use bitnami chart

.github/workflows/helm-community.yml

@@ -89,7 +89,6 @@ jobs:
           helm repo add self https://alfresco.github.io/alfresco-helm-charts/
           helm repo add codecentric https://codecentric.github.io/helm-charts/
           helm repo add elastic https://helm.elastic.co/
-          helm repo add wiremind https://wiremind.github.io/wiremind-helm-charts
 
       - name: Helm install
         run: |

.github/workflows/helm-enterprise.yml

@@ -123,7 +123,6 @@ jobs:
         run: |
           helm repo add self https://alfresco.github.io/alfresco-helm-charts/
           helm repo add elastic https://helm.elastic.co/
-          helm repo add wiremind https://wiremind.github.io/wiremind-helm-charts
 
       - name: Helm install
         run: >-

docs/helm/upgrades.md

@@ -21,8 +21,7 @@ version in which they have been released.
 * External dependencies on bitnami/common chart have been completely removed
   from alfresco charts.
 * When using Elasticsearch, the username and password are now configured with
-  default values. See [secret
-  template](../../helm/alfresco-content-services/templates/secret-search.yaml)
+  default values. See [secret template](../../helm/alfresco-content-services/templates/secret-search.yaml)
   It is strongly recommended to update these credentials to more secure values
   to enhance security and prevent unauthorized access.
 

helm/alfresco-content-services/7.2.N_values.yaml

@@ -85,10 +85,6 @@ alfresco-connector-ms365:
 alfresco-connector-msteams:
   image:
     tag: 2.0.4
-elasticsearch-audit:
-  enabled: false
-kibana-audit:
-  enabled: false
 alfresco-audit-storage:
   enabled: false
 dtas:

helm/alfresco-content-services/7.3.N_values.yaml

@@ -85,10 +85,6 @@ alfresco-connector-ms365:
 alfresco-connector-msteams:
   image:
     tag: 2.0.4
-elasticsearch-audit:
-  enabled: false
-kibana-audit:
-  enabled: false
 alfresco-audit-storage:
   enabled: false
 dtas:

helm/alfresco-content-services/7.4.N_values.yaml

@@ -85,10 +85,6 @@ alfresco-connector-ms365:
 alfresco-connector-msteams:
   image:
     tag: 2.0.4
-elasticsearch-audit:
-  enabled: false
-kibana-audit:
-  enabled: false
 alfresco-audit-storage:
   enabled: false
 dtas:

helm/alfresco-content-services/Chart.lock

@@ -45,16 +45,10 @@ dependencies:
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 3.0.0
 - name: elasticsearch
-  repository: https://wiremind.github.io/wiremind-helm-charts
-  version: 8.15.3
-- name: elasticsearch
-  repository: https://wiremind.github.io/wiremind-helm-charts
-  version: 8.15.3
-- name: kibana
-  repository: https://wiremind.github.io/wiremind-helm-charts
-  version: 8.5.16
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 21.4.1
 - name: alfresco-audit-storage
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 0.1.0
-digest: sha256:c134925ea5322314a2614c0de5299f5629b63caa4925ed6a03dae3d9329f06bb
-generated: "2024-12-16T14:49:31.930629+01:00"
+digest: sha256:5433041eaf19fe64506a8b2942ce90901d9f102eb2d773b796a9c4e64bb70d3f
+generated: "2024-12-17T14:44:48.423722+01:00"

helm/alfresco-content-services/Chart.yaml

@@ -82,19 +82,9 @@ dependencies:
     repository: https://alfresco.github.io/alfresco-helm-charts/
     condition: alfresco-ai-transformer.enabled
   - name: elasticsearch
-    repository: https://wiremind.github.io/wiremind-helm-charts
-    version: 8.15.3
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 21.4.1
     condition: elasticsearch.enabled
-  - name: elasticsearch
-    alias: elasticsearch-audit
-    repository: https://wiremind.github.io/wiremind-helm-charts
-    version: 8.15.3
-    condition: elasticsearch-audit.enabled
-  - name: kibana
-    alias: kibana-audit
-    repository: https://wiremind.github.io/wiremind-helm-charts
-    version: 8.5.16
-    condition: kibana-audit.enabled
   - name: alfresco-audit-storage
     version: 0.1.0
     repository: https://alfresco.github.io/alfresco-helm-charts/

