diff --git a/.checkov/helm_vars.yaml b/.checkov/helm_vars.yaml index b57c9153d..79592ca3a 100644 --- a/.checkov/helm_vars.yaml +++ b/.checkov/helm_vars.yaml @@ -4,9 +4,6 @@ alfresco-search: alfresco-insight-zeppelin: insightzeppelin: enabled: true -global: - tracking: - sharedsecret: dummy alfresco-search-enterprise: enabled: true elasticsearch: diff --git a/.github/workflows/docker-compose-community.yml b/.github/workflows/docker-compose-community.yml index a116e53d8..44dbd84ce 100644 --- a/.github/workflows/docker-compose-community.yml +++ b/.github/workflows/docker-compose-community.yml @@ -6,6 +6,7 @@ on: branches: - master - release/** + - next/** paths: - docker-compose/community-docker-compose.yml - test/postman/docker-compose/** diff --git a/.github/workflows/docker-compose-enterprise.yml b/.github/workflows/docker-compose-enterprise.yml index 5de005794..6582d44dc 100644 --- a/.github/workflows/docker-compose-enterprise.yml +++ b/.github/workflows/docker-compose-enterprise.yml @@ -6,6 +6,7 @@ on: branches: - master - release/** + - next/** paths: - "! docker-compose/community-docker-compose.yml" - docker-compose/** diff --git a/.github/workflows/helm-community.yml b/.github/workflows/helm-community.yml index 998b6284f..a35919f22 100644 --- a/.github/workflows/helm-community.yml +++ b/.github/workflows/helm-community.yml @@ -5,6 +5,7 @@ on: branches: - master - release/** + - next/** paths: - helm/** - test/postman/helm/** @@ -51,11 +52,16 @@ jobs: --from-file=.dockerconfigjson=$HOME/.docker/config.json \ --type=kubernetes.io/dockerconfigjson + - name: Set nginx ingress config + run: | + kubectl -n ingress-nginx patch cm ingress-nginx-controller \ + -p '{"data": {"allow-snippet-annotations":"true"}}' + - name: Helm install run: | helm dep up ./helm/alfresco-content-services helm install acs ./helm/alfresco-content-services \ - --set global.tracking.sharedsecret="$(openssl rand -hex 24)" \ + --set global.search.sharedSecret="$(openssl rand -hex 24)" \ --set global.known_urls=http://localhost \ --set global.alfrescoRegistryPullSecrets=regcred \ --wait --timeout 15m0s --values \ diff --git a/.github/workflows/helm-enterprise.yml b/.github/workflows/helm-enterprise.yml index 66897c0b2..a5452909b 100644 --- a/.github/workflows/helm-enterprise.yml +++ b/.github/workflows/helm-enterprise.yml @@ -5,6 +5,7 @@ on: branches: - master - release/** + - next/** paths: - helm/** - test/postman/helm/** @@ -99,7 +100,7 @@ jobs: uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v3.3.3 with: ingress-nginx-ref: controller-v1.8.2 - + - name: Set nginx ingress config run: | kubectl -n ingress-nginx patch cm ingress-nginx-controller \ @@ -111,14 +112,18 @@ jobs: --from-file=.dockerconfigjson=$HOME/.docker/config.json \ --type=kubernetes.io/dockerconfigjson + - name: Set nginx ingress config + run: | + kubectl -n ingress-nginx patch cm ingress-nginx-controller \ + -p '{"data": {"allow-snippet-annotations":"true"}}' + - name: Helm install run: | helm dep up ./helm/alfresco-content-services helm install acs ./helm/alfresco-content-services \ - --set global.tracking.sharedsecret="$(openssl rand -hex 24)" \ + --set global.search.sharedSecret="$(openssl rand -hex 24)" \ --set global.known_urls=http://localhost \ --set global.alfrescoRegistryPullSecrets=regcred \ - --set 'global.registryPullSecrets[0]=regcred' \ --wait --timeout 15m0s \ --values helm/${{ matrix.name }}/${{ matrix.values }} \ --values test/enterprise-integration-test-values.yaml diff --git a/.github/workflows/helm-static-checks.yml b/.github/workflows/helm-static-checks.yml index 59b5eb6f5..43fe5cd6d 100644 --- a/.github/workflows/helm-static-checks.yml +++ b/.github/workflows/helm-static-checks.yml @@ -5,6 +5,7 @@ on: branches: - master - release/** + - next/** paths: - helm/** - test/postman/helm/** diff --git a/.github/workflows/pre-commit-compose.yml b/.github/workflows/pre-commit-compose.yml index c936e5ab1..97636c9c3 100644 --- a/.github/workflows/pre-commit-compose.yml +++ b/.github/workflows/pre-commit-compose.yml @@ -6,6 +6,7 @@ on: branches: - master - release/** + - next/** paths: - docker-compose/** - .pre-commit-config.yaml diff --git a/.github/workflows/pre-commit-helm.yml b/.github/workflows/pre-commit-helm.yml index 54892d46d..c1dd1a5fe 100644 --- a/.github/workflows/pre-commit-helm.yml +++ b/.github/workflows/pre-commit-helm.yml @@ -6,6 +6,7 @@ on: branches: - master - release/** + - next/** paths: - helm/** - test/postman/helm/** diff --git a/docs/helm/examples/alf_license.md b/docs/helm/examples/alf_license.md index 35e9d1aba..43154df5f 100644 --- a/docs/helm/examples/alf_license.md +++ b/docs/helm/examples/alf_license.md @@ -1,47 +1,4 @@ -# Deploy Alfresco Content Services with the ability to manage licenses +# Documentation moved -Alfresco content repository Docker images come with an embedded license which last only 2 days. If you've built a custom image, it may have a one year license but in order to change it you would need to build a new image. -You can configure the ACS Helm chart so the license is instead read from a kubernetes secret so that when it's time to renew the license the only thing you need to do is to update that secret as needed. - -This relies on 2 steps: - -* creating a secret to hold the license -* configuring the chart to use that secret - -## Create a kubernetes secret to store the license - -Make sure your license available is readable and you have appropriate kubernetes access in order to create a secret in the ACS namespace where you want to deploy the helm release. - -```bash -ACS_NAMESPACE=acs -LIC64=$(base64 < ~/Downloads/Alfresco-ent72-foobar.lic | tr -d '\n') -cat < You can obtain a license file for your Alfresco enterprise subscription from the [Hyland Community portal](https://community.hyland.com/) - -## Applying a new license - -Before your license expires you will want to apply a new one. It's actually very easy do to so. All you need to do is overwrite the secret you created on previous deployment. -You can use the exact same command just replacing the license file with the new one. - -> Secret update will trigger pods update. The default update strategy with repository pods is set to `Recreate`. -> As a consequence updating the license will trigger a downtime. You might want to switch the repository deployment to a smoother update strategy by removing `Recreate` setting. -> See [our main chart doc](/helm/alfresco-content-services/README.md) for details on `RollingUpdate` strategy. +Please now refer to the [alfresco-repository chart +documentation](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/enterprise-license.md) diff --git a/docs/helm/examples/custom-metadata-keystore.md b/docs/helm/examples/custom-metadata-keystore.md index 4c87e059c..6d2f6c295 100644 --- a/docs/helm/examples/custom-metadata-keystore.md +++ b/docs/helm/examples/custom-metadata-keystore.md @@ -1,13 +1,4 @@ -# Alfresco Content Services Deployment With Custom Metadata Keystore +# Documentation moved -Alfresco content repository Docker images comes with a pre-created default keystore that contains a secret key. See more information in [docs.alfresco.com](https://docs.alfresco.com/6.2/concepts/alf-keystores.html) and [Dockerfile](https://github.com/Alfresco/acs-packaging/blob/master/docker-alfresco/Dockerfile#L81-L85). - -It is recommended to generate a new keystore in production systems. It can be mounted to the content-repository docker image to this location "/usr/local/tomcat/shared/classes/alfresco/keystore/". If the standard names of the keystore and the key are used, it is only required to change password values in [values.yaml](../../../helm/alfresco-content-services/values.yaml): - -```yaml -metadataKeystore: - keystorePassword: "" - keyPassword: "" -``` - -Otherwise, please refer to the full list of configuration options in [docs.alfresco.com](https://docs.alfresco.com/6.2/concepts/keystore-config.html) +Please now refer to the [alfresco-repository chart +documentation](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/keystores.md) diff --git a/docs/helm/examples/email-enabled.md b/docs/helm/examples/email-enabled.md index c51d7bcb8..a50ca2f20 100644 --- a/docs/helm/examples/email-enabled.md +++ b/docs/helm/examples/email-enabled.md @@ -1,92 +1,4 @@ -# Alfresco Content Services Deployment with Inbound & Outbound SMTP Configuration +# Documentation moved -This example demonstrates how to enable Inbound and Outbound email when installing the ACS Helm chart. - -## Prerequisites - -Follow the [EKS deployment](../eks-deployment.md) guide up until the [ACS](../eks-deployment.md#acs) section, once the docker registry secret is installed return to this page. - -## Deploy ACS Helm Chart With Email Server Enabled - -Currently, the ingress-nginx does not support tcp/udp services due to kubernetes limitations and the workaround is to expose the TCP (for example smtp(s), imap(s)) to be accessible from outside over internet, a kubernetes Service LoadBalancer is required. This means inbound email need to be sent using this Service LoadBalancer address which is serving tcp traffic. This may means there is an overhead of an extra L4 LoadBalancer cost. This is purely due to current limitations on Kubernetes for TCP/UDP services and not related to ACS helm setup. - -So, for example if your ACS Helm chart is enabled with Inbound/Outbound email in domain `*.example.com`, then the service endpoints would be: - -- `myacs.example.com` - For general Alfresco, Share and Digital Workspace endpoints -- `smtps-myacs.example.com` - For sending emails to ACS smtp(s) server (for example port: 1125 (smtps), 1144(imaps)) - -It is recommended to enable TLS while configuring SMTP(s) and IMAP(s) configuration. If TLS is enabled for inbound email, then the helm chart expects the TLS certificate as a Secret before installing the chart. This secret name is passed on as a parameter with helm chart installation to be used for inbound email with TLS and repository will create keystore and truststore accordingly from the provided SSL certificates. - -For example, if your ACS email server name is `smtps-myacs.example.com` and your SSL certificates (self signed or signed) are `cert.pem`, `fullchain.pem` and `privkey.pem` run the following command to create a kubernetes TLS secret: - -```bash -kubectl create secret tls your-cert-secret --key privkey.pem --cert fullchain.pem --namespace=alfresco -``` - -Deploy the latest version of ACS Enterprise by running the command below (replacing `YOUR-DOMAIN-NAME` with the hosted zone you created and replacing the email values appropriately). For the full list of available options please refer to the table of [configuration options](../../../helm/README.md#configuration). - -```bash -helm install acs alfresco/alfresco-content-services \ - --set repository.persistence.enabled=true \ - --set repository.persistence.storageClass="nfs-client" \ - --set filestore.persistence.enabled=true \ - --set filestore.persistence.storageClass="nfs-client" \ - --set global.known_urls=https://acs.YOUR-DOMAIN-NAME \ - --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ - --set global.tracking.sharedsecret=$(openssl rand -hex 24) \ - --set mail.host="smtp.gmail.com" \ - --set mail.from.default="some.user@gmail.com" \ - --set mail.username="some.user@gmail.com" \ - --set mail.password="somepassword" \ - --set mail.protocol=smtps \ - --set mail.smtp.auth=true \ - --set mail.smtps.auth=true \ - --set email.server.enabled=true \ - --set email.server.auth.enabled=true \ - --set email.server.enableTLS=true \ - --set email.server.domain=smtps-myacs.example.com \ - --set email.inbound.unknownUser="some.user@gmail.com" \ - --set email.ssl.secretName=your-cert-secret \ - --set imap.server.enabled=true \ - --set imap.server.imap.enabled=true \ - --set imap.server.imaps.enabled=true \ - --atomic \ - --timeout 10m0s \ - --namespace=alfresco -``` - -> NOTE: If you are using GMail or Yahoo as the outbound email server, your application's attempts to send outgoing emails may be blocked by the email providers due to their security policies as if it considers the authentication attempts to be suspicious. When this happens, you will receive a security alert at the corresponding email address. To proceed, you will need to manually confirm the validity of the authentication attempt before the email provider will permit the application to send outbound emails. For more information on [Less secure apps & your Google Account](https://support.google.com/accounts/answer/6010255). - -## Exposing Email Service - -Ingress-nginx currently does not support TCP or UDP services. The helm chart will expose SMTP service as a LoadBalancer (it creates a new AWS ELB). This LoadBalancer/ELB information can be obtained by running the following command: - -```bash -kubectl get services `kubectl get services --namespace=alfresco | grep email | awk '{print $1}'` --namespace=alfresco -``` - -This will produce an output similar to the one below, the ELB DNS name can be found in the "EXTERNAL-IP" column. - -```bash -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -alert-fly-alfresco-cs-email LoadBalancer 100.XX.33.188 a1dXXXXXab11eaac6702XXXf87b-XXXXXXXXXX.eu-west-1.elb.amazonaws.com 1125:30554/TCP 2d -``` - -## Test Email Service - -1. Use Route53 to register a more friendly name for the ELB DNS name retrieved in the previous section, for example `smtps-myacs.example.com`. - -2. Test the communication using Telnet: - - ```bash - $ telnet smtps-myacs.example.com 1125 - Trying 34.249.150.165... - Connected to smtps-myacs.example.com. - Escape character is '^]'. - 220 smtps-myacs.example.com ESMTP SubEthaSMTP 3.1.7 - ``` - -## References - -- [Alfresco Configuring email](https://docs.alfresco.com/content-services/latest/admin/) -- [Kubernetes Ingress-nginx Exposing TCP and UDP services](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/exposing-tcp-udp-services.md#exposing-tcp-and-udp-services) +Please now refer to the [alfresco-repository chart +documentation](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/email.md) diff --git a/docs/helm/examples/search-services.md b/docs/helm/examples/search-services.md index e85a3abbe..bb5195820 100644 --- a/docs/helm/examples/search-services.md +++ b/docs/helm/examples/search-services.md @@ -13,18 +13,20 @@ container based environments. Some are mentioned bellow: workload scheduling or the ephemeral nature of containers in general. For that reason we recommend for production environments to install Search -services alongside the Kubernetes cluster and config the Helm charts to not +services alongside the Kubernetes cluster and configure the Helm charts to not deploy it and instead point the repository to the external one. ## Configuring Helm chart -Bellow we explain how to configure the Helm chart to point the repository to an -external Solr instance. +Below we explain how to configure the Helm chart to point the repository to a +Solr instance outside of the kubernetes cluster. Installing Solr instance(s) is out of the scope of this document, but it can be -done following the [Search service documentation](https://docs.alfresco.com/insight-engine/latest/install/options/#install-without-mutual-tls---http-with-secret-word-zip), +done following the [Search service +documentation](https://docs.alfresco.com/insight-engine/latest/install/options/#install-without-mutual-tls---http-with-secret-word-zip), or by using the Ansible playbook (replication setup require an additional -load-balancer), as explained [here](https://github.com/Alfresco/alfresco-ansible-deployment/blob/master/docs/search-services-deployment-guide.md). +load-balancer), as explained +[here](https://github.com/Alfresco/alfresco-ansible-deployment/blob/master/docs/search-services-deployment-guide.md). On the chart side you need to: @@ -34,14 +36,13 @@ On the chart side you need to: ```yaml global: - tracking: - auth: secret - sharedsecret: dummy + search: + url: http://internal-load-balancer-ac3a091cb.eu-west-1.elb.amazonaws.com/solr + flavor: solr6 + securecomms: secret + sharedSecret: d0ntT3llAny0n3 alfresco-search: enabled: false - external: - host: internal-load-balancer-ac3a091cb.eu-west-1.elb.amazonaws.com - port: 80 ``` In this example an internal load balancer is created and aims a target group @@ -73,7 +74,7 @@ api, so it doesn't make much sense to use external access. Follow the [EKS deployment](../eks-deployment.md) guide up until the [ACS](../eks-deployment.md#acs) section, once the docker registry secret is -installed return to this page. +installed come back here. Deploy the latest version of ACS Enterprise by running the command below (replacing `YOUR-DOMAIN-NAME` with the hosted zone you created previously and @@ -83,57 +84,16 @@ previous section). ```bash helm install acs alfresco/alfresco-content-services \ - --set persistence.enabled=true \ - --set persistence.storageClass.enabled=true \ - --set persistence.storageClass.name="nfs-client" \ + --set alfresco-repository.persistence.enabled=true \ + --set alfresco-repository.persistence.storageClass.enabled=true \ + --set alfresco-repository.persistence.storageClass.name="nfs-client" \ --set global.known_urls=https://acs.YOUR-DOMAIN-NAME \ - --set global.tracking.sharedsecret=dummy \ + --set global.search.securecomms=none \ --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ --set alfresco-search.ingress.enabled=true \ + --set alfresco-search.ingress.annotations.nginx\.ingress.kubernetes\.io/whitelist-source-range=10.0.0.0/8 \ --set alfresco-search.ingress.basicAuth="YOUR-BASIC-AUTH" \ - --set alfresco-search.ingress.whitelist_ips="YOUR_IPS" \ --atomic \ --timeout 10m0s \ --namespace=alfresco ``` - -### Upgrade ACS Helm Chart With Search External Access - -If you've previously deployed ACS where external search access was disabled -(the default) you can run the following `helm upgrade` command to enable -external access for `/solr` (replacing `YOUR-BASIC-AUTH` and `YOUR-IPS` with -the encoded basic authentication string and list of whitelisted IP addresses -you prepared in the "Prepare Data" section): - -```bash -helm upgrade acs