From 499e454efe5a2fad3899cae4da7b05eb4d1aea33 Mon Sep 17 00:00:00 2001 From: Alex Chapellon Date: Thu, 3 Aug 2023 10:14:24 +0200 Subject: [PATCH] OPSEXP-1862: add message broker support (#89) --- charts/alfresco-repository/Chart.yaml | 2 +- charts/alfresco-repository/README.md | 13 +++-- .../ci/default-values.yaml | 3 ++ .../templates/configmap-message-broker.yaml | 17 ++++++ .../templates/configmap.yaml | 12 ++--- .../templates/deployment.yaml | 32 +++++++++-- .../templates/secret-message-broker.yaml | 13 +++++ .../tests/configmap_test.yaml | 28 +++++----- .../tests/message-broker_test.yaml | 53 +++++++++++++++++++ .../tests/values/test_values.yaml | 3 ++ charts/alfresco-repository/values.yaml | 33 +++++++++--- 11 files changed, 173 insertions(+), 36 deletions(-) create mode 100644 charts/alfresco-repository/templates/configmap-message-broker.yaml create mode 100644 charts/alfresco-repository/templates/secret-message-broker.yaml create mode 100644 charts/alfresco-repository/tests/message-broker_test.yaml diff --git a/charts/alfresco-repository/Chart.yaml b/charts/alfresco-repository/Chart.yaml index 4bf60312..8b64d7c9 100644 --- a/charts/alfresco-repository/Chart.yaml +++ b/charts/alfresco-repository/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: alfresco-repository description: Alfresco content repository Helm chart type: application -version: 0.1.0-alpha.2 +version: 0.1.0-alpha.3 appVersion: 23.1.0-A21 dependencies: - name: alfresco-common diff --git a/charts/alfresco-repository/README.md b/charts/alfresco-repository/README.md index f49a89b7..fa16b43f 100644 --- a/charts/alfresco-repository/README.md +++ b/charts/alfresco-repository/README.md @@ -1,6 +1,6 @@ # alfresco-repository -![Version: 0.1.0-alpha.2](https://img.shields.io/badge/Version-0.1.0--alpha.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.1.0-A21](https://img.shields.io/badge/AppVersion-23.1.0--A21-informational?style=flat-square) +![Version: 0.1.0-alpha.3](https://img.shields.io/badge/Version-0.1.0--alpha.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.1.0-A21](https://img.shields.io/badge/AppVersion-23.1.0--A21-informational?style=flat-square) Alfresco content repository Helm chart @@ -18,6 +18,14 @@ Alfresco content repository Helm chart | affinity | object | `{}` | | | args | list | `[]` | | | command | list | `[]` | | +| configuration.messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the message broker URL. It MUST be a failover URL as per the spec below: https://activemq.apache.org/failover-transport-reference.html | +| configuration.messageBroker.existingConfigMap.name | string | `nil` | Name of a pre-existing configmap containing the meesage broker URL | +| configuration.messageBroker.existingSecret.keys.password | string | `"BROKER_PASSWORD"` | Key within the secret holding the message broker password | +| configuration.messageBroker.existingSecret.keys.username | string | `"BROKER_USERNAME"` | Key within the secret holding the message broker username | +| configuration.messageBroker.existingSecret.name | string | `nil` | Name of a pre-existing secret containing message broker credentials | +| configuration.messageBroker.password | string | `nil` | Password to authenticate to the message broker | +| configuration.messageBroker.url | string | `nil` | Message Broker URL | +| configuration.messageBroker.username | string | `nil` | Username to authenticate to the message broker | | configuration.repository.existingConfigMap | string | `nil` | a configmap containing the "alfresco-global.properties" key populated with actual Alfresco repository properties | | configuration.repository.existingSecrets | list | `[{"key":"license.lic","name":"repository-secrets","purpose":"acs-license"}]` | A list of secrets to make available to the repo as env vars. It's also used to pass the Alfresco license which will be mounted as a file when the secret as the `purpose` value set to `acs-license`. Other secrets will be used as env variables. | | db.driver | string | `nil` | JDBC driver class of the driver if none is provided the it is guessed from the URL provided | @@ -28,8 +36,7 @@ Alfresco content repository Helm chart | db.password | string | `nil` | Password to authentication to the repository database | | db.url | string | `nil` | JDBC url of the database WITHOUT the "jdbc:" prefix This is a mandatory parameter | | db.username | string | `nil` | Username