helm/alfresco-content-services/README.md

@@ -36,9 +36,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | https://alfresco.github.io/alfresco-helm-charts/ | share(alfresco-share) | 1.2.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-sync-service | 7.0.0-alpha.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-transform-service | 2.1.2 |
-| https://wiremind.github.io/wiremind-helm-charts | elasticsearch | 8.15.3 |
-| https://wiremind.github.io/wiremind-helm-charts | elasticsearch-audit(elasticsearch) | 8.15.3 |
-| https://wiremind.github.io/wiremind-helm-charts | kibana-audit(kibana) | 8.5.16 |
+| oci://registry-1.docker.io/bitnamicharts | elasticsearch | 21.4.1 |
 | oci://registry-1.docker.io/bitnamicharts | postgresql-sync(postgresql) | 12.8.5 |
 | oci://registry-1.docker.io/bitnamicharts | postgresql | 12.8.5 |
 
@@ -63,12 +61,12 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | alfresco-ai-transformer.sfs.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the ATS shared filestore URL |
 | alfresco-audit-storage.enabled | bool | `true` |  |
 | alfresco-audit-storage.image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` |  |
-| alfresco-audit-storage.image.tag | string | `"latest"` |  |
-| alfresco-audit-storage.index.existingConfigMap.keys.url | string | `"AUDIT_ELASTICSEARCH_URL"` |  |
+| alfresco-audit-storage.image.tag | string | `"1.0.0"` |  |
+| alfresco-audit-storage.index.existingConfigMap.keys.url | string | `"SEARCH_URL"` |  |
 | alfresco-audit-storage.index.existingConfigMap.name | string | `"alfresco-infrastructure"` |  |
-| alfresco-audit-storage.index.existingSecret.keys.password | string | `"password"` |  |
-| alfresco-audit-storage.index.existingSecret.keys.username | string | `"username"` |  |
-| alfresco-audit-storage.index.existingSecret.name | string | `"alfresco-aas-elasticsearch-secret"` |  |
+| alfresco-audit-storage.index.existingSecret.keys.password | string | `"SEARCH_PASSWORD"` |  |
+| alfresco-audit-storage.index.existingSecret.keys.username | string | `"SEARCH_USERNAME"` |  |
+| alfresco-audit-storage.index.existingSecret.name | string | `"alfresco-search-secret"` |  |
 | alfresco-audit-storage.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the message broker URL |
 | alfresco-audit-storage.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | Name of the configmap which holds the message broker credentials |
 | alfresco-connector-ms365.enabled | bool | `false` | Enable/Disable Alfresco Content Connector for Microsoft 365 |
@@ -223,7 +221,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | database.user | string | `nil` | External Postgresql database user |
 | dtas.additionalArgs[0] | string | `"--tb=short"` |  |
 | dtas.config.assertions.aas.audit_host | string | `"http://acs-alfresco-audit-storage:8081"` |  |
-| dtas.config.assertions.aas.elasticsearch_host | string | `"http://elasticsearch-aas-master:9200"` |  |
+| dtas.config.assertions.aas.elasticsearch_host | string | `"http://acs-elasticsearch:9200"` |  |
 | dtas.config.assertions.acs.edition | string | `"Enterprise"` |  |
 | dtas.config.assertions.acs.identity | bool | `false` |  |
 | dtas.config.assertions.acs.modules[0].id | string | `"org.alfresco.integrations.google.docs"` |  |
@@ -241,44 +239,27 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | dtas.image.pullPolicy | string | `"IfNotPresent"` |  |
 | dtas.image.repository | string | `"quay.io/alfresco/alfresco-deployment-test-automation-scripts"` |  |
 | dtas.image.tag | string | `"v1.6.0"` |  |
-| elasticsearch-audit.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` |  |
-| elasticsearch-audit.clusterName | string | `"elasticsearch-aas"` |  |
-| elasticsearch-audit.enabled | bool | `true` | Enables the embedded elasticsearch cluster for alfresco-audit-storage |