alfresco/alfresco-content-services \ ---set alfresco-search.ingress.enabled=true \ ---set alfresco-search.ingress.basicAuth="YOUR-BASIC-AUTH" \ ---set alfresco-search.ingress.whitelist_ips="YOUR_IPS" \ -``` - -> **Note:** There are known issues when upgrading a Helm chart relating to Helm -> cache. - -- `https://github.com/Kubernetes/helm/issues/3275` -- `https://github.com/Kubernetes/helm/issues/1193` -- `https://github.com/Kubernetes/helm/pull/4146` - -If your `helm upgrade` fails due to any of these example errors: - -```bash -Error: UPGRADE FAILED: no Secret with the name "nosy-tapir-alfresco-search-solr" found -(or) -Error: UPGRADE FAILED: no Ingress with the name "nosy-tapir-alfresco-search-solr" found -``` - -Then, simply delete that resource. Below is an example: - -```bash -kubectl delete secret nosy-tapir-alfresco-search-solr --namespace=alfresco -(or) -kubectl delete ingress nosy-tapir-alfresco-search-solr --namespace=alfresco -``` - -And re-try above Upgrade ACS Helm Chart steps which will also re-create the -above deleted resource. diff --git a/docs/helm/security.md b/docs/helm/security.md index bbc4f65b2..f4889e24a 100644 --- a/docs/helm/security.md +++ b/docs/helm/security.md @@ -23,32 +23,13 @@ solutions are: * [Mozilla SOPS](https://github.com/mozilla/sops) * [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) -In the ACS Helm charts, you will find the possibility to provide such secrets in -an alternative way. Instead of providing credentials as values, it is possible -to provide a Kubernetes secret name, setting the appropriate -`existingSecretName` value available in the different charts. These Kubernetes -Secrets need to be created before attempting the Helm install and would contain -the necessary secrets. - -For example, you can provide the `repository.adminPassword` value as a secret by -creating: - -```sh -kubectl -n your-namespace create secret generic "repo-secret" \ - --from-literal=REPO_ADMIN_PASSWORD=209c6174da490caeb422f3fa5a7ae634 -``` - -And by setting `existingSecretName` to `repo-secret` instead of -`repository.adminPassword`. - -> Note: Such Kubernetes Secret needs to live within the same namespace you -> plan to deploy to. - Reference the autogenerated README.md in each chart to understand which secrets can be provided using existing Kubernetes Secrets: -* [alfresco-content-services](../../helm/alfresco-content-services/README.md) +* [alfresco-repository](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/repository-properties.md) * [activemq](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/activemq/README.md) * [alfresco-search-enterprise](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-search-enterprise/README.md) -* [alfresco-search](../../helm/alfresco-content-services/charts/alfresco-search/README.md) +* [alfresco-search](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-search-service/README.md) +* [alfresco-transform-service](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-transform-service/README.md) +* [alfresco-share](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-share/README.md) * [alfresco-sync-service](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-sync-service/README.md) diff --git a/helm/alfresco-content-services/7.0.N_values.yaml b/helm/alfresco-content-services/7.0.N_values.yaml index 85cf70621..17389f030 100644 --- a/helm/alfresco-content-services/7.0.N_values.yaml +++ b/helm/alfresco-content-services/7.0.N_values.yaml @@ -1,6 +1,6 @@ # This values file can be used to install ACS 7.0.x using the latest version of # the chart -repository: +alfresco-repository: image: tag: 7.0.1.10 alfresco-ai-transformer: @@ -32,6 +32,8 @@ share: image: tag: 7.0.1.3 alfresco-search: + repository: + securecomms: none searchServicesImage: tag: 2.0.2.2 alfresco-digital-workspace: @@ -55,5 +57,5 @@ alfresco-connector-msteams: alfresco-control-center: enabled: false global: - tracking: - auth: none + search: + securecomms: none diff --git a/helm/alfresco-content-services/7.1.N_values.yaml b/helm/alfresco-content-services/7.1.N_values.yaml index acd546955..f4581d008 100644 --- a/helm/alfresco-content-services/7.1.N_values.yaml +++ b/helm/alfresco-content-services/7.1.N_values.yaml @@ -1,6 +1,6 @@ # This values file can be used to install ACS 7.1.x using the latest version of # the chart -repository: +alfresco-repository: image: tag: 7.1.1.8 alfresco-ai-transformer: @@ -32,6 +32,8 @@ share: image: tag: 7.1.1.8 alfresco-search: + repository: + securecomms: none searchServicesImage: tag: 2.0.2.2 alfresco-search-enterprise: @@ -73,5 +75,5 @@ alfresco-connector-ms365: alfresco-control-center: enabled: false global: - tracking: - auth: none + search: + securecomms: none diff --git a/helm/alfresco-content-services/7.2.N_values.yaml b/helm/alfresco-content-services/7.2.N_values.yaml index 85dfd960b..9eec660cc 100644 --- a/helm/alfresco-content-services/7.2.N_values.yaml +++ b/helm/alfresco-content-services/7.2.N_values.yaml @@ -1,6 +1,6 @@ # This values file can be used to install ACS 7.2.x using the latest version of # the chart -repository: +alfresco-repository: image: tag: 7.2.1.12 alfresco-ai-transformer: diff --git a/helm/alfresco-content-services/7.3.N_values.yaml b/helm/alfresco-content-services/7.3.N_values.yaml index 057ec1a2f..85b585712 100644 --- a/helm/alfresco-content-services/7.3.N_values.yaml +++ b/helm/alfresco-content-services/7.3.N_values.yaml @@ -1,6 +1,6 @@ # This values file can be used to install ACS 7.3.x using the latest version of # the chart -repository: +alfresco-repository: image: tag: 7.3.1 alfresco-ai-transformer: diff --git a/helm/alfresco-content-services/7.4.N_values.yaml b/helm/alfresco-content-services/7.4.N_values.yaml index a1d3c05ab..dc5c6b8b8 100644 --- a/helm/alfresco-content-services/7.4.N_values.yaml +++ b/helm/alfresco-content-services/7.4.N_values.yaml @@ -1,6 +1,6 @@ # This values file can be used to install ACS 7.4.x using the latest version of # the chart -repository: +alfresco-repository: image: tag: 7.4.1.1 alfresco-transform-service: diff --git a/helm/alfresco-content-services/Chart.lock b/helm/alfresco-content-services/Chart.lock index d7ae22933..8307ad055 100644 --- a/helm/alfresco-content-services/Chart.lock +++ b/helm/alfresco-content-services/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: alfresco-common repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 2.1.0 + version: 3.0.0-alpha.2 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.8.5 @@ -11,6 +11,9 @@ dependencies: - name: common repository: https://activiti.github.io/activiti-cloud-helm-charts version: 7.11.0 +- name: alfresco-repository + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 0.1.0-alpha.11 - name: activemq repository: https://alfresco.github.io/alfresco-helm-charts/ version: 3.3.0 @@ -19,13 +22,13 @@ dependencies: version: 0.2.0 - name: alfresco-search-service repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 1.3.0 + version: 2.0.0-alpha.2 - name: alfresco-sync-service repository: https://alfresco.github.io/alfresco-helm-charts/ version: 4.4.0 - name: alfresco-search-enterprise repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 2.0.0 + version: 3.0.0-alpha.1 - name: alfresco-connector-msteams repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.2.0 @@ -38,5 +41,5 @@ dependencies: - name: alfresco-ai-transformer repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.3.0 -digest: sha256:95c0793bd427c4ef6def9c9a62e850896685e0b5f52230294eef6872508abb8d -generated: "2023-09-21T09:14:02.271557+02:00" +digest: sha256:2225970e907851fab90a3888cb8f446a42ba0b1bd2cccb67f5105f2116a3afcc +generated: "2023-09-26T15:14:18.040922+02:00" diff --git a/helm/alfresco-content-services/Chart.yaml b/helm/alfresco-content-services/Chart.yaml index 62db7ce63..996e69411 100644 --- a/helm/alfresco-content-services/Chart.yaml +++ b/helm/alfresco-content-services/Chart.yaml @@ -17,7 +17,7 @@ sources: - https://github.com/Alfresco/acs-deployment dependencies: - name: alfresco-common - version: 2.1.0 + version: 3.0.0-alpha.2 repository: https://alfresco.github.io/alfresco-helm-charts/ - name: postgresql version: 12.8.5 @@ -35,6 +35,9 @@ dependencies: version: 7.11.0 condition: >- alfresco-digital-workspace.enabled + - name: alfresco-repository + version: 0.1.0-alpha.11 + repository: https://alfresco.github.io/alfresco-helm-charts/ - name: activemq version: 3.3.0 repository: https://alfresco.github.io/alfresco-helm-charts/ @@ -46,14 +49,14 @@ dependencies: - name: alfresco-search-service alias: alfresco-search repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 1.3.0 + version: 2.0.0-alpha.2 condition: alfresco-search.enabled - name: alfresco-sync-service repository: https://alfresco.github.io/alfresco-helm-charts/ version: 4.4.0 condition: alfresco-sync-service.enabled - name: alfresco-search-enterprise - version: 2.0.0 + version: 3.0.0-alpha.1 repository: https://alfresco.github.io/alfresco-helm-charts/ condition: alfresco-search-enterprise.enabled - name: alfresco-connector-msteams diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index c4fecef38..2125b9d16 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -20,11 +20,12 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | https://activiti.github.io/activiti-cloud-helm-charts | alfresco-digital-workspace(common) | 7.11.0 | | https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.3.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-ai-transformer | 0.3.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.1.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.0.0-alpha.2 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-ms365 | 0.4.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-msteams | 0.2.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search-enterprise | 2.0.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search(alfresco-search-service) | 1.3.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.1.0-alpha.11 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search-enterprise | 3.0.0-alpha.1 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search(alfresco-search-service) | 2.0.0-alpha.2 | | https://alfresco.github.io/alfresco-helm-charts/ | share(alfresco-share) | 0.1.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-sync-service | 4.4.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-transform-service | 0.2.0 | @@ -66,6 +67,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-control-center.ingress.tls | list | `[]` | | | alfresco-control-center.nameOverride | string | `"alfresco-cc"` | | | alfresco-control-center.nodeSelector | object | `{}` | | +| alfresco-control-center.registryPullSecrets[0] | string | `"{{ $.Values.global.alfrescoRegistryPullSecrets }}"` | | | alfresco-control-center.resources.limits.cpu | string | `"1"` | | | alfresco-control-center.resources.limits.memory | string | `"1024Mi"` | | | alfresco-control-center.resources.requests.cpu | string | `"0.25"` | | @@ -89,6 +91,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-digital-workspace.ingress.tls | list | `[]` | | | alfresco-digital-workspace.nameOverride | string | `"alfresco-dw"` | | | alfresco-digital-workspace.nodeSelector | object | `{}` | | +| alfresco-digital-workspace.registryPullSecrets[0] | string | `"{{ $.Values.global.alfrescoRegistryPullSecrets }}"` | | | alfresco-digital-workspace.resources.limits.cpu | string | `"1"` | | | alfresco-digital-workspace.resources.limits.memory | string | `"1024Mi"` | | | alfresco-digital-workspace.resources.requests.cpu | string | `"0.25"` | | @@ -98,6 +101,27 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-digital-workspace.securityContext.runAsNonRoot | bool | `true` | | | alfresco-digital-workspace.securityContext.runAsUser | int | `101` | | | alfresco-digital-workspace.service.envType | string | `"frontend"` | | +| alfresco-repository.configuration.db.existingConfigMap.name | string | `"alfresco-infrastructure"` | | +| alfresco-repository.configuration.db.existingSecret.name | string | `"alfresco-cs-database"` | | +| alfresco-repository.configuration.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | | +| alfresco-repository.configuration.messageBroker.existingSecret.name | string | `"alfresco-cs-database"` | | +| alfresco-repository.configuration.repository.existingConfigMap | string | `"repository"` | | +| alfresco-repository.configuration.repository.existingSecrets[0].key | string | `"license.lic"` | | +| alfresco-repository.configuration.repository.existingSecrets[0].name | string | `"repository-secrets"` | | +| alfresco-repository.configuration.repository.existingSecrets[0].purpose | string | `"acs-license"` | | +| alfresco-repository.configuration.repository.existingSecrets[1].key | string | `"MAIL_PASSWORD"` | | +| alfresco-repository.configuration.repository.existingSecrets[1].name | string | `"outbound-email"` | | +| alfresco-repository.configuration.repository.existingSecrets[1].purpose | string | `"property:mail.password"` | | +| alfresco-repository.configuration.search.existingConfigMap.name | string | `"alfresco-infrastructure"` | | +| alfresco-repository.configuration.search.existingSecret.name | string | `"solr-shared-secret"` | | +| alfresco-repository.configuration.search.flavor | string | `"solr6"` | | +| alfresco-repository.image.repository | string | `"quay.io/alfresco/alfresco-content-repository"` | | +| alfresco-repository.image.tag | string | `"23.1.0-A27"` | | +| alfresco-repository.nameOverride | string | `"alfresco-repository"` | | +| alfresco-repository.persistence.accessModes | list | `["ReadWriteMany"]` | Specify a storageClass for dynamic provisioning | +| alfresco-repository.persistence.baseSize | string | `"20Gi"` | | +| alfresco-repository.persistence.enabled | bool | `true` | Persist repository data | +| alfresco-search-enterprise.ats.existingConfigMap.name | string | `"alfresco-infrastructure"` | | | alfresco-search-enterprise.elasticsearch.enabled | bool | `true` | Enables the embedded elasticsearch cluster | | alfresco-search-enterprise.enabled | bool | `false` | | | alfresco-search-enterprise.liveIndexing.content.image.tag | string | `"4.0.0-M1"` | | @@ -105,8 +129,8 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-search-enterprise.liveIndexing.metadata.image.tag | string | `"4.0.0-M1"` | | | alfresco-search-enterprise.liveIndexing.path.image.tag | string | `"4.0.0-M1"` | | | alfresco-search-enterprise.messageBroker.existingSecretName | string | `"acs-alfresco-cs-brokersecret"` | | -| alfresco-search-enterprise.reindexing.db.existingConfigMap.name | string | `"acs-alfresco-cs-dbconfigmap"` | | -| alfresco-search-enterprise.reindexing.db.existingSecret.name | string | `"acs-alfresco-cs-dbsecret"` | | +| alfresco-search-enterprise.reindexing.db.existingConfigMap.name | string | `"alfresco-infrastructure"` | | +| alfresco-search-enterprise.reindexing.db.existingSecret.name | string | `"alfresco-cs-database"` | | | alfresco-search-enterprise.reindexing.enabled | bool | `true` | | | alfresco-search-enterprise.reindexing.image.tag | string | `"4.0.0-M1"` | | | alfresco-search.alfresco-insight-zeppelin.enabled | bool | `false` | | @@ -117,6 +141,12 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-search.ingress.enabled | bool | `false` | Alfresco Search services endpoint ('/solr') | | alfresco-search.ingress.tls | list | `[]` | | | alfresco-search.nameOverride | string | `"alfresco-search"` | | +| alfresco-search.repository.existingConfigMap.keys.host | string | `"repo_svc_name"` | | +| alfresco-search.repository.existingConfigMap.keys.port | string | `"repo_svc_port"` | | +| alfresco-search.repository.existingConfigMap.keys.securecomms | string | `"SEARCH_SECURECOMMS"` | | +| alfresco-search.repository.existingConfigMap.name | string | `"alfresco-infrastructure"` | | +| alfresco-search.repository.existingSecret.keys.sharedSecret | string | `"SOLR_SECRET"` | | +| alfresco-search.repository.existingSecret.name | string | `"solr-shared-secret"` | | | alfresco-search.searchServicesImage.repository | string | `"quay.io/alfresco/search-services"` | | | alfresco-search.searchServicesImage.tag | string | `"2.0.8.1"` | | | alfresco-sync-service.enabled | bool | `true` | Toggle deployment of Alfresco Sync Service (Desktop-Sync) Check [Alfresco Sync Service Documentation](https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/alfresco-sync-service) | @@ -132,7 +162,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-sync-service.postgresql.primary.resources.limits.memory | string | `"4Gi"` | | | alfresco-sync-service.postgresql.primary.resources.requests.cpu | string | `"250m"` | | | alfresco-sync-service.postgresql.primary.resources.requests.memory | string | `"1Gi"` | | -| alfresco-sync-service.repository.nameOverride | string | `"alfresco-cs-repository"` | | +| alfresco-sync-service.repository.nameOverride | string | `"alfresco-repository"` | | | alfresco-sync-service.repository.port | int | `80` | | | alfresco-transform-service.enabled | bool | `true` | | | alfresco-transform-service.filestore.enabled | bool | `true` | Declares the alfresco-shared-file-store used by the content repository and transform service | @@ -162,13 +192,12 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-transform-service.transformrouter.image.repository | string | `"quay.io/alfresco/alfresco-transform-router"` | | | alfresco-transform-service.transformrouter.image.tag | string | `"3.1.0-M1"` | | | alfresco-transform-service.transformrouter.replicaCount | int | `2` | | -| apiexplorer | object | `{"ingress":{"path":"/api-explorer"}}` | Declares the api-explorer service used by the content repository | -| database.configMapName | string | `"acs-alfresco-cs-dbconfigmap"` | | +| database.configMapName | string | `"alfresco-infrastructure"` | Name of the secret managed by this chart | | database.driver | string | `nil` | Postgresql jdbc driver name ex: org.postgresql.Driver. It should be available in the container image. | | database.existingSecretName | string | `nil` | An existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys. When using embedded postgres you need to also set `postgresql.existingSecret`. | | database.external | bool | `false` | Enable using an external database for Alfresco Content Services. Must disable `postgresql.enabled` when true. | | database.password | string | `nil` | External Postgresql database password | -| database.secretName | string | `"acs-alfresco-cs-dbsecret"` | Name of the secret managed by this chart | +| database.secretName | string | `"alfresco-cs-database"` | Name of the secret managed by this chart | | database.url | string | `nil` | External Postgresql jdbc url ex: `jdbc:postgresql://oldfashioned-mule-postgresql-acs:5432/alfresco` | | database.user | string | `nil` | External Postgresql database user | | email | object | `{"handler":{"folder":{"overwriteDuplicates":true}},"inbound":{"emailContributorsAuthority":"EMAIL_CONTRIBUTORS","enabled":false,"unknownUser":"anonymous"},"initContainers":{"pemToKeystore":{"image":{"pullPolicy":"IfNotPresent","repository":"registry.access.redhat.com/redhat-sso-7/sso71-openshift","tag":"1.1-16"}},"pemToTruststore":{"image":{"pullPolicy":"IfNotPresent","repository":"registry.access.redhat.com/redhat-sso-7/sso71-openshift","tag":"1.1-16"}},"setPerms":{"image":{"pullPolicy":"IfNotPresent","repository":"busybox","tag":"1.35.0"}}},"server":{"allowed":{"senders":".