diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 92378ddf..9ce59632 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -67,12 +67,21 @@ jobs: username: ${{ secrets.quay_username }} password: ${{ secrets.quay_password }} + - name: Get Activiti License from S3 + if: steps.list-changed.outputs.changed == 'true' + env: + AWS_REGION: us-east-1 + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_S3_ACSLICENSE_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_S3_ACSLICENSE_SECRET_ACCESS_KEY }} + run: aws s3 cp s3://aps-licenses/single-tenant/activiti.lic /tmp/activiti.lic + - name: Prepare namespace for install if: steps.list-changed.outputs.changed == 'true' run: | kubectl create ns "$INSTALL_NAMESPACE" kubectl create secret generic quay-registry-secret --from-file=.dockerconfigjson="${HOME}"/.docker/config.json --type=kubernetes.io/dockerconfigjson -n "$INSTALL_NAMESPACE" kubectl create secret generic broker-secret --from-literal=BROKER_URL="failover:(nio://activemq:61616)?timeout=3000" --from-literal=BROKER_USERNAME=admin --from-literal=BROKER_PASSWORD=admin -n "$INSTALL_NAMESPACE" + kubectl create secret generic aps-license --from-file=activiti.lic=/tmp/activiti.lic -n "$INSTALL_NAMESPACE" - name: Prepare charts mocks for testing if: steps.list-changed.outputs.changed == 'true' diff --git a/charts/alfresco-process-services/.helmignore b/charts/alfresco-process-services/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/charts/alfresco-process-services/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/alfresco-process-services/Chart.lock b/charts/alfresco-process-services/Chart.lock new file mode 100644 index 00000000..4944364a --- /dev/null +++ b/charts/alfresco-process-services/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: alfresco-common + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 3.1.2 +- name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.8.5 +digest: sha256:246b7e17ba0ec1f58a318abbb41ae6ee7f364dc96ca918b3941f142adc6ed3cf +generated: "2024-03-20T14:27:16.899283+01:00" diff --git a/charts/alfresco-process-services/Chart.yaml b/charts/alfresco-process-services/Chart.yaml new file mode 100644 index 00000000..b3ad06b7 --- /dev/null +++ b/charts/alfresco-process-services/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +description: A Helm chart for Alfresco Process Services +name: alfresco-process-services +version: 1.0.0-alpha.0 +appVersion: 24.1.0 +dependencies: + - name: alfresco-common + version: 3.1.2 + repository: https://alfresco.github.io/alfresco-helm-charts/ + - name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.8.5 + tags: + - ci +icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4 diff --git a/charts/alfresco-process-services/README.md b/charts/alfresco-process-services/README.md new file mode 100644 index 00000000..e5fa4f70 --- /dev/null +++ b/charts/alfresco-process-services/README.md @@ -0,0 +1,122 @@ +# alfresco-process-services + +![Version: 1.0.0-alpha.0](https://img.shields.io/badge/Version-1.0.0--alpha.0-informational?style=flat-square) ![AppVersion: 24.1.0](https://img.shields.io/badge/AppVersion-24.1.0-informational?style=flat-square) + +A Helm chart for Alfresco Process Services + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.2 | +| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.8.5 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| adminApp.affinity | object | `{}` | | +| adminApp.environment.ACTIVITI_ADMIN_DATASOURCE_DRIVER | string | `"org.postgresql.Driver"` | Set the JDBC driver Class | +| adminApp.environment.ACTIVITI_ADMIN_HIBERNATE_DIALECT | string | `"org.hibernate.dialect.PostgreSQLDialect"` | Hibernate dialect (must match the driver) | +| adminApp.environment.ACTIVITI_ADMIN_REST_APP_HOST | string | `"http://localhost"` | activiti-app address | +| adminApp.environment.ACTIVITI_ADMIN_REST_APP_PASSWORD | string | `"admin"` | activiti-app password | +| adminApp.environment.ACTIVITI_ADMIN_REST_APP_PORT | string | `"80"` | activiti-app port | +| adminApp.environment.ACTIVITI_ADMIN_REST_APP_USERNAME | string | `"admin@app.activiti.com"` | activiti-app username | +| adminApp.image.internalPort | int | `8080` | | +| adminApp.image.pullPolicy | string | `"IfNotPresent"` | | +| adminApp.image.repository | string | `"quay.io/alfresco/alfresco-process-services-admin"` | | +| adminApp.image.tag | string | `"24.1.0"` | | +| adminApp.ingress.className | string | `"nginx"` | | +| adminApp.ingress.maxUploadSize | string | `"5G"` | | +| adminApp.ingress.path | string | `"/activiti-admin"` | | +| adminApp.livenessProbe.failureThreshold | int | `5` | | +| adminApp.livenessProbe.initialDelaySeconds | int | `25` | | +| adminApp.livenessProbe.path | string | `"/activiti-admin/"` | | +| adminApp.livenessProbe.periodSeconds | int | `10` | | +| adminApp.livenessProbe.timeoutSeconds | int | `5` | | +| adminApp.nodeSelector | object | `{}` | | +| adminApp.podAnnotations | object | `{}` | | +| adminApp.podLabels | object | `{}` | | +| adminApp.podSecurityContext | object | `{}` | | +| adminApp.readinessProbe.failureThreshold | int | `5` | | +| adminApp.readinessProbe.initialDelaySeconds | int | `25` | | +| adminApp.readinessProbe.path | string | `"/activiti-admin/"` | | +| adminApp.readinessProbe.periodSeconds | int | `10` | | +| adminApp.readinessProbe.timeoutSeconds | int | `5` | | +| adminApp.replicacount | int | `1` | | +| adminApp.service.externalPort | int | `80` | | +| adminApp.service.name | string | `"aps-admin"` | | +| adminApp.service.type | string | `"ClusterIP"` | | +| adminApp.tolerations | list | `[]` | | +| adminApp.volumeMounts | list | `[]` | | +| adminApp.volumes | list | `[]` | | +| database.existingConfigMap.keys.url | string | `"DATABASE_URL"` | configmap key where to find the URL of the database | +| database.existingConfigMap.name | string | `nil` | | +| database.existingSecret.keys.password | string | `"DATABASE_PASSWORD"` | Key within the secret holding the database password | +| database.existingSecret.keys.username | string | `"DATABASE_USERNAME"` | Key within the secret holding the database username | +| database.existingSecret.name | string | `nil` | Name of a pre-existing secret containing database credentials | +| database.password | string | `nil` | JDBC password to use to connect to the DB | +| database.url | object | `{"admin":null,"aps":null}` | JDBC url to connect to the external DB | +| database.username | string | `nil` | JDBC username to use to connect to the DB | +| global.alfrescoRegistryPullSecrets | string | `"quay-registry-secret"` | | +| ingress.enabled | bool | `true` | | +| ingress.hostName | string | `""` | | +| ingress.protocol | string | `"http"` | | +| license.secretName | string | `nil` | | +| processEngine.affinity | object | `{}` | | +| processEngine.environment.ACTIVITI_CORS_ALLOWED_HEADERS | string | `"Authorization,Content-Type,Cache-Control,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-CSRF-Token"` | Cross Origin Resource Sharing configuration allowed http headers | +| processEngine.environment.ACTIVITI_CORS_ALLOWED_METHODS | string | `"GET,POST,HEAD,OPTIONS,PUT,DELETE"` | Cross Origin Resource Sharing configuration allowed http methods | +| processEngine.environment.ACTIVITI_CORS_ALLOWED_ORIGIN_PATTERNS | string | `"*"` | Cross Origin Resource Sharing configuration allowed origins (list of glob-like patterns) | +| processEngine.environment.ACTIVITI_CORS_ENABLED | string | `"true"` | Cross Origin Resource Sharing configuration toggle | +| processEngine.environment.ACTIVITI_CSRF_DISABLED | string | `"true"` | Cross Site Resource Forgery configuration toggle | +| processEngine.environment.ACTIVITI_DATASOURCE_DRIVER | string | `"org.postgresql.Driver"` | Set the JDBC driver Class | +| processEngine.environment.ACTIVITI_HIBERNATE_DIALECT | string | `"org.hibernate.dialect.PostgreSQLDialect"` | Hibernate dialect (must match the driver) | +| processEngine.environment.IDENTITY_CREDENTIALS_SECRET | string | `""` | Alfresco Identity Service application secret | +| processEngine.environment.IDENTITY_SERVICE_ALWAYS_REFRESH_TOKEN | string | `"true"` | Alfresco Identity Service refresh service token | +| processEngine.environment.IDENTITY_SERVICE_AUTH | string | `"http://localhost:8080/auth"` | Alfresco Identity Service address | +| processEngine.environment.IDENTITY_SERVICE_AUTODETECT_BEARER_ONLY | string | `"true"` | Alfresco Identity Service Bearer only toggle | +| processEngine.environment.IDENTITY_SERVICE_ENABLED | string | `"false"` | Alfresco Identity Service configuration toggle | +| processEngine.environment.IDENTITY_SERVICE_ENABLE_BASIC_AUTH | string | `"true"` | Alfresco Identity Service allow basic authentication (should only be used over SSL) | +| processEngine.environment.IDENTITY_SERVICE_PRINCIPAL_ATTRIBUTE | string | `"email"` | Alfresco Identity Service Attribute to map to user login | +| processEngine.environment.IDENTITY_SERVICE_PUBLIC_CLIENT | string | `"true"` | Alfresco Identity Service public client toggle | +| processEngine.environment.IDENTITY_SERVICE_REALM | string | `"alfresco"` | Alfresco Identity Service Realm | +| processEngine.environment.IDENTITY_SERVICE_RESOURCE | string | `"alfresco"` | Alfresco Identity Service resource name to use | +| processEngine.environment.IDENTITY_SERVICE_SSL_REQUIRED | string | `"none"` | Alfresco Identity Service force using SSL | +| processEngine.environment.IDENTITY_SERVICE_TOKEN_STORE | string | `"session"` | Alfresco Identity Service token storage configuration | +| processEngine.environment.IDENTITY_SERVICE_USE_BROWSER_BASED_LOGOUT | string | `"true"` | Alfresco Identity Service browser initiated logout toggle | +| processEngine.image.internalPort | int | `8080` | | +| processEngine.image.pullPolicy | string | `"IfNotPresent"` | | +| processEngine.image.repository | string | `"quay.io/alfresco/alfresco-process-services"` | | +| processEngine.image.tag | string | `"24.1.0"` | | +| processEngine.ingress.className | string | `"nginx"` | | +| processEngine.ingress.maxUploadSize | string | `"5G"` | | +| processEngine.ingress.path | string | `"/activiti-app"` | | +| processEngine.livenessProbe.failureThreshold | int | `5` | | +| processEngine.livenessProbe.initialDelaySeconds | int | `25` | | +| processEngine.livenessProbe.path | string | `"/activiti-app/app/rest/locale"` | | +| processEngine.livenessProbe.periodSeconds | int | `10` | | +| processEngine.livenessProbe.timeoutSeconds | int | `5` | | +| processEngine.nodeSelector | object | `{}` | | +| processEngine.persistence.accessModes[0] | string | `"ReadWriteOnce"` | | +| processEngine.persistence.baseSize | string | `"20Gi"` | Initial default size of dynamically provisioned storage | +| processEngine.persistence.data | object | `{"mountPath":"/usr/local/data","subPath":"alfresco-process-services/process-data"}` | Where