Skip to content

Commit

Permalink
test without kibana
Browse files Browse the repository at this point in the history
  • Loading branch information
pmacius committed Dec 16, 2024
1 parent 01c4116 commit b44b5a7
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 39 deletions.
1 change: 1 addition & 0 deletions .github/workflows/helm-community.yml
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ jobs:
helm repo add self https://alfresco.github.io/alfresco-helm-charts/
helm repo add codecentric https://codecentric.github.io/helm-charts/
helm repo add elastic https://helm.elastic.co/
helm repo add wiremind https://wiremind.github.io/wiremind-helm-charts
- name: Helm install
run: |
Expand Down
5 changes: 5 additions & 0 deletions docs/helm/upgrades.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@ version in which they have been released.

* External dependencies on bitnami/common chart have been completely removed
from alfresco charts.
* When using Elasticsearch, the username and password are now configured with
default values. See [secret
template](../../helm/alfresco-content-services/templates/secret-search.yaml)
It is strongly recommended to update these credentials to more secure values
to enhance security and prevent unauthorized access.

## 8.0.0

Expand Down
31 changes: 16 additions & 15 deletions helm/alfresco-content-services/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,13 +61,13 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| alfresco-ai-transformer.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | Name of the configmap which holds the message broker credentials |
| alfresco-ai-transformer.sfs.existingConfigMap.keys.url | string | `"SFS_URL"` | Name of the key within the configmap which holds the sfs url |
| alfresco-ai-transformer.sfs.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the ATS shared filestore URL |
| alfresco-audit-storage.enabled | bool | `false` | |
| alfresco-audit-storage.enabled | bool | `true` | |
| alfresco-audit-storage.image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` | |
| alfresco-audit-storage.image.tag | string | `"1.0.0"` | |
| alfresco-audit-storage.image.tag | string | `"latest"` | |
| alfresco-audit-storage.index.existingConfigMap.keys.url | string | `"AUDIT_ELASTICSEARCH_URL"` | |
| alfresco-audit-storage.index.existingConfigMap.name | string | `"alfresco-infrastructure"` | |
| alfresco-audit-storage.index.existingSecret.keys.password | string | `"AUDIT_ELASTICSEARCH_PASSWORD"` | |
| alfresco-audit-storage.index.existingSecret.keys.username | string | `"AUDIT_ELASTICSEARCH_USERNAME"` | |
| alfresco-audit-storage.index.existingSecret.keys.password | string | `"password"` | |
| alfresco-audit-storage.index.existingSecret.keys.username | string | `"username"` | |
| alfresco-audit-storage.index.existingSecret.name | string | `"alfresco-aas-elasticsearch-secret"` | |
| alfresco-audit-storage.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the message broker URL |
| alfresco-audit-storage.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | Name of the configmap which holds the message broker credentials |
Expand Down Expand Up @@ -222,6 +222,8 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| database.url | string | `nil` | External Postgresql jdbc url ex: `jdbc:postgresql://oldfashioned-mule-postgresql-acs:5432/alfresco` |
| database.user | string | `nil` | External Postgresql database user |
| dtas.additionalArgs[0] | string | `"--tb=short"` | |
| dtas.config.assertions.aas.audit_host | string | `"http://acs-alfresco-audit-storage:8081"` | |
| dtas.config.assertions.aas.elasticsearch_host | string | `"http://elasticsearch-aas-master:9200"` | |
| dtas.config.assertions.acs.edition | string | `"Enterprise"` | |
| dtas.config.assertions.acs.identity | bool | `false` | |
| dtas.config.assertions.acs.modules[0].id | string | `"org.alfresco.integrations.google.docs"` | |
Expand All @@ -241,17 +243,20 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| dtas.image.tag | string | `"v1.6.0"` | |
| elasticsearch-audit.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | |
| elasticsearch-audit.clusterName | string | `"elasticsearch-aas"` | |