*"},"auth":{"enabled":true},"blocked":{"senders":null},"connections":{"max":3},"domain":null,"enableTLS":true,"enabled":false,"hideTLS":false,"port":1125,"requireTLS":false},"ssl":{"secretName":null}}` | For a full information of configuring the inbound email system, see https://docs.alfresco.com/content-services/latest/config/email/#manage-inbound-emails | @@ -180,19 +209,21 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | global.elasticsearch.port | int | `9200` | The port where service is available | | global.elasticsearch.protocol | string | `"http"` | Valid values are http or https | | global.elasticsearch.user | string | `nil` | The username required to access the service, if any | -| global.known_urls[0] | string | `"https://localhost"` | | -| global.known_urls[1] | string | `"http://localhost"` | | -| global.registryPullSecrets[0] | string | `"quay-registry-secret"` | | +| global.known_urls | list | `["https://localhost","http://localhost"]` | list of trusted URLs. URLs a re used to configure Cross-origin protections Also the first entry is considered the main hosting domain of the platform. | +| global.mail | object | `{"host":null,"password":null,"port":587,"protocol":"smtp","smtp":{"auth":true,"starttls":{"enable":true}},"smtps":{"auth":true},"username":"anonymous"}` | For a full information of configuring the outbound email system, see https://docs.alfresco.com/content-services/latest/config/email/#manage-outbound-emails | +| global.mail.host | string | `nil` | SMTP server to use for the system to send outgoing email | +| global.mail.port | int | `587` | SMTP server port | +| global.mail.protocol | string | `"smtp"` | SMTP protocol to use. Either smtp or smtps | +| global.search.flavor | string | `nil` | set the type of search service used externally (solr6 of elasticsearch) | +| global.search.secretName | string | `"solr-shared-secret"` | Name of the secret managed by this chart | +| global.search.securecomms | string | `"secret"` | set the security level used with the external search service (secret, none or https) | +| global.search.sharedSecret | string | `nil` | Mandatory secret to provide when using Solr search with 'secret' security level | +| global.search.url | string | `nil` | set this URL if you have an external search service | | global.strategy.rollingUpdate.maxSurge | int | `1` | | | global.strategy.rollingUpdate.maxUnavailable | int | `0` | | -| global.tracking.auth | string | `"secret"` | Select how solr and repo authenticate to each other none: work only prior to acs 7.2 (and was the default) secret: use a shared secret (to specify using `tracking.sharedsecret`) https: to use mTLS auth (require appropriate certificate configuration) | -| global.tracking.sharedsecret | string | `nil` | Shared secret to authenticate repo/solr traffic. Strong enough secret can be generated with `openssl rand 20 -base64` | | imap | object | `{"mail":{"from":{"default":null},"to":{"default":null}},"server":{"enabled":false,"host":"0.0.0.0","imap":{"enabled":true},"imaps":{"enabled":true,"port":1144},"port":1143}}` | For a full information of configuring the imap subsystem, see https://docs.alfresco.com/content-services/latest/config/email/#enable-imap-protocol-using-alfresco-globalproperties | -| mail | object | `{"encoding":"UTF-8","existingSecretName":null,"from":{"default":null,"enabled":false},"host":null,"password":null,"port":25,"protocol":"smtps","smtp":{"auth":true,"debug":false,"starttls":{"enable":true},"timeout":30000},"smtps":{"auth":true,"starttls":{"enable":true}},"username":null}` | For a full information of configuring the outbound email system, see https://docs.alfresco.com/content-services/latest/config/email/#manage-outbound-emails | -| mail.existingSecretName | string | `nil` | An existing kubernetes secret that contains MAIL_PASSWORD as per `mail.password` value | -| mail.from.default | string | `nil` | Specifies the email address from which email notifications are sent | -| mail.host | string | `nil` | SMTP(S) host server to enable delivery of site invitations, activity notifications and workflow tasks by email | -| messageBroker | object | `{"password":null,"secretName":"acs-alfresco-cs-brokersecret","url":null,"user":null}` | Activemq connection setting when activemq.enabled=false Can reference an external broker details, or help spread details of an internal one. | +| infrastructure.configMapName | string | `"alfresco-infrastructure"` | | +| messageBroker | object | `{"password":null,"secretName":"acs-alfresco-cs-brokersecret","url":null,"user":null}` | Activemq connection details (activemq.enabled msut also be set to false) | | messageBroker.secretName | string | `"acs-alfresco-cs-brokersecret"` | Name of the secret managed by this chart | | metadataKeystore.defaultKeyPassword | string | `"oKIWzVdEdA"` | | | metadataKeystore.defaultKeystorePassword | string | `"mp6yc0UD9e"` | | @@ -213,60 +244,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | postgresql.primary.resources.limits.memory | string | `"8Gi"` | | | postgresql.primary.resources.requests.cpu | string | `"500m"` | | | postgresql.primary.resources.requests.memory | string | `"1Gi"` | | -| repository.adminPassword | string | `"209c6174da490caeb422f3fa5a7ae634"` | Administrator password for ACS in NTLM hash format to set at bootstrap time | -| repository.command | list | `[]` | | -| repository.edition | string | `"Enterprise"` | | -| repository.environment.JAVA_OPTS | string | `"-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 -Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.algorithm=DESede"` | | -| repository.existingSecretName | string | `nil` | An existing secret that contains REPO_ADMIN_PASSWORD as an alternative for `repository.adminPassword` value | -| repository.extraInitContainers | list | `[]` | | -| repository.extraLogStatements | object | `{}` | Provide additional log statements by adding classes and/or packages in a key:value maner org.alfresco.repo.content.transform.TransformerDebug: debug | -| repository.extraSideContainers | list | `[]` | | -| repository.extraVolumeMounts | list | `[]` | | -| repository.extraVolumes | list | `[]` | | -| repository.image.hazelcastPort | int | `5701` | | -| repository.image.internalPort | int | `8080` | | -| repository.image.pullPolicy | string | `"IfNotPresent"` | | -| repository.image.repository | string | `"quay.io/alfresco/alfresco-content-repository"` | | -| repository.image.tag | string | `"23.1.0-M4"` | | -| repository.ingress.annotations | object | `{}` | | -| repository.ingress.maxUploadSize | string | `"5g"` | | -| repository.ingress.path | string | `"/"` | | -| repository.ingress.tls | list | `[]` | | -| repository.initContainers.db.image.pullPolicy | string | `"IfNotPresent"` | | -| repository.initContainers.db.image.repository | string | `"busybox"` | | -| repository.initContainers.db.image.tag | string | `"1.35.0"` | | -| repository.initContainers.db.resources.limits.cpu | string | `"0.25"` | | -| repository.initContainers.db.resources.limits.memory | string | `"10Mi"` | | -| repository.licenseSecret | string | `nil` | The name of the secret holding the ACS repository license if any. it must be contained within a `data['*.lic']` property For details on how to manage license, see: https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/examples/alf_license.md | -| repository.livenessProbe.initialDelaySeconds | int | `130` | | -| repository.livenessProbe.periodSeconds | int | `20` | | -| repository.livenessProbe.timeoutSeconds | int | `10` | | -| repository.nodeSelector | object | `{}` | | -| repository.persistence.accessModes | list | `["ReadWriteMany"]` | Specify a storageClass for dynamic provisioning | -| repository.persistence.baseSize | string | `"20Gi"` | | -| repository.persistence.data.mountPath | string | `"/usr/local/tomcat/alf_data"` | | -| repository.persistence.data.subPath | string | `"alfresco-content-services/repository-data"` | | -| repository.persistence.enabled | bool | `true` | Persist repository data | -| repository.persistence.existingClaim | string | `nil` | Use pre-provisioned pv through its claim (e.g. static provisioning) | -| repository.persistence.storageClass | string | `nil` | Bind PVC based on storageClass (e.g. dynamic provisioning) | -| repository.podSecurityContext.fsGroup | int | `1000` | | -| repository.podSecurityContext.runAsGroup | int | `1000` | | -| repository.podSecurityContext.runAsNonRoot | bool | `true` | | -| repository.podSecurityContext.runAsUser | int | `33000` | | -| repository.readinessProbe.failureThreshold | int | `6` | | -| repository.readinessProbe.initialDelaySeconds | int | `60` | | -| repository.readinessProbe.periodSeconds | int | `20` | | -| repository.readinessProbe.timeoutSeconds | int | `10` | | -| repository.replicaCount | int | `2` | | -| repository.resources.limits.cpu | string | `"4"` | | -| repository.resources.limits.memory | string | `"8Gi"` | | -| repository.resources.requests.cpu | string | `"250m"` | | -| repository.resources.requests.memory | string | `"2Gi"` | | -| repository.service.externalPort | int | `80` | | -| repository.service.name | string | `"alfresco"` | | -| repository.service.type | string | `"ClusterIP"` | | -| repository.startupProbe | object | `{"failureThreshold":10,"periodSeconds":30}` | The startup probe to cover the worse case startup time for slow clusters | -| repository.strategy.type | string | `"Recreate"` | | | s3connector.config.bucketLocation | string | `nil` | | | s3connector.config.bucketName | string | `nil` | | | s3connector.enabled | bool | `false` | Enable the S3 Connector For a full list of properties on the S3 connector see: https://docs.alfresco.com/s3connector/references/s3-contentstore-ref-config-props.html | @@ -281,7 +258,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | share.nameOverride | string | `"share"` | | | share.repository.existingConfigMap.keys.host | string | `"repo_svc_name"` | Name of the key in the configmap which points to the repository service hostname | | share.repository.existingConfigMap.keys.port | string | `"repo_svc_port"` | Name of the key in the configmap which points to the repository service port | -| share.repository.existingConfigMap.name | string | `"infrastructure-repository"` | Name of the configmap which hold the repositoy connection details | +| share.repository.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which hold the repositoy connection details | Alfresco Content Service will be deployed in a Kubernetes cluster. This cluster needs a at least 32GB memory to split among below pods: diff --git a/helm/alfresco-content-services/community_values.yaml b/helm/alfresco-content-services/community_values.yaml index 2764dc43e..152f52ca6 100644 --- a/helm/alfresco-content-services/community_values.yaml +++ b/helm/alfresco-content-services/community_values.yaml @@ -2,6 +2,7 @@ # the latest version of the chart repository: edition: Community +alfresco-repository: replicaCount: 1 image: repository: alfresco/alfresco-content-repository-community diff --git a/helm/alfresco-content-services/templates/NOTES.txt b/helm/alfresco-content-services/templates/NOTES.txt index 6d9fb0739..5700184f2 100644 --- a/helm/alfresco-content-services/templates/NOTES.txt +++ b/helm/alfresco-content-services/templates/NOTES.txt @@ -25,7 +25,7 @@ You can access all components of Alfresco Content Services using the same root a Content: {{ $alfurl }}/alfresco Share: {{ $alfurl }}/share API-Explorer: {{ $alfurl }}/api-explorer -{{- if eq .Values.repository.edition "Enterprise" }} +{{- if index .Values "alfresco-digital-workspace" "enabled" }} Alfresco Digital Workspace: {{ $alfurl }}/workspace/ {{- end }} {{- if index .Values "alfresco-search" "ingress" "enabled" }} diff --git a/helm/alfresco-content-services/templates/_helpers-ats.tpl b/helm/alfresco-content-services/templates/_helpers-ats.tpl index c44ad2819..02060ba5c 100644 --- a/helm/alfresco-content-services/templates/_helpers-ats.tpl +++ b/helm/alfresco-content-services/templates/_helpers-ats.tpl @@ -1,37 +1,37 @@ {{/* Local transformers config */}} -{{- define "alfresco-content-service.localTransformConfig" -}} --DlocalTransform.core-aio.url= --DlocalTransform.pdfrenderer.url=http://{{ template "alfresco-transform-service.deployment-pdfrenderer.name" . }} --DlocalTransform.imagemagick.url=http://{{ template "alfresco-transform-service.deployment-imagemagick.name" . }} --DlocalTransform.libreoffice.url=http://{{ template "alfresco-transform-service.deployment-libreoffice.name" . }} --DlocalTransform.tika.url=http://{{ template "alfresco-transform-service.deployment-tika.name" . }} --DlocalTransform.misc.url=http://{{ template "alfresco-transform-service.deployment-transform-misc.name" . }} +{{- define "alfresco-content-services.localTransformConfig" -}} +localTransform.core-aio.url= +localTransform.pdfrenderer.url=http://{{ template "alfresco-transform-service.deployment-pdfrenderer.name" . }} +localTransform.imagemagick.url=http://{{ template "alfresco-transform-service.deployment-imagemagick.name" . }} +localTransform.libreoffice.url=http://{{ template "alfresco-transform-service.deployment-libreoffice.name" . }} +localTransform.tika.url=http://{{ template "alfresco-transform-service.deployment-tika.name" . }} +localTransform.misc.url=http://{{ template "alfresco-transform-service.deployment-transform-misc.name" . }} {{- end -}} {{/* ATS Tengines config */}} -{{- define "alfresco-content-service.tengineConfig" -}} --Dalfresco-pdf-renderer.url=http://{{ template "alfresco-transform-service.deployment-pdfrenderer.name" . }} --Dimg.url=http://{{ template "alfresco-transform-service.deployment-imagemagick.name" . }} --Djodconverter.url=http://{{ template "alfresco-transform-service.deployment-libreoffice.name" . }} --Dtika.url=http://{{ template "alfresco-transform-service.deployment-tika.name" . }} --Dtransform.misc.url=http://{{ template "alfresco-transform-service.deployment-transform-misc.name" . }} +{{- define "alfresco-content-services.tengineConfig" -}} +alfresco-pdf-renderer.url=http://{{ template "alfresco-transform-service.deployment-pdfrenderer.name" . }} +img.url=http://{{ template "alfresco-transform-service.deployment-imagemagick.name" . }} +jodconverter.url=http://{{ template "alfresco-transform-service.deployment-libreoffice.name" . }} +tika.url=http://{{ template "alfresco-transform-service.deployment-tika.name" . }} +transform.misc.url=http://{{ template "alfresco-transform-service.deployment-transform-misc.name" . }} {{- end -}} {{/* Get Alfresco Content Service configuration for Alfresco Transform Service */}} -{{- define "alfresco-content-service.atsConfig" -}} +{{- define "alfresco-content-services.atsConfig" -}} {{- $atsCtx := (dict "Values" (index .Values "alfresco-transform-service") "Chart" $.Chart "Release" $.Release) }} -{{ template "alfresco-content-service.localTransformConfig" $atsCtx }} +{{ template "alfresco-content-services.localTransformConfig" $atsCtx }} {{- if and $atsCtx.Values.filestore.enabled $atsCtx.Values.transformrouter.enabled }} {{- $routerCtx := (dict "Values" (dict "nameOverride" "router" ) "Chart" .Chart "Release" .Release) }} {{- $sfsCtx := (dict "Values" (dict "nameOverride" "filestore" ) "Chart" .Chart "Release" .Release) }} --Dtransform.service.url=http://{{ template "alfresco-transform-service.deployment-transform-router.name" $atsCtx }} --Dsfs.url=http://{{ template "alfresco-transform-service.deployment-filestore.name" $atsCtx }} -{{ template "alfresco-content-service.tengineConfig" $atsCtx }} +transform.service.url=http://{{ template "alfresco-transform-service.deployment-transform-router.name" $atsCtx }} +sfs.url=http://{{ template "alfresco-transform-service.deployment-filestore.name" $atsCtx }} +{{ template "alfresco-content-services.tengineConfig" $atsCtx }} {{- end }} {{- end }} diff --git a/helm/alfresco-content-services/templates/_helpers-database.tpl b/helm/alfresco-content-services/templates/_helpers-database.tpl new file mode 100644 index 000000000..40c10f47b --- /dev/null +++ b/helm/alfresco-content-services/templates/_helpers-database.tpl @@ -0,0 +1,17 @@ +{{/* +Compute the repository database URL + +Usage: include "alfresco-content-services.database.repo" $ + +*/}} +{{- define "alfresco-content-services.database.repo" -}} +{{- with .Values }} + {{- if and (not .database.url) (not .postgresql.enabled) }} + {{- fail "You must either set database.url or postgresql.enabled" }} + {{- else }} + {{- $pg_port := .postgresql.primary.service.ports.postgresql | toString }} + {{- $pg_url := printf "postgresql://%s-%s:%s/%s" $.Release.Name .postgresql.nameOverride $pg_port .postgresql.auth.database }} + {{- .database.url | default $pg_url }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/helm/alfresco-content-services/templates/_helpers-elasticsearch.tpl b/helm/alfresco-content-services/templates/_helpers-elasticsearch.tpl deleted file mode 100644 index f30c3c7ff..000000000 --- a/helm/alfresco-content-services/templates/_helpers-elasticsearch.