to mount data into the container | +| processEngine.persistence.enabled | bool | `false` | Persist processEngine data | +| processEngine.persistence.existingClaim | string | `nil` | Define if you want to reuse an already existing PVC | +| processEngine.persistence.storageClass | string | `nil` | Define if you already have a custom storage class defined for dynamically provisioned storage | +| processEngine.podAnnotations | object | `{}` | | +| processEngine.podLabels | object | `{}` | | +| processEngine.podSecurityContext.fsGroup | int | `33007` | | +| processEngine.podSecurityContext.runAsGroup | int | `33007` | | +| processEngine.podSecurityContext.runAsUser | int | `33007` | | +| processEngine.readinessProbe.failureThreshold | int | `5` | | +| processEngine.readinessProbe.initialDelaySeconds | int | `25` | | +| processEngine.readinessProbe.path | string | `"/activiti-app/app/rest/locale"` | | +| processEngine.readinessProbe.periodSeconds | int | `10` | | +| processEngine.readinessProbe.timeoutSeconds | int | `5` | | +| processEngine.replicaCount | int | `1` | | +| processEngine.service.externalPort | int | `80` | | +| processEngine.service.name | string | `"aps"` | | +| processEngine.service.type | string | `"ClusterIP"` | | +| processEngine.tolerations | list | `[]` | | +| processEngine.volumeMounts | list | `[]` | | +| processEngine.volumes | list | `[]` | | diff --git a/charts/alfresco-process-services/README.md.gotmpl b/charts/alfresco-process-services/README.md.gotmpl new file mode 100644 index 00000000..9174c355 --- /dev/null +++ b/charts/alfresco-process-services/README.md.gotmpl @@ -0,0 +1,16 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/alfresco-process-services/ci/default-values.yaml b/charts/alfresco-process-services/ci/default-values.yaml new file mode 100644 index 00000000..4f8eed36 --- /dev/null +++ b/charts/alfresco-process-services/ci/default-values.yaml @@ -0,0 +1,22 @@ +database: + url: + aps: postgresql://pg-postgresql-aps:5432/postgres + admin: postgresql://pg-postgresql-aps:5432/activiti-admin + username: &dbuser alfresco + password: &dbpass alfresco-pass +postgresql: + fullnameOverride: pg-postgresql-aps + image: + tag: 14.9.0 + auth: + username: *dbuser + password: *dbpass + database: activiti-admin +license: + secretName: aps-license +processEngine: + environment: + ACTIVITI_CORS_ALLOWED_ORIGINS: "http://localhost" + JAVA_OPTS: "-Dapp.review-workflows.enabled=true" +tags: + ci: true diff --git a/charts/alfresco-process-services/templates/NOTES.txt b/charts/alfresco-process-services/templates/NOTES.txt new file mode 100644 index 00000000..9957118b --- /dev/null +++ b/charts/alfresco-process-services/templates/NOTES.txt @@ -0,0 +1,12 @@ +Thank you for installing {{ .Chart.Name }}! + + ,---. ,--------, ,---. + / 0 \ / .---. / ,' ,-' + / .-. / / '---' / `. \, + / / / / / / ---' .-' / +`--' `--' `--' `-----' + +{{ .Release.Name }}, your release of Alfresco Process Service offers the endpoint bellow on your cluster: + +Activiti App: {{ .Values.processEngine.ingress.path | default "/" }} +Admin App: {{ .Values.adminApp.ingress.path | default "/" }} diff --git a/charts/alfresco-process-services/templates/_helpers-label.tpl b/charts/alfresco-process-services/templates/_helpers-label.tpl new file mode 100644 index 00000000..583f992b --- /dev/null +++ b/charts/alfresco-process-services/templates/_helpers-label.tpl @@ -0,0 +1,19 @@ +{{- define "alfresco-process-services.aps.labels" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "aps" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.labels" $scope }} +{{- end }} + +{{- define "alfresco-process-services.aps.selectorLabels" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "aps" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.selectorLabels" $scope }} +{{- end }} + +{{- define "alfresco-process-services.admin.labels" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "admin" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.labels" $scope }} +{{- end }} + +{{- define "alfresco-process-services.admin.selectorLabels" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "admin" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.selectorLabels" $scope }} +{{- end }} diff --git a/charts/alfresco-process-services/templates/_helpers-name.tpl b/charts/alfresco-process-services/templates/_helpers-name.tpl new file mode 100644 index 00000000..fb70f0a6 --- /dev/null +++ b/charts/alfresco-process-services/templates/_helpers-name.tpl @@ -0,0 +1,54 @@ +{{- define "alfresco-process-services.deployment-aps.name" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "aps" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.fullname" $scope }} +{{- end }} + +{{- define "alfresco-process-services.deployment-admin.name" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "admin" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.fullname" $scope }} +{{- end }} + +{{- define "alfresco-process-services.ingress-aps.name" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "ingress-aps" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.fullname" $scope }} +{{- end }} + +{{- define "alfresco-process-services.ingress-admin.name" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "ingress-admin" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.fullname" $scope }} +{{- end }} + +{{- define "alfresco-process-services.config-aps.name" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "configmap-aps" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.fullname" $scope }} +{{- end }} + +{{- define "alfresco-process-services.config-admin.name" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "configmap-admin" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.fullname" $scope }} +{{- end }} + +{{- define "alfresco-process-services.database-config-aps.name" -}} +{{- $ctx := dict "Values" (dict "nameOverride" "database-aps") "Chart" .Chart "Release" .Release }} +{{- template "alfresco-process-services.fullname" $ctx }} +{{- end -}} + +{{- define "alfresco-process-services.database-config-admin.name" -}} +{{- $ctx := dict "Values" (dict "nameOverride" "database-admin") "Chart" .Chart "Release" .Release }} +{{- template "alfresco-process-services.fullname" $ctx }} +{{- end -}} + +{{- define "alfresco-process-services.database-secret.name" -}} +{{- $ctx := dict "Values" (dict "nameOverride" "database-secret") "Chart" .Chart "Release" .Release }} +{{- template "alfresco-process-services.fullname" $ctx }} +{{- end -}} + +{{- define "alfresco-process-services.service-aps.name" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "service-aps" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.fullname" $scope }} +{{- end }} + +{{- define "alfresco-process-services.service-admin.name" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "service-admin" ) "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-process-services.fullname" $scope }} +{{- end }} diff --git a/charts/alfresco-process-services/templates/_helpers.tpl b/charts/alfresco-process-services/templates/_helpers.tpl new file mode 100644 index 00000000..4a5b42d9 --- /dev/null +++ b/charts/alfresco-process-services/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "alfresco-process-services.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "alfresco-process-services.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create a default fully qualified name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "aps.fullname" -}} +{{- template "alfresco-process-services.fullname" . }} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "alfresco-process-services.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "alfresco-process-services.labels" -}} +helm.sh/chart: {{ include "alfresco-process-services.chart" . }} +{{ include "alfresco-process-services.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: {{ .Chart.Name }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "alfresco-process-services.selectorLabels" -}} +app.kubernetes.io/name: {{ include "alfresco-process-services.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/alfresco-process-services/templates/config-admin-database.yaml b/charts/alfresco-process-services/templates/config-admin-database.yaml new file mode 100644 index 00000000..1f3d6402 --- /dev/null +++ b/charts/alfresco-process-services/templates/config-admin-database.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.database.existingConfigMap.name }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: >- + {{ template "alfresco-process-services.database-config-admin.name" . }} + labels: + {{- include "alfresco-process-services.admin.labels" . | nindent 4 }} +data: + {{- with .Values.database }} + DATABASE_URL: {{ hasPrefix "jdbc:" .url.admin | ternary .url.admin (print "jdbc:" .url.admin) }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-process-services/templates/config-admin.yaml b/charts/alfresco-process-services/templates/config-admin.yaml new file mode 100644 index 00000000..93e77f7a --- /dev/null +++ b/charts/alfresco-process-services/templates/config-admin.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "alfresco-process-services.config-admin.name" . }} + labels: + {{- include "alfresco-process-services.admin.labels" . | nindent 4 }} +data: + {{- if .Values.adminApp.environment }} + {{- range $key, $val := .Values.adminApp.environment }} + {{ $key }}: {{ tpl $val $ | quote }} + {{- end }} + {{- end }} diff --git a/charts/alfresco-process-services/templates/config-aps-database.yaml b/charts/alfresco-process-services/templates/config-aps-database.yaml new file mode 100644 index 00000000..319dd488 --- /dev/null +++ b/charts/alfresco-process-services/templates/config-aps-database.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.database.existingConfigMap.name }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: >- + {{ template "alfresco-process-services.database-config-aps.name" . }} + labels: + {{- include "alfresco-process-services.aps.labels" . | nindent 4 }} +data: + {{- with .Values.database }} + DATABASE_URL: {{ hasPrefix "jdbc:" .url.aps | ternary .url.aps (print "jdbc:" .url.aps) }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-process-services/templates/config-aps.yaml b/charts/alfresco-process-services/templates/config-aps.yaml new file mode 100644 index 00000000..992a9491 --- /dev/null +++ b/charts/alfresco-process-services/templates/config-aps.