diff --git a/charts/alfresco-ai-transformer/Chart.lock b/charts/alfresco-ai-transformer/Chart.lock index 0b735367..97607ae4 100644 --- a/charts/alfresco-ai-transformer/Chart.lock +++ b/charts/alfresco-ai-transformer/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: alfresco-common repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 2.1.0 + version: 3.0.0 - name: activemq repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 3.2.0 -digest: sha256:2253dbee6aa979a16ff69d391f074dd62adf48c7d41f12271eebaee3fb89e54f -generated: "2023-08-18T17:01:09.053373+02:00" + version: 3.4.1 +digest: sha256:9cc0f93b3dd14c9dde5cb9d9f4b7540d9d40d02d66b2a8d8eabd9d7f4f033f5c +generated: "2023-12-15T14:43:55.754327+01:00" diff --git a/charts/alfresco-ai-transformer/Chart.yaml b/charts/alfresco-ai-transformer/Chart.yaml index d438fca0..71a90717 100644 --- a/charts/alfresco-ai-transformer/Chart.yaml +++ b/charts/alfresco-ai-transformer/Chart.yaml @@ -2,13 +2,14 @@ apiVersion: v2 name: alfresco-ai-transformer description: A Helm chart for deploying Alfresco ai transformer service type: application -version: 0.4.1 +version: 1.0.0-alpha.1 appVersion: 3.0.1 dependencies: - name: alfresco-common - version: 2.1.0 + version: 3.0.0 repository: https://alfresco.github.io/alfresco-helm-charts/ - name: activemq - version: 3.2.0 + version: 3.4.1 repository: https://alfresco.github.io/alfresco-helm-charts/ - condition: activemq.enabled + tags: + - ci diff --git a/charts/alfresco-ai-transformer/README.md b/charts/alfresco-ai-transformer/README.md index 61235c21..9ffdd0e4 100644 --- a/charts/alfresco-ai-transformer/README.md +++ b/charts/alfresco-ai-transformer/README.md @@ -1,6 +1,6 @@ # alfresco-ai-transformer -![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.1](https://img.shields.io/badge/AppVersion-3.0.1-informational?style=flat-square) +![Version: 1.0.0-alpha.1](https://img.shields.io/badge/Version-1.0.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.1](https://img.shields.io/badge/AppVersion-3.0.1-informational?style=flat-square) A Helm chart for deploying Alfresco ai transformer service @@ -8,19 +8,25 @@ A Helm chart for deploying Alfresco ai transformer service | Repository | Name | Version | |------------|------|---------| -| https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.2.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.1.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.4.1 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.0.0 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| activemq.enabled | bool | `false` | | -| aws.accessKey | string | `"XXXXXXXXXXXXXXXXXXXXXXXX"` | AWS credentials are required as documented at https://docs.alfresco.com/intelligence-services/latest/config/#default-configuration | -| aws.comprehendRoleARN | string | `"arn:aws:iam::XXXXXXXXXXXX:role/ComprehendAsyncJobs"` | | -| aws.region | string | `"region-name"` | | -| aws.s3Bucket | string | `"s3-bucket-name"` | | -| aws.secretAccessKey | string | `"XXXXXXXXXXXXXXXXXXXXXXXX"` | | +| aws.accessKeyId | string | `nil` | AWS credentials are required as documented at https://docs.alfresco.com/intelligence-services/latest/config/#default-configuration | +| aws.comprehendRoleARN | string | `nil` | | +| aws.existingConfigMap.keys.comprehendRoleARN | string | `"AWS_COMPREHEND_ROLE_ARN"` | | +| aws.existingConfigMap.keys.region | string | `"AWS_REGION"` | | +| aws.existingConfigMap.keys.s3Bucket | string | `"AWS_S3_BUCKET"` | | +| aws.existingConfigMap.name | string | `nil` | | +| aws.existingSecret.keys.accessKeyId | string | `"AWS_ACCESS_KEY_ID"` | | +| aws.existingSecret.keys.secretAccessKey | string | `"AWS_SECRET_ACCESS_KEY"` | | +| aws.existingSecret.name | string | `nil` | | +| aws.region | string | `nil` | | +| aws.s3Bucket | string | `nil` | | +| aws.secretAccessKey | string | `nil` | | | environment.JAVA_OPTS | string | `"-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80"` | | | global.alfrescoRegistryPullSecrets | string | `"quay-registry-secret"` | | | image.internalPort | int | `8090` | | @@ -34,9 +40,11 @@ A Helm chart for deploying Alfresco ai transformer service | livenessProbe.maxTransforms | int | `10000` | | | livenessProbe.periodSeconds | int | `20` | | | livenessProbe.timeoutSeconds | int | `10` | | -| messageBroker.existingSecretName | string | `nil` | Alternatively, provide credentials via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | +| messageBroker.existingConfigMap | object | `{"keys":{"url":"BROKER_URL"},"name":null}` | Alternatively, provide credentials via an existing secret and set the keys as they are given | +| messageBroker.existingSecret.keys.password | string | `"BROKER_PASSWORD"` | | +| messageBroker.existingSecret.keys.username | string | `"BROKER_USERNAME"` | | +| messageBroker.existingSecret.name | string | `nil` | | | messageBroker.password | string | `nil` | | -| messageBroker.secretName | string | `"acs-alfresco-cs-brokersecret"` | Name of the secret managed by this chart | | messageBroker.url | string | `nil` | | | messageBroker.user | string | `nil` | | | nodeSelector | object | `{}` | | @@ -52,8 +60,15 @@ A Helm chart for deploying Alfresco ai transformer service | service.externalPort | int | `80` | | | service.name | string | `"ai-transformer"` | | | service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `"ai-transformer-sa"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| sfs.existingConfigMap.keys.url | string | `"FILE_STORE_URL"` | | +| sfs.existingConfigMap.name | string | `nil` | | +| sfs.url | string | `nil` | Alfresco Transformation filestore (e.g. http://acs-alfresco-transform-service) | | strategy.rollingUpdate.maxSurge | int | `1` | | | strategy.rollingUpdate.maxUnavailable | int | `0` | | +| tags.ci | bool | `false` | A chart tag used for Hyland's CI purpose. Do not set it to true. | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/alfresco-ai-transformer/ci/default-values.yaml b/charts/alfresco-ai-transformer/ci/default-values.yaml index c4794b1b..c4a50883 100644 --- a/charts/alfresco-ai-transformer/ci/default-values.yaml +++ b/charts/alfresco-ai-transformer/ci/default-values.yaml @@ -6,7 +6,7 @@ resources: cpu: "1" memory: "500Mi" activemq: - enabled: true + fullnameOverride: activemq resources: requests: cpu: "100m" @@ -14,3 +14,19 @@ activemq: limits: cpu: "1000m" memory: "1Gi" + adminUser: &mquser + user: someone + password: something +aws: + accessKeyId: AAAAAAAAAAAAAAAAA + secretAccessKey: ZZZZZZZZZZZZZZZZZ + s3Bucket: somebucket + region: us-east-1 + comprehendRoleARN: arn:aws:iam::000000000000:user/comprehend +sfs: + url: http://acs-alfresco-transform-service +messageBroker: + <<: *mquser + url: failover:(nio://activemq:61616) +tags: + ci: true diff --git a/charts/alfresco-ai-transformer/templates/_helpers.tpl b/charts/alfresco-ai-transformer/templates/_helpers.tpl index 4317ab80..da8b0e6d 100644 --- a/charts/alfresco-ai-transformer/templates/_helpers.tpl +++ b/charts/alfresco-ai-transformer/templates/_helpers.tpl @@ -40,6 +40,7 @@ helm.sh/chart: {{ include "alfresco-ai-transformer.