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{- define "repo.elasticsearch.config" -}} -{{- if eq (index .Values "alfresco-search-enterprise" "elasticsearch" "protocol" | default .Values.global.elasticsearch.protocol) "https" }} --Delasticsearch.secureComms=https -{{- end }} --Delasticsearch.host={{ index .Values "alfresco-search-enterprise" "elasticsearch" "host" | default .Values.global.elasticsearch.host }} --Delasticsearch.port={{ index .Values "alfresco-search-enterprise" "elasticsearch" "port" | default .Values.global.elasticsearch.port }} --Delasticsearch.user={{ index .Values "alfresco-search-enterprise" "elasticsearch" "user" | default .Values.global.elasticsearch.user }} --Delasticsearch.password={{ index .Values "alfresco-search-enterprise" "elasticsearch" "password" | default .Values.global.elasticsearch.password }} --Delasticsearch.createIndexIfNotExists=true --Delasticsearch.indexName={{ index .Values "alfresco-search-enterprise" "indexName" }} -{{- end -}} diff --git a/helm/alfresco-content-services/templates/_helpers-ingress.tpl b/helm/alfresco-content-services/templates/_helpers-ingress.tpl deleted file mode 100644 index dafe61bd8..000000000 --- a/helm/alfresco-content-services/templates/_helpers-ingress.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{{/* -Define annotations as provided in values -*/}} -{{- define "ingress_annotations" }} -{{- range $annotation, $value := .ingress.annotations }} - {{- if ne $annotation "nginx.ingress.kubernetes.io/server-snippet" }} - {{- $annotation | nindent 4 }}: |- - {{- $value | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{/* -Define required annotations for secure nginx ingress -*/}} -{{- define "ingress_vhost_annotations" }} -{{- if index .ingress.annotations "nginx.ingress.kubernetes.io/server-snippet" }} - {{- range $annotation, $value := .ingress.annotations }} - {{- if eq $annotation "nginx.ingress.kubernetes.io/server-snippet" }} - nginx.ingress.kubernetes.io/server-snippet: | - {{- $value | nindent 6 }} - {{- end }} - {{- end }} -{{- else }} - nginx.ingress.kubernetes.io/server-snippet: | -{{- end }} - location ~ ^/.*/(wc)?s(ervice)?/api/solr/.*$ {return 403;} - location ~ ^/.*/proxy/.*/api/solr/.*$ {return 403;} - location ~ ^/.*/-default-/proxy/.*/api/.*$ {return 403;} - location ~ ^/.*/s/prometheus$ {return 403;} -{{- end }} diff --git a/helm/alfresco-content-services/templates/_helpers-message-broker.tpl b/helm/alfresco-content-services/templates/_helpers-message-broker.tpl new file mode 100644 index 000000000..59e7487b9 --- /dev/null +++ b/helm/alfresco-content-services/templates/_helpers-message-broker.tpl @@ -0,0 +1,14 @@ +{{/* +Compute the Message broker URL + +Usage: include "alfresco-content-services.mq.url" $ + +*/}} +{{- define "alfresco-content-services.mq.url" -}} + {{- if .Values.activemq.enabled }} + {{- $mqCtx := dict "Values" .Values.activemq "Chart" .Chart "Release" .Release }} + {{- printf "failover:(nio://%s-broker:61616)?timeout=3000&jms.useCompression=true" (include "activemq.fullname" $mqCtx) }} + {{- else }} + {{- required "Disabling in-cluster ActiveMQ requires passing (at least) messageBroker.url" .Values.messageBroker.url }} + {{- end }} +{{- end }} diff --git a/helm/alfresco-content-services/templates/_helpers-repository.tpl b/helm/alfresco-content-services/templates/_helpers-repository.tpl deleted file mode 100644 index 0c8b99e18..000000000 --- a/helm/alfresco-content-services/templates/_helpers-repository.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{{- define "repository.selectorLabels" -}} -app: {{ template "content-services.shortname" . }}-repository -release: {{ .Release.Name }} -component: repository -{{- end }} - -{{- define "repository.labels" -}} -chart: {{ include "content-services.chart" . }} -{{ include "repository.selectorLabels" . }} -heritage: {{ .Release.Service }} -{{- end }} - -{{/* -Get Alfresco Repository Service Port ("external") -*/}} -{{- define "repository.svcPort" -}} -{{- $defaultSvcPort := 80 }} -{{- if hasKey .Values.repository "service" }} - {{- coalesce .Values.repository.service.externalPort $defaultSvcPort | int }} -{{- else }} - {{- $defaultSvcPort | int }} -{{- end }} -{{- end -}} - -{{/* -Get Alfresco Repository container Port ("internal") -*/}} -{{- define "repository.containerPort" -}} -{{- .Values.repository.image.internalPort | default 8080 | int }} -{{- end -}} diff --git a/helm/alfresco-content-services/templates/_helpers-search.tpl b/helm/alfresco-content-services/templates/_helpers-search.tpl index bb8f7f65e..17025ede5 100644 --- a/helm/alfresco-content-services/templates/_helpers-search.tpl +++ b/helm/alfresco-content-services/templates/_helpers-search.tpl @@ -1,32 +1,43 @@ {{/* -Alfresco Repository index subsystem +Compute the search URL + +Usage: include "alfresco-content-services.search.url" $ + */}} -{{- define "repository.indexSubsystem" -}} -{{- if or (index .Values "alfresco-search" "enabled") (index .Values "alfresco-search" "external" "host") -}} - solr6 -{{- else if index .Values "alfresco-search-enterprise" "enabled" -}} - elasticsearch -{{- else -}} - none +{{- define "alfresco-content-services.search.url" -}} +{{- with .Values }} + {{- if .global.search.url }} + {{- .global.search.url }} + {{- else if and (index . "alfresco-search-enterprise" "enabled") (index . "alfresco-search-enterprise" "elasticsearch" "enabled") }} + {{- with (index . "alfresco-search-enterprise") }} + {{/* DRY needs a named template in subchart */}} + {{- printf "%s://%s-%s:%s" .elasticsearch.protocol .elasticsearch.clusterName .elasticsearch.nodeGroup .elasticsearch.httpPort }} + {{- end }} + {{- else if (index . "alfresco-search" "enabled") }} + {{/* DEPRECATE use chart.fullname with built ctx instead */}} + {{- template "alfresco-search-service.fullname" . }}-solr + {{- else }} + {{- fail "You must either set search.url, alfresco-search-enterprise.enabled or alfresco-search.enabled" }} + {{- end }} {{- end }} {{- end -}} {{/* -Alfresco Repository search configuration +Compute the search "flavor" + +Usage: include "alfresco-content-services.search.flavor" $ + */}} -{{- define "repository.indexConfig" -}} -{{- if index .Values "alfresco-search" "external" "host" }} --Dsolr.host={{ index .Values "alfresco-search" "external" "host" }} --Dsolr.port={{ index .Values "alfresco-search" "external" "port" | default 8983 }} --Dsolr.base.url={{ template "alfresco-search.baseurl" . }} --Dsolr.secureComms={{ .Values.global.tracking.auth | default "secret" }} -{{- else if index .Values "alfresco-search" "enabled" -}} -{{- $alfrescoSearchContext := dict "Chart" $.Chart "Release" $.Release "Values" (index .Values "alfresco-search") }} --Dsolr.host={{ template "alfresco-search.host" $alfrescoSearchContext }} --Dsolr.port={{ template "alfresco-search.svcPort" $alfrescoSearchContext }} --Dsolr.base.url={{ index .Values "alfresco-search" "ingress" "path" | default "/solr" }} --Dsolr.secureComms={{ .Values.global.tracking.auth | default "secret" }} -{{- else if index .Values "alfresco-search-enterprise" "enabled" }} -{{- template "repo.elasticsearch.config" . }} +{{- define "alfresco-content-services.search.flavor" -}} +{{- with .Values }} + {{- if .global.search.flavor }} + {{- .global.search.flavor }} + {{- else if (index . "alfresco-search-enterprise" "enabled") }} + {{- print "elasticsearch" }} + {{- else if (index . "alfresco-search" "enabled") }} + {{- print "solr6" }} + {{- else }} + {{- print "noindex" }} + {{- end }} {{- end }} {{- end -}} diff --git a/helm/alfresco-content-services/templates/_helpers-share.tpl b/helm/alfresco-content-services/templates/_helpers-share.tpl deleted file mode 100644 index fb38f858b..000000000 --- a/helm/alfresco-content-services/templates/_helpers-share.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{- define "share.selectorLabels" -}} -app: {{ template "content-services.shortname" . }}-share -release: {{ .Release.Name }} -component: share -{{- end }} - -{{- define "share.labels" -}} -chart: {{ include "content-services.chart" . }} -{{ include "share.selectorLabels" . }} -heritage: {{ .Release.Service }} -{{- end }} diff --git a/helm/alfresco-content-services/templates/_helpers.tpl b/helm/alfresco-content-services/templates/_helpers.tpl index 1ece8d3ed..aedb27c51 100644 --- a/helm/alfresco-content-services/templates/_helpers.tpl +++ b/helm/alfresco-content-services/templates/_helpers.tpl @@ -1,17 +1,62 @@ {{/* -Create a default fully qualified name. +Expand the name of the chart. +*/}} +{{- define "alfresco-content-services.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} -{{- define "content-services.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- define "alfresco-content-services.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} -{{- define "content-services.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "alfresco-content-services.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} -{{- define "content-services.activemq.fullname" -}} -{{- $data := dict "Release" .Release "Values" .Values.activemq "Chart" (dict "Name" "activemq") }} -{{- include "activemq.fullname" $data }} +{{/* +Common labels +*/}} +{{- define "alfresco-content-services.labels" -}} +helm.sh/chart: {{ include "alfresco-content-services.chart" . }} +{{ include "alfresco-content-services.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "alfresco-content-services.selectorLabels" -}} +app.kubernetes.io/name: {{ include "alfresco-content-services.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "alfresco-content-services.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "alfresco-content-services.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} {{- end }} diff --git a/helm/alfresco-content-services/templates/config-database.yaml b/helm/alfresco-content-services/templates/config-database.yaml deleted file mode 100644 index d2e037354..000000000 --- a/helm/alfresco-content-services/templates/config-database.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.database.configMapName }} - labels: - {{- include "repository.labels" . | nindent 4 }} -data: - {{- $databaseURL := .Values.database.url }} - {{- if not .Values.database.external }} - {{- $databaseURL = (printf "jdbc:postgresql://%s-%s:%d/%s" .Release.Name .Values.postgresql.nameOverride (int .Values.postgresql.primary.service.ports.postgresql) .Values.postgresql.auth.database) }} - {{- end }} - DATABASE_URL: {{ $databaseURL }} diff --git a/helm/alfresco-content-services/templates/config-dev-log4j-properties.yaml b/helm/alfresco-content-services/templates/config-dev-log4j-properties.yaml deleted file mode 100644 index aa7da0058..000000000 --- a/helm/alfresco-content-services/templates/config-dev-log4j-properties.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.repository.extraLogStatements }} -# Defines log4j properties -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "alfresco.shortname" . }}-custom-log4j-properties-configmap - labels: - {{- include "repository.labels" . | nindent 4 }} -data: - custom-log4j.properties: |- - {{- range $key, $val := .Values.repository.extraLogStatements }} - log4j.logger.{{ $key }}={{ $val }} - {{- end }} - custom-log4j2.properties: |- - {{- range $key, $val := .Values.repository.extraLogStatements }} - logger.{{ $key | replace "." "-" }}.name={{ $key }} - logger.{{ $key | replace "." "-" }}.level={{ $val }} - {{- end }} -{{- end }} diff --git a/helm/alfresco-content-services/templates/config-email.yaml b/helm/alfresco-content-services/templates/config-email.yaml deleted file mode 100644 index b094235e0..000000000 --- a/helm/alfresco-content-services/templates/config-email.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.email.server.enabled .Values.email.inbound.enabled }} -# Defines the email configmap for the alfresco content repository app -apiVersion: v1 -kind: ConfigMap -metadata: - name: tcp-services - labels: - {{- include "repository.labels" . | nindent 4 }} -data: - {{ .Values.email.server.port }}: "{{ .Release.Name }}/{{ template "content-services.shortname" . }}-email:{{ .Values.email.server.port }}::PROXY" - {{ .Values.imap.server.port }}: "{{ .Release.Name }}/{{ template "content-services.shortname" . }}-email:{{ .Values.imap.server.port }}::PROXY" - {{ .Values.imap.server.imaps.port }}: "{{ .Release.Name }}/{{ template "content-services.shortname" . }}-email:{{ .Values.imap.server.imaps.port }}::PROXY" -{{- end }} diff --git a/helm/alfresco-content-services/templates/config-infrastructure.yaml b/helm/alfresco-content-services/templates/config-infrastructure.yaml new file mode 100644 index 000000000..7218a875c --- /dev/null +++ b/helm/alfresco-content-services/templates/config-infrastructure.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.infrastructure.configMapName }} + labels: + {{- include "alfresco-content-services.labels" . | nindent 4 }} +data: + {{- $repoCtx := dict "Values" (index .Values "alfresco-repository") "Chart" .Chart "Release" .Release }} + {{- $atsCtx := dict "Values" (index .Values "alfresco-transform-service") "Chart" $.Chart "Release" $.Release }} + repo_svc_name: {{ template "alfresco-repository.fullname" $repoCtx }} + repo_svc_port: {{ index .Values "alfresco-repository" "service" "port" | default 80 | quote }} + {{- $db_url := include "alfresco-content-services.database.repo" $ }} + {{ template "alfresco-repository.db.cm" (dict "url" $db_url "driver" .Values.database.driver) }} + {{ template "alfresco-repository.mq.cm" (include "alfresco-content-services.mq.url" .) }} + {{- $search_url := "" }} + {{- $search_flavor := include "alfresco-content-services.search.flavor" . }} + {{- if ne "noindex" $search_flavor }} + {{- if .Values.global.search.url }} + {{- $search_url = .Values.global.search.url }} + {{- else if eq "solr6" $search_flavor }} + {{- $searchCtx := dict "Values" (index .Values "alfresco-search") "Chart" .Chart "Release" .Release }} + {{- $search_url = printf "http://%s-solr/solr" (include "alfresco-search-service.fullname" $searchCtx) }} + {{- else if eq "elasticsearch" $search_flavor }} + {{- $searchCtx := dict "Values" (index .Values "alfresco-search-enterprise") "Chart" .Chart "Release" .Release }} + {{- with (index .Values "alfresco-search-enterprise" "elasticsearch") }} + {{- $search_url = printf "%s://%s-%s:%v" .protocol .clusterName .nodeGroup .httpPort }} + {{- end }} + {{- $search_comms := "" }} + {{- if hasPrefix "https://" $search_url }} + {{- $search_comms = "https" }} + {{- else }} + {{- $search_comms = "none" }} + {{- end }} + {{- $_ := set .Values.global.search "securecomms" $search_comms }} + {{- end }} + {{- printf "SEARCH_SECURECOMMS: %s" .Values.global.search.securecomms | nindent 2}} + {{- printf "SEARCH_URL: %s" $search_url | nindent 2 }} + {{- printf "SEARCH_HOST: %s" (include "alfresco-common.url.host" $search_url) | nindent 2 }} + {{- printf "SEARCH_PORT: %s" (include "alfresco-common.url.port" $search_url | quote) | nindent 2 }} + {{- if eq "solr6" $search_flavor }} + {{- printf "SOLR_BASE_URL: %s" (include "alfresco-common.url.path" $search_url | default "/solr") | nindent 2 }} + {{- end }} + {{- end }} + SEARCH_FLAVOR: {{ template "alfresco-content-services.search.flavor" . }} + {{- if index .Values "alfresco-search-enterprise" "enabled" }} + {{- if index .Values "alfresco-transform-service" "enabled" }} + {{- $ats_baseurl := (printf "http://%s" (include "alfresco-transform-service.deployment-transform-router.name" $atsCtx)) }} + {{- $sfs_baseurl := (printf "http://%s" (include "alfresco-transform-service.deployment-filestore.name" $atsCtx)) }} + {{- include "alfresco-search-enterprise.ats.fullurl" $ats_baseurl | nindent 2 }} + {{- include "alfresco-search-enterprise.sfs.fullurl" $sfs_baseurl | nindent 2 }} + {{- else }} + {{- fail "Alfresco Search Enterprise has been enabled but no Transformation service has been provided" }} + {{- end }} + {{- end }} diff --git a/helm/alfresco-content-services/templates/config-repository-infrastructure.yaml b/helm/alfresco-content-services/templates/config-repository-infrastructure.yaml deleted file mode 100644 index 2979e53cd..000000000 --- a/helm/alfresco-content-services/templates/config-repository-infrastructure.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: infrastructure-repository - labels: - {{- include "repository.labels" . | nindent 4 }} -data: - repo_svc_name: {{ template "content-services.shortname" . }}-repository - repo_svc_port: {{ .Values.repository.service.externalPort | quote }} diff --git a/helm/alfresco-content-services/templates/config-repository.yaml b/helm/alfresco-content-services/templates/config-repository.yaml index 6e4c70279..52f5c5dcd 100644 --- a/helm/alfresco-content-services/templates/config-repository.yaml +++ b/helm/alfresco-content-services/templates/config-repository.yaml @@ -1,135 +1,69 @@ -# Defines the properties required by the content repository apiVersion: v1 kind: ConfigMap metadata: - # the name of the config map - name: {{ template "content-services.shortname" . }}-repository-configmap + name: repository labels: - {{- include "repository.labels" . | nindent 4 }} + {{- include "alfresco-content-services.labels" . | nindent 4 }} data: - # The JAVA_OPTS defined in the values.yaml file for the "repository" are set here using proper quotes - {{- if .Values.repository.environment }} - {{- range $key, $val := .Values.repository.environment }} - {{ $key }}: {{ tpl $val $ | quote }} - {{- end }} - {{- end }} - RELEASE_NAME: {{ .Release.Name }} - {{- $alfUrl := include "alfresco-common.external.url" . }} - ALFRESCO_OPTS: >- - -Ddeployment.method=HELM_CHART - -Dalfresco.cluster.enabled={{ gt (.Values.repository.replicaCount | int) 1 }} - {{- if .Values.repository.licenseSecret }} - -Ddir.license.external=/usr/local/tomcat/shared/classes/alfresco/extension/license/ - {{- end }} - -Dalfresco.host={{ template "alfresco-common.external.host" . }} - -Dalfresco.protocol={{ template "alfresco-common.external.scheme" . }} - -Dalfresco.port={{ template "alfresco-common.external.port" . }} - -Daos.baseUrlOverwrite={{ $alfUrl }}/alfresco/aos - -Dcsrf.filter.origin={{ $alfUrl }} - -Dcsrf.filter.referer={{ $alfUrl }}/.