Skip to content

Commit

Permalink
OPSEXP-2188: create a dedicated share chart (#72)
Browse files Browse the repository at this point in the history
  • Loading branch information
alxgomz authored Jul 12, 2023
1 parent 854f5a1 commit 384441a
Show file tree
Hide file tree
Showing 14 changed files with 663 additions and 0 deletions.
23 changes: 23 additions & 0 deletions charts/alfresco-share/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
6 changes: 6 additions & 0 deletions charts/alfresco-share/Chart.lock
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
dependencies:
- name: alfresco-common
repository: https://alfresco.github.io/alfresco-helm-charts
version: 2.1.0-alpha.0
digest: sha256:6922cc13c87c5fe6eed669f956cd5f0da86a96793da89e27099b73054e60024e
generated: "2023-07-10T16:32:19.328012924Z"
10 changes: 10 additions & 0 deletions charts/alfresco-share/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: v2
name: alfresco-share
description: Alfresco Share Helm chart for Kubernetes
type: application
version: 0.1.0-alpha.0
appVersion: 7.4.0
dependencies:
- repository: https://alfresco.github.io/alfresco-helm-charts
version: 2.1.0-alpha.0
name: alfresco-common
76 changes: 76 additions & 0 deletions charts/alfresco-share/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# alfresco-share

![Version: 0.1.0-alpha.0](https://img.shields.io/badge/Version-0.1.0--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.4.0](https://img.shields.io/badge/AppVersion-7.4.0-informational?style=flat-square)

Alfresco Share Helm chart for Kubernetes

## Requirements

| Repository | Name | Version |
|------------|------|---------|
| https://alfresco.github.io/alfresco-helm-charts | alfresco-common | 2.1.0-alpha.0 |

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | |
| args | list | `[]` | |
| command | list | `[]` | |
| environment.CATALINA_OPTS | string | `"-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80"` | |
| extraInitContainers | list | `[]` | |
| extraSideContainers | list | `[]` | |
| extraVolumeMounts | list | `[]` | |
| extraVolumes | list | `[]` | |
| fullnameOverride | string | `""` | Define a fully static name |
| global.alfrescoRegistryPullSecrets | string | `"quay-registry-secret"` | If a private image registry a secret can be defined and passed to kubernetes, see: https://github.com/Alfresco/acs-deployment/blob/a924ad6670911f64f1bba680682d266dd4ea27fb/docs/helm/eks-deployment.md#docker-registry-secret |
| global.known_urls | string | `nil` | a fallback for .Values.known_urls that can be shared between charts |
| image.port | int | `8080` | Internal port where the pod is listening. Should only be changed is you use a custom image which uses a different port. |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"quay.io/alfresco/alfresco-share"` | |
| image.tag | string | `"7.4.0.1"` | |
| imagePullSecrets | list | `[]` | |
| ingress.annotations."nginx.ingress.kubernetes.io/affinity" | string | `"cookie"` | |
| ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"5g"` | |
| ingress.annotations."nginx.ingress.kubernetes.io/session-cookie-expires" | string | `"604800"` | |
| ingress.annotations."nginx.ingress.kubernetes.io/session-cookie-max-age" | string | `"604800"` | |
| ingress.annotations."nginx.ingress.kubernetes.io/session-cookie-name" | string | `"alfrescoShare"` | |
| ingress.annotations."nginx.ingress.kubernetes.io/session-cookie-path" | string | `"/share"` | |
| ingress.enabled | bool | `true` | |
| ingress.hosts[0].paths[0].path | string | `"/share"` | |
| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
| ingress.tls | list | `[]` | |
| known_urls | string | `nil` | Provide the list of URL considered allowed to access Share resources (used for CSRF protection). The value be either a list of strings or a single string separated by spaces. |
| livenessProbe.initialDelaySeconds | int | `15` | |
| livenessProbe.periodSeconds | int | `20` | |
| livenessProbe.timeoutSeconds | int | `5` | |
| nameOverride | string | `""` | Define a partially static name |
| nodeSelector | object | `{}` | |
| podAnnotations | object | `{}` | |
| podSecurityContext.runAsNonRoot | bool | `true` | |
| readinessProbe.initialDelaySeconds | int | `15` | |
| readinessProbe.periodSeconds | int | `30` | |
| readinessProbe.timeoutSeconds | int | `5` | |
| repository.existingConfigMap | string | `nil` | a pre-existing configmap which provides expected configuration for Share REPO_HOST REPO_PORT CSRF_FILTER_REFERER CSRF_FILTER_ORIGIN EXTERNAL_HOST |
| repository.host | string | `"localhost"` | repository hostname/servicename |
| repository.port | int | `8080` | repository port where service is exposed |
| resources.limits.cpu | string | `"4"` | |
| resources.limits.memory | string | `"2000Mi"` | |
| resources.requests.cpu | string | `"250m"` | |
| resources.requests.memory | string | `"512Mi"` | |
| securityContext.capabilities.drop[0] | string | `"NET_RAW"` | |
| securityContext.capabilities.drop[1] | string | `"ALL"` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.name | string | `"share"` | |
| service.port | int | `80` | |
| service.type | string | `"ClusterIP"` | |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `"share-sa"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| strategy.rollingUpdate.maxSurge | int | `1` | |
| strategy.rollingUpdate.maxUnavailable | int | `0` | |
| strategy.type | string | `"RollingUpdate"` | |
| tolerations | list | `[]` | |