to authentication to the repository database | -| environment.ALFRESCO_OPTS | string | `nil` | Alfresco java system properties. These properties must be provided as a string following the pattern "-Dproperty=value". They override the content of the global properties file but you should prefer using an existing configuration.repository.existingConfigMap. | -| environment.CATALINA_OPTS | string | `nil` | Apache Tomcat command line options | +| environment.CATALINA_OPTS | string | `nil` | Java or Tomcat system properties. These properties must be provided as a single string following the pattern "-Dproperty=value -Dmoreprop=morevalue". They override the content of the global properties file but you should prefer providing configuration.repository.existingConfigMap. | | environment.JAVA_OPTS | string | `"-XX:MaxRAMPercentage=80"` | Set JVM options | | extraInitContainers | list | `[]` | | | extraSideContainers | list | `[]` | | diff --git a/charts/alfresco-repository/ci/default-values.yaml b/charts/alfresco-repository/ci/default-values.yaml index 0ded405a..47b7e31f 100644 --- a/charts/alfresco-repository/ci/default-values.yaml +++ b/charts/alfresco-repository/ci/default-values.yaml @@ -2,6 +2,9 @@ db: url: postgresql://pg-postgresql-acs/alfresco username: &pguser pguser password: &pgpass pgpass +configuration: + messageBroker: + url: failover:(tcp://localhost:61616) postgresql: enabled: true fullnameOverride: pg-postgresql-acs diff --git a/charts/alfresco-repository/templates/configmap-message-broker.yaml b/charts/alfresco-repository/templates/configmap-message-broker.yaml new file mode 100644 index 00000000..07eae7ec --- /dev/null +++ b/charts/alfresco-repository/templates/configmap-message-broker.yaml @@ -0,0 +1,17 @@ +{{- if not .Values.configuration.messageBroker.existingConfigMap.name }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: >- + {{- $mqconfigCtx := dict "Values" (dict "nameOverride" "configmap-mq") "Chart" .Chart "Release" .Release }} + {{ template "alfresco-repository.fullname" $mqconfigCtx }} + labels: + {{- include "alfresco-repository.labels" . | nindent 4 }} +data: + BROKER_URL: >- + {{- with .Values.configuration.messageBroker }} + {{- $reqmsg := "You must either provide a valid Message broker URL or use an existingConfigMap.name with that URL" }} + {{- $mqurl := required $reqmsg .url }} + {{- hasPrefix "failover:(" $mqurl | ternary $mqurl (printf "failover:(%s)" $mqurl) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-repository/templates/configmap.yaml b/charts/alfresco-repository/templates/configmap.yaml index 68f2909c..f473d9b2 100644 --- a/charts/alfresco-repository/templates/configmap.yaml +++ b/charts/alfresco-repository/templates/configmap.yaml @@ -2,12 +2,12 @@ apiVersion: v1 kind: ConfigMap metadata: name: >- - {{- $alfoptsCtx := dict "Values" (dict "nameOverride" "alfresco-opts") "Chart" .Chart "Release" .Release }} - {{ template "alfresco-repository.fullname" $alfoptsCtx }} + {{- $optsCtx := dict "Values" (dict "nameOverride" "alfresco-opts") "Chart" .Chart "Release" .Release }} + {{ template "alfresco-repository.fullname" $optsCtx }} labels: {{- include "alfresco-repository.labels" . | nindent 4 }} data: - ALFRESCO_OPTS: >- + CATALINA_OPTS: >- -Ddeployment.method=HELM_CHART -Ddb.url=jdbc:{{ .Values.db.url }} -Ddb.username=${DATABASE_USERNAME} @@ -21,9 +21,9 @@ data: -Dmetadata-keystore.metadata.algorithm=DESede -Dmetadata-keystore.password=mp6yc0UD9e -Dmetadata-keystore.metadata.password=oKIWzVdEdA - {{ .Values.environment.ALFRESCO_OPTS | default "" }} - CATALINA_OPTS: >- - $ALFRESCO_OPTS + -Dmessaging.broker.url="$BROKER_URL" + -Dmessaging.broker.username="$BROKER_USERNAME" + -Dmessaging.broker.password="$BROKER_PASSWORD" {{ .Values.environment.CATALINA_OPTS | default "" }} JAVA_OPTS: >- {{ .Values.environment.JAVA_OPTS | default "" }} diff --git a/charts/alfresco-repository/templates/deployment.yaml b/charts/alfresco-repository/templates/deployment.yaml index e650fc18..c173e550 100644 --- a/charts/alfresco-repository/templates/deployment.yaml +++ b/charts/alfresco-repository/templates/deployment.yaml @@ -48,12 +48,12 @@ spec: {{- include "component-security-context" .Values | indent 8 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - {{- $alfoptsCtx := dict "Values" (dict "nameOverride" "alfresco-opts") "Chart" .Chart "Release" .Release }} - name: {{ template "alfresco-repository.fullname" $alfoptsCtx }} {{- $dbsecretCtx := dict "Values" (dict "nameOverride" "secret-database") "Chart" .Chart "Release" .Release }} {{- $dbsecret := coalesce .Values.db.existingSecret.name (include "alfresco-repository.fullname" $dbsecretCtx) }} + {{- $mqsecretCtx := dict "Values" (dict "nameOverride" "secret-mq") "Chart" .Chart "Release" .Release }} + {{- $mqsecret := coalesce .Values.configuration.messageBroker.existingSecret.name (include "alfresco-repository.fullname" $mqsecretCtx) }} + {{- $mqconfigCtx := dict "Values" (dict "nameOverride" "configmap-mq") "Chart" .Chart "Release" .Release }} + {{- $mqconfig := coalesce .Values.configuration.messageBroker.existingConfigMap.name (include "alfresco-repository.fullname" $mqconfigCtx) }} env: - name: DATABASE_USERNAME valueFrom: @@ -72,6 +72,27 @@ spec: {{- list $repoSecretsEnv | toYaml | nindent 12 }} {{- end }} {{- end }} + - name: BROKER_USERNAME + valueFrom: + secretKeyRef: + name: {{ $mqsecret }} + key: {{ .Values.configuration.messageBroker.existingSecret.keys.username }} + optional: true + - name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $mqsecret }} + key: {{ .Values.configuration.messageBroker.existingSecret.keys.password }} + optional: true + - name: BROKER_URL + valueFrom: + configMapKeyRef: + name: {{ $mqconfig }} + key: {{ .Values.configuration.messageBroker.existingConfigMap.keys.url }} + {{- $optsCtx := dict "Values" (dict "nameOverride" "alfresco-opts") "Chart" .Chart "Release" .Release }} + envFrom: + - configMapRef: + name: {{ template "alfresco-repository.fullname" $optsCtx }} {{- if .Values.command }} command: {{- toYaml .Values.command | nindent 12 }} @@ -110,6 +131,9 @@ spec: {{- if .Values.extraVolumeMounts }} {{- tpl (.Values.extraVolumeMounts | toYaml) . | nindent 12 }} {{- end }} + {{- range .Values.extraSideContainers }} + {{ tpl (toYaml (list .)) $ | nindent 8 }} + {{- end }} volumes: {{- include "data_volume" .Values | nindent 8 }} {{- if .Values.configuration.repository.existingConfigMap }} diff --git a/charts/alfresco-repository/templates/secret-message-broker.yaml b/charts/alfresco-repository/templates/secret-message-broker.yaml new file mode 100644 index 00000000..1616ac15 --- /dev/null +++ b/charts/alfresco-repository/templates/secret-message-broker.yaml @@ -0,0 +1,13 @@ +{{- if and (not .Values.configuration.messageBroker.existingSecret.name) .Values.configuration.messageBroker.username .Values.configuration.messageBroker.password }} +apiVersion: v1 +kind: Secret +metadata: + {{- $mqsecretCtx := dict "Values" (dict "nameOverride" "secret-mq") "Chart" .Chart "Release" .Release }} + name: {{ template "alfresco-repository.fullname" $mqsecretCtx }} + labels: + {{- include "alfresco-repository.labels" . | nindent 4 }} +type: Opaque +data: + BROKER_USERNAME: {{ .Values.configuration.messageBroker.username | b64enc | quote }} + BROKER_PASSWORD: {{ .Values.configuration.messageBroker.password | b64enc | quote }} +{{- end }} diff --git a/charts/alfresco-repository/tests/configmap_test.yaml b/charts/alfresco-repository/tests/configmap_test.yaml index ff0f1017..b6086ec2 100644 --- a/charts/alfresco-repository/tests/configmap_test.yaml +++ b/charts/alfresco-repository/tests/configmap_test.yaml @@ -12,33 +12,29 @@ tests: value: RELEASE-NAME-alfresco-opts template: configmap.yaml - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddeployment.method=HELM_CHART($|\s) - matchRegex: path: data.CATALINA_OPTS - pattern: ^\$ALFRESCO_OPTS - - matchRegex: - path: data.ALFRESCO_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddb.username=\${DATABASE_USERNAME}($|\s) - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddb.password=\${DATABASE_PASSWORD}($|\s) - it: should render environment vars set: environment: - ALFRESCO_OPTS: >- - -Dserver.allowWrite=false CATALINA_OPTS: >- + -Dserver.allowWrite=false -Dcatalina.base="/opt/tomcat/alternate" JAVA_OPTS: >- -Xmx32G asserts: - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Dserver.allowWrite=false($|\s) - matchRegex: @@ -53,11 +49,11 @@ tests: - it: should render MySQL properties asserts: - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddb.url=jdbc:mysql://sandy:secret@myhost1:1111($|\s) - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddb.driver=com.mysql.jdbc.Driver($|\s) @@ -67,11 +63,11 @@ tests: url: postgresql://pghost/alfdb asserts: - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddb.url=jdbc:postgresql://pghost/alfdb($|\s) - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddb.driver=org.postgresql.Driver($|\s) @@ -81,11 +77,11 @@ tests: url: sqlserver://sqlservrhost;databaseName=alfdb;lockTimeout=1000; asserts: - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddb.url=jdbc:sqlserver://sqlservrhost;databaseName=alfdb;lockTimeout=1000;($|\s) - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddb.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver($|\s) @@ -95,11 +91,11 @@ tests: url: oracle:thin:@tcp://mydbhost:1521/mydbservice asserts: - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddb.url=jdbc:oracle:thin:@tcp://mydbhost:1521/mydbservice($|\s) - matchRegex: - path: data.ALFRESCO_OPTS + path: data.CATALINA_OPTS pattern: |- (^\s*|[^\s]\s+)-Ddb.driver=oracle.jdbc.OracleDriver($|\s) diff --git a/charts/alfresco-repository/tests/message-broker_test.yaml b/charts/alfresco-repository/tests/message-broker_test.yaml new file mode 100644 index 00000000..c7b4127b --- /dev/null +++ b/charts/alfresco-repository/tests/message-broker_test.yaml @@ -0,0 +1,53 @@ +--- +suite: test Message Queue Broker +templates: + - secret-message-broker.yaml + - deployment.yaml + - configmap-message-broker.yaml +tests: + - it: should render ActiveMQ minimal config + values: &testvalues + - values/test_values.yaml + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: BROKER_URL + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-configmap-mq + key: BROKER_URL + template: deployment.yaml + - equal: + path: data.BROKER_URL + value: failover:(tcp://localhost:61616) + template: configmap-message-broker.yaml + + - it: should render custom secret + values: + - values/test_values.yaml + set: + configuration: + messageBroker: + existingSecret: + name: mqSecret + keys: + username: mquser + password: mqpass + existingConfigMap: + name: mqConfigmap + keys: + url: myurl + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: BROKER_URL + valueFrom: + configMapKeyRef: + name: mqConfigmap + key: myurl + template: deployment.yaml + - hasDocuments: + count: 0 + template: secret-message-broker.yaml diff --git a/charts/alfresco-repository/tests/values/test_values.yaml b/charts/alfresco-repository/tests/values/test_values.yaml index 4fc6487e..a0d35783 100644 --- a/charts/alfresco-repository/tests/values/test_values.yaml +++ b/charts/alfresco-repository/tests/values/test_values.yaml @@ -1,2 +1,5 @@ db: url: mysql://sandy:secret@myhost1:1111 +configuration: + messageBroker: + url: failover:(tcp://localhost:61616) diff --git a/charts/alfresco-repository/values.yaml b/charts/alfresco-repository/values.yaml index ef848915..fe5dd3b0 100644 --- a/charts/alfresco-repository/values.yaml +++ b/charts/alfresco-repository/values.yaml @@ -51,14 +51,35 @@ configuration: - name: repository-secrets key: license.lic purpose: acs-license + messageBroker: + # -- Message Broker URL + url: null + # -- Username to authenticate to the message broker + username: null + # -- Password to authenticate to the message broker + password: null + existingSecret: + # -- Name of a pre-existing secret containing message broker credentials + name: null + keys: + # -- Key within the secret holding the message broker username + username: BROKER_USERNAME + # -- Key within the secret holding the message broker password + password: BROKER_PASSWORD + existingConfigMap: + # -- Name of a pre-existing configmap containing the meesage broker URL + name: null + keys: + # -- Key within the configmap holding the message broker URL. It MUST + # be a failover URL as per the spec below: + # https://activemq.apache.org/failover-transport-reference.html + url: BROKER_URL environment: - # -- Alfresco java system properties. These properties must be provided as a - # string following the pattern "-Dproperty=value". They override the content - # of the global properties file but you should prefer using an existing - # configuration.repository.existingConfigMap. - ALFRESCO_OPTS: null - # -- Apache Tomcat command line options + # -- Java or Tomcat system properties. These properties must be provided as a + # single string following the pattern "-Dproperty=value -Dmoreprop=morevalue". + # They override the content of the global properties file but you should + # prefer providing configuration.repository.existingConfigMap. CATALINA_OPTS: null # -- Set JVM options JAVA_OPTS: >-