* + alfresco-global.properties: | + {{- $alfUrl := include "alfresco-common.external.url" . }} + deployment.method=HELM_CHART + alfresco.cluster.enabled={{ gt (index .Values "alfresco-repository" "replicaCount" | int) 1 }} + alfresco.host={{ template "alfresco-common.external.host" . }} + alfresco.protocol={{ template "alfresco-common.external.scheme" . }} + alfresco.port={{ template "alfresco-common.external.port" . }} + aos.baseUrlOverwrite={{ $alfUrl }}/alfresco/aos + csrf.filter.origin={{ $alfUrl }} + csrf.filter.referer={{ $alfUrl }}/.* {{- if .Values.share.enabled }} - -Dshare.protocol={{ template "alfresco-common.external.scheme" . }} - -Dshare.host={{ template "alfresco-common.external.host" . }} - -Dshare.port={{ template "alfresco-common.external.port" . }} - {{- end }} - {{- $subsys := include "repository.indexSubsystem" . -}} - {{- if ne $subsys "none" }} - {{- include "repository.indexConfig" . | indent 4 }} + share.protocol={{ template "alfresco-common.external.scheme" . }} + share.host={{ template "alfresco-common.external.host" . }} + share.port={{ template "alfresco-common.external.port" . }} {{- end }} - -Dindex.subsystem.name={{ $subsys }} - -Dlocal.transform.service.enabled={{ index .Values "alfresco-transform-service" "enabled" }} + local.transform.service.enabled={{ index .Values "alfresco-transform-service" "enabled" }} {{- with (index .Values "alfresco-transform-service") }} {{- $ats_for_enterprise := and .filestore.enabled .transformrouter.enabled }} - -Dtransform.service.enabled={{ and .enabled $ats_for_enterprise }} + transform.service.enabled={{ and .enabled $ats_for_enterprise }} {{- end }} {{- if index .Values "alfresco-transform-service" "enabled" }} - {{- include "alfresco-content-service.atsConfig" . | indent 4 }} - {{- end }} - {{- if .Values.s3connector.enabled }} - {{- range $key, $val := .Values.s3connector.config }} - -Ds3.{{ $key }}={{ $val }} + {{- include "alfresco-content-services.atsConfig" . | indent 4 }} {{- end }} + {{- with .Values.global.mail }} + {{- if .host }} + mail.host={{ .host }} + mail.port={{ .port }} + mail.protocol={{ .protocol }} + mail.smtp.auth={{ .smtp.auth }} + mail.smtps.auth={{ .smtp.auth }} + mail.smtp.starttls.enable={{ .smtp.starttls.enable }} + {{- if or .smtp.auth .smtps.auth }} + mail.username={{ .username }} {{- end }} - {{- if .Values.email.server.enabled }} - -Demail.server.enabled={{ .Values.email.server.enabled }} - -Demail.server.port={{ .Values.email.server.port }} - -Demail.server.domain={{ .Values.email.server.domain }} - -Demail.server.enableTLS={{ .Values.email.server.enableTLS }} - -Demail.server.hideTLS={{ .Values.email.server.hideTLS }} - -Demail.server.requireTLS={{ .Values.email.server.requireTLS }} - -Demail.server.auth.enabled={{ .Values.email.server.auth.enabled }} - -Demail.server.connections.max={{ .Values.email.server.connections.max }} - -Demail.server.allowed.senders={{ .Values.email.server.allowed.senders }} - -Demail.server.blocked.senders={{ .Values.email.server.blocked.senders }} - -Demail.inbound.enabled={{ .Values.email.inbound.enabled }} - -Demail.inbound.unknownUser={{ .Values.email.inbound.unknownUser }} - -Demail.inbound.emailContributorsAuthority={{ .Values.email.inbound.emailContributorsAuthority }} - -Demail.handler.folder.overwriteDuplicates={{ .Values.email.handler.folder.overwriteDuplicates }} - -Dimap.server.enabled={{ .Values.imap.server.enabled }} - -Dimap.server.port={{ .Values.imap.server.port }} - -Dimap.server.host={{ .Values.imap.server.host }} - -Dimap.server.imap.enabled={{ .Values.imap.server.imap.enabled }} - -Dimap.server.imaps.enabled={{ .Values.imap.server.imaps.enabled }} - -Dimap.server.imaps.port={{ .Values.imap.server.imaps.port }} - -Dimap.mail.from.default={{ .Values.imap.mail.from.default }} - -Dimap.mail.to.default={{ .Values.imap.mail.to.default }} - -Dsystem.usages.enabled=true - -Dnotification.email.siteinvite=true - {{- if .Values.email.server.enableTLS }} - -Djavax.net.ssl.keyStore=/var/run/secrets/java.io/keystores/keystore.jks -Djavax.net.ssl.keyStorePassword=changeit {{- end }} {{- end }} - {{- if .Values.mail.host }} - -Dmail.encoding={{ .Values.mail.encoding }} - -Dmail.host={{ .Values.mail.host }} - -Dmail.port={{ .Values.mail.port }} - -Dmail.protocol={{ .Values.mail.protocol }} - -Dmail.username={{ .Values.mail.username }} - -Dmail.from.default={{ .Values.mail.from.default }} - -Dmail.from.enabled={{ .Values.mail.from.enabled }} - -Dmail.smtp.auth={{ .Values.mail.smtp.auth }} - -Dmail.smtp.debug={{ .Values.mail.smtp.debug }} - -Dmail.smtp.starttls.enable={{ .Values.mail.smtp.starttls.enable }} - -Dmail.smtp.timeout={{ .Values.mail.smtp.timeout }} - -Dmail.smtps.auth={{ .Values.mail.smtps.auth }} - -Dmail.smtps.starttls.enable={{ .Values.mail.smtps.starttls.enable }} - {{- end }} {{- if index .Values "alfresco-sync-service" "enabled" }} - -Ddsync.service.uris={{ $alfUrl }}/syncservice + dsync.service.uris={{ $alfUrl }}/syncservice {{- else }} - -Devents.subsystem.autoStart=false + events.subsystem.autoStart=false {{- end }} - CATALINA_OPTS: >- - $ALFRESCO_OPTS - -Ddb.driver={{ .Values.database.driver | default "org.postgresql.Driver" }} - {{- if eq .Values.database.external false }} - -Ddb.url=jdbc:postgresql://{{ printf "%s-%s" .Release.Name .Values.postgresql.nameOverride }}:{{ .Values.postgresql.primary.service.ports.postgresql }}/{{ .Values.postgresql.auth.database }} - {{- else }} - -Ddb.url={{ .Values.database.url }} + {{/* + {{- if .Values.s3connector.enabled }} + {{- range $key, $val := .Values.s3connector.config }} + s3.{{ $key }}={{ $val }} {{- end }} - {{- if and .Values.mail.host (or .Values.mail.password .Values.mail.existingSecretName) }} - -Dmail.password=$MAIL_PASSWORD {{- end }} - -Ddb.username=$DATABASE_USERNAME - -Ddb.password=$DATABASE_PASSWORD {{- if .Values.s3connector.enabled }} {{- if .Values.s3connector.secrets.accessKey }} - -Ds3.accessKey=$ACCESSKEY + s3.accessKey=$ACCESSKEY {{- end }} {{- if .Values.s3connector.secrets.secretKey }} - -Ds3.secretKey=$SECRETKEY + s3.secretKey=$SECRETKEY {{- end }} {{- if .Values.s3connector.secrets.encryption }} - -Ds3.encryption=$ENCRYPTION + s3.encryption=$ENCRYPTION {{- end }} {{- if .Values.s3connector.secrets.awsKmsKeyId }} - -Ds3.awsKmsKeyId=$KMSKEYID + s3.awsKmsKeyId=$KMSKEYID {{- end }} {{- end }} - -Dmetadata-keystore.password=$METADATA_KEYSTORE_PASSWORD - -Dmetadata-keystore.metadata.password=$METADATA_KEY_PASSWORD - -Dmessaging.broker.url=$BROKER_URL - -Dmessaging.broker.username=$BROKER_USERNAME - -Dmessaging.broker.password=$BROKER_PASSWORD - -Dencryption.ssl.truststore.location=$JAVA_HOME/lib/security/cacerts - -Dalfresco_user_store.adminpassword=$REPO_ADMIN_PASSWORD + */}} diff --git a/helm/alfresco-content-services/templates/deployment-repository.yaml b/helm/alfresco-content-services/templates/deployment-repository.yaml deleted file mode 100644 index df8ec8b0a..000000000 --- a/helm/alfresco-content-services/templates/deployment-repository.yaml +++ /dev/null @@ -1,247 +0,0 @@ -# Defines the deployment for the alfresco content repository app -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "content-services.shortname" . }}-repository - labels: - {{- include "repository.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.repository.replicaCount }} - selector: - matchLabels: - {{- include "repository.selectorLabels" . | nindent 6 }} - strategy: - {{- if eq .Values.repository.strategy.type "Recreate" }} - type: {{ .Values.repository.strategy.type }} - {{- else }} - type: RollingUpdate - rollingUpdate: -{{ toYaml .Values.global.strategy.rollingUpdate | indent 6 }} - {{- end }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/config-repository.yaml") . | sha256sum }} - checksum/secretDatabase: {{ include (print $.Template.BasePath "/secret-database.yaml") . | sha256sum }} - checksum/secretS3: {{ include (print $.Template.BasePath "/secret-s3.yaml") . | sha256sum }} - labels: - {{- include "repository.selectorLabels" . | nindent 8 }} - spec: - {{- include "component-pod-security-context" .Values.repository | indent 4 }} - {{- if .Values.repository.nodeSelector }} - nodeSelector: {{- .Values.repository.nodeSelector | toYaml | nindent 8 }} - {{- end }} - {{- include "alfresco-content-services.imagePullSecrets" . | indent 6 }} - containers: - {{- if .Values.repository.extraSideContainers }} -{{ tpl .Values.repository.extraSideContainers . | indent 8 }} - {{- end }} - - name: {{ .Chart.Name }} - image: "{{ .Values.repository.image.repository }}:{{ .Values.repository.image.tag }}" - imagePullPolicy: {{ .Values.repository.image.pullPolicy }} - {{- if .Values.repository.command }} - command: -{{ tpl .Values.repository.command . | indent 12 }} - {{- end }} - {{- include "component-security-context" .Values.repository | indent 8 }} - envFrom: - - secretRef: - name: {{ .Values.database.existingSecretName | default .Values.database.secretName }} - {{- if .Values.s3connector.enabled }} - - secretRef: - name: {{ default (printf "%s-s3secret" (include "content-services.shortname" .)) .Values.s3connector.existingSecretName }} - {{- end }} - {{- if and .Values.mail.host (or .Values.mail.password .Values.mail.existingSecretName) }} - - secretRef: - name: {{ default (printf "%s-mail-password" (include "content-services.shortname" .)) .Values.mail.existingSecretName }} - {{- end }} - - secretRef: - name: {{ template "content-services.shortname" . }}-metadata-keystore-secret - - secretRef: - name: {{ .Values.messageBroker.existingSecretName | default .Values.messageBroker.secretName }} - - secretRef: - name: {{ default (printf "%s-repository-secret" (include "content-services.shortname" .)) .Values.repository.existingSecretName }} - - configMapRef: - # config map to use, defined in config-repository.yaml - name: {{ template "content-services.shortname" . }}-repository-configmap - ports: - # internal port and the hazelcast port used for clustering - - containerPort: {{ .Values.repository.image.internalPort }} - - containerPort: {{ .Values.repository.image.hazelcastPort }} - {{- if and .Values.email.server.enabled .Values.email.inbound.enabled }} - - containerPort: {{ .Values.email.server.port }} - - containerPort: {{ .Values.imap.server.port }} - - containerPort: {{ .Values.imap.server.imaps.port }} - {{- end }} - resources: {{- toYaml .Values.repository.resources | nindent 12 }} - volumeMounts: - {{- if and (index .Values "alfresco-search" "enabled") (eq .Values.global.tracking.auth "secret") }} - - name: repository-properties - mountPath: /usr/local/tomcat/shared/classes/alfresco-global.properties - subPath: alfresco-global.properties - {{- end }} - - name: data - mountPath: {{ .Values.repository.persistence.data.mountPath }} - subPath: {{ .Values.repository.persistence.data.subPath }} - {{- if .Values.repository.licenseSecret }} - - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/license/ - name: acs-license - {{- end }} - {{- if .Values.repository.extraLogStatements }} - - name: repository-logging-properties-volume - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/custom-log4j.properties - subPath: custom-log4j.properties - - name: repository-logging-properties-volume - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/custom-log4j2.properties - subPath: custom-log4j2.properties - {{- end }} - startupProbe: - httpGet: - path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- - port: {{ .Values.repository.image.internalPort }} - periodSeconds: {{ .Values.repository.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.repository.startupProbe.failureThreshold }} - readinessProbe: - httpGet: - path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- - port: {{ .Values.repository.image.internalPort }} - initialDelaySeconds: {{ .Values.repository.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.repository.readinessProbe.periodSeconds }} - failureThreshold: {{ .Values.repository.readinessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.repository.readinessProbe.timeoutSeconds }} - livenessProbe: - httpGet: - path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-live- - port: {{ .Values.repository.image.internalPort }} - initialDelaySeconds: {{ .Values.repository.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.repository.livenessProbe.periodSeconds }} - failureThreshold: 1 - timeoutSeconds: {{ .Values.repository.livenessProbe.timeoutSeconds }} - lifecycle: - preStop: - exec: - command: ["/bin/bash", "-c", "sleep 20"] - initContainers: - {{- if .Values.repository.extraInitContainers }} - {{- toYaml .Values.repository.extraInitContainers | nindent 8 }} - {{- end }} - {{- if not .Values.database.external }} - - name: wait-db-ready - image: "{{ .Values.repository.initContainers.db.image.repository }}:{{ .Values.repository.initContainers.db.image.tag }}" - imagePullPolicy: {{ .Values.repository.initContainers.db.image.pullPolicy }} - {{- include "component-security-context" .Values.repository.initContainers.db | indent 8 }} - resources: {{- toYaml .Values.repository.initContainers.db.resources | nindent 12 }} - command: ['sh', '-c', 'until nc -w1 {{ printf "%s-%s" .Release.Name .Values.postgresql.nameOverride }} {{ .Values.postgresql.primary.service.ports.postgresql }}; do echo "waiting for {{ printf "%s-%s" .Release.Name .Values.postgresql.nameOverride }}"; sleep 2; done;'] - {{- end }} - {{- if and .Values.email.server.enabled .Values.email.inbound.enabled .Values.email.server.enableTLS }} - - name: pem-to-keystore - image: "{{ .Values.email.initContainers.pemToKeystore.image.repository }}:{{ .Values.email.initContainers.pemToKeystore.image.tag }}" - imagePullPolicy: {{ .Values.email.initContainers.pemToKeystore.image.pullPolicy }} - {{- include "component-security-context" .Values.repository.initContainers.pemToKeystore | indent 8 }} - env: - - name: keyfile - value: /var/run/secrets/certs/tls.key - - name: crtfile - value: /var/run/secrets/certs/tls.crt - - name: keystore_pkcs12 - value: /var/run/secrets/java.io/keystores/keystore.pkcs12 - - name: keystore_jks - value: /var/run/secrets/java.io/keystores/keystore.jks - - name: password - value: changeit - command: ['/bin/bash'] - args: ['-c', "openssl pkcs12 -export -inkey $keyfile -in $crtfile -out $keystore_pkcs12 -password pass:$password && keytool -importkeystore -noprompt -srckeystore $keystore_pkcs12 -srcstoretype pkcs12 -destkeystore $keystore_jks -storepass $password -srcstorepass $password"] - volumeMounts: - - mountPath: /var/run/secrets/java.io/keystores - name: email-keystore-volume - - mountPath: /var/run/secrets/certs - name: email-certs - - name: pem-to-truststore - image: "{{ .Values.email.initContainers.pemToTruststore.image.repository }}:{{ .Values.email.initContainers.pemToTruststore.image.tag }}" - imagePullPolicy: {{ .Values.email.initContainers.pemToTruststore.image.pullPolicy }} - {{- include "component-security-context" .Values.repository.initContainers.pemToTruststore | indent 8 }} - env: - - name: ca_bundle - value: /var/run/secrets/cacert/ca.crt - - name: truststore_jks - value: /var/run/secrets/java.io/keystores/truststore.jks - - name: password - value: changeit - command: ['/bin/bash'] - args: ['-c', "csplit -z -f crt- $ca_bundle '/-----BEGIN CERTIFICATE-----/' '{*}' && for file in crt-*; do keytool -import -noprompt -keystore $truststore_jks -file $file -storepass changeit -alias service-$file; done"] - volumeMounts: - - name: email-keystore-volume - mountPath: /var/run/secrets/java.io/keystores - - name: ca-cert - mountPath: /var/run/secrets/cacert - - name: set-perms - image: "{{ .Values.email.initContainers.setPerms.image.repository }}:{{ .Values.email.initContainers.setPerms.image.tag }}" - imagePullPolicy: {{ .Values.email.initContainers.setPerms.image.pullPolicy }} - {{- include "component-security-context" .Values.repository.initContainers.setPerms | indent 8 }} - env: - - name: keystore_dir - value: /var/run/secrets/java.io/keystores - command: ["sh", "-c", "chown -R 33000:1000 $keystore_dir"] - volumeMounts: - - name: email-keystore-volume - mountPath: /var/run/secrets/java.io/keystores - {{- end }} - volumes: - {{- include "data_volume" .Values.repository | nindent 8 }} - {{- if and (index .Values "alfresco-search" "enabled") (eq .Values.global.tracking.auth "secret") }} - - name: repository-properties - secret: - secretName: {{ template "alfresco.shortname" . }}-repository-properties-secret - defaultMode: 0400 - items: - - key: alfresco-global.properties - path: alfresco-global.properties - {{- end }} - {{- if .Values.repository.licenseSecret }} - - name: acs-license - secret: - secretName: {{ .Values.repository.licenseSecret }} - defaultMode: 0400 - {{- end }} - {{- if .Values.repository.extraLogStatements }} - - name : repository-logging-properties-volume - configMap: - name: {{ template "alfresco.shortname" . }}-custom-log4j-properties-configmap - items: - - key: custom-log4j.properties - path: custom-log4j.properties - - key: custom-log4j2.properties - path: custom-log4j2.properties - {{- end }} - - name: custom-pipeline-config-volume - configMap: - optional: true - name: custom-pipeline-config - - name: custom-rendition-config-volume - configMap: - optional: true - name: custom-rendition-config - - name: custom-mimetype-config-volume - configMap: - optional: true - name: custom-mimetype-config - - name: custom-queryset-config-volume - configMap: - optional: true - name: custom-queryset-config - {{- if and .Values.email.server.enabled .Values.email.inbound.enabled .Values.email.server.enableTLS }} - - name: email-keystore-volume - emptyDir: {} - - name: email-certs - secret: - secretName: {{ .Values.email.ssl.secretName }} - - name: ca-cert - secret: - secretName: {{ .Values.email.ssl.secretName }} - items: - - key: ca.crt - path: ca.crt - {{- end }} - {{- if .Values.repository.extraVolumes }} - {{- toYaml .Values.repository.extraVolumes | nindent 8 }} - {{- end }} diff --git a/helm/alfresco-content-services/templates/ingress-repository.yaml b/helm/alfresco-content-services/templates/ingress-repository.yaml deleted file mode 100644 index cd8c80b41..000000000 --- a/helm/alfresco-content-services/templates/ingress-repository.