----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
62 changes: 62 additions & 0 deletions charts/alfresco-share/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "alfresco-share.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "alfresco-share.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "alfresco-share.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "alfresco-share.labels" -}}
helm.sh/chart: {{ include "alfresco-share.chart" . }}
{{ include "alfresco-share.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "alfresco-share.selectorLabels" -}}
app.kubernetes.io/name: {{ include "alfresco-share.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "alfresco-share.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "alfresco-share.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
16 changes: 16 additions & 0 deletions charts/alfresco-share/templates/config-share.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{{- if not .Values.repository.existingConfigMap -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "alfresco-share.fullname" . }}-configmap
labels:
{{- include "alfresco-share.labels" . | nindent 4 }}
data:
REPO_HOST: {{ .Values.repository.host | quote }}
REPO_PORT: {{ .Values.repository.port | quote }}
{{- $known_urls := coalesce .Values.known_urls .Values.global.known_urls "http://localhost,https://localhost" }}
CSRF_FILTER_REFERER: {{ include "alfresco-common.csrf.referer" $known_urls }}
CSRF_FILTER_ORIGIN: {{ include "alfresco-common.csrf.origin" $known_urls }}
EXTERNAL_HOST: {{ include "alfresco-common.external.url" $known_urls }}
{{- end -}}
86 changes: 86 additions & 0 deletions charts/alfresco-share/templates/deployment-share.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "alfresco-share.fullname" . }}
labels:
{{- include "alfresco-share.labels" . | nindent 4 }}
annotations:
checkov.io/skip1: CKV_K8S_20=Requires APPS-1832
checkov.io/skip2: CKV_K8S_23=Requires APPS-1832
checkov.io/skip3: CKV_K8S_40=Requires APPS-1832
spec:
replicas: 1
selector:
matchLabels:
{{- include "alfresco-share.selectorLabels" . | nindent 6 }}
strategy:
{{- toYaml (.Values.strategy | default .Values.global.strategy) | nindent 4 }}
template:
metadata:
annotations:
{{- if not .Values.repository.existingConfigMap }}
checksum/config: {{ include (print $.Template.BasePath "/config-share.yaml") . | sha256sum }}
{{- end }}
labels:
{{- include "alfresco-share.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "alfresco-share.serviceAccountName" . }}
{{- include "component-pod-security-context" .Values | indent 4 }}
{{- include "alfresco-content-services.imagePullSecrets" . | indent 6 }}
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
containers:
- name: alfresco-share
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- include "component-security-context" .Values | indent 8 }}
{{- if .Values.command }}
command:
{{- toYaml .Values.command | nindent 12 }}
args:
{{- toYaml .Values.args | nindent 12 }}
{{- end }}
ports:
- name: tomcat-shutdown
containerPort: 8005
protocol: TCP
- name: http
containerPort: {{ .Values.image.port }}
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
envFrom:
- configMapRef:
name: {{ .Values.repository.existingConfigMap | default (print (include "alfresco-share.fullname" .) "-configmap") }}
env:
{{- range $key, $value := (omit .Values.environment "JAVA_OPTS") }}
- name: {{ $key }}
value: {{ $value }}
{{- end }}
- name: JAVA_OPTS
value: >-
{{ (printf "%s %s" (.Values.environment.JAVA_OPTS | default "") "-Dalfresco.proxy=$EXTERNAL_HOST") }}
volumeMounts:
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
readinessProbe:
httpGet:
path: /share
port: {{ .Values.image.port }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
livenessProbe:
httpGet:
path: /share
port: {{ .Values.image.port }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
{{- if .Values.extraSideContainers }}
{{- toYaml .Values.extraSideContainers | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.extraInitContainers | nindent 8 }}
volumes:
{{- toYaml .Values.extraVolumes | nindent 8 }}
67 changes: 67 additions & 0 deletions charts/alfresco-share/templates/ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "alfresco-share.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{/*
We only support nginx ingress for now: https://alfresco.atlassian.net/browse/OPSEXP-131
*/}}
{{- if not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
{{- $_ := unset .Values.ingress.annotations "kubernetes.io/ingress.class" }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" "nginx" }}
*/}}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "alfresco-share.labels" . | nindent 4 }}
annotations:
checkov.io/skip1: CKV_K8S_153=We're filtering out snippet in named template
{{- include "alfresco-common.nginx.annotations" .Values }}
{{- include "alfresco-common.nginx.secure.annotations" .Values }}
spec:
{{/*
We only support nginx ingress for now: https://alfresco.atlassian.net/browse/OPSEXP-131
*/}}
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: nginx
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
15 changes: 15 additions & 0 deletions charts/alfresco-share/templates/service-share.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "alfresco-share.fullname" . }}
labels:
{{- include "alfresco-share.selectorLabels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.image.port }}
name: {{ .Values.service.name }}
selector:
{{- include "alfresco-share.selectorLabels" . | nindent 4 }}
12 changes: 12 additions & 0 deletions charts/alfresco-share/templates/serviceaccount.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "alfresco-share.serviceAccountName" . }}
labels:
{{- include "alfresco-share.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
Loading

0 comments on commit 384441a

Please sign in to comment.