| elasticsearch-audit.enabled | bool | `false` | Enables the embedded elasticsearch cluster for alfresco-audit-storage |
| elasticsearch-audit.enabled | bool | `true` | Enables the embedded elasticsearch cluster for alfresco-audit-storage |
| elasticsearch-audit.extraEnvs[0].name | string | `"ELASTIC_USERNAME"` | |
| elasticsearch-audit.extraEnvs[0].valueFrom.secretKeyRef.key | string | `"AUDIT_ELASTICSEARCH_USERNAME"` | |
| elasticsearch-audit.extraEnvs[0].valueFrom.secretKeyRef.key | string | `"username"` | |
| elasticsearch-audit.extraEnvs[0].valueFrom.secretKeyRef.name | string | `"alfresco-aas-elasticsearch-secret"` | |
| elasticsearch-audit.extraEnvs[1].name | string | `"ELASTIC_PASSWORD"` | |
| elasticsearch-audit.extraEnvs[1].valueFrom.secretKeyRef.key | string | `"AUDIT_ELASTICSEARCH_PASSWORD"` | |
| elasticsearch-audit.extraEnvs[1].valueFrom.secretKeyRef.key | string | `"password"` | |
| elasticsearch-audit.extraEnvs[1].valueFrom.secretKeyRef.name | string | `"alfresco-aas-elasticsearch-secret"` | |
| elasticsearch-audit.httpTls.enabled | bool | `false` | |
| elasticsearch-audit.ingress.enabled | bool | `false` | toggle deploying elasticsearch-audit ingress for more details about configuration check https://github.com/elastic/helm-charts/blob/main/elasticsearch/values.yaml#L255 |
| elasticsearch-audit.minimumMasterNodes | int | `1` | |
| elasticsearch-audit.nameOverride | string | `"elasticsearch-aas"` | |
| elasticsearch-audit.protocol | string | `"http"` | |
| elasticsearch-audit.replicas | int | `1` | |
| elasticsearch-audit.secret | object | `{"enabled":false}` | Disabled to use the password produced by the umbrella chart |
| elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | |
| elasticsearch.enabled | bool | `true` | Enables the embedded elasticsearch cluster |
| elasticsearch.extraEnvs[0].name | string | `"ELASTIC_USERNAME"` | |
Expand All @@ -264,7 +269,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| elasticsearch.minimumMasterNodes | int | `1` | |
| elasticsearch.protocol | string | `"http"` | |
| elasticsearch.replicas | int | `1` | |
| elasticsearch.secret | object | `{"enabled":false}` | Disabled to usel the password produced by the chart |
| elasticsearch.secret | object | `{"enabled":false}` | Disabled to use the password produced by the umbrella chart |
| elasticsearch.tests.enabled | bool | `false` | |
| global.alfrescoRegistryPullSecrets | string | `nil` | If a private image registry a secret can be defined and passed to kubernetes, see: https://github.com/Alfresco/acs-deployment/blob/a924ad6670911f64f1bba680682d266dd4ea27fb/docs/helm/eks-deployment.md#docker-registry-secret |
| global.auditIndex.existingSecretName | string | `nil` | Name of an existing secret that contains AUDIT_ELASTICSEARCH_USERNAME and AUDIT_ELASTICSEARCH_PASSWORD keys. |
Expand All @@ -290,7 +295,9 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| global.strategy.rollingUpdate.maxUnavailable | int | `0` | |
| infrastructure.configMapName | string | `"alfresco-infrastructure"` | |
| keda.components | list | `[]` | The list of components that will be scaled by KEDA (chart names) |
| kibana-audit.elasticsearchHosts | string | `""` | Makes sure there is no default elasticsearch hosts defined |
| kibana-audit.elasticsearchCertificateSecret | string | `"elasticsearch-aas-master-certs"` | |
| kibana-audit.elasticsearchCredentialSecret | string | `"alfresco-aas-elasticsearch-secret"` | |
| kibana-audit.elasticsearchHosts | string | `"${ELASTICSEARCH_HOSTS}"` | Makes sure there is no default elasticsearch hosts defined |
| kibana-audit.enabled | bool | `false` | |
| kibana-audit.extraEnvs[0].name | string | `"SERVER_BASEPATH"` | |
| kibana-audit.extraEnvs[0].value | string | `"/kibana"` | |
Expand All @@ -302,12 +309,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| kibana-audit.extraEnvs[3].name | string | `"SERVER_PUBLICBASEURL"` | |
| kibana-audit.extraEnvs[3].valueFrom.configMapKeyRef.key | string | `"AUDIT_SERVER_PUBLICBASEURL"` | |
| kibana-audit.extraEnvs[3].valueFrom.configMapKeyRef.name | string | `"alfresco-infrastructure"` | |
| kibana-audit.extraEnvs[4].name | string | `"ELASTICSEARCH_USERNAME"` | |
| kibana-audit.extraEnvs[4].valueFrom.secretKeyRef.key | string | `"AUDIT_ELASTICSEARCH_USERNAME"` | |