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- $serviceName := printf "%s-%s" (include "content-services.shortname" .) "repository" -}} -{{- $servicePort := .Values.repository.service.externalPort -}} -apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "content-services.shortname" . }}-repository - labels: - {{- include "repository.labels" . | nindent 4 }} - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/session-cookie-name: "alf_affinity_route" - nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" - # Default file limit (1m) check, document(s) above this size will throw 413 (Request Entity Too Large) error - nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.repository.ingress.maxUploadSize }} - {{- include "ingress_annotations" .Values.repository }} - {{- include "ingress_vhost_annotations" .Values.repository }} -spec: - {{- if .Values.repository.ingress.tls }} - tls: - {{- range .Values.repository.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- if .Values.repository.ingress.hostName }} - - host: {{ tpl .Values.repository.ingress.hostName . }} - http: - {{- else }} - - http: - {{- end }} - paths: - - path: {{ .Values.repository.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: Prefix - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $) | nindent 10 }} - - path: {{ .Values.apiexplorer.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: Prefix - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $) | nindent 10 }} diff --git a/helm/alfresco-content-services/templates/pvc.yaml b/helm/alfresco-content-services/templates/pvc.yaml deleted file mode 100644 index 2c7406021..000000000 --- a/helm/alfresco-content-services/templates/pvc.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{- if and (not .Values.repository.persistence.existingClaim) .Values.repository.persistence.enabled }} -{{ include "component_pvc" .Values.repository }} -{{- end }} diff --git a/helm/alfresco-content-services/templates/secret-database.yaml b/helm/alfresco-content-services/templates/secret-database.yaml index 3661c7d00..f14887a7c 100644 --- a/helm/alfresco-content-services/templates/secret-database.yaml +++ b/helm/alfresco-content-services/templates/secret-database.yaml @@ -4,7 +4,7 @@ kind: Secret metadata: name: {{ .Values.database.secretName }} labels: - {{- include "repository.labels" . | nindent 4 }} + {{- include "alfresco-content-services.labels" . | nindent 4 }} type: Opaque data: DATABASE_USERNAME: {{ .Values.database.user | default .Values.postgresql.auth.username | b64enc | quote }} diff --git a/helm/alfresco-content-services/templates/secret-mail-password.yaml b/helm/alfresco-content-services/templates/secret-mail-password.yaml deleted file mode 100644 index 2fa4200e5..000000000 --- a/helm/alfresco-content-services/templates/secret-mail-password.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and .Values.mail.host (not .Values.mail.existingSecretName) .Values.mail.password }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "content-services.shortname" . }}-mail-password - labels: - {{- include "repository.labels" . | nindent 4 }} -type: Opaque -data: - MAIL_PASSWORD: {{ .Values.mail.password | b64enc | quote }} -{{- end }} diff --git a/helm/alfresco-content-services/templates/secret-mail.yaml b/helm/alfresco-content-services/templates/secret-mail.yaml new file mode 100644 index 000000000..862a348c0 --- /dev/null +++ b/helm/alfresco-content-services/templates/secret-mail.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.global.mail.host (or .Values.global.mail.smtp.auth .Values.global.mail.smtps.auth) }} +apiVersion: v1 +kind: Secret +metadata: + name: outbound-email + labels: + {{- include "alfresco-content-services.labels" . | nindent 4 }} +data: + {{- $reqMsg := "You have selected authentication to your SMTP server but did not provide a password for it" }} + MAIL_PASSWORD: {{ required $reqMsg .Values.global.mail.password | b64enc | quote }} +{{- end }} diff --git a/helm/alfresco-content-services/templates/secret-message-broker.yaml b/helm/alfresco-content-services/templates/secret-message-broker.yaml index ef50aa119..527998b78 100644 --- a/helm/alfresco-content-services/templates/secret-message-broker.yaml +++ b/helm/alfresco-content-services/templates/secret-message-broker.yaml @@ -4,16 +4,20 @@ kind: Secret metadata: name: {{ .Values.messageBroker.secretName }} labels: - {{- include "repository.labels" . | nindent 4 }} + {{- include "alfresco-content-services.labels" . | nindent 4 }} type: Opaque data: {{- if .Values.activemq.enabled }} - BROKER_URL: {{ printf "failover:(nio://%s-broker:61616)?timeout=3000&jms.useCompression=true" (include "content-services.activemq.fullname" .) | b64enc | quote }} - BROKER_USERNAME: {{ .Values.activemq.adminUser.user | b64enc | quote }} - BROKER_PASSWORD: {{ .Values.activemq.adminUser.password | b64enc | quote }} + {{- with .Values.activemq }} + BROKER_USERNAME: {{ .adminUser.user | b64enc | quote }} + BROKER_PASSWORD: {{ .adminUser.password | b64enc | quote }} + {{- end }} {{- else }} - BROKER_URL: {{ required "Disabling in-cluster ActiveMQ requires passing (at least) messageBroker.url" .Values.messageBroker.url | b64enc | quote }} - BROKER_USERNAME: {{ .Values.messageBroker.user | b64enc | quote }} - BROKER_PASSWORD: {{ .Values.messageBroker.password | b64enc | quote }} + {{- with .Values.messageBroker}} + BROKER_USERNAME: {{ .user | default "" | b64enc | quote }} + BROKER_PASSWORD: {{ .password | default "" | b64enc | quote }} + {{- end }} {{- end }} + {{/* required until OPSEXP-2300 & OPSEXP-2293 */}} + BROKER_URL: {{ include "alfresco-content-services.mq.url" . | b64enc | quote }} {{- end }} diff --git a/helm/alfresco-content-services/templates/secret-metadata-keystore.yaml b/helm/alfresco-content-services/templates/secret-metadata-keystore.yaml deleted file mode 100644 index d2d1196d7..000000000 --- a/helm/alfresco-content-services/templates/secret-metadata-keystore.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "content-services.shortname" . }}-metadata-keystore-secret - labels: - {{- include "repository.labels" . | nindent 4 }} -type: Opaque -data: - METADATA_KEYSTORE_PASSWORD: {{ .Values.metadataKeystore.keystorePassword | default .Values.metadataKeystore.defaultKeystorePassword | b64enc | quote }} - METADATA_KEY_PASSWORD: {{ .Values.metadataKeystore.keyPassword | default .Values.metadataKeystore.defaultKeyPassword | b64enc | quote }} diff --git a/helm/alfresco-content-services/templates/secret-repository-properties.yaml b/helm/alfresco-content-services/templates/secret-repository-properties.yaml deleted file mode 100644 index 64631d939..000000000 --- a/helm/alfresco-content-services/templates/secret-repository-properties.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (index .Values "alfresco-search" "enabled") (eq .Values.global.tracking.auth "secret") }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "alfresco.shortname" . }}-repository-properties-secret - labels: - {{- include "repository.labels" . | nindent 4 }} -type: Opaque -data: - alfresco-global.properties: {{ printf "%s%s" "solr.sharedSecret=" (include "tracking-shared-secret" .) | b64enc | quote }} -{{- end }} diff --git a/helm/alfresco-content-services/templates/secret-repository.yaml b/helm/alfresco-content-services/templates/secret-repository.yaml deleted file mode 100644 index 3a666eeab..000000000 --- a/helm/alfresco-content-services/templates/secret-repository.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if not .Values.repository.existingSecretName }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-repository-secret" (include "content-services.shortname" .) }} - labels: - {{- include "repository.labels" . | nindent 4 }} -type: Opaque -data: - REPO_ADMIN_PASSWORD: {{ .Values.repository.adminPassword | default "209c6174da490caeb422f3fa5a7ae634" | b64enc | quote }} -{{- end }} diff --git a/helm/alfresco-content-services/templates/secret-s3.yaml b/helm/alfresco-content-services/templates/secret-s3.yaml deleted file mode 100755 index 65d21b2a9..000000000 --- a/helm/alfresco-content-services/templates/secret-s3.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.s3connector.enabled (not .Values.s3connector.existingSecretName) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "content-services.shortname" . }}-s3secret - labels: - {{- include "repository.labels" . | nindent 4 }} -type: Opaque -data: - {{- if .Values.s3connector.secrets.accessKey }} - ACCESSKEY: {{ .Values.s3connector.secrets.accessKey | b64enc | quote }} - {{- end }} - {{- if .Values.s3connector.secrets.secretKey }} - SECRETKEY: {{ .Values.s3connector.secrets.secretKey | b64enc | quote }} - {{- end }} - {{- if .Values.s3connector.secrets.encryption }} - ENCRYPTION: {{ .Values.s3connector.secrets.encryption | b64enc | quote }} - {{- end }} - {{- if .Values.s3connector.secrets.awsKmsKeyId }} - KMSKEYID: {{ .Values.s3connector.secrets.awsKmsKeyId | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/helm/alfresco-content-services/templates/secret-search.yaml b/helm/alfresco-content-services/templates/secret-search.yaml new file mode 100644 index 000000000..30d003a2c --- /dev/null +++ b/helm/alfresco-content-services/templates/secret-search.yaml @@ -0,0 +1,11 @@ +{{- if eq "secret" .Values.global.search.securecomms }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.global.search.secretName }} + labels: + {{- include "alfresco-content-services.labels" . | nindent 4 }} +type: Opaque +data: + SOLR_SECRET: {{ .Values.global.search.sharedSecret | default "" | b64enc | quote }} +{{- end }} diff --git a/helm/alfresco-content-services/templates/svc-email.yaml b/helm/alfresco-content-services/templates/svc-email.yaml deleted file mode 100644 index 2f5b85433..000000000 --- a/helm/alfresco-content-services/templates/svc-email.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.email.server.enabled .Values.email.inbound.enabled }} -# Defines the email service for the alfresco content repository app -apiVersion: v1 -kind: Service -metadata: - name: {{ template "content-services.shortname" . }}-email - labels: - {{- include "repository.labels" . | nindent 4 }} -spec: - type: LoadBalancer - externalTrafficPolicy: Local - ports: - - port: {{ .Values.email.server.port }} - targetPort: {{ .Values.email.server.port }} - name: {{ .Values.repository.service.name }}-email-inbound - protocol: TCP - - port: {{ .Values.imap.server.port }} - targetPort: {{ .Values.imap.server.port }} - name: {{ .Values.repository.service.name }}-email-imap - protocol: TCP - - port: {{ .Values.imap.server.imaps.port }} - targetPort: {{ .Values.imap.server.imaps.port }} - name: {{ .Values.repository.service.name }}-email-imap-secure - protocol: TCP - selector: - {{- include "repository.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/helm/alfresco-content-services/templates/svc-repository.yaml b/helm/alfresco-content-services/templates/svc-repository.yaml deleted file mode 100644 index 1ef759494..000000000 --- a/helm/alfresco-content-services/templates/svc-repository.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Defines the service for the alfresco content repository app -apiVersion: v1 -kind: Service -metadata: - name: {{ template "content-services.shortname" . }}-repository - labels: - {{- include "repository.labels" . | nindent 4 }} -spec: - type: {{ .Values.repository.service.type }} - ports: - - port: {{ include "repository.svcPort" . }} - targetPort: {{ include "repository.containerPort" . }} - name: {{ .Values.repository.service.name }} - {{- if and .Values.email.server.enabled .Values.email.inbound.enabled }} - - port: {{ .Values.email.server.port }} - targetPort: {{ .Values.email.server.port }} - name: {{ .Values.repository.service.name }}-email-inbound - protocol: TCP - - port: {{ .Values.imap.server.port }} - targetPort: {{ .Values.imap.server.port }} - name: {{ .Values.repository.service.name }}-email-imap - protocol: TCP - - port: {{ .Values.imap.server.imaps.port }} - targetPort: {{ .Values.imap.server.imaps.port }} - name: {{ .Values.repository.service.name }}-email-imap-secure - protocol: TCP - {{- end }} - selector: - {{- include "repository.selectorLabels" . | nindent 4 }} diff --git a/helm/alfresco-content-services/tests/activemq_test.yaml b/helm/alfresco-content-services/tests/activemq_test.yaml index 7ced676fe..6aecad3f0 100644 --- a/helm/alfresco-content-services/tests/activemq_test.yaml +++ b/helm/alfresco-content-services/tests/activemq_test.yaml @@ -1,41 +1,38 @@ -# alfresco-common is a library so can only be tested from -# another chart --- -suite: test alfresco-common library +suite: test ActiveMQ config templates: + - config-infrastructure.yaml - secret-message-broker.yaml - - deployment-repository.yaml - - config-repository.yaml - - secret-database.yaml - - secret-s3.yaml - - secret-repository.yaml - - config-dev-log4j-properties.yaml tests: - - it: should render ActiveMQ embedded secret + - it: should render default ActiveMQ values: - values/test_values.yaml - - values/externalBroker_values.yaml asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: acs-alfresco-cs-brokersecret - template: deployment-repository.yaml - equal: path: data.BROKER_URL - value: ZmFpbG92ZXIobmlvOi8vc29tZWJyb2tlcjo2MTYxNik= + value: failover:(nio://RELEASE-NAME-activemq-broker:61616)?timeout=3000&jms.useCompression=true + template: config-infrastructure.yaml + - equal: + path: data.BROKER_USERNAME + value: YWRtaW4= + template: secret-message-broker.yaml + - equal: + path: data.BROKER_PASSWORD + value: YWRtaW4= template: secret-message-broker.yaml - - - it: should render custom secret + - it: should render ActiveMQ URL from values values: - - values/test_values.yaml - set: - messageBroker.existingSecretName: acs-credentials + - values/externalBroker_values.yaml asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: acs-credentials - template: deployment-repository.yaml + - equal: + path: data.BROKER_URL + value: failover:(nio://somebroker:61616) + template: config-infrastructure.yaml + - equal: + path: data.BROKER_USERNAME + value: YWxmcmVzY28= + template: secret-message-broker.yaml + - equal: + path: data.BROKER_PASSWORD + value: YWxmcmVzY28= + template: secret-message-broker.yaml diff --git a/helm/alfresco-content-services/tests/config-database_test.yaml b/helm/alfresco-content-services/tests/config-database_test.yaml deleted file mode 100644 index b2c04c8fc..000000000 --- a/helm/alfresco-content-services/tests/config-database_test.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -suite: test config-database manifest -templates: - - config-database.yaml -tests: - - it: should reference embedded postgres with default values - values: &testvalues - - values/test_values.yaml - asserts: - - equal: - path: data.DATABASE_URL - value: jdbc:postgresql://RELEASE-NAME-postgresql-acs:5432/alfresco - template: config-database.yaml - - - it: should reference external postgres when enabled - values: *testvalues - set: - database: - external: true - url: jdbc:postgresql://my-external-postgresql-acs:5432/alfresco - asserts: - - equal: - path: data.DATABASE_URL - value: jdbc:postgresql://my-external-postgresql-acs:5432/alfresco - template: config-database.yaml diff --git a/helm/alfresco-content-services/tests/config-repository_test.yaml b/helm/alfresco-content-services/tests/config-repository_test.yaml index 0ba878268..287a1f71a 100644 --- a/helm/alfresco-content-services/tests/config-repository_test.yaml +++ b/helm/alfresco-content-services/tests/config-repository_test.yaml @@ -3,51 +3,37 @@ suite: test config-repository manifest templates: - config-repository.yaml tests: - - it: should have CATALINA_OPTS with encryption.ssl.truststore.location set + - it: should have global properties rendered with default value for CSRF and baseUrl values: &testvalues - values/test_values.yaml + template: config-repository.yaml asserts: - matchRegex: - path: data.CATALINA_OPTS - pattern: |- - (^|[^\ ]\ )-Dencryption\.ssl\.truststore\.location=\$JAVA_HOME/lib/security/cacerts($|\ ) - template: config-repository.yaml - - - it: should have ALFRESCO_OPTS rendered with default value for CSRF and baseUrl - values: *testvalues - asserts: - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Daos\.baseUrlOverwrite=https://localhost/alfresco/aos($|\ ) - template: config-repository.yaml + path: &alfglob data["alfresco-global.properties"] + pattern: >- + \n *aos\.baseUrlOverwrite=https://localhost/alfresco/aos - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dcsrf\.filter\.origin=https://localhost($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *csrf\.filter\.origin=https://localhost - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dcsrf\.filter\.referer=https://localhost/\.\*($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *csrf\.filter\.referer=https://localhost/\.\* - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dshare.port=443($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *share.port=443 - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dshare.protocol=https($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *share.protocol=https - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dshare.host=localhost($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *share.host=localhost - - it: should have ALFRESCO_OPTS urls as per known_urls & without Share config + - it: should have global properties urls rendered as per known_urls & without Share config values: *testvalues set: share: @@ -55,83 +41,75 @@ tests: global: known_urls: - https://myecm.domain.tld:8443 + template: config-repository.yaml asserts: - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Daos\.baseUrlOverwrite=https://myecm.domain.tld:8443/alfresco/aos($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *aos\.baseUrlOverwrite=https://myecm.domain.tld:8443/alfresco/aos - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dcsrf\.filter\.origin=https://myecm.domain.tld:8443($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *csrf\.filter\.origin=https://myecm.domain.tld:8443 - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dcsrf\.filter\.referer=https://myecm.domain.tld:8443/\.