-| elasticsearch-audit.extraEnvs[0].name | string | `"ELASTIC_USERNAME"` |  |
-| elasticsearch-audit.extraEnvs[0].valueFrom.secretKeyRef.key | string | `"username"` |  |
-| elasticsearch-audit.extraEnvs[0].valueFrom.secretKeyRef.name | string | `"alfresco-aas-elasticsearch-secret"` |  |
-| elasticsearch-audit.extraEnvs[1].name | string | `"ELASTIC_PASSWORD"` |  |
-| elasticsearch-audit.extraEnvs[1].valueFrom.secretKeyRef.key | string | `"password"` |  |
-| elasticsearch-audit.extraEnvs[1].valueFrom.secretKeyRef.name | string | `"alfresco-aas-elasticsearch-secret"` |  |
-| elasticsearch-audit.httpTls.enabled | bool | `false` |  |
-| elasticsearch-audit.ingress.enabled | bool | `false` | toggle deploying elasticsearch-audit ingress for more details about configuration check https://github.com/elastic/helm-charts/blob/main/elasticsearch/values.yaml#L255 |
-| elasticsearch-audit.minimumMasterNodes | int | `1` |  |
-| elasticsearch-audit.nameOverride | string | `"elasticsearch-aas"` |  |
-| elasticsearch-audit.protocol | string | `"http"` |  |
-| elasticsearch-audit.replicas | int | `1` |  |
-| elasticsearch-audit.secret | object | `{"enabled":false}` | Disabled to use the password produced by the umbrella chart |
-| elasticsearch-audit.tests.enabled | bool | `false` |  |
-| elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` |  |
+| elasticsearch.coordinating.replicaCount | int | `0` |  |
+| elasticsearch.data.replicaCount | int | `0` |  |
 | elasticsearch.enabled | bool | `true` | Enables the embedded elasticsearch cluster |
-| elasticsearch.extraEnvs[0].name | string | `"ELASTIC_USERNAME"` |  |
-| elasticsearch.extraEnvs[0].valueFrom.secretKeyRef.key | string | `"SEARCH_USERNAME"` |  |
-| elasticsearch.extraEnvs[0].valueFrom.secretKeyRef.name | string | `"alfresco-search-secret"` |  |
-| elasticsearch.extraEnvs[1].name | string | `"ELASTIC_PASSWORD"` |  |
-| elasticsearch.extraEnvs[1].valueFrom.secretKeyRef.key | string | `"SEARCH_PASSWORD"` |  |
-| elasticsearch.extraEnvs[1].valueFrom.secretKeyRef.name | string | `"alfresco-search-secret"` |  |
-| elasticsearch.httpTls.enabled | bool | `false` |  |
-| elasticsearch.minimumMasterNodes | int | `1` |  |
-| elasticsearch.protocol | string | `"http"` |  |
-| elasticsearch.replicas | int | `1` |  |
-| elasticsearch.secret | object | `{"enabled":false}` | Disabled to use the password produced by the umbrella chart |
-| elasticsearch.tests.enabled | bool | `false` |  |
+| elasticsearch.ingest.replicaCount | int | `0` |  |
+| elasticsearch.ingress.enabled | bool | `false` | toggle deploying elasticsearch-audit ingress for more details about configuration check https://github.com/elastic/helm-charts/blob/main/elasticsearch/values.yaml#L255 |
+| elasticsearch.kibana.configuration.server.basePath | string | `"/kibana"` |  |
+| elasticsearch.kibana.configuration.server.publicBaseUrl | string | `"http://localhost/kibana"` |  |
+| elasticsearch.kibana.configuration.server.rewriteBasePath | bool | `true` |  |
+| elasticsearch.kibana.elasticsearch.security.auth.elasticsearchPasswordSecret | string | `"alfresco-search-secret"` |  |
+| elasticsearch.kibana.elasticsearch.security.auth.existingSecret | string | `"alfresco-search-secret"` |  |
+| elasticsearch.kibana.ingress.enabled | bool | `true` |  |
+| elasticsearch.kibana.ingress.hostname | string | `"*"` |  |
+| elasticsearch.kibana.ingress.ingressClassName | string | `"nginx"` |  |
+| elasticsearch.kibana.ingress.path | string | `"/kibana"` |  |
+| elasticsearch.master.masterOnly | bool | `false` |  |
+| elasticsearch.master.replicaCount | int | `1` |  |
+| elasticsearch.security.elasticSecret | string | `"alfresco-search-secret"` |  |
 | global.alfrescoRegistryPullSecrets | string | `nil` | If a private image registry a secret can be defined and passed to kubernetes, see: https://github.com/Alfresco/acs-deployment/blob/a924ad6670911f64f1bba680682d266dd4ea27fb/docs/helm/eks-deployment.md#docker-registry-secret |