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: {{ template "alfresco-ai-transformer.name" . }} {{- end }} {{/* @@ -49,3 +50,14 @@ Selector labels app.kubernetes.io/name: {{ include "alfresco-ai-transformer.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "alfresco-ai-transformer.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "alfresco-ai-transformer.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/alfresco-ai-transformer/templates/config-ai-transformer.yaml b/charts/alfresco-ai-transformer/templates/config-ai-transformer.yaml index 1a3cd90d..61728bb6 100644 --- a/charts/alfresco-ai-transformer/templates/config-ai-transformer.yaml +++ b/charts/alfresco-ai-transformer/templates/config-ai-transformer.yaml @@ -5,17 +5,9 @@ metadata: labels: {{- include "alfresco-ai-transformer.labels" . | nindent 4 }} data: - {{- if .Values.environment }} {{- range $key, $val := .Values.environment }} {{ $key }}: {{ $val | quote }} {{- end }} - {{- end }} - FILE_STORE_URL: http://{{ template "alfresco.shortname" . }}-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file - AWS_ACCESS_KEY: {{ .Values.aws.accessKey }} - AWS_SECRET_ACCESS_KEY: {{ .Values.aws.secretAccessKey }} - AWS_REGION: {{ .Values.aws.region }} - AWS_S3_BUCKET: {{ .Values.aws.s3Bucket }} - AWS_COMPREHEND_ROLE_ARN: {{ .Values.aws.comprehendRoleARN }} livenessPercent: "{{ .Values.livenessProbe.livenessPercent }}" livenessTransformPeriodSeconds: "{{ .Values.livenessProbe.livenessTransformPeriodSeconds }}" maxTransforms: "{{ .Values.livenessProbe.maxTransforms }}" diff --git a/charts/alfresco-ai-transformer/templates/config-aws.yaml b/charts/alfresco-ai-transformer/templates/config-aws.yaml new file mode 100644 index 00000000..68bd3396 --- /dev/null +++ b/charts/alfresco-ai-transformer/templates/config-aws.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.aws.existingConfigMap.name }} +apiVersion: v1 +kind: ConfigMap +metadata: + {{- $cmCtx := dict "Values" (dict "nameOverride" "aws-comprehend") "Chart" .Chart "Release" .Release }} + name: {{ template "alfresco-ai-transformer.fullname" $cmCtx }} + labels: + {{- include "alfresco-ai-transformer.labels" . | nindent 4 }} +data: + AWS_REGION: {{ .Values.aws.region }} + AWS_S3_BUCKET: {{ .Values.aws.s3Bucket }} + AWS_COMPREHEND_ROLE_ARN: {{ .Values.aws.comprehendRoleARN }} +{{- end }} diff --git a/charts/alfresco-ai-transformer/templates/config-message-broker.yaml b/charts/alfresco-ai-transformer/templates/config-message-broker.yaml new file mode 100644 index 00000000..736c3324 --- /dev/null +++ b/charts/alfresco-ai-transformer/templates/config-message-broker.yaml @@ -0,0 +1,12 @@ +{{- if not .Values.messageBroker.existingConfigMap.name }} +apiVersion: v1 +kind: ConfigMap +metadata: + {{- $mqCtx := dict "Values" (dict "nameOverride" "ai-mq") "Chart" .Chart "Release" .Release }} + name: {{ template "alfresco-ai-transformer.fullname" $mqCtx }} + labels: + {{- include "alfresco-ai-transformer.labels" $ | nindent 4 }} +data: + {{- $reqmsg := "Please provide a valid broker URL with messageBroker.url or as a configmap key using messageBroker.existingConfigMap" }} + {{ template "alfresco-common.activemq.cm" (required $reqmsg .Values.messageBroker.url) }} +{{- end }} diff --git a/charts/alfresco-ai-transformer/templates/config-sfs.yaml b/charts/alfresco-ai-transformer/templates/config-sfs.yaml new file mode 100644 index 00000000..e7d71e21 --- /dev/null +++ b/charts/alfresco-ai-transformer/templates/config-sfs.yaml @@ -0,0 +1,12 @@ +{{- if not .Values.sfs.existingConfigMap.name }} +apiVersion: v1 +kind: ConfigMap +metadata: + {{- $cmCtx := dict "Values" (dict "nameOverride" "ai-sfs") "Chart" .Chart "Release" .Release }} + name: {{ template "alfresco-ai-transformer.fullname" $cmCtx }} + labels: + {{- include "alfresco-ai-transformer.labels" . | nindent 4 }} +data: + {{- $reqmsg := "You must provide a base URL for the filestore service as sfs.url" }} + FILE_STORE_URL: {{ printf "%s/alfresco/api/-default-/private/sfs/versions/1/file" (required $reqmsg .Values.sfs.url) }} +{{- end }} diff --git a/charts/alfresco-ai-transformer/templates/deployment-ai-transformer.yaml b/charts/alfresco-ai-transformer/templates/deployment-ai-transformer.yaml index 5983aad4..683e1524 100644 --- a/charts/alfresco-ai-transformer/templates/deployment-ai-transformer.yaml +++ b/charts/alfresco-ai-transformer/templates/deployment-ai-transformer.yaml @@ -15,16 +15,15 @@ spec: {{- toYaml .Values.strategy.rollingUpdate | nindent 6 }} template: metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/config-ai-transformer.yaml") . | sha256sum }} labels: {{- include "alfresco-ai-transformer.selectorLabels" . | nindent 8 }} spec: - {{- include "component-pod-security-context" .Values | indent 4 }} - {{- if .Values.nodeSelector }} + serviceAccountName: {{ include "alfresco-ai-transformer.serviceAccountName" . }} + {{- include "alfresco-common.component-pod-security-context" .Values | indent 4 }} + {{- if .Values.nodeSelector }} nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }} - {{- end }} - {{- include "alfresco-content-services.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- include "alfresco-common.imagePullSecrets" . | indent 6 }} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -58,14 +57,67 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- include "component-security-context" .Values | indent 8 }} + {{- include "alfresco-common.component-security-context" .Values | indent 8 }} envFrom: - configMapRef: name: {{ template "alfresco-ai-transformer.fullname" . }} - - secretRef: - name: {{ default (printf "%s-messagebroker-secret" (include "alfresco-ai-transformer.fullname" $)) $.Values.messageBroker.existingSecretName }} env: - {{- include "activemq.env" . | nindent 12 }} + {{- $mqSecretCtx := dict "Values" (dict "nameOverride" "ai-mq") "Chart" $.Chart "Release" $.Release }} + {{- $mqSecret := coalesce .Values.messageBroker.existingSecret.name (include "alfresco-ai-transformer.fullname" $mqSecretCtx) }} + {{- $awsSecretCtx := dict "Values" (dict "nameOverride" "aws-comprehend") "Chart" $.Chart "Release" $.Release }} + {{- $awsSecret := coalesce .Values.aws.existingSecret.name (include "alfresco-ai-transformer.fullname" $awsSecretCtx) }} + {{- $awsCmCtx := dict "Values" (dict "nameOverride" "aws-comprehend") "Chart" $.Chart "Release" $.Release }} + {{- $awsCm := coalesce .Values.aws.existingConfigMap.name (include "alfresco-ai-transformer.fullname" $awsCmCtx) }} + {{- $mqCmCtx := dict "Values" (dict "nameOverride" "ai-mq") "Chart" $.Chart "Release" $.Release }} + {{- $mqCm := coalesce .Values.messageBroker.existingSecret.name (include "alfresco-ai-transformer.fullname" $mqCmCtx) }} + {{- $sfsCmCtx := dict "Values" (dict "nameOverride" "ai-sfs") "Chart" .Chart "Release" .Release }} + {{- $sfsCm := coalesce .Values.sfs.existingConfigMap.name (include "alfresco-ai-transformer.fullname" $sfsCmCtx) }} + - name: BROKER_USERNAME + valueFrom: + secretKeyRef: + name: {{ $mqSecret }} + key: {{ .Values.messageBroker.existingSecret.keys.username }} + - name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $mqSecret }} + key: {{ .Values.messageBroker.existingSecret.keys.password }} + - name: BROKER_URL + valueFrom: + configMapKeyRef: + name: {{ $mqCm }} + key: {{ .Values.messageBroker.existingConfigMap.keys.url }} + - name: FILE_STORE_URL + valueFrom: + configMapKeyRef: + name: {{ $sfsCm }} + key: {{ .Values.sfs.existingConfigMap.keys.url }} + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ $awsSecret }} + key: {{ .Values.aws.existingSecret.keys.accessKeyId }} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ $awsSecret }} + key: {{ .Values.aws.existingSecret.keys.secretAccessKey }} + - name: AWS_REGION + valueFrom: + configMapKeyRef: + name: {{ $awsCm }} + key: {{ .Values.aws.existingConfigMap.keys.region }} + - name: AWS_S3_BUCKET + valueFrom: + configMapKeyRef: + name: {{ $awsCm }} + key: {{ .Values.aws.existingConfigMap.keys.s3Bucket }} + - name: AWS_COMPREHEND_ROLE_ARN + valueFrom: + configMapKeyRef: + name: {{ $awsCm }} + key: {{ .Values.aws.existingConfigMap.keys.comprehendRoleARN }} + ports: - containerPort: {{ .Values.image.internalPort }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/alfresco-ai-transformer/templates/secret-aws.yaml b/charts/alfresco-ai-transformer/templates/secret-aws.yaml new file mode 100644 index 00000000..42ddc032 --- /dev/null +++ b/charts/alfresco-ai-transformer/templates/secret-aws.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.aws.existingSecret.name }} +apiVersion: v1 +kind: Secret +metadata: + {{- $secretCtx := dict "Values" (dict "nameOverride" "aws-comprehend") "Chart" .Chart "Release" .Release }} + name: {{ template "alfresco-ai-transformer.fullname" $secretCtx }} + labels: + {{- include "alfresco-ai-transformer.labels" . | nindent 4 }} +type: Opaque +data: + {{- with .Values.aws}} + {{- $reqmsg := "You need to pass AWS credentials as values aws.%s or provide an aws.existingSecret.name" }} + AWS_ACCESS_KEY_ID: {{ required (printf $reqmsg "accesseyId") .accessKeyId | b64enc | quote }} + AWS_SECRET_ACCESS_KEY: {{ required (printf $reqmsg "secretAccessKey") .secretAccessKey | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-ai-transformer/templates/secret-messagebroker.yaml b/charts/alfresco-ai-transformer/templates/secret-messagebroker.yaml index 44535cf9..ac0e065e 100644 --- a/charts/alfresco-ai-transformer/templates/secret-messagebroker.yaml +++ b/charts/alfresco-ai-transformer/templates/secret-messagebroker.yaml @@ -1,19 +1,13 @@ -{{- if not .Values.messageBroker.existingSecretName }} +{{- if not .Values.messageBroker.existingSecret.name }} apiVersion: v1 kind: Secret metadata: - name: {{ template "alfresco-ai-transformer.fullname" . }}-messagebroker-secret + {{- $mqCtx := dict "Values" (dict "nameOverride" "ai-mq") "Chart" .Chart "Release" .Release }} + name: {{ template "alfresco-ai-transformer.fullname" $mqCtx }} labels: {{- include "alfresco-ai-transformer.labels" $ | nindent 4 }} type: Opaque data: - {{- if .Values.activemq.enabled }} - BROKER_URL: {{ printf "failover:(nio://%s-activemq-broker:61616)?timeout=3000&jms.useCompression=true" (include "alfresco-ai-transformer.fullname" .) | b64enc | quote }} - BROKER_USERNAME: {{ .Values.activemq.adminUser.user | b64enc | quote }} - BROKER_PASSWORD: {{ .Values.activemq.adminUser.password | b64enc | quote }} - {{- else }} - BROKER_URL: {{ required "Disabling in-cluster ActiveMQ requires passing (at least) messageBroker.url" .Values.messageBroker.url | b64enc | quote }} BROKER_USERNAME: {{ .Values.messageBroker.user | b64enc | quote }} BROKER_PASSWORD: {{ .Values.messageBroker.password | b64enc | quote }} - {{- end }} {{- end }} diff --git a/charts/alfresco-ai-transformer/templates/serviceaccount.yaml b/charts/alfresco-ai-transformer/templates/serviceaccount.yaml new file mode 100644 index 00000000..90560a83 --- /dev/null +++ b/charts/alfresco-ai-transformer/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "alfresco-ai-transformer.serviceAccountName" . }} + labels: + {{- include "alfresco-ai-transformer.