PRODUCT_ID
-  - name: SALESFORCE_ENGAGEMENT_RECORD_TYPE
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SALESFORCE_ENGAGEMENT_RECORD_TYPE
-  - name: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
-  - name: SALESFORCE_GENERIC_ACCOUNT_ID
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SALESFORCE_GENERIC_ACCOUNT_ID
-  - name: FF_BOUNCE_RATE_V1
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FF_BOUNCE_RATE_V1
-  - name: FF_BOUNCE_RATE_V15
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FF_BOUNCE_RATE_V15
-  - name: FF_BOUNCE_RATE_BACKEND
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FF_BOUNCE_RATE_BACKEND
-  - name: FF_ABTEST_SERVICE_ID
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.FF_ABTEST_SERVICE_ID
-  - name: SRE_CLIENT_SECRET
-    objref:
-      kind: ConfigMap
-      name: application-config
-      apiVersion: v1
-    fieldref:
-      fieldpath: data.SRE_CLIENT_SECRET
+- fieldref:
+    fieldPath: data.ADMIN_CLIENT_SECRET
+  name: ADMIN_CLIENT_SECRET
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.ALLOW_DEBUG_ROUTE
+  name: ALLOW_DEBUG_ROUTE
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.ALLOW_HTML_SERVICE_IDS
+  name: ALLOW_HTML_SERVICE_IDS
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.API_HOST_NAME
+  name: API_HOST_NAME
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.ASSET_UPLOAD_BUCKET_NAME
+  name: ASSET_UPLOAD_BUCKET_NAME
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.ASSET_DOMAIN
+  name: ASSET_DOMAIN
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.AUTH_TOKENS
+  name: AUTH_TOKENS
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.AWS_PINPOINT_REGION
+  name: AWS_PINPOINT_REGION
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.AWS_REGION
+  name: AWS_REGION
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.AWS_ROUTE53_ZONE
+  name: AWS_ROUTE53_ZONE
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.AWS_SES_REGION
+  name: AWS_SES_REGION
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.AWS_SES_SMTP
+  name: AWS_SES_SMTP
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.AWS_SES_ACCESS_KEY
+  name: AWS_SES_ACCESS_KEY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.AWS_SES_SECRET_KEY
+  name: AWS_SES_SECRET_KEY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.BASE_DOMAIN
+  name: BASE_DOMAIN
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.BULK_SEND_AWS_BUCKET
+  name: BULK_SEND_AWS_BUCKET
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.BULK_SEND_TEST_SERVICE_ID
+  name: BULK_SEND_TEST_SERVICE_ID
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.CELERY_CONCURRENCY
+  name: CELERY_CONCURRENCY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.CELERY_DELIVER_SMS_RATE_LIMIT
+  name: CELERY_DELIVER_SMS_RATE_LIMIT
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.CONTACT_EMAIL
+  name: CONTACT_EMAIL
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.CSV_UPLOAD_BUCKET_NAME
+  name: CSV_UPLOAD_BUCKET_NAME
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.CLUSTER_NAME
+  name: CLUSTER_NAME
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.DOCUMENTS_BUCKET
+  name: DOCUMENTS_BUCKET
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.DEBUG_KEY
+  name: DEBUG_KEY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.DANGEROUS_SALT
+  name: DANGEROUS_SALT
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.ENVIRONMENT
+  name: ENVIRONMENT
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FF_SPIKE_SMS_DAILY_LIMIT
+  name: FF_SPIKE_SMS_DAILY_LIMIT
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FF_SMS_PARTS_UI
+  name: FF_SMS_PARTS_UI
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FIDO2_DOMAIN
+  name: FIDO2_DOMAIN
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FRESH_DESK_API_URL
+  name: FRESH_DESK_API_URL
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FRESH_DESK_API_KEY
+  name: FRESH_DESK_API_KEY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FRESH_DESK_PRODUCT_ID
+  name: FRESH_DESK_PRODUCT_ID
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.HASURA_ACCESS_KEY
+  name: HASURA_ACCESS_KEY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.HC_EN_SERVICE_ID
+  name: HC_EN_SERVICE_ID
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.HC_FR_SERVICE_ID
+  name: HC_FR_SERVICE_ID
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.MIXPANEL_PROJECT_TOKEN
+  name: MIXPANEL_PROJECT_TOKEN
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.NEW_RELIC_LICENSE_KEY
+  name: NEW_RELIC_LICENSE_KEY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.NEW_RELIC_MONITOR_MODE
+  name: NEW_RELIC_MONITOR_MODE
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.POSTGRES_HOST
+  name: POSTGRES_HOST
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.POSTGRES_SQL