-| global.auditIndex.existingSecretName | string | `nil` | Name of an existing secret that contains AUDIT_ELASTICSEARCH_USERNAME and AUDIT_ELASTICSEARCH_PASSWORD keys. |
-| global.auditIndex.password | string | `nil` | Elasticsearch password |
-| global.auditIndex.publicBaseUrl | string | `nil` | Base url for kibana environment variable `SERVER_PUBLICBASEURL`  |
-| global.auditIndex.secretName | string | `"alfresco-aas-elasticsearch-secret"` | Name of the secret managed by this chart |
-| global.auditIndex.url | string | `nil` | Elasticsearch URL |
-| global.auditIndex.username | string | `nil` | Elasticsearch username |
+| global.elasticsearch.service.name | string | `"elasticsearch"` |  |
+| global.elasticsearch.service.ports.restAPI | int | `9200` |  |
+| global.kibanaEnabled | bool | `true` |  |
 | global.known_urls | list | `["https://localhost","http://localhost"]` | list of trusted URLs. URLs a re used to configure Cross-origin protections Also the first entry is considered the main hosting domain of the platform. |
 | global.mail | object | `{"host":null,"password":null,"port":587,"protocol":"smtp","smtp":{"auth":true,"starttls":{"enable":true}},"smtps":{"auth":true},"username":"anonymous"}` | For a full information of configuring the outbound email system, see https://support.hyland.com/r/Alfresco/Alfresco-Content-Services/23.4/Alfresco-Content-Services/Configure/Email/Configure-Inbound-and-Outbound-Email/Manage-Outbound-Emails |
 | global.mail.host | string | `nil` | SMTP server to use for the system to send outgoing email |
@@ -296,24 +277,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | global.strategy.rollingUpdate.maxUnavailable | int | `0` |  |
 | infrastructure.configMapName | string | `"alfresco-infrastructure"` |  |
 | keda.components | list | `[]` | The list of components that will be scaled by KEDA (chart names) |
-| kibana-audit.elasticsearchCertificateSecret | string | `"elasticsearch-aas-master-certs"` |  |
-| kibana-audit.elasticsearchCredentialSecret | string | `"alfresco-aas-elasticsearch-secret"` |  |
-| kibana-audit.elasticsearchHosts | string | `"${ELASTICSEARCH_HOSTS}"` | Makes sure there is no default elasticsearch hosts defined |
-| kibana-audit.enabled | bool | `false` |  |
-| kibana-audit.extraEnvs[0].name | string | `"SERVER_BASEPATH"` |  |
-| kibana-audit.extraEnvs[0].value | string | `"/kibana"` |  |
-| kibana-audit.extraEnvs[1].name | string | `"SERVER_REWRITEBASEPATH"` |  |
-| kibana-audit.extraEnvs[1].value | string | `"true"` |  |
-| kibana-audit.extraEnvs[2].name | string | `"ELASTICSEARCH_HOSTS"` |  |
-| kibana-audit.extraEnvs[2].valueFrom.configMapKeyRef.key | string | `"AUDIT_ELASTICSEARCH_URL"` |  |
-| kibana-audit.extraEnvs[2].valueFrom.configMapKeyRef.name | string | `"alfresco-infrastructure"` |  |
-| kibana-audit.extraEnvs[3].name | string | `"SERVER_PUBLICBASEURL"` |  |
-| kibana-audit.extraEnvs[3].valueFrom.configMapKeyRef.key | string | `"AUDIT_SERVER_PUBLICBASEURL"` |  |
-| kibana-audit.extraEnvs[3].valueFrom.configMapKeyRef.name | string | `"alfresco-infrastructure"` |  |
-| kibana-audit.healthCheckPath | string | `"/kibana/app/kibana"` |  |
-| kibana-audit.ingress.enabled | bool | `true` |  |
-| kibana-audit.ingress.hosts[0].paths[0].path | string | `"/kibana"` |  |
-| kibana-audit.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
 | messageBroker.brokerName | string | `nil` | name of the message broker as set in the Broker configuration |
 | messageBroker.existingSecretName | string | `nil` | Name of an existing secret that contains BROKER_USERNAME and BROKER_PASSWORD keys. and optionally the credentials to the web console (can be the same as broker access). |
 | messageBroker.password | string | `nil` | External message broker password |