| kibana-audit.extraEnvs[4].valueFrom.secretKeyRef.name | string | `"alfresco-aas-elasticsearch-secret"` | |
| kibana-audit.extraEnvs[5].name | string | `"ELASTICSEARCH_PASSWORD"` | |
| kibana-audit.extraEnvs[5].valueFrom.secretKeyRef.key | string | `"AUDIT_ELASTICSEARCH_PASSWORD"` | |
| kibana-audit.extraEnvs[5].valueFrom.secretKeyRef.name | string | `"alfresco-aas-elasticsearch-secret"` | |
| kibana-audit.healthCheckPath | string | `"/kibana/app/kibana"` | |
| kibana-audit.ingress.enabled | bool | `true` | |
| kibana-audit.ingress.hosts[0].paths[0].path | string | `"/kibana"` | |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
{{- include "alfresco-content-services.labels" $ | nindent 4 }}
type: Opaque
data:
AUDIT_ELASTICSEARCH_USERNAME: {{ .username | default "elasticuser" | b64enc | quote }}
AUDIT_ELASTICSEARCH_PASSWORD: {{ .password | default "elasticpassword" | b64enc | quote }}
username: {{ .username | default "elastic" | b64enc | quote }}
password: {{ .password | default "elasticpassword" | b64enc | quote }}
{{- end }}
{{- end }}
42 changes: 20 additions & 22 deletions helm/alfresco-content-services/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -553,7 +553,7 @@ elasticsearch:
clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"
protocol: http
minimumMasterNodes: 1
# -- Disabled to usel the password produced by the chart
# -- Disabled to use the password produced by the umbrella chart
secret:
enabled: false
httpTls:
Expand All @@ -573,32 +573,38 @@ elasticsearch:
enabled: false
elasticsearch-audit:
# -- Enables the embedded elasticsearch cluster for alfresco-audit-storage
enabled: false
enabled: true
nameOverride: elasticsearch-aas
replicas: 1
clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"
clusterName: elasticsearch-aas
protocol: http
minimumMasterNodes: 1
# -- Disabled to use the password produced by the umbrella chart
secret:
enabled: false
httpTls:
enabled: false
extraEnvs:
- name: ELASTIC_USERNAME
valueFrom:
secretKeyRef:
name: *aas_elasticsearch_secretName
key: AUDIT_ELASTICSEARCH_USERNAME
key: username
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: *aas_elasticsearch_secretName
key: AUDIT_ELASTICSEARCH_PASSWORD
key: password
ingress:
# -- toggle deploying elasticsearch-audit ingress for more details about configuration check
# https://github.com/elastic/helm-charts/blob/main/elasticsearch/values.yaml#L255
enabled: false
alfresco-audit-storage:
enabled: false
enabled: true
image:
repository: quay.io/alfresco/alfresco-audit-storage
tag: 1.0.0
tag: latest
messageBroker:
existingConfigMap:
# -- Name of the configmap which holds the message broker URL
Expand All @@ -614,13 +620,15 @@ alfresco-audit-storage:
existingSecret:
name: *aas_elasticsearch_secretName
keys:
username: AUDIT_ELASTICSEARCH_USERNAME
password: AUDIT_ELASTICSEARCH_PASSWORD
username: username
password: password
kibana-audit:
enabled: false
healthCheckPath: "/kibana/app/kibana"
# -- Makes sure there is no default elasticsearch hosts defined
elasticsearchHosts: ""
elasticsearchHosts: ${ELASTICSEARCH_HOSTS}
elasticsearchCertificateSecret: elasticsearch-aas-master-certs
elasticsearchCredentialSecret: *aas_elasticsearch_secretName
# All of the values has to be set there to escape the issue with overriding the values
extraEnvs:
- name: SERVER_BASEPATH
Expand All @@ -637,16 +645,6 @@ kibana-audit:
configMapKeyRef:
name: *infrastructure_cmName
key: AUDIT_SERVER_PUBLICBASEURL
- name: ELASTICSEARCH_USERNAME
valueFrom:
secretKeyRef:
name: *aas_elasticsearch_secretName
key: AUDIT_ELASTICSEARCH_USERNAME
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: *aas_elasticsearch_secretName
key: AUDIT_ELASTICSEARCH_PASSWORD
ingress:
enabled: true
hosts:
Expand Down Expand Up @@ -681,9 +679,9 @@ dtas:
installed: true
adw:
base_path: "/workspace"
# aas:
# audit_host: http://acs-alfresco-audit-storage:8081
# elasticsearch_host: http://elasticsearch-aas-master:9200
aas:
audit_host: http://acs-alfresco-audit-storage:8081
elasticsearch_host: http://elasticsearch-aas-master:9200
keda:
# -- The list of components that will be scaled by KEDA (chart names)
components: []
Expand Down

0 comments on commit b44b5a7

Please sign in to comment.