diff --git a/helm/acs-sso-example/Chart.lock b/helm/acs-sso-example/Chart.lock index 7cea69f13..6135fd3a9 100644 --- a/helm/acs-sso-example/Chart.lock +++ b/helm/acs-sso-example/Chart.lock @@ -4,7 +4,7 @@ dependencies: version: 13.4.0 - name: keycloakx repository: https://codecentric.github.io/helm-charts - version: 2.5.1 + version: 2.6.0 - name: alfresco-repository repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.8.0 @@ -17,5 +17,5 @@ dependencies: - name: alfresco-adf-app repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.2.0 -digest: sha256:3bf57da26484518aae1cbda9d15f5f7ffc66d5719ca274af77721dc7d532b71b -generated: "2024-11-29T14:09:38.670834875Z" +digest: sha256:413cfefbc042db3f32daa986664e683160233b6681739430ccb31f0ff4aeed24 +generated: "2024-12-02T14:34:28.83467+01:00" diff --git a/helm/acs-sso-example/Chart.yaml b/helm/acs-sso-example/Chart.yaml index 6155c56a0..40f2a9302 100644 --- a/helm/acs-sso-example/Chart.yaml +++ b/helm/acs-sso-example/Chart.yaml @@ -20,7 +20,7 @@ description: | :warning: All components have persistence disabled so all data is lost after a deployment is destroyed or rolled back! type: application -version: 1.1.0 +version: 1.1.1 appVersion: 23.4.0 home: https://www.alfresco.com sources: @@ -32,7 +32,7 @@ dependencies: alias: repository-database - name: keycloakx repository: https://codecentric.github.io/helm-charts - version: 2.5.1 + version: 2.6.0 - name: alfresco-repository repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.8.0 diff --git a/helm/acs-sso-example/README.md b/helm/acs-sso-example/README.md index f146a6a4a..2089964ba 100644 --- a/helm/acs-sso-example/README.md +++ b/helm/acs-sso-example/README.md @@ -6,7 +6,7 @@ grand_parent: Helm # acs-sso-example -![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.4.0](https://img.shields.io/badge/AppVersion-23.4.0-informational?style=flat-square) +![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.4.0](https://img.shields.io/badge/AppVersion-23.4.0-informational?style=flat-square) An example Chart to demonstrate how to compose your own Alfresco platform with SSO on kubernetes using a nthrid party Keycloak. @@ -41,7 +41,7 @@ deployment is destroyed or rolled back! | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-content-app(alfresco-adf-app) | 0.2.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.8.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-share | 1.2.0 | -| https://codecentric.github.io/helm-charts | keycloakx | 2.5.1 | +| https://codecentric.github.io/helm-charts | keycloakx | 2.6.0 | | oci://registry-1.docker.io/bitnamicharts | repository-database(postgresql) | 13.4.0 | ## Values @@ -55,8 +55,8 @@ deployment is destroyed or rolled back! | global.known_urls | list | `["http://localhost"]` | list of trusted URLs. URLs a re used to configure Cross-origin protections Also the first entry is considered the main hosting domain of the platform. | | keycloakx | object | check values.yaml | Configure the ACS Keycloak Identity provider as per https://github.com/codecentric/helm-charts/tree/keycloakx-2.3.0 | | keycloakx.admin.password | string | random ascii string | Keycloak admin password. By default generated on first deployment, to get its value use:
kubectl get secrets keycloak -o jsonpath='{@.data.KEYCLOAK_ADMIN_PASSWORD}' | base64 -d | -| keycloakx.admin.realm[0] | object | `{"clients":[{"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"enabled":true,"username":"admin"}]}` | Alfresco Realm definition | -| keycloakx.admin.realm[0].users[0] | object | `{"credentials":[{"type":"password","value":"secret"}],"enabled":true,"username":"admin"}` | default Alfresco admin user | +| keycloakx.admin.realm[0] | object | `{"clients":[{"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"email":"admin@example.org","enabled":true,"firstName":"admin","lastName":"admin","username":"admin"}]}` | Alfresco Realm definition | +| keycloakx.admin.realm[0].users[0] | object | `{"credentials":[{"type":"password","value":"secret"}],"email":"admin@example.org","enabled":true,"firstName":"admin","lastName":"admin","username":"admin"}` | default Alfresco admin user | | keycloakx.admin.realm[0].users[0].credentials[0].value | string | `"secret"` | default Alfresco admin password | | keycloakx.admin.username | string | `"admin"` | Keycloak admin username | | repository-database | object | check values.yaml | Configure the ACS repository Postgres database as per https://github.com/bitnami/charts/tree/002c752f871c8fa068a770dc80fec4cf798798ab/bitnami/postgresql | diff --git a/helm/acs-sso-example/values.yaml b/helm/acs-sso-example/values.yaml index fc6901b2e..42a5af72b 100644 --- a/helm/acs-sso-example/values.yaml +++ b/helm/acs-sso-example/values.yaml @@ -40,7 +40,7 @@ repository-database: keycloakx: nameOverride: keycloak image: - tag: 24.0.5 + tag: 25.0.6 admin: # -- Keycloak admin username username: admin @@ -74,6 +74,9 @@ keycloakx: # -- default Alfresco admin user - username: admin enabled: true + firstName: admin + lastName: admin + email: admin@example.org credentials: - type: password # -- default Alfresco admin password @@ -98,35 +101,38 @@ keycloakx: command: - /opt/keycloak/bin/kc.sh - start + - --hostname=http://localhost/auth + - --health-enabled=true - --http-enabled=true - --http-port=8080 - - --hostname-strict=false - - --hostname-strict-https=false - --import-realm http: relativePath: /auth livenessProbe: | httpGet: path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/live' - port: http + port: http-internal initialDelaySeconds: 0 timeoutSeconds: 5 readinessProbe: | httpGet: path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/ready' - port: http + port: http-internal initialDelaySeconds: 10 timeoutSeconds: 1 startupProbe: | httpGet: path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health' - port: http + port: http-internal initialDelaySeconds: 15 timeoutSeconds: 1 failureThreshold: 60 periodSeconds: 5 ingress: enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/proxy-buffer-size: 8k tls: [] rules: - host: >- @@ -245,6 +251,11 @@ alfresco-content-app: nginx.ingress.kubernetes.io/proxy-body-size: 5g nginx.ingress.kubernetes.io/proxy-buffer-size: 8k tls: [] + hosts: + - host: localhost + paths: + - path: /aca + pathType: Prefix image: repository: alfresco/alfresco-content-app tag: 5.2.0 @@ -254,5 +265,7 @@ alfresco-content-app: APP_CONFIG_AUTH_TYPE: OAUTH APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco" APP_CONFIG_OAUTH2_CLIENTID: alfresco - APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html" - BASE_PATH: / + APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/aca/assets/silent-refresh.html" + BASE_PATH: /aca + APP_CONFIG_OAUTH2_REDIRECT_LOGIN: /aca + APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: /aca