helm/alfresco-content-services/community_values.yaml

@@ -59,9 +59,5 @@ alfresco-connector-ms365:
   enabled: false
 alfresco-connector-msteams:
   enabled: false
-elasticsearch-audit:
-  enabled: false
-kibana-audit:
-  enabled: false
 alfresco-audit-storage:
   enabled: false

helm/alfresco-content-services/templates/config-infrastructure.yaml

@@ -28,11 +28,11 @@ data:
     {{- else if eq "solr6" $search_flavor }}
       {{- $search_url = printf "http://%s/solr" (include "alfresco-search-service.deployment.name" .) }}
     {{- else if eq "elasticsearch" $search_flavor }}
+      {{- $esHost := printf "%s-%s" (.Release.Name | default "acs") (.Values.global.elasticsearch.service.name | default "elasticsearch") }}
+      {{- $esPort := .Values.global.elasticsearch.service.ports.restApi | default 9200 }}
       {{- with .Values.elasticsearch }}
         {{- if .enabled }}
           {{- $esProto := .protocol | default "http" }}
-          {{- $esHost := printf "%s-%s" (.clusterName | default "elasticsearch") (.nodeGroup | default "master") }}
-          {{- $esPort := .port | default 9200 }}
           {{- $search_url = coalesce $.Values.global.search.url (printf "%s://%s:%v" $esProto $esHost $esPort) }}
         {{- else }}
           {{- fail "Chart is configured to use Alfresco Search Enterprise but no index backend has been provided. Set one using either global.search.url or elasticsearch.enabled" }}
@@ -69,22 +69,3 @@ data:
       {{- fail "Alfresco Intelligence service has been enabled but Transformation service is not available" }}
   {{- end }}
   {{- end }}
-  {{- $elasticsearch_audit_url := "" }}
-    {{- if .Values.global.auditIndex.url }}
-      {{- $elasticsearch_audit_url = .Values.global.auditIndex.url }}
-    {{- else }}
-      {{- with (index .Values "elasticsearch-audit") }}
-        {{- if .enabled }}
-          {{- $auditEsProto := .protocol | default "http" }}
-          {{- $auditEsHost := printf "%s-%s" (.clusterName | default "elasticsearch") (.nodeGroup | default "master") }}
-          {{- $auditEsPort := .port | default 9200 }}
-          {{- $elasticsearch_audit_url = coalesce $.Values.global.auditIndex.url (printf "%s://%s:%v" $auditEsProto $auditEsHost $auditEsPort) }}
-        {{- else if index $.Values "alfresco-audit-storage" "enabled" }}
-          {{- fail "Chart is configured to use Alfresco Audit Storage but no index backend has been provided. Set one using either global.auditIndex.url or elasticsearch-audit.enabled" }}
-        {{- end }}
-      {{- end }}
-    {{- end }}
-    {{- printf "AUDIT_ELASTICSEARCH_URL: %s" $elasticsearch_audit_url | nindent 2 }}
-    {{- printf "AUDIT_ELASTICSEARCH_HOST: %s" (include "alfresco-common.url.host" $elasticsearch_audit_url) | nindent 2 }}
-    {{- printf "AUDIT_ELASTICSEARCH_PORT: %s" (include "alfresco-common.url.port" $elasticsearch_audit_url | quote) | nindent 2 }}
-  AUDIT_SERVER_PUBLICBASEURL: {{ .Values.global.auditIndex.publicBaseUrl | default "http://localhost/kibana" }}

helm/alfresco-content-services/templates/secret-search.yaml

@@ -15,6 +15,9 @@ data:
 {{- else if eq "elasticsearch" $search_flavor }}
   SEARCH_USERNAME: {{ .username | default "elastic" | b64enc | quote }}
   SEARCH_PASSWORD: {{ .password | default "elasticpassword" | b64enc | quote }}
+  # Required by bitnami elasticsearch
+  elasticsearch-password: {{ .password | default "elasticpassword" | b64enc | quote }}
+  kibana-password: {{ .password | default "elasticpassword" | b64enc | quote }}
 {{- end }}
 {{- end }}
 {{- end }}

helm/alfresco-content-services/tests/search_test.yaml

@@ -97,10 +97,10 @@ tests:
           value: none
       - equal:
           path: data.SEARCH_URL
-          value: http://elasticsearch-master:9200
+          value: http://RELEASE-NAME-elasticsearch:9200
       - equal:
           path: data.SEARCH_HOST
-          value: elasticsearch-master
+          value: RELEASE-NAME-elasticsearch
       - equal:
           path: data.SEARCH_PORT
           value: "9200"