diff --git a/helm/acs-sso-example/Chart.lock b/helm/acs-sso-example/Chart.lock
index 7cea69f13..6135fd3a9 100644
--- a/helm/acs-sso-example/Chart.lock
+++ b/helm/acs-sso-example/Chart.lock
@@ -4,7 +4,7 @@ dependencies:
version: 13.4.0
- name: keycloakx
repository: https://codecentric.github.io/helm-charts
- version: 2.5.1
+ version: 2.6.0
- name: alfresco-repository
repository: https://alfresco.github.io/alfresco-helm-charts/
version: 0.8.0
@@ -17,5 +17,5 @@ dependencies:
- name: alfresco-adf-app
repository: https://alfresco.github.io/alfresco-helm-charts/
version: 0.2.0
-digest: sha256:3bf57da26484518aae1cbda9d15f5f7ffc66d5719ca274af77721dc7d532b71b
-generated: "2024-11-29T14:09:38.670834875Z"
+digest: sha256:413cfefbc042db3f32daa986664e683160233b6681739430ccb31f0ff4aeed24
+generated: "2024-12-02T14:34:28.83467+01:00"
diff --git a/helm/acs-sso-example/Chart.yaml b/helm/acs-sso-example/Chart.yaml
index 6155c56a0..40f2a9302 100644
--- a/helm/acs-sso-example/Chart.yaml
+++ b/helm/acs-sso-example/Chart.yaml
@@ -20,7 +20,7 @@ description: |
:warning: All components have persistence disabled so all data is lost after a
deployment is destroyed or rolled back!
type: application
-version: 1.1.0
+version: 1.1.1
appVersion: 23.4.0
home: https://www.alfresco.com
sources:
@@ -32,7 +32,7 @@ dependencies:
alias: repository-database
- name: keycloakx
repository: https://codecentric.github.io/helm-charts
- version: 2.5.1
+ version: 2.6.0
- name: alfresco-repository
repository: https://alfresco.github.io/alfresco-helm-charts/
version: 0.8.0
diff --git a/helm/acs-sso-example/README.md b/helm/acs-sso-example/README.md
index f146a6a4a..2089964ba 100644
--- a/helm/acs-sso-example/README.md
+++ b/helm/acs-sso-example/README.md
@@ -6,7 +6,7 @@ grand_parent: Helm
# acs-sso-example
-![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.4.0](https://img.shields.io/badge/AppVersion-23.4.0-informational?style=flat-square)
+![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.4.0](https://img.shields.io/badge/AppVersion-23.4.0-informational?style=flat-square)
An example Chart to demonstrate how to compose your own Alfresco platform
with SSO on kubernetes using a nthrid party Keycloak.
@@ -41,7 +41,7 @@ deployment is destroyed or rolled back!
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-content-app(alfresco-adf-app) | 0.2.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.8.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-share | 1.2.0 |
-| https://codecentric.github.io/helm-charts | keycloakx | 2.5.1 |
+| https://codecentric.github.io/helm-charts | keycloakx | 2.6.0 |
| oci://registry-1.docker.io/bitnamicharts | repository-database(postgresql) | 13.4.0 |
## Values
@@ -55,8 +55,8 @@ deployment is destroyed or rolled back!
| global.known_urls | list | `["http://localhost"]` | list of trusted URLs. URLs a re used to configure Cross-origin protections Also the first entry is considered the main hosting domain of the platform. |
| keycloakx | object | check values.yaml | Configure the ACS Keycloak Identity provider as per https://github.com/codecentric/helm-charts/tree/keycloakx-2.3.0 |
| keycloakx.admin.password | string | random ascii string | Keycloak admin password. By default generated on first deployment, to get its value use:
kubectl get secrets keycloak -o jsonpath='{@.data.KEYCLOAK_ADMIN_PASSWORD}' | base64 -d
|
-| keycloakx.admin.realm[0] | object | `{"clients":[{"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"enabled":true,"username":"admin"}]}` | Alfresco Realm definition |
-| keycloakx.admin.realm[0].users[0] | object | `{"credentials":[{"type":"password","value":"secret"}],"enabled":true,"username":"admin"}` | default Alfresco admin user |
+| keycloakx.admin.realm[0] | object | `{"clients":[{"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"email":"admin@example.org","enabled":true,"firstName":"admin","lastName":"admin","username":"admin"}]}` | Alfresco Realm definition |
+| keycloakx.admin.realm[0].users[0] | object | `{"credentials":[{"type":"password","value":"secret"}],"email":"admin@example.org","enabled":true,"firstName":"admin","lastName":"admin","username":"admin"}` | default Alfresco admin user |
| keycloakx.admin.realm[0].users[0].credentials[0].value | string | `"secret"` | default Alfresco admin password |
| keycloakx.admin.username | string | `"admin"` | Keycloak admin username |
| repository-database | object | check values.yaml | Configure the ACS repository Postgres database as per https://github.com/bitnami/charts/tree/002c752f871c8fa068a770dc80fec4cf798798ab/bitnami/postgresql |
diff --git a/helm/acs-sso-example/values.yaml b/helm/acs-sso-example/values.yaml
index fc6901b2e..42a5af72b 100644
--- a/helm/acs-sso-example/values.yaml
+++ b/helm/acs-sso-example/values.yaml
@@ -40,7 +40,7 @@ repository-database:
keycloakx:
nameOverride: keycloak
image:
- tag: 24.0.5
+ tag: 25.0.6
admin:
# -- Keycloak admin username
username: admin
@@ -74,6 +74,9 @@ keycloakx:
# -- default Alfresco admin user
- username: admin
enabled: true
+ firstName: admin
+ lastName: admin
+ email: admin@example.org
credentials:
- type: password
# -- default Alfresco admin password
@@ -98,35 +101,38 @@ keycloakx:
command:
- /opt/keycloak/bin/kc.sh
- start
+ - --hostname=http://localhost/auth
+ - --health-enabled=true
- --http-enabled=true
- --http-port=8080
- - --hostname-strict=false
- - --hostname-strict-https=false
- --import-realm
http:
relativePath: /auth
livenessProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/live'
- port: http
+ port: http-internal
initialDelaySeconds: 0
timeoutSeconds: 5
readinessProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/ready'
- port: http
+ port: http-internal
initialDelaySeconds: 10
timeoutSeconds: 1
startupProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health'
- port: http
+ port: http-internal
initialDelaySeconds: 15
timeoutSeconds: 1
failureThreshold: 60
periodSeconds: 5
ingress:
enabled: true
+ ingressClassName: nginx
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-buffer-size: 8k
tls: []
rules:
- host: >-
@@ -245,6 +251,11 @@ alfresco-content-app:
nginx.ingress.kubernetes.io/proxy-body-size: 5g
nginx.ingress.kubernetes.io/proxy-buffer-size: 8k
tls: []
+ hosts:
+ - host: localhost
+ paths:
+ - path: /aca
+ pathType: Prefix
image:
repository: alfresco/alfresco-content-app
tag: 5.2.0
@@ -254,5 +265,7 @@ alfresco-content-app:
APP_CONFIG_AUTH_TYPE: OAUTH
APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco"
APP_CONFIG_OAUTH2_CLIENTID: alfresco
- APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html"
- BASE_PATH: /
+ APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/aca/assets/silent-refresh.html"
+ BASE_PATH: /aca
+ APP_CONFIG_OAUTH2_REDIRECT_LOGIN: /aca
+ APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: /aca