+  name: POSTGRES_SQL
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.REDIS_URL
+  name: REDIS_URL
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.REDIS_PUBLISH_URL
+  name: REDIS_PUBLISH_URL
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SCAN_FILES_DOCUMENTS_BUCKET
+  name: SCAN_FILES_DOCUMENTS_BUCKET
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SECRET_KEY
+  name: SECRET_KEY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SENDGRID_API_KEY
+  name: SENDGRID_API_KEY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SENSITIVE_SERVICES
+  name: SENSITIVE_SERVICES
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SQLALCHEMY_DATABASE_READER_URI
+  name: SQLALCHEMY_DATABASE_READER_URI
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SQLALCHEMY_POOL_SIZE
+  name: SQLALCHEMY_POOL_SIZE
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.TWILIO_ACCOUNT_SID
+  name: TWILIO_ACCOUNT_SID
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.TWILIO_AUTH_TOKEN
+  name: TWILIO_AUTH_TOKEN
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.TWILIO_FROM_NUMBER
+  name: TWILIO_FROM_NUMBER
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SENTRY_URL
+  name: SENTRY_URL
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.EXTRA_MIME_TYPES
+  name: EXTRA_MIME_TYPES
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.IP_GEOLOCATE_SERVICE
+  name: IP_GEOLOCATE_SERVICE
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.ZENDESK_SELL_API_URL
+  name: ZENDESK_SELL_API_URL
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.ZENDESK_SELL_API_KEY
+  name: ZENDESK_SELL_API_KEY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.ZENDESK_API_URL
+  name: ZENDESK_API_URL
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.ZENDESK_API_KEY
+  name: ZENDESK_API_KEY
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.AWS_US_TOLL_FREE_NUMBER
+  name: AWS_US_TOLL_FREE_NUMBER
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.BATCH_INSERTION_CHUNK_SIZE
+  name: BATCH_INSERTION_CHUNK_SIZE
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.GC_ARTICLES_API
+  name: GC_ARTICLES_API
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.GC_ARTICLES_API_AUTH_USERNAME
+  name: GC_ARTICLES_API_AUTH_USERNAME
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.GC_ARTICLES_API_AUTH_PASSWORD
+  name: GC_ARTICLES_API_AUTH_PASSWORD
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.WAF_SECRET
+  name: WAF_SECRET
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.CRM_GITHUB_PERSONAL_ACCESS_TOKEN
+  name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.CRM_ORG_LIST_URL
+  name: CRM_ORG_LIST_URL
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FF_SALESFORCE_CONTACT
+  name: FF_SALESFORCE_CONTACT
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SALESFORCE_USERNAME
+  name: SALESFORCE_USERNAME
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SALESFORCE_PASSWORD
+  name: SALESFORCE_PASSWORD
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SALESFORCE_SECURITY_TOKEN
+  name: SALESFORCE_SECURITY_TOKEN
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SALESFORCE_DOMAIN
+  name: SALESFORCE_DOMAIN
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SALESFORCE_ENGAGEMENT_PRODUCT_ID
+  name: SALESFORCE_ENGAGEMENT_PRODUCT_ID
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SALESFORCE_ENGAGEMENT_RECORD_TYPE
+  name: SALESFORCE_ENGAGEMENT_RECORD_TYPE
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
+  name: SALESFORCE_ENGAGEMENT_STANDARD_PRICEBOOK_ID
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SALESFORCE_GENERIC_ACCOUNT_ID
+  name: SALESFORCE_GENERIC_ACCOUNT_ID
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FF_BOUNCE_RATE_V1
+  name: FF_BOUNCE_RATE_V1
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FF_BOUNCE_RATE_V15
+  name: FF_BOUNCE_RATE_V15
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FF_BOUNCE_RATE_BACKEND
+  name: FF_BOUNCE_RATE_BACKEND
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.FF_ABTEST_SERVICE_ID
+  name: FF_ABTEST_SERVICE_ID
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
+- fieldref:
+    fieldPath: data.SRE_CLIENT_SECRET
+  name: SRE_CLIENT_SECRET
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: application-config
diff --git a/env/staging/node-selector-patch.yaml b/env/staging/node-selector-patch.yaml
deleted file mode 100644
index 03410e69b..000000000
--- a/env/staging/node-selector-patch.yaml
+++ /dev/null
@@ -1,182 +0,0 @@
-#### Change what type of node each deployment should be deployed to
-
-#### KARPENTER SPOT INSTANCES - EPHEMERAL, STATE NOT REQUIRED
-
-# Celery
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-scalable
-  name:  celery-scalable
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        karpenter.sh/capacity-type: spot    
-
----
-# Celery SMS Send
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms-send-scalable
-  name:  celery-sms-send-scalable
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        karpenter.sh/capacity-type: spot    
-   
----
-# Celery Email Send
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-email-send-scalable
-  name:  celery-email-send-scalable
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        karpenter.sh/capacity-type: spot    
-
-
----
-# Notification API K8s
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: api
-  name:  api
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
----
-### ON DEMAND (PRIMARY) NODES - ALWAYS AVAILABLE
-
-# Celery
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-primary
-  name:  celery-primary
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
-
----
-# Celery SMS Send
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms-send-primary
-  name:  celery-sms-send-primary
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
-   
----
-# Celery Email Send
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-email-send-primary
-  name:  celery-email-send-primary
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
-
----
-
-# Celery Beat
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-beat
-  name:  celery-beat
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
----
-# Celery SMS
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms
-    profile: fargate
-  name:  celery-sms
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND
----
-# Notify Admin
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: admin
-  name:  admin
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND
----
-# Document Download API
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: document-download-api
-  name: document-download-api
-  namespace: notification-canada-ca
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND    
----
-# Documentation
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: documentation
-  namespace: notification-canada-ca
-  labels:
-    app: documentation
-spec:
-  template:
-    spec:
-      nodeSelector:
-        eks.amazonaws.com/capacityType: ON_DEMAND   
diff --git a/env/staging/nodeselectors/admin-node-selector-patch.yaml b/env/staging/nodeselectors/admin-node-selector-patch.yaml
new file mode 100644
index 000000000..b2b2d62c2
--- /dev/null
+++ b/env/staging/nodeselectors/admin-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Notify Admin
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: admin
+  name:  admin
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND
\ No newline at end of file
diff --git a/env/staging/nodeselectors/api-node-selector-patch.yaml b/env/staging/nodeselectors/api-node-selector-patch.yaml
new file mode 100644
index 000000000..d0860b7aa
--- /dev/null
+++ b/env/staging/nodeselectors/api-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Notification API K8s
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: api
+  name:  api
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND    
\ No newline at end of file
diff --git a/env/staging/nodeselectors/celery-api-node-selector-patch.yaml b/env/staging/nodeselectors/celery-api-node-selector-patch.yaml
new file mode 100644
index 000000000..1edae1f3d
--- /dev/null
+++ b/env/staging/nodeselectors/celery-api-node-selector-patch.yaml
@@ -0,0 +1,28 @@
+# Notification API K8s
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: api
+  name:  api
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 90
+            preference:
+              matchExpressions:
+              - key: eks.amazonaws.com/capacityType
+                operator: In
+                values:
+                - ON_DEMAND
+          - weight: 10
+            preference:
+              matchExpressions:
+              - key: karpenter.sh/capacity-type
+                operator: In
+                values:
+                - spot    
\ No newline at end of file
diff --git a/env/staging/nodeselectors/celery-beat-node-selector-patch.yaml b/env/staging/nodeselectors/celery-beat-node-selector-patch.yaml
new file mode 100644
index 000000000..5b17eec2b
--- /dev/null
+++ b/env/staging/nodeselectors/celery-beat-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery Beat
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-beat
+  name:  celery-beat
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND    
\ No newline at end of file
diff --git a/env/staging/nodeselectors/celery-email-send-node-selector-patch.yaml b/env/staging/nodeselectors/celery-email-send-node-selector-patch.yaml
new file mode 100644
index 000000000..0b544bd97
--- /dev/null
+++ b/env/staging/nodeselectors/celery-email-send-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery Email Send
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-email-send-primary
+  name:  celery-email-send-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND    
\ No newline at end of file
diff --git a/env/staging/nodeselectors/celery-email-send-scalable-node-selector-patch.yaml b/env/staging/nodeselectors/celery-email-send-scalable-node-selector-patch.yaml
new file mode 100644
index 000000000..7adad94d8
--- /dev/null
+++ b/env/staging/nodeselectors/celery-email-send-scalable-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery Email Send
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-email-send-scalable
+  name:  celery-email-send-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        karpenter.sh/capacity-type: spot    
diff --git a/env/staging/nodeselectors/celery-primary-node-selector-patch.yaml b/env/staging/nodeselectors/celery-primary-node-selector-patch.yaml
new file mode 100644
index 000000000..100273035
--- /dev/null
+++ b/env/staging/nodeselectors/celery-primary-node-selector-patch.yaml
@@ -0,0 +1,14 @@
+
+# Celery
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-primary
+  name:  celery-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND    
\ No newline at end of file
diff --git a/env/staging/nodeselectors/celery-scalable-node-selector-patch.yaml b/env/staging/nodeselectors/celery-scalable-node-selector-patch.yaml
new file mode 100644
index 000000000..8b1fb3e78
--- /dev/null
+++ b/env/staging/nodeselectors/celery-scalable-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-scalable
+  name:  celery-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        karpenter.sh/capacity-type: spot    
\ No newline at end of file
diff --git a/env/staging/nodeselectors/celery-sms-node-selector-patch.yaml b/env/staging/nodeselectors/celery-sms-node-selector-patch.yaml
new file mode 100644
index 000000000..5a72b7b44
--- /dev/null
+++ b/env/staging/nodeselectors/celery-sms-node-selector-patch.yaml
@@ -0,0 +1,14 @@
+# Celery SMS
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-sms
+    profile: fargate
+  name:  celery-sms
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND
\ No newline at end of file
diff --git a/env/staging/nodeselectors/celery-sms-send-node-selector-patch.yaml b/env/staging/nodeselectors/celery-sms-send-node-selector-patch.yaml
new file mode 100644
index 000000000..c3ff2f2fb
--- /dev/null
+++ b/env/staging/nodeselectors/celery-sms-send-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery SMS Send
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-sms-send-primary
+  name:  celery-sms-send-primary
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND    
\ No newline at end of file
diff --git a/env/staging/nodeselectors/celery-sms-send-scalable-node-selector-patch.yaml b/env/staging/nodeselectors/celery-sms-send-scalable-node-selector-patch.yaml
new file mode 100644
index 000000000..589750ca7
--- /dev/null
+++ b/env/staging/nodeselectors/celery-sms-send-scalable-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Celery SMS Send
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-sms-send-scalable
+  name:  celery-sms-send-scalable
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        karpenter.sh/capacity-type: spot    
\ No newline at end of file
diff --git a/env/staging/nodeselectors/document-download-api-node-selector-patch.yaml b/env/staging/nodeselectors/document-download-api-node-selector-patch.yaml
new file mode 100644
index 000000000..ff94fdcf8
--- /dev/null
+++ b/env/staging/nodeselectors/document-download-api-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Document Download API
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: document-download-api
+  name: document-download-api
+  namespace: notification-canada-ca
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND    
\ No newline at end of file
diff --git a/env/staging/nodeselectors/documentation-node-selector-patch.yaml b/env/staging/nodeselectors/documentation-node-selector-patch.yaml
new file mode 100644
index 000000000..e78955e6e
--- /dev/null
+++ b/env/staging/nodeselectors/documentation-node-selector-patch.yaml
@@ -0,0 +1,13 @@
+# Documentation
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: documentation
+  namespace: notification-canada-ca
+  labels:
+    app: documentation
+spec:
+  template:
+    spec:
+      nodeSelector:
+        eks.amazonaws.com/capacityType: ON_DEMAND   
diff --git a/env/staging/hasura-patch.yaml b/env/staging/nodeselectors/hasura-node-selector-patch.yaml
similarity index 100%
rename from env/staging/hasura-patch.yaml
rename to env/staging/nodeselectors/hasura-node-selector-patch.yaml
diff --git a/env/staging/jump-box-patch.yaml b/env/staging/nodeselectors/jump-box-node-selector-patch.yaml
similarity index 100%
rename from env/staging/jump-box-patch.yaml
rename to env/staging/nodeselectors/jump-box-node-selector-patch.yaml
diff --git a/env/staging/performance.yaml b/env/staging/performance.yaml
deleted file mode 100644
index a4e1ba942..000000000
--- a/env/staging/performance.yaml
+++ /dev/null
@@ -1,266 +0,0 @@
-####################################### RESOURCE REQUESTS #######################################
-# PRIMARY CELERIES
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-primary
-  name:  celery-primary
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-primary
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms-send-primary
-  name:  celery-sms-send-primary
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-sms-send-primary
-        resources:
-          requests:
-            cpu: "50m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-email-send-primary
-  name:  celery-email-send-primary
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-email-send-primary
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-# SCALABLE CELERIES
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-scalable
-  name:  celery-scalable
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-scalable
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-sms-send-scalable
-  name:  celery-sms-send-scalable
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-sms-send-scalable
-        resources:
-          requests:
-            cpu: "50m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: celery-email-send-scalable
-  name:  celery-email-send-scalable
-  namespace: notification-canada-ca
-spec:
-  replicas: 3
-  template:
-    spec:
-      containers:
-      - name: celery-email-send-scalable
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "500Mi"
-          limits:
-            cpu: "550m"
-            memory: "1024Mi"
----
-# OTHER APPS
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: api
-  name:  api
-  namespace: notification-canada-ca
-spec:
-  replicas: 4
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: admin
-  name:  admin
-  namespace: notification-canada-ca
-spec:
-  replicas: 2
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: documentation
-  name:  documentation
-  namespace: notification-canada-ca
-spec:
-  replicas: 2
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: document-download-api-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 2
-  maxReplicas: 4
----
-
-####################################### POD AUTOSCALING #######################################
-# AUTOSCALING FOR CELERIES
-
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: celery-scalable-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 3
-  maxReplicas: 30
-  metrics:
-  - resource:
-      name: cpu
-      target:
-        averageUtilization: 25
-        type: Utilization
-    type: Resource
-  behavior:
-    scaleUp:
-      stabilizationWindowSeconds: 0
-      policies:
-      - type: Pods
-        value: 6
-        periodSeconds: 45
-      selectPolicy: Max            
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: celery-sms-send-scalable-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 3
-  maxReplicas: 20
-  metrics:
-  - resource:
-      name: cpu
-      target:
-        averageUtilization: 25
-        type: Utilization
-    type: Resource
-  behavior:
-    scaleUp:
-      stabilizationWindowSeconds: 0
-      policies:
-      - type: Pods
-        value: 6
-        periodSeconds: 45
-      selectPolicy: Max
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: celery-email-send-scalable-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 3
-  maxReplicas: 30
-  metrics:
-  - resource:
-      name: cpu
-      target:
-        averageUtilization: 25
-        type: Utilization
-    type: Resource
-  behavior:
-    scaleUp:
-      stabilizationWindowSeconds: 0
-      policies:
-      - type: Pods
-        value: 6
-        periodSeconds: 45
-      selectPolicy: Max
-
----
-# OTHER APPS
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: admin-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 2
-  maxReplicas: 2
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: api-hpa
-  namespace: notification-canada-ca
-spec:
-  minReplicas: 4
-  maxReplicas: 4
\ No newline at end of file
diff --git a/env/staging/performance/admin-deployment-patch.yaml b/env/staging/performance/admin-deployment-patch.yaml
new file mode 100644
index 000000000..c6d60a77a
--- /dev/null
+++ b/env/staging/performance/admin-deployment-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: admin
+  name:  admin
+  namespace: notification-canada-ca
+spec:
+  replicas: 2
\ No newline at end of file
diff --git a/env/staging/performance/admin-hpa-patch.yaml b/env/staging/performance/admin-hpa-patch.yaml
new file mode 100644
index 000000000..a9651c3b3
--- /dev/null
+++ b/env/staging/performance/admin-hpa-patch.yaml
@@ -0,0 +1,8 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: admin-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 2
+  maxReplicas: 2
\ No newline at end of file
diff --git a/env/staging/performance/api-deployment-patch.yaml b/env/staging/performance/api-deployment-patch.yaml
new file mode 100644
index 000000000..7765cc68e
--- /dev/null
+++ b/env/staging/performance/api-deployment-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: api
+  name:  api
+  namespace: notification-canada-ca
+spec:
+  replicas: 2
\ No newline at end of file
diff --git a/env/staging/performance/api-hpa-patch.yaml b/env/staging/performance/api-hpa-patch.yaml
new file mode 100644
index 000000000..5c6965d11
--- /dev/null
+++ b/env/staging/performance/api-hpa-patch.yaml
@@ -0,0 +1,8 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: api-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 1
+  maxReplicas: 2
\ No newline at end of file
diff --git a/env/staging/performance/celery-email-send-primary-deployment-patch.yaml b/env/staging/performance/celery-email-send-primary-deployment-patch.yaml
new file mode 100644
index 000000000..9eaef5a97
--- /dev/null
+++ b/env/staging/performance/celery-email-send-primary-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-email-send-primary
+  name:  celery-email-send-primary
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-email-send-primary
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"
\ No newline at end of file
diff --git a/env/staging/performance/celery-email-send-scalable-deployment-patch.yaml b/env/staging/performance/celery-email-send-scalable-deployment-patch.yaml
new file mode 100644
index 000000000..b81f25dda
--- /dev/null
+++ b/env/staging/performance/celery-email-send-scalable-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-email-send-scalable
+  name:  celery-email-send-scalable
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-email-send-scalable
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"
\ No newline at end of file
diff --git a/env/staging/performance/celery-email-send-scalable-hpa-patch.yaml b/env/staging/performance/celery-email-send-scalable-hpa-patch.yaml
new file mode 100644
index 000000000..af586e01e
--- /dev/null
+++ b/env/staging/performance/celery-email-send-scalable-hpa-patch.yaml
@@ -0,0 +1,23 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: celery-email-send-scalable-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 3
+  maxReplicas: 30
+  metrics:
+  - resource:
+      name: cpu
+      target:
+        averageUtilization: 25
+        type: Utilization
+    type: Resource
+  behavior:
+    scaleUp:
+      stabilizationWindowSeconds: 0
+      policies:
+      - type: Pods
+        value: 6
+        periodSeconds: 45
+      selectPolicy: Max
\ No newline at end of file
diff --git a/env/staging/performance/celery-primary-deployment-patch.yaml b/env/staging/performance/celery-primary-deployment-patch.yaml
new file mode 100644
index 000000000..269b75c01
--- /dev/null
+++ b/env/staging/performance/celery-primary-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-primary
+  name:  celery-primary
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-primary
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"
\ No newline at end of file
diff --git a/env/staging/performance/celery-scalable-deployment-patch.yaml b/env/staging/performance/celery-scalable-deployment-patch.yaml
new file mode 100644
index 000000000..01dfa1062
--- /dev/null
+++ b/env/staging/performance/celery-scalable-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-scalable
+  name:  celery-scalable
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-scalable
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"
\ No newline at end of file
diff --git a/env/staging/performance/celery-scalable-hpa-patch.yaml b/env/staging/performance/celery-scalable-hpa-patch.yaml
new file mode 100644
index 000000000..a891f423a
--- /dev/null
+++ b/env/staging/performance/celery-scalable-hpa-patch.yaml
@@ -0,0 +1,23 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: celery-scalable-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 3
+  maxReplicas: 30
+  metrics:
+  - resource:
+      name: cpu
+      target:
+        averageUtilization: 25
+        type: Utilization
+    type: Resource
+  behavior:
+    scaleUp:
+      stabilizationWindowSeconds: 0
+      policies:
+      - type: Pods
+        value: 6
+        periodSeconds: 45
+      selectPolicy: Max          
\ No newline at end of file
diff --git a/env/staging/performance/celery-sms-send-primary-deployment-patch.yaml b/env/staging/performance/celery-sms-send-primary-deployment-patch.yaml
new file mode 100644
index 000000000..8959db4dc
--- /dev/null
+++ b/env/staging/performance/celery-sms-send-primary-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-sms-send-primary
+  name:  celery-sms-send-primary
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-sms-send-primary
+        resources:
+          requests:
+            cpu: "50m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"
\ No newline at end of file
diff --git a/env/staging/performance/celery-sms-send-scalable-deployment-patch.yaml b/env/staging/performance/celery-sms-send-scalable-deployment-patch.yaml
new file mode 100644
index 000000000..92fc1af7a
--- /dev/null
+++ b/env/staging/performance/celery-sms-send-scalable-deployment-patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: celery-sms-send-scalable
+  name:  celery-sms-send-scalable
+  namespace: notification-canada-ca
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: celery-sms-send-scalable
+        resources:
+          requests:
+            cpu: "50m"
+            memory: "500Mi"
+          limits:
+            cpu: "550m"
+            memory: "1024Mi"
\ No newline at end of file
diff --git a/env/staging/performance/celery-sms-send-scalable-hpa-patch.yaml b/env/staging/performance/celery-sms-send-scalable-hpa-patch.yaml
new file mode 100644
index 000000000..0b895c6ac
--- /dev/null
+++ b/env/staging/performance/celery-sms-send-scalable-hpa-patch.yaml
@@ -0,0 +1,23 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: celery-sms-send-scalable-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 3
+  maxReplicas: 20
+  metrics:
+  - resource:
+      name: cpu
+      target:
+        averageUtilization: 25
+        type: Utilization
+    type: Resource
+  behavior:
+    scaleUp:
+      stabilizationWindowSeconds: 0
+      policies:
+      - type: Pods
+        value: 6
+        periodSeconds: 45
+      selectPolicy: Max
\ No newline at end of file
diff --git a/env/staging/performance/document-download-api-hpa-patch.yaml b/env/staging/performance/document-download-api-hpa-patch.yaml
new file mode 100644
index 000000000..7bd468958
--- /dev/null
+++ b/env/staging/performance/document-download-api-hpa-patch.yaml
@@ -0,0 +1,8 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: document-download-api-hpa
+  namespace: notification-canada-ca
+spec:
+  minReplicas: 2
+  maxReplicas: 4
\ No newline at end of file
diff --git a/env/staging/performance/documentation-deployment-patch.yaml b/env/staging/performance/documentation-deployment-patch.yaml
new file mode 100644
index 000000000..668379eae
--- /dev/null
+++ b/env/staging/performance/documentation-deployment-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: documentation
+  name:  documentation
+  namespace: notification-canada-ca
+spec:
+  replicas: 2
\ No newline at end of file
diff --git a/env/staging/services/admin-service-patch.yaml b/env/staging/services/admin-service-patch.yaml
new file mode 100644
index 000000000..13573961d
--- /dev/null
+++ b/env/staging/services/admin-service-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: admin
+  name: admin
+  namespace: notification-canada-ca
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-internal: "true"    
\ No newline at end of file
diff --git a/env/staging/services/api-service-patch.yaml b/env/staging/services/api-service-patch.yaml
new file mode 100644
index 000000000..48bce8f93
--- /dev/null
+++ b/env/staging/services/api-service-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: api
+  name: api
+  namespace: notification-canada-ca
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-internal: "true"  
\ No newline at end of file
diff --git a/env/staging/services/document-download-api-service-patch.yaml b/env/staging/services/document-download-api-service-patch.yaml
new file mode 100644
index 000000000..f034deb41
--- /dev/null
+++ b/env/staging/services/document-download-api-service-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: document-download-api
+  name: document-download-api
+  namespace: notification-canada-ca
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-internal: "true"  
\ No newline at end of file
diff --git a/env/staging/services/documentation-service-patch.yaml b/env/staging/services/documentation-service-patch.yaml
new file mode 100644
index 000000000..8cd2bebf9
--- /dev/null
+++ b/env/staging/services/documentation-service-patch.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: documentation
+  name: documentation
+  namespace: notification-canada-ca
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-internal: "true"      
\ No newline at end of file