\*($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *csrf\.filter\.referer=https://myecm.domain.tld:8443/\.\* - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dalfresco.port=8443($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *alfresco.port=8443 - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dalfresco.protocol=https($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *alfresco.protocol=https - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dalfresco.host=myecm.domain.tld($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *alfresco.host=myecm.domain.tld - notMatchRegex: - path: data.ALFRESCO_OPTS - pattern: -Dshare.port= - template: config-repository.yaml + path: *alfglob + pattern: share.port= - notMatchRegex: - path: data.ALFRESCO_OPTS - pattern: -Dshare.protocol= - template: config-repository.yaml + path: *alfglob + pattern: share.protocol= - notMatchRegex: - path: data.ALFRESCO_OPTS - pattern: -Dshare.host= - template: config-repository.yaml + path: *alfglob + pattern: share.host= - - it: should have ALFRESCO_OPTS and CATALINA_OPTS when mail values are set - values: *testvalues - set: - mail: - host: smtp.example.com - password: smtpPassword - port: 25 - asserts: - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dmail\.host=smtp\.example\.com($|\ ) - template: config-repository.yaml - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dmail\.port=25($|\ ) - template: config-repository.yaml - - matchRegex: - path: data.CATALINA_OPTS - pattern: |- - (^|[^\ ]\ )-Dmail\.password=\$MAIL_PASSWORD($|\ ) - template: config-repository.yaml - - - it: should have CATALINA_OPTS with mail.password set when existing secret name is provided - values: *testvalues - set: - mail: - host: smtp.example.com - existingSecretName: existing - asserts: - - matchRegex: - path: data.CATALINA_OPTS - pattern: |- - (^|[^\ ]\ )-Dmail\.password=\$MAIL_PASSWORD($|\ ) - template: config-repository.yaml +# - it: should have ALFRESCO_OPTS and CATALINA_OPTS when mail values are set +# values: *testvalues +# set: +# mail: +# host: smtp.example.com +# password: smtpPassword +# port: 25 +# asserts: +# - matchRegex: +# path: *alfglob +# pattern: >- +# \n *mail\.host=smtp\.example\.com +# template: config-repository.yaml +# - matchRegex: +# path: *alfglob +# pattern: >- +# \n *mail\.port=25 +# template: config-repository.yaml +# - matchRegex: +# path: data.CATALINA_OPTS +# pattern: >- +# \n *mail\.password=\$MAIL_PASSWORD +# template: config-repository.yaml +# +# - it: should have CATALINA_OPTS with mail.password set when existing secret name is provided +# values: *testvalues +# set: +# mail: +# host: smtp.example.com +# existingSecretName: existing +# asserts: +# - matchRegex: +# path: *alfglob +# pattern: >- +# \n *mail\.password=\$MAIL_PASSWORD +# template: config-repository.yaml diff --git a/helm/alfresco-content-services/tests/deployment-repository_test.yaml b/helm/alfresco-content-services/tests/deployment-repository_test.yaml deleted file mode 100644 index 968fee21d..000000000 --- a/helm/alfresco-content-services/tests/deployment-repository_test.yaml +++ /dev/null @@ -1,253 +0,0 @@ ---- -suite: test repository manifest -templates: - - deployment-repository.yaml - - config-repository.yaml - - secret-database.yaml - - secret-s3.yaml - - secret-repository.yaml - - config-dev-log4j-properties.yaml -tests: - - it: should have basic metadata in place in deployment - values: &testvalues - - values/test_values.yaml - asserts: - - equal: - path: metadata.name - value: RELEASE-NAME-alfresco-cs-repository - template: deployment-repository.yaml - - - it: Log4j & Log4j2 test - values: *testvalues - set: - repository: - extraLogStatements: - org.alfresco.repo.content.transform.TransformerDebug: debug - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: repository-logging-properties-volume - configMap: - name: RELEASE-NAME-alfresco-custom-log4j-properties-configmap - items: - - key: custom-log4j.properties - path: custom-log4j.properties - - key: custom-log4j2.properties - path: custom-log4j2.properties - template: deployment-repository.yaml - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: repository-logging-properties-volume - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/custom-log4j.properties - subPath: custom-log4j.properties - template: deployment-repository.yaml - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: repository-logging-properties-volume - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/custom-log4j2.properties - subPath: custom-log4j2.properties - template: deployment-repository.yaml - - - it: should have default mail secret in env when email server is enabled - values: *testvalues - set: - mail: - host: smtp.example.org - password: smtpPassword - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: RELEASE-NAME-alfresco-cs-mail-password - template: deployment-repository.yaml - - - it: should have overridden secret in env when email server is enabled - values: *testvalues - set: - mail: - host: smtp.example.org - existingSecretName: whatever - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: whatever - template: deployment-repository.yaml - - - it: should have overridden secret in env when email server is enabled - values: *testvalues - asserts: - - notContains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: RELEASE-NAME-alfresco-cs-mail-password - template: deployment-repository.yaml - - - it: should have default secret in env - values: *testvalues - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: RELEASE-NAME-alfresco-cs-repository-secret - template: deployment-repository.yaml - - - it: should have overridden secret in env - values: *testvalues - set: - repository.existingSecretName: whatever - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: whatever - template: deployment-repository.yaml - - - it: should have s3 secret in env - values: *testvalues - set: - s3connector: - enabled: true - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: RELEASE-NAME-alfresco-cs-s3secret - template: deployment-repository.yaml - - - it: should have overridden s3 secret in env - values: *testvalues - set: - s3connector: - enabled: true - existingSecretName: whatever - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: whatever - template: deployment-repository.yaml - - - it: should have a volume and a volumeMount for license - values: *testvalues - set: - repository: - licenseSecret: somesecret - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: acs-license - secret: - secretName: somesecret - defaultMode: 0400 - template: deployment-repository.yaml - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - mountPath: >- - /usr/local/tomcat/shared/classes/alfresco/extension/license/ - name: acs-license - template: deployment-repository.yaml - - - it: should have a volume and a volumeMount for alfresco-global.properties - values: *testvalues - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: repository-properties - secret: - secretName: RELEASE-NAME-alfresco-repository-properties-secret - defaultMode: 0400 - items: - - key: alfresco-global.properties - path: alfresco-global.properties - template: deployment-repository.yaml - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: repository-properties - mountPath: /usr/local/tomcat/shared/classes/alfresco-global.properties - subPath: alfresco-global.properties - template: deployment-repository.yaml - - - it: should render cpu and memory limits - values: *testvalues - asserts: - - equal: - path: spec.template.spec.containers[0].resources - value: - requests: - cpu: "250m" - memory: "2Gi" - limits: - cpu: "4" - memory: "8Gi" - template: deployment-repository.yaml - - - it: should have wait-db-ready initcontainer with in-cluster db - values: *testvalues - set: - database.external: false - asserts: - - equal: - path: spec.template.spec.initContainers[0].name - value: wait-db-ready - template: deployment-repository.yaml - - - it: should not have wait-db-ready initcontainer with external database - values: *testvalues - set: - database.external: true - asserts: - - isEmpty: - path: spec.template.spec.initContainers - template: deployment-repository.yaml - - isNotEmpty: - path: spec.template.spec.volumes - template: deployment-repository.yaml - - - it: should have custom init containers when defined - values: *testvalues - set: - repository.extraInitContainers: - - name: dummy-init-container - image: busybox:1.28 - command: ['sh', '-c', 'echo The app is running! && sleep 3600'] - asserts: - - contains: - path: spec.template.spec.initContainers - content: - name: dummy-init-container - image: busybox:1.28 - command: ['sh', '-c', 'echo The app is running! && sleep 3600'] - template: deployment-repository.yaml - - - it: should have custom extra volumes when defined - values: *testvalues - set: - repository.extraVolumes: - - name: test-volume - awsElasticBlockStore: - volumeID: "whatever" - fsType: ext4 - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: test-volume - awsElasticBlockStore: - volumeID: "whatever" - fsType: ext4 - template: deployment-repository.yaml diff --git a/helm/alfresco-content-services/tests/ingress-repository_test.yaml b/helm/alfresco-content-services/tests/ingress-repository_test.yaml deleted file mode 100644 index d561c3285..000000000 --- a/helm/alfresco-content-services/tests/ingress-repository_test.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -suite: test ingress for repository -templates: - - ingress-repository.yaml -tests: - - it: should render with default value alfresco-cs - values: &testvalues - - values/test_values.yaml - asserts: - - matchRegex: - path: metadata.name - pattern: ^RELEASE-NAME-alfresco-cs- - template: ingress-repository.yaml - - - it: should render with value set - values: *testvalues - set: - NameOverride: myacstest - asserts: - - matchRegex: - pattern: ^RELEASE-NAME-myacstest- - path: metadata.name - template: ingress-repository.yaml diff --git a/helm/alfresco-content-services/tests/mail_test.yaml b/helm/alfresco-content-services/tests/mail_test.yaml new file mode 100644 index 000000000..435d49a34 --- /dev/null +++ b/helm/alfresco-content-services/tests/mail_test.yaml @@ -0,0 +1,23 @@ +--- +suite: test mail features +templates: + - secret-mail.yaml +tests: + - it: should not render a secret by default + values: &testvalues + - values/test_values.yaml + asserts: + - hasDocuments: + count: 0 + - it: should not have a secret manifest at all when existingSecretName is set + values: *testvalues + set: + global: + mail: + host: smtp.domain.tld + username: someone + password: somepass + asserts: + - equal: + path: data.MAIL_PASSWORD + value: c29tZXBhc3M= diff --git a/helm/alfresco-content-services/tests/pv-repository_test.yaml b/helm/alfresco-content-services/tests/pv-repository_test.yaml deleted file mode 100644 index a5e158394..000000000 --- a/helm/alfresco-content-services/tests/pv-repository_test.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -suite: test persistence -templates: - - config-repository.yaml - - config-dev-log4j-properties.yaml - - secret-database.yaml - - secret-s3.yaml - - secret-repository.yaml - - deployment-repository.yaml - - pvc.yaml -tests: - - it: should render an ephemeral volume - values: &testvalues - - values/test_values.yaml - set: - repository: - persistence: - enabled: false - asserts: - - contains: - path: spec.template.spec.volumes - content: - emptyDir: - sizeLimit: 20Gi - name: data - template: deployment-repository.yaml - - it: should render a deployment with set claim - values: *testvalues - set: - repository: - persistence: - enabled: true - existingClaim: mysfsvolume - asserts: - - equal: - path: >- - spec.template.spec.volumes[0].persistentVolumeClaim.claimName - value: mysfsvolume - template: deployment-repository.yaml - - it: should render a deployment with dynamic claim name - values: *testvalues - set: - repository: - persistence: - enabled: true - volumeMode: Block - accessModes: - - ReadWriteMany - - ReadOnlyMany - asserts: - - equal: - path: >- - spec.template.spec.volumes[0].persistentVolumeClaim.claimName - value: alfresco-default-pvc - template: deployment-repository.yaml - - isNull: - path: spec.storageClassName - template: pvc.yaml - documentIndex: 0 - - it: should render a deployment with provided storage class - values: *testvalues - set: - repository: - persistence: - enabled: true - storageClass: cheap - asserts: - - equal: - path: >- - spec.template.spec.volumes[0].persistentVolumeClaim.claimName - value: alfresco-cheap-pvc - template: deployment-repository.yaml - - equal: - path: spec.storageClassName - value: cheap - template: pvc.yaml - documentIndex: 0 diff --git a/helm/alfresco-content-services/tests/search_test.yaml b/helm/alfresco-content-services/tests/search_test.yaml index 24e0b34b0..cb9706e4f 100644 --- a/helm/alfresco-content-services/tests/search_test.yaml +++ b/helm/alfresco-content-services/tests/search_test.yaml @@ -1,71 +1,98 @@ --- -suite: test search related rendering +suite: test repository properties in a secret templates: - - config-repository.yaml + - config-infrastructure.yaml + - secret-search.yaml tests: - - it: should configure ACS without any search subsystem + - it: should render default config (solr6 with secret) values: &testvalues - values/test_values.yaml - set: - alfresco-search: - enabled: false + template: config-infrastructure.yaml asserts: - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dindex.subsystem.name=none($|\ ) - - it: should configure ACS with external Solr + - equal: + path: data.SOLR_SECRET + value: ZHVtbXk= + template: secret-search.yaml + - equal: + path: data.SEARCH_SECURECOMMS + value: secret + - equal: + path: data.SEARCH_URL + value: http://RELEASE-NAME-alfresco-search-solr/solr + - equal: + path: data.SEARCH_HOST + value: RELEASE-NAME-alfresco-search-solr + - equal: + path: data.SEARCH_PORT + value: "80" + - equal: + path: data.SEARCH_FLAVOR + value: solr6 + - equal: + path: data.SOLR_BASE_URL + value: /solr + - it: should render an external config values: *testvalues set: - alfresco-search: - enabled: false - external: - host: somehostwheresolrservesrequests - port: 8983 + global: + search: + url: https://mysearch.domain.tld:8984/search + sharedSecret: supersecret + template: config-infrastructure.yaml asserts: - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dindex.subsystem.name=solr6($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dsolr.host=somehostwheresolrservesrequests($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dsolr.port=8983($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dsolr.secureComms=secret($|\ ) - - it: should configure ACS with external ElasticSearch + - equal: + path: data.SOLR_SECRET + value: c3VwZXJzZWNyZXQ= + template: secret-search.yaml + - equal: + path: data.SEARCH_SECURECOMMS + value: secret + - equal: + path: data.SEARCH_URL + value: https://mysearch.domain.tld:8984/search + - equal: + path: data.SEARCH_HOST + value: mysearch.domain.tld + - equal: + path: data.SEARCH_PORT + value: "8984" + - equal: + path: data.SEARCH_FLAVOR + value: solr6 + - equal: + path: data.SOLR_BASE_URL + value: /search + - it: should render an enterprise search config (embedded) values: *testvalues set: alfresco-search: enabled: false alfresco-search-enterprise: enabled: true - elasticsearch: - host: some.opensearch.endpoint - port: 443 - protocol: https - user: user - password: pass + template: config-infrastructure.yaml + asserts: + - equal: + path: data.SEARCH_SECURECOMMS + value: none + - equal: + path: data.SEARCH_URL + value: http://elasticsearch-master:9200 + - equal: + path: data.SEARCH_HOST + value: elasticsearch-master + - equal: + path: data.SEARCH_PORT + value: "9200" + - equal: + path: data.SEARCH_FLAVOR + value: elasticsearch + - it: should not render a secret render property with default credentials + values: *testvalues + set: + global: + search: + securecomms: none asserts: - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dindex.subsystem.name=elasticsearch($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Delasticsearch.host=some.opensearch.endpoint($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Delasticsearch.secureComms=https($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Delasticsearch.user=user($|\ ) + - hasDocuments: + count: 0 + template: secret-search.yaml diff --git a/helm/alfresco-content-services/tests/secret-mail-password_test.yaml b/helm/alfresco-content-services/tests/secret-mail-password_test.yaml deleted file mode 100644 index 9570bbe11..000000000 --- a/helm/alfresco-content-services/tests/secret-mail-password_test.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -suite: test mail password secret manifest -templates: - - secret-mail-password.yaml -tests: - - it: should have empty credentials as default - values: &testvalues - - values/test_values.yaml - asserts: - - hasDocuments: - count: 0 - - - it: should have credentials populated in the secret when host is set - values: *testvalues - set: - mail: - host: smtp.example.org - password: mymailpassword - asserts: - - equal: - path: data.MAIL_PASSWORD - value: bXltYWlscGFzc3dvcmQ= - - - it: should not have secret when existingSecretName is set - values: *testvalues - set: - mail: - host: smtp.example.org - existingSecretName: mySecret - asserts: - - hasDocuments: - count: 0 - - - it: should not have secret when no password is set - values: *testvalues - set: - mail: - host: smtp.example.org - asserts: - - hasDocuments: - count: 0 diff --git a/helm/alfresco-content-services/tests/secret-repository-properties_test.yaml b/helm/alfresco-content-services/tests/secret-repository-properties_test.yaml deleted file mode 100644 index b71e11f0a..000000000 --- a/helm/alfresco-content-services/tests/secret-repository-properties_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -suite: test repository properties in a secret -templates: - - secret-repository-properties.yaml -tests: - - it: should render property with default credentials - values: &testvalues - - values/test_values.yaml - asserts: - - equal: - path: data['alfresco-global.properties'] - value: c29sci5zaGFyZWRTZWNyZXQ9ZHVtbXk= - template: secret-repository-properties.yaml diff --git a/helm/alfresco-content-services/tests/secret-s3_test.yaml b/helm/alfresco-content-services/tests/secret-s3_test.yaml deleted file mode 100644 index 26ad653ca..000000000 --- a/helm/alfresco-content-services/tests/secret-s3_test.