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "alfresco-process-services.config-aps.name" . }} + labels: + {{- include "alfresco-process-services.aps.labels" . | nindent 4 }} +data: + {{- if .Values.processEngine.environment }} + {{- range $key, $val := .Values.processEngine.environment }} + {{ $key }}: {{ tpl $val $ | quote }} + {{- end }} + {{- end }} diff --git a/charts/alfresco-process-services/templates/deployment-admin.yaml b/charts/alfresco-process-services/templates/deployment-admin.yaml new file mode 100644 index 00000000..6514527a --- /dev/null +++ b/charts/alfresco-process-services/templates/deployment-admin.yaml @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "alfresco-process-services.deployment-admin.name" . }} + labels: + {{- include "alfresco-process-services.admin.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.adminApp.replicaCount }} + selector: + matchLabels: + {{- include "alfresco-process-services.admin.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.adminApp.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "alfresco-process-services.admin.labels" . | nindent 8 }} + {{- with .Values.adminApp.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "alfresco-common.imagePullSecrets" . | indent 6 }} + {{- include "alfresco-common.component-pod-security-context" .Values.adminApp | indent 4 }} + containers: + - name: {{ template "alfresco-process-services.deployment-admin.name" . }} + image: {{ .Values.adminApp.image.repository }}:{{ .Values.adminApp.image.tag }} + imagePullPolicy: {{ .Values.adminApp.image.pullPolicy }} + env: + {{- with .Values.database }} + {{- $dbSecret := coalesce .existingSecret.name (include "alfresco-process-services.database-secret.name" $) }} + {{- $dbCm := coalesce .existingConfigMap.name (include "alfresco-process-services.database-config-admin.name" $) }} + - name: ACTIVITI_ADMIN_DATASOURCE_USERNAME + valueFrom: + secretKeyRef: + name: {{ $dbSecret }} + key: {{ .existingSecret.keys.username }} + - name: ACTIVITI_ADMIN_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $dbSecret }} + key: {{ .existingSecret.keys.password }} + - name: ACTIVITI_ADMIN_DATASOURCE_URL + valueFrom: + configMapKeyRef: + name: {{ $dbCm }} + key: {{ .existingConfigMap.keys.url }} + {{- end }} + envFrom: + - configMapRef: + name: {{ template "alfresco-process-services.config-admin.name" . }} + ports: + - containerPort: {{ .Values.adminApp.image.internalPort }} + livenessProbe: + httpGet: + path: {{ .Values.adminApp.livenessProbe.path }} + port: {{ .Values.adminApp.image.internalPort }} + initialDelaySeconds: {{ .Values.adminApp.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.adminApp.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.adminApp.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.adminApp.livenessProbe.timeoutSeconds }} + readinessProbe: + httpGet: + path: {{ .Values.adminApp.readinessProbe.path }} + port: {{ .Values.adminApp.image.internalPort }} + initialDelaySeconds: {{ .Values.adminApp.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.adminApp.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.adminApp.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.adminApp.readinessProbe.timeoutSeconds }} + resources: + {{- toYaml .Values.adminApp.resources | nindent 12 }} + {{- with .Values.adminApp.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.adminApp.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.adminApp.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.adminApp.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.adminApp.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/alfresco-process-services/templates/deployment-aps.yaml b/charts/alfresco-process-services/templates/deployment-aps.yaml new file mode 100644 index 00000000..c4269103 --- /dev/null +++ b/charts/alfresco-process-services/templates/deployment-aps.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "alfresco-process-services.deployment-aps.name" . }} + labels: + {{- include "alfresco-process-services.aps.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.processEngine.replicaCount }} + selector: + matchLabels: + {{- include "alfresco-process-services.aps.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.processEngine.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "alfresco-process-services.aps.labels" . | nindent 8 }} + {{- with .Values.processEngine.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "alfresco-common.imagePullSecrets" . | indent 6 }} + {{- include "alfresco-common.component-pod-security-context" .Values.processEngine | indent 4 }} + containers: + - name: {{ template "alfresco-process-services.deployment-aps.name" . }} + image: {{ .Values.processEngine.image.repository }}:{{ .Values.processEngine.image.tag }} + imagePullPolicy: {{ .Values.processEngine.image.pullPolicy }} + env: + {{- with .Values.database }} + {{- $dbSecret := coalesce .existingSecret.name (include "alfresco-process-services.database-secret.name" $) }} + {{- $dbCm := coalesce .existingConfigMap.name (include "alfresco-process-services.database-config-aps.name" $) }} + - name: ACTIVITI_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $dbSecret }} + key: {{ .existingSecret.keys.password }} + - name: ACTIVITI_DATASOURCE_USERNAME + valueFrom: + secretKeyRef: + name: {{ $dbSecret }} + key: {{ .existingSecret.keys.username }} + - name: ACTIVITI_DATASOURCE_URL + valueFrom: + configMapKeyRef: + name: {{ $dbCm }} + key: {{ .existingConfigMap.keys.url }} + {{- end }} + envFrom: + - configMapRef: + name: {{ template "alfresco-process-services.config-aps.name" . }} + ports: + - containerPort: {{ .Values.processEngine.image.internalPort }} + volumeMounts: + {{- if .Values.processEngine.persistence.enabled }} + - name: data + mountPath: {{ .Values.processEngine.persistence.data.mountPath }} + subPath: {{ .Values.processEngine.persistence.data.subPath }} + {{- end }} + {{- if .Values.license.secretName }} + - name: license + mountPath: "/usr/local/tomcat/lib/activiti.lic" + subPath: activiti.lic + readOnly: true + {{- end }} + {{- with .Values.processEngine.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.processEngine.livenessProbe.path }} + port: {{ .Values.processEngine.image.internalPort }} + initialDelaySeconds: {{ .Values.processEngine.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.processEngine.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.processEngine.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.processEngine.livenessProbe.timeoutSeconds }} + readinessProbe: + httpGet: + path: {{ .Values.processEngine.readinessProbe.path }} + port: {{ .Values.processEngine.image.internalPort }} + initialDelaySeconds: {{ .Values.processEngine.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.processEngine.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.processEngine.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.processEngine.readinessProbe.timeoutSeconds }} + resources: + {{- toYaml .Values.processEngine.resources | nindent 12 }} + volumes: + {{- if .Values.processEngine.persistence.enabled }} + {{- include "data_volume" .Values.processEngine | nindent 8 }} + {{- end }} + {{- if .Values.license.secretName }} + - name: license + secret: + defaultMode: 0400 + secretName: {{ .Values.license.secretName }} + {{- end }} + {{- with .Values.processEngine.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.processEngine.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.processEngine.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.processEngine.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/alfresco-process-services/templates/ingress-admin.yaml b/charts/alfresco-process-services/templates/ingress-admin.yaml new file mode 100644 index 00000000..a093d278 --- /dev/null +++ b/charts/alfresco-process-services/templates/ingress-admin.yaml @@ -0,0 +1,30 @@ +{{- if .Values.ingress.enabled }} +{{- $serviceName := printf "%s-%s" (include "alfresco-process-services.fullname" .) "admin" -}} +{{- $servicePort := .Values.adminApp.service.externalPort -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "alfresco-process-services.ingress-admin.name" . }} + labels: + {{- include "alfresco-process-services.admin.labels" . | nindent 4 }} + annotations: + ingress.kubernetes.io/ssl-redirect: "false" + {{- with .Values.adminApp.ingress.maxUploadSize }} + nginx.ingress.kubernetes.io/proxy-body-size: {{ . }} + {{- end }} +spec: + ingressClassName: {{ .Values.adminApp.ingress.className }} + rules: + {{- if .Values.adminApp.ingress.hostName }} + - host: {{ tpl .Values.adminApp.ingress.hostName $ }} + http: + {{- else }} + - http: + {{- end }} + paths: + - path: {{ tpl .Values.adminApp.ingress.path . }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: Prefix + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $) | nindent 14 }} +{{- end }} diff --git a/charts/alfresco-process-services/templates/ingress-aps.yaml b/charts/alfresco-process-services/templates/ingress-aps.yaml new file mode 100644 index 00000000..deec5192 --- /dev/null +++ b/charts/alfresco-process-services/templates/ingress-aps.yaml @@ -0,0 +1,29 @@ +{{- if .Values.ingress.enabled }} +{{- $serviceName := printf "%s-%s" (include "alfresco-process-services.fullname" .) "aps" -}} +{{- $servicePort := .Values.processEngine.service.externalPort -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "alfresco-process-services.ingress-aps.name" . }} + labels: + {{- include "alfresco-process-services.aps.labels" . | nindent 4 }} + annotations: + {{- with .Values.processEngine.ingress.maxUploadSize }} + nginx.ingress.kubernetes.io/proxy-body-size: {{ . }} + {{- end }} +spec: + ingressClassName: {{ .Values.processEngine.ingress.className }} + rules: + {{- if .Values.processEngine.ingress.hostName }} + - host: {{ tpl .Values.processEngine.ingress.hostName $ }} + http: + {{- else }} + - http: + {{- end }} + paths: + - path: {{ tpl .Values.processEngine.ingress.path . }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: Prefix + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $) | nindent 14 }} +{{- end }} diff --git a/charts/alfresco-process-services/templates/pvc-aps.yaml b/charts/alfresco-process-services/templates/pvc-aps.yaml new file mode 100644 index 00000000..0bffe685 --- /dev/null +++ b/charts/alfresco-process-services/templates/pvc-aps.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.processEngine.persistence.enabled (not .Values.processEngine.persistence.existingClaim) }} +{{ include "alfresco-common.component_pvc" .Values.processEngine }} +{{- end }} diff --git a/charts/alfresco-process-services/templates/secret-database.yaml b/charts/alfresco-process-services/templates/secret-database.yaml new file mode 100644 index 00000000..4ecd4d9a --- /dev/null +++ b/charts/alfresco-process-services/templates/secret-database.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.database.existingSecret.name }} +apiVersion: v1 +kind: Secret +metadata: + name: >- + {{ template "alfresco-process-services.database-secret.name" $ }} + labels: + {{- include "alfresco-process-services.labels" . | nindent 4 }} +type: Opaque +{{- $reqmsg := "Either provide database credentials as values, or provide a secret that contains them." }} +data: + DATABASE_USERNAME: {{ required $reqmsg .Values.database.username | b64enc | quote }} + DATABASE_PASSWORD: {{ required $reqmsg .Values.database.password | b64enc | quote }} +{{- end }} diff --git a/charts/alfresco-process-services/templates/svc-admin.yaml b/charts/alfresco-process-services/templates/svc-admin.yaml new file mode 100644 index 00000000..7c85eafc --- /dev/null +++ b/charts/alfresco-process-services/templates/svc-admin.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "alfresco-process-services.service-admin.name" . }} + labels: + {{- include "alfresco-process-services.admin.labels" . | nindent 4 }} +spec: + type: {{ .Values.adminApp.service.type }} + ports: + - port: {{ .Values.adminApp.service.externalPort }} + targetPort: {{ .Values.adminApp.image.internalPort }} + name: {{ .Values.adminApp.service.name }} + selector: + {{- include "alfresco-process-services.admin.selectorLabels" . | nindent 4 }} diff --git a/charts/alfresco-process-services/templates/svc-aps.yaml b/charts/alfresco-process-services/templates/svc-aps.yaml new file mode 100644 index 00000000..8f06e1cb --- /dev/null +++ b/charts/alfresco-process-services/templates/svc-aps.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "alfresco-process-services.service-aps.name" . }} + labels: + {{- include "alfresco-process-services.aps.labels" . | nindent 4 }} +spec: + type: {{ .Values.processEngine.service.type }} + ports: + - port: {{ .Values.processEngine.service.externalPort }} + targetPort: {{ .Values.processEngine.image.internalPort }} + name: {{ .Values.processEngine.service.name }} + selector: + {{- include "alfresco-process-services.aps.selectorLabels" . | nindent 4 }} diff --git a/charts/alfresco-process-services/tests/deployment_aps_test.yaml b/charts/alfresco-process-services/tests/deployment_aps_test.yaml new file mode 100644 index 00000000..6a8806ef --- /dev/null +++ b/charts/alfresco-process-services/tests/deployment_aps_test.yaml @@ -0,0 +1,84 @@ +--- +suite: test repository manifest +templates: + - deployment-aps.yaml + - config-aps.yaml + - pvc-aps.yaml +tests: + - it: should have basic metadata in place in deployment + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-aps + template: deployment-aps.yaml + - it: should have a default volume claim when not specifying an existing one + set: + processEngine.persistence.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].name + value: data + template: deployment-aps.yaml + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].mountPath + value: /usr/local/data + template: deployment-aps.yaml + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].subPath + value: alfresco-process-services/process-data + template: deployment-aps.yaml + - equal: + path: spec.template.spec.volumes[0].persistentVolumeClaim.claimName + value: aps-default-pvc + template: deployment-aps.yaml + - equal: + path: metadata.name + value: aps-default-pvc + template: pvc-aps.yaml + - isNull: + path: spec.storageClassName + template: pvc-aps.yaml + - it: should set a specific storage class when set + set: + processEngine.persistence.enabled: true + processEngine.persistence.storageClass: my-own-storage-class + asserts: + - equal: + path: spec.storageClassName + value: my-own-storage-class + template: pvc-aps.yaml + - it: should override default volume claim when existing claim is provided + set: + processEngine.persistence.enabled: true + processEngine.persistence.existingClaim: my-own-custom-pvc + asserts: + - isNotEmpty: + path: spec.template.spec.containers[0].volumeMounts + template: deployment-aps.yaml + - equal: + path: spec.template.spec.volumes[0].persistentVolumeClaim.claimName + value: my-own-custom-pvc + template: deployment-aps.yaml + - hasDocuments: + count: 0 + template: pvc-aps.yaml + - it: should not set license by default + asserts: + - isEmpty: + path: spec.template.spec.volumes + template: deployment-aps.yaml + - isEmpty: + path: spec.template.spec.containers[0].volumeMounts + template: deployment-aps.yaml + - it: should mount license secret when set + set: + license.secretName: my-own-custom-license + asserts: + - equal: + path: spec.template.spec.volumes[0].secret.secretName + value: my-own-custom-license + template: deployment-aps.yaml + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].name + value: license + template: deployment-aps.yaml diff --git a/charts/alfresco-process-services/values.yaml b/charts/alfresco-process-services/values.yaml new file mode 100644 index 00000000..bc31e1f5 --- /dev/null +++ b/charts/alfresco-process-services/values.yaml @@ -0,0 +1,192 @@ +# Default values for Alfresco Process Services. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +--- +global: + alfrescoRegistryPullSecrets: quay-registry-secret + +ingress: + enabled: true + protocol: http + hostName: '' + +processEngine: + replicaCount: 1 + podLabels: {} + podAnnotations: {} + podSecurityContext: + runAsUser: 33007 + runAsGroup: 33007 + fsGroup: 33007 + image: + repository: quay.io/alfresco/alfresco-process-services + tag: 24.1.0 + pullPolicy: IfNotPresent + internalPort: 8080 + service: + name: aps + type: ClusterIP + externalPort: 80 + ingress: + className: "nginx" + path: /activiti-app + maxUploadSize: "5G" + persistence: + # -- Persist processEngine data + enabled: false + # -- Initial default size of dynamically provisioned storage + baseSize: 20Gi + # -- Define if you already have a custom storage class defined for + # dynamically provisioned storage + storageClass: + accessModes: + - ReadWriteOnce + # -- Define if you want to reuse an already existing PVC + existingClaim: + # -- Where to mount data into the container + data: + mountPath: "/usr/local/data" + subPath: "alfresco-process-services/process-data" + readinessProbe: &apsProbe + path: /activiti-app/app/rest/locale + initialDelaySeconds: 25 + periodSeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + livenessProbe: *apsProbe + environment: + # -- Set the JDBC driver Class + ACTIVITI_DATASOURCE_DRIVER: "org.postgresql.Driver" + # -- Hibernate dialect (must match the driver) + ACTIVITI_HIBERNATE_DIALECT: "org.hibernate.dialect.PostgreSQLDialect" + # -- Cross Origin Resource Sharing configuration toggle + ACTIVITI_CORS_ENABLED: "true" + # -- Cross Origin Resource Sharing configuration allowed origins + # (list of strings) + # ACTIVITI_CORS_ALLOWED_ORIGINS: "*" + # -- Cross Origin Resource Sharing configuration allowed origins + # (list of glob-like patterns) + ACTIVITI_CORS_ALLOWED_ORIGIN_PATTERNS: "*" + # -- Cross Origin Resource Sharing configuration allowed http methods + ACTIVITI_CORS_ALLOWED_METHODS: "GET,POST,HEAD,OPTIONS,PUT,DELETE" + # -- Cross Origin Resource Sharing configuration allowed http headers + ACTIVITI_CORS_ALLOWED_HEADERS: >- + Authorization,Content-Type,Cache-Control,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-CSRF-Token + # -- Cross Site Resource Forgery configuration toggle + ACTIVITI_CSRF_DISABLED: "true" + # -- ElasticSearch configuration + # ACTIVITI_ES_SERVER_TYPE: "rest" + # ACTIVITI_ES_REST_CLIENT_ADDRESS: "localhost" + # ACTIVITI_ES_REST_CLIENT_PORT: "9200" + # ACTIVITI_ES_REST_CLIENT_SCHEMA: "http" + # ACTIVITI_ES_REST_CLIENT_AUTH_ENABLED: "false" + # ACTIVITI_ES_REST_CLIENT_USERNAME: "admin" + # ACTIVITI_ES_REST_CLIENT_PASSWORD: "esadmin" + # ACTIVITI_ES_REST_CLIENT_KEYSTORE: "" + # ACTIVITI_ES_REST_CLIENT_KEYSTORE_TYPE: "jks" + # ACTIVITI_ES_REST_CLIENT_KEYSTORE_PASSWORD: "" + # ACTIVITI_ADMIN_EMAIL: + # ACTIVITI_ADMIN_PASSWORD_HASH: + # ACTIVITI_LICENSE_MULTI_TENANT: + # -- Alfresco Identity Service configuration toggle + IDENTITY_SERVICE_ENABLED: "false" + # -- Alfresco Identity Service Realm + IDENTITY_SERVICE_REALM: "alfresco" + # -- Alfresco Identity Service address + IDENTITY_SERVICE_AUTH: "http://localhost:8080/auth" + # -- Alfresco Identity Service force using SSL + IDENTITY_SERVICE_SSL_REQUIRED: "none" + # -- Alfresco Identity Service resource name to use + IDENTITY_SERVICE_RESOURCE: "alfresco" + # -- Alfresco Identity Service Attribute to map to user login + IDENTITY_SERVICE_PRINCIPAL_ATTRIBUTE: "email" + # -- Alfresco Identity Service refresh service token + IDENTITY_SERVICE_ALWAYS_REFRESH_TOKEN: "true" + # -- Alfresco Identity Service Bearer only toggle + IDENTITY_SERVICE_AUTODETECT_BEARER_ONLY: "true" + # -- Alfresco Identity Service token storage configuration + IDENTITY_SERVICE_TOKEN_STORE: "session" + # -- Alfresco Identity Service allow basic authentication + # (should only be used over SSL) + IDENTITY_SERVICE_ENABLE_BASIC_AUTH: "true" + # -- Alfresco Identity Service public client toggle + IDENTITY_SERVICE_PUBLIC_CLIENT: "true" + # -- Alfresco Identity Service browser initiated logout toggle + IDENTITY_SERVICE_USE_BROWSER_BASED_LOGOUT: "true" + # -- Alfresco Identity Service application secret + IDENTITY_CREDENTIALS_SECRET: "" + volumes: [] + volumeMounts: [] + nodeSelector: {} + tolerations: [] + affinity: {} + +license: + secretName: + +adminApp: + replicacount: 1 + podAnnotations: {} + podLabels: {} + podSecurityContext: {} + image: + repository: quay.io/alfresco/alfresco-process-services-admin + tag: 24.1.0 + pullPolicy: IfNotPresent + internalPort: 8080 + service: + name: aps-admin + type: ClusterIP + externalPort: 80 + livenessProbe: &adminProbe + path: /activiti-admin/ + initialDelaySeconds: 25 + periodSeconds: 10 + failureThreshold: 5 + timeoutSeconds: 5 + readinessProbe: *adminProbe + ingress: + className: "nginx" + path: /activiti-admin + maxUploadSize: "5G" + environment: + # -- Set the JDBC driver Class + ACTIVITI_ADMIN_DATASOURCE_DRIVER: "org.postgresql.Driver" + # -- Hibernate dialect (must match the driver) + ACTIVITI_ADMIN_HIBERNATE_DIALECT: "org.hibernate.dialect.PostgreSQLDialect" + # -- activiti-app address + ACTIVITI_ADMIN_REST_APP_HOST: "http://localhost" + # -- activiti-app port + ACTIVITI_ADMIN_REST_APP_PORT: "80" + # -- activiti-app username + ACTIVITI_ADMIN_REST_APP_USERNAME: "admin@app.activiti.com" + # -- activiti-app password + ACTIVITI_ADMIN_REST_APP_PASSWORD: "admin" + volumes: [] + volumeMounts: [] + nodeSelector: {} + tolerations: [] + affinity: {} + +database: + # -- JDBC url to connect to the external DB + url: + aps: null + admin: null + # -- JDBC username to use to connect to the DB + username: null + # -- JDBC password to use to connect to the DB + password: null + existingConfigMap: + name: null + keys: + # -- configmap key where to find the URL of the database + url: DATABASE_URL + existingSecret: + # -- Name of a pre-existing secret containing database credentials + name: null + keys: + # -- Key within the secret holding the database username + username: DATABASE_USERNAME + # -- Key within the secret holding the database password + password: DATABASE_PASSWORD