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-ai-transformer/tests/confimap_test.yaml b/charts/alfresco-ai-transformer/tests/confimap_test.yaml new file mode 100644 index 00000000..e1098987 --- /dev/null +++ b/charts/alfresco-ai-transformer/tests/confimap_test.yaml @@ -0,0 +1,60 @@ +suite: test ai-transformer configmap +templates: +- config-message-broker.yaml +- config-ai-transformer.yaml +- config-aws.yaml +- config-sfs.yaml +tests: +- it: should fail due to missing values + template: config-message-broker.yaml + set: + sfs: + url: htts://some-file-store.infra.local:8080 + asserts: + - failedTemplate: + errorMessage: >- + Please provide a valid broker URL with messageBroker.url or as a configmap key using messageBroker.existingConfigMap +- it: should fail due to missing values + set: + messageBroker: + url: nio://activemq:61616 + asserts: + - failedTemplate: + errorMessage: You must provide a base URL for the filestore service as sfs.url + template: config-sfs.yaml +- it: should render default configmaps based on values + values: &testvalues + - values/test_values.yaml + template: config-aws.yaml + asserts: + - equal: + path: data.JAVA_OPTS + value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + template: config-ai-transformer.yaml + - equal: + path: data.FILE_STORE_URL + value: http://acs-alfresco-transform-service/alfresco/api/-default-/private/sfs/versions/1/file + template: config-sfs.yaml + - equal: + path: data.BROKER_URL + value: failover:(nio://activemq:61616) + template: config-message-broker.yaml + - equal: + path: data.AWS_REGION + value: null + - equal: + path: data.AWS_S3_BUCKET + value: null + - equal: + path: data.AWS_COMPREHEND_ROLE_ARN + value: null +- it: should not render components configmaps + values: *testvalues + set: + aws: + existingConfigMap: + name: myaws + template: config-aws.yaml + asserts: + - hasDocuments: + count: 0 diff --git a/charts/alfresco-ai-transformer/tests/deployment-ai-tranformer_test.yaml b/charts/alfresco-ai-transformer/tests/deployment-ai-tranformer_test.yaml index 0e0f989c..7eae56b6 100644 --- a/charts/alfresco-ai-transformer/tests/deployment-ai-tranformer_test.yaml +++ b/charts/alfresco-ai-transformer/tests/deployment-ai-tranformer_test.yaml @@ -3,25 +3,154 @@ templates: - deployment-ai-transformer.yaml - config-ai-transformer.yaml tests: -- it: should have basic metadata in place +- it: should have basic deployment properties by default values: &testvalues - values/test_values.yaml + template: deployment-ai-transformer.yaml asserts: - - equal: - path: metadata.name - value: RELEASE-NAME-alfresco-ai-transformer - template: deployment-ai-transformer.yaml - -- it: should render cpu and memory limits + - contains: + path: spec.template.spec.containers[0].env + content: + name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: RELEASE-NAME-aws-comprehend + key: AWS_ACCESS_KEY_ID + - contains: + path: spec.template.spec.containers[0].env + content: + name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: RELEASE-NAME-aws-comprehend + key: AWS_SECRET_ACCESS_KEY + - contains: + path: spec.template.spec.containers[0].env + content: + name: FILE_STORE_URL + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-ai-sfs + key: FILE_STORE_URL + - contains: + path: spec.template.spec.containers[0].env + content: + name: AWS_REGION + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-aws-comprehend + key: AWS_REGION + - contains: + path: spec.template.spec.containers[0].env + content: + name: AWS_S3_BUCKET + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-aws-comprehend + key: AWS_S3_BUCKET + - contains: + path: spec.template.spec.containers[0].env + content: + name: AWS_COMPREHEND_ROLE_ARN + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-aws-comprehend + key: AWS_COMPREHEND_ROLE_ARN + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/component: alfresco-ai-transformer + - equal: + path: spec.template.spec.serviceAccountName + value: ai-transformer-sa + - equal: + path: metadata.name + value: RELEASE-NAME-alfresco-ai-transformer + - equal: + path: metadata.name + value: RELEASE-NAME-alfresco-ai-transformer + - equal: + path: spec.template.spec.containers[0].resources + value: + requests: + cpu: "0.25" + memory: "1000Mi" + limits: + cpu: "2" + memory: "1000Mi" +- it: should render deployment with existing secrets and configmaps values: *testvalues + set: + serviceAccount: + create: false + name: null + sfs: + existingConfigMap: + name: sfsurl + keys: + url: SFS_URL + aws: + existingSecret: + name: awscreds + keys: + accessKeyId: AWSACCESSKEYID + secretAccessKey: AWSSECRETACCESSKEY + existingConfigMap: + name: amazon + keys: + region: REGION + s3Bucket: comprehendbucket + comprehendRoleARN: ROLE + template: deployment-ai-transformer.yaml asserts: - - equal: - path: spec.template.spec.containers[0].resources - value: - requests: - cpu: "0.25" - memory: "1000Mi" - limits: - cpu: "2" - memory: "1000Mi" - template: deployment-ai-transformer.yaml + - equal: + path: spec.template.spec.serviceAccountName + value: default + - contains: + path: spec.template.spec.containers[0].env + content: + name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: awscreds + key: AWSACCESSKEYID + - contains: + path: spec.template.spec.containers[0].env + content: + name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: awscreds + key: AWSSECRETACCESSKEY + - contains: + path: spec.template.spec.containers[0].env + content: + name: FILE_STORE_URL + valueFrom: + configMapKeyRef: + name: sfsurl + key: SFS_URL + - contains: + path: spec.template.spec.containers[0].env + content: + name: AWS_REGION + valueFrom: + configMapKeyRef: + name: amazon + key: REGION + - contains: + path: spec.template.spec.containers[0].env + content: + name: AWS_S3_BUCKET + valueFrom: + configMapKeyRef: + name: amazon + key: comprehendbucket + - contains: + path: spec.template.spec.containers[0].env + content: + name: AWS_COMPREHEND_ROLE_ARN + valueFrom: + configMapKeyRef: + name: amazon + key: ROLE diff --git a/charts/alfresco-ai-transformer/tests/secrets_test.yaml b/charts/alfresco-ai-transformer/tests/secrets_test.yaml new file mode 100644 index 00000000..aa81c1e7 --- /dev/null +++ b/charts/alfresco-ai-transformer/tests/secrets_test.yaml @@ -0,0 +1,64 @@ +suite: test ai-transformer secrets +templates: +- secret-aws.yaml +- secret-messagebroker.yaml +tests: +- it: should have an empty secret rendered by default + values: &testvalues + - values/test_values.yaml + template: secret-aws.yaml + asserts: + - equal: + path: data.AWS_ACCESS_KEY_ID + value: QUFBQUFBQUFBQUFBQUFBQUE= + - equal: + path: data.AWS_SECRET_ACCESS_KEY + value: WlpaWlpaWlpaWlpaWlpaWlo= + - equal: + path: data.BROKER_USERNAME + value: c3VwZXJicm9rZXI= + template: secret-messagebroker.yaml + - equal: + path: data.BROKER_PASSWORD + value: dmVyeWNoZWFw + template: secret-messagebroker.yaml +- it: should render secret based on values + values: *testvalues + template: secret-aws.yaml + set: + aws: + accessKeyId: SOMEID + secretAccessKey: SOMEKEY + messageBroker: + user: pubsub + password: subpub + asserts: + - equal: + path: data.AWS_ACCESS_KEY_ID + value: U09NRUlE + - equal: + path: data.AWS_SECRET_ACCESS_KEY + value: U09NRUtFWQ== + - equal: + path: data.BROKER_USERNAME + value: cHVic3Vi + template: secret-messagebroker.yaml + - equal: + path: data.BROKER_PASSWORD + value: c3VicHVi + template: secret-messagebroker.yaml +- it: should not render secrets + values: *testvalues + set: + aws: + existingSecret: + name: aws-iam-user + messageBroker: + existingSecret: + name: amq-creds + asserts: + - hasDocuments: + count: 0 + - hasDocuments: + count: 0 + template: secret-messagebroker.yaml diff --git a/charts/alfresco-ai-transformer/tests/values/test_values.yaml b/charts/alfresco-ai-transformer/tests/values/test_values.yaml index 6968a5a1..4a832461 100644 --- a/charts/alfresco-ai-transformer/tests/values/test_values.yaml +++ b/charts/alfresco-ai-transformer/tests/values/test_values.yaml @@ -3,3 +3,12 @@ global: tracking: sharedsecret: dummy alfrescoRegistryPullSecrets: secretsecret +aws: + accessKeyId: AAAAAAAAAAAAAAAAA + secretAccessKey: ZZZZZZZZZZZZZZZZZ +sfs : + url: http://acs-alfresco-transform-service +messageBroker: + user: superbroker + password: verycheap + url: nio://activemq:61616 diff --git a/charts/alfresco-ai-transformer/values.yaml b/charts/alfresco-ai-transformer/values.yaml index 0d00619a..db55ec4b 100644 --- a/charts/alfresco-ai-transformer/values.yaml +++ b/charts/alfresco-ai-transformer/values.yaml @@ -15,6 +15,14 @@ service: name: ai-transformer type: ClusterIP externalPort: 80 +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: ai-transformer-sa podSecurityContext: runAsUser: 33015 resources: @@ -40,20 +48,45 @@ livenessProbe: livenessTransformPeriodSeconds: 600 maxTransforms: 10000 maxTransformSeconds: 1800 +sfs: + # -- Alfresco Transformation filestore (e.g. http://acs-alfresco-transform-service) + url: null + existingConfigMap: + name: null + keys: + url: FILE_STORE_URL aws: # -- AWS credentials are required as documented at https://docs.alfresco.com/intelligence-services/latest/config/#default-configuration - accessKey: XXXXXXXXXXXXXXXXXXXXXXXX - secretAccessKey: XXXXXXXXXXXXXXXXXXXXXXXX - region: region-name - s3Bucket: s3-bucket-name - comprehendRoleARN: arn:aws:iam::XXXXXXXXXXXX:role/ComprehendAsyncJobs + accessKeyId: null + secretAccessKey: null + region: null + s3Bucket: null + comprehendRoleARN: null + existingConfigMap: + name: null + keys: + region: AWS_REGION + s3Bucket: AWS_S3_BUCKET + comprehendRoleARN: AWS_COMPREHEND_ROLE_ARN + existingSecret: + name: null + keys: + accessKeyId: AWS_ACCESS_KEY_ID + secretAccessKey: AWS_SECRET_ACCESS_KEY messageBroker: url: null user: null password: null - # -- Name of the secret managed by this chart - secretName: acs-alfresco-cs-brokersecret - # -- Alternatively, provide credentials via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys - existingSecretName: null -activemq: - enabled: false + # -- Alternatively, provide credentials via an existing secret and set the keys as they are