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -suite: test s3 credentials secret manifest -templates: - - secret-s3.yaml -tests: - - it: should have no secret with default values - values: &testvalues - - values/test_values.yaml - asserts: - - hasDocuments: - count: 0 - - - it: should have credentials populated in the secret when enabled - values: *testvalues - set: - s3connector: - enabled: true - secrets: - accessKey: myAccessKey - secretKey: mySecretKey - encryption: myEncryption - awsKmsKeyId: myAwsKmsKeyId - asserts: - - equal: - path: data.ACCESSKEY - value: bXlBY2Nlc3NLZXk= - - equal: - path: data.SECRETKEY - value: bXlTZWNyZXRLZXk= - - equal: - path: data.ENCRYPTION - value: bXlFbmNyeXB0aW9u - - equal: - path: data.KMSKEYID - value: bXlBd3NLbXNLZXlJZA== - - - it: should not have a secret when global existingSecretName is set - values: *testvalues - set: - s3connector: - enabled: true - existingSecretName: mySecret - asserts: - - hasDocuments: - count: 0 diff --git a/helm/alfresco-content-services/tests/values/externalBroker_values.yaml b/helm/alfresco-content-services/tests/values/externalBroker_values.yaml index 2d932d5b0..23d891b57 100644 --- a/helm/alfresco-content-services/tests/values/externalBroker_values.yaml +++ b/helm/alfresco-content-services/tests/values/externalBroker_values.yaml @@ -5,6 +5,6 @@ global: activemq: enabled: false messageBroker: - url: failover(nio://somebroker:61616) + url: failover:(nio://somebroker:61616) user: alfresco password: alfresco diff --git a/helm/alfresco-content-services/tests/values/test_values.yaml b/helm/alfresco-content-services/tests/values/test_values.yaml index 6968a5a17..2143829ec 100644 --- a/helm/alfresco-content-services/tests/values/test_values.yaml +++ b/helm/alfresco-content-services/tests/values/test_values.yaml @@ -1,5 +1,5 @@ --- global: - tracking: - sharedsecret: dummy + search: + sharedSecret: dummy alfrescoRegistryPullSecrets: secretsecret diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index 661e88873..5c0b1eadd 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -14,85 +14,124 @@ # max heap to 1/4th of container's memory which may not be ideal. Hence, setting # up explicit Container memory and then assigning a percentage of it to the JVM # for performance tuning. -repository: - # -- Administrator password for ACS in NTLM hash format to set at bootstrap time - adminPassword: "209c6174da490caeb422f3fa5a7ae634" - # -- The name of the secret holding the ACS repository license if any. - # it must be contained within a `data['*.lic']` property - # For details on how to manage license, see: - # https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/examples/alf_license.md - licenseSecret: null - edition: Enterprise - replicaCount: 2 - nodeSelector: {} +infrastructure: + configMapName: &infrastructure_cmName alfresco-infrastructure +global: + # -- list of trusted URLs. + # URLs a re used to configure Cross-origin protections + # Also the first entry is considered the main hosting domain of the platform. + known_urls: + - https://localhost + - http://localhost + # -- For a full information of configuring the outbound email system, see + # https://docs.alfresco.com/content-services/latest/config/email/#manage-outbound-emails + mail: + # -- SMTP server to use for the system to send outgoing email + host: null + # -- SMTP server port + port: 587 + # -- SMTP protocol to use. Either smtp or smtps + protocol: smtp + username: anonymous + password: null + smtp: + auth: true + starttls: + enable: true + smtps: + auth: true + search: + # -- set this URL if you have an external search service + url: null + # -- set the type of search service used externally (solr6 of elasticsearch) + flavor: null + # -- set the security level used with the external search service (secret, none or https) + securecomms: secret + # -- Mandatory secret to provide when using Solr search with 'secret' security level + sharedSecret: null + # -- Name of the secret managed by this chart + secretName: &acs_search_secretName solr-shared-secret + # -- If a private image registry a secret can be defined and passed to + # kubernetes, see: + # https://github.com/Alfresco/acs-deployment/blob/a924ad6670911f64f1bba680682d266dd4ea27fb/docs/helm/eks-deployment.md#docker-registry-secret + alfrescoRegistryPullSecrets: null strategy: - type: Recreate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + ai: + # -- Enable AI capabilities in ADW AI plugin + enabled: false + # -- Shared connections details for Elasticsearch/Opensearch, required when + # alfresco-search-enterprise.enabled is true + elasticsearch: + # -- The host where service is available. The provided default is for when + # elasticsearch.enabled is true + host: elasticsearch-master + # -- The port where service is available + port: 9200 + # -- Valid values are http or https + protocol: http + # -- The username required to access the service, if any + user: null + # -- The password required to access the service, if any + password: null +database: + # -- Enable using an external database for Alfresco Content Services. Must disable `postgresql.enabled` when true. + external: false + # -- Postgresql jdbc driver name ex: org.postgresql.Driver. It should be available in the container image. + driver: null + # -- External Postgresql database user + user: null + # -- External Postgresql database password + password: null + # -- External Postgresql jdbc url ex: `jdbc:postgresql://oldfashioned-mule-postgresql-acs:5432/alfresco` + url: null + # -- Name of the secret managed by this chart + configMapName: *infrastructure_cmName + # -- Name of the secret managed by this chart + secretName: &acs_database_secretName alfresco-cs-database + # -- An existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys. + # When using embedded postgres you need to also set `postgresql.existingSecret`. + existingSecretName: null +# -- Activemq connection details (activemq.enabled msut also be set to false) +messageBroker: + url: null + user: null + password: null + # -- Name of the secret managed by this chart + secretName: &acs_messageBroker_secretName acs-alfresco-cs-brokersecret +alfresco-repository: + nameOverride: alfresco-repository image: repository: quay.io/alfresco/alfresco-content-repository - tag: 23.1.0-M4 - pullPolicy: IfNotPresent - internalPort: 8080 - hazelcastPort: 5701 - initContainers: + tag: 23.1.0-A27 + configuration: + repository: + existingConfigMap: repository + existingSecrets: + - name: repository-secrets + key: license.lic + purpose: acs-license + - name: outbound-email + key: MAIL_PASSWORD + purpose: property:mail.password db: - image: - repository: busybox - tag: 1.35.0 - pullPolicy: IfNotPresent - resources: - limits: - cpu: "0.25" - memory: "10Mi" - service: - name: alfresco - type: ClusterIP - externalPort: &repositoryExternalPort 80 - ingress: - path: / - maxUploadSize: "5g" - annotations: {} - # nginx.ingress.kubernetes.io/enable-cors: "true" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - environment: - JAVA_OPTS: >- - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - -Dencryption.keystore.type=JCEKS - -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding - -Dencryption.keyAlgorithm=DESede - -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore - -Dmetadata-keystore.aliases=metadata - -Dmetadata-keystore.metadata.algorithm=DESede - podSecurityContext: - runAsNonRoot: true - runAsUser: 33000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - cpu: "250m" - memory: "2Gi" - limits: - cpu: "4" - memory: "8Gi" - # -- The startup probe to cover the worse case startup time for slow clusters - startupProbe: - periodSeconds: 30 - failureThreshold: 10 - # The repository readiness probe is used to check startup only as a failure - # of the liveness probe later will result in the pod being restarted. - readinessProbe: - initialDelaySeconds: 60 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - livenessProbe: - initialDelaySeconds: 130 - periodSeconds: 20 - timeoutSeconds: 10 + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: *acs_database_secretName + messageBroker: + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: *acs_database_secretName + search: + flavor: solr6 + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: *acs_search_secretName persistence: # -- Persist repository data enabled: true @@ -100,39 +139,7 @@ repository: # -- Specify a storageClass for dynamic provisioning accessModes: - ReadWriteMany - # -- Bind PVC based on storageClass (e.g. dynamic provisioning) - storageClass: null - # -- Use pre-provisioned pv through its claim (e.g. static provisioning) - existingClaim: null - data: - mountPath: /usr/local/tomcat/alf_data - subPath: alfresco-content-services/repository-data - extraVolumes: [] - extraVolumeMounts: [] - extraSideContainers: [] - extraInitContainers: [] - command: [] - # -- Provide additional log statements by adding classes and/or packages in a - # key:value maner org.alfresco.repo.content.transform.TransformerDebug: debug - extraLogStatements: {} - # -- An existing secret that contains REPO_ADMIN_PASSWORD as an alternative for `repository.adminPassword` value - existingSecretName: null -# -- Declares the api-explorer service used by the content repository -apiexplorer: - ingress: - path: /api-explorer -# -- Activemq connection setting when activemq.enabled=false -# Can reference an external broker details, or help spread details of an -# internal one. -messageBroker: &acs_messageBroker - url: null - user: null - password: null - # -- Name of the secret managed by this chart - secretName: &acs_messageBroker_secretName acs-alfresco-cs-brokersecret - # -- Alternatively, provide credentials via an existing secret that contains - # BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys -activemq: &amq +activemq: nameOverride: activemq enabled: true # -- Possibility to choose Node for pod, with a key-value pair label @@ -239,7 +246,7 @@ share: repository: existingConfigMap: # -- Name of the configmap which hold the repositoy connection details - name: infrastructure-repository + name: *infrastructure_cmName keys: # -- Name of the key in the configmap which points to the repository # service hostname @@ -249,6 +256,17 @@ share: port: repo_svc_port alfresco-search: enabled: true + repository: + existingConfigMap: + name: *infrastructure_cmName + keys: + host: repo_svc_name + port: repo_svc_port + securecomms: SEARCH_SECURECOMMS + existingSecret: + name: *acs_search_secretName + keys: + sharedSecret: SOLR_SECRET searchServicesImage: repository: quay.io/alfresco/search-services tag: 2.0.8.1 @@ -274,25 +292,11 @@ alfresco-search: # - secretName: chart-example-tls # hosts: # - chart-example.local -database: - # -- Enable using an external database for Alfresco Content Services. Must disable `postgresql.enabled` when true. - external: false - # -- Postgresql jdbc driver name ex: org.postgresql.Driver. It should be available in the container image. - driver: null - # -- External Postgresql database user - user: null - # -- External Postgresql database password - password: null - # -- External Postgresql jdbc url ex: `jdbc:postgresql://oldfashioned-mule-postgresql-acs:5432/alfresco` - url: null - # -- Name of the secret managed by this chart - secretName: &acs_database_secretName acs-alfresco-cs-dbsecret - configMapName: &acs_database_configMapName acs-alfresco-cs-dbconfigmap - # -- An existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys. - # When using embedded postgres you need to also set `postgresql.existingSecret`. - existingSecretName: null alfresco-search-enterprise: enabled: false + ats: + existingConfigMap: + name: *infrastructure_cmName elasticsearch: # -- Enables the embedded elasticsearch cluster enabled: true @@ -317,7 +321,7 @@ alfresco-search-enterprise: existingSecret: name: *acs_database_secretName existingConfigMap: - name: *acs_database_configMapName + name: *infrastructure_cmName image: tag: 4.0.0-M1 alfresco-digital-workspace: @@ -339,6 +343,8 @@ alfresco-digital-workspace: repository: quay.io/alfresco/alfresco-digital-workspace tag: 4.2.0 pullPolicy: IfNotPresent + registryPullSecrets: + - "{{ $.Values.global.alfrescoRegistryPullSecrets }}" env: APP_CONFIG_PROVIDER: "ECM" APP_CONFIG_AUTH_TYPE: "BASIC" @@ -380,6 +386,8 @@ alfresco-control-center: repository: quay.io/alfresco/alfresco-control-center tag: 8.2.0 pullPolicy: IfNotPresent + registryPullSecrets: + - "{{ $.Values.global.alfrescoRegistryPullSecrets }}" env: APP_CONFIG_PROVIDER: "ECM" APP_CONFIG_AUTH_TYPE: "BASIC" @@ -496,32 +504,6 @@ email: repository: busybox tag: 1.35.0 pullPolicy: IfNotPresent -# -- For a full information of configuring the outbound email system, see -# https://docs.alfresco.com/content-services/latest/config/email/#manage-outbound-emails -mail: - # -- SMTP(S) host server to enable delivery of site invitations, activity notifications and workflow tasks by email - host: null - port: 25 - protocol: smtps - encoding: UTF-8 - username: null - password: null - # -- An existing kubernetes secret that contains MAIL_PASSWORD as per `mail.password` value - existingSecretName: null - from: - # -- Specifies the email address from which email notifications are sent - default: null - enabled: false - smtp: - auth: true - debug: false - timeout: 30000 - starttls: - enable: true - smtps: - auth: true - starttls: - enable: true # -- For a full information of configuring the imap subsystem, see # https://docs.alfresco.com/content-services/latest/config/email/#enable-imap-protocol-using-alfresco-globalproperties imap: @@ -571,8 +553,8 @@ alfresco-sync-service: messageBroker: existingSecretName: *acs_messageBroker_secretName repository: - nameOverride: alfresco-cs-repository - port: *repositoryExternalPort + nameOverride: alfresco-repository + port: 80 # -- toggle deploying Alfresco ai transformer alfresco-ai-transformer: enabled: false @@ -587,45 +569,3 @@ alfresco-ai-transformer: # region: # s3Bucket: # comprehendRoleARN: -global: - known_urls: - - https://localhost - - http://localhost - # A shared secret is now required in order to authenticate connections between - # solr and repo (typically: tracking) - tracking: - # -- Select how solr and repo authenticate to each other - # none: work only prior to acs 7.2 (and was the default) - # secret: use a shared secret (to specify using `tracking.sharedsecret`) - # https: to use mTLS auth (require appropriate certificate configuration) - auth: secret - # -- Shared secret to authenticate repo/solr traffic. - # Strong enough secret can be generated with `openssl rand 20 -base64` - sharedsecret: null - # -- If a private image registry a secret can be defined and passed to - # kubernetes, see: - # https://github.com/Alfresco/acs-deployment/blob/a924ad6670911f64f1bba680682d266dd4ea27fb/docs/helm/eks-deployment.md#docker-registry-secret - alfrescoRegistryPullSecrets: null - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - registryPullSecrets: - - quay-registry-secret - ai: - # -- Enable AI capabilities in ADW AI plugin - enabled: false - # -- Shared connections details for Elasticsearch/Opensearch, required when - # alfresco-search-enterprise.enabled is true - elasticsearch: - # -- The host where service is available. The provided default is for when - # elasticsearch.enabled is true - host: elasticsearch-master - # -- The port where service is available - port: 9200 - # -- Valid values are http or https - protocol: http - # -- The username required to access the service, if any - user: null - # -- The password required to access the service, if any - password: null diff --git a/test/community-integration-test-values.yaml b/test/community-integration-test-values.yaml index e1f03798a..9438ca626 100644 --- a/test/community-integration-test-values.yaml +++ b/test/community-integration-test-values.yaml @@ -1,5 +1,5 @@ --- -repository: +alfresco-repository: resources: requests: cpu: "0.01" diff --git a/test/enterprise-integration-test-values.yaml b/test/enterprise-integration-test-values.yaml index 9a27b50a7..36993fa88 100644 --- a/test/enterprise-integration-test-values.yaml +++ b/test/enterprise-integration-test-values.yaml @@ -1,5 +1,5 @@ --- -repository: +alfresco-repository: resources: requests: cpu: "0.01" diff --git a/updatecli-matrix-targets.yaml b/updatecli-matrix-targets.yaml index 6ed2af116..2c6e9916f 100644 --- a/updatecli-matrix-targets.yaml +++ b/updatecli-matrix-targets.yaml @@ -13,7 +13,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues231 >- helm/alfresco-content-services/values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag helm_update_appVersion: true share: version: @@ -131,7 +131,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues74 >- helm/alfresco-content-services/7.4.N_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: @@ -245,7 +245,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues73 >- helm/alfresco-content-services/7.3.N_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: @@ -359,7 +359,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues72 >- helm/alfresco-content-services/7.2.N_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: @@ -473,7 +473,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues71 >- helm/alfresco-content-services/7.1.N_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: @@ -580,7 +580,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues70 >- helm/alfresco-content-services/7.0.N_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: @@ -667,7 +667,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvaluesOss >- helm/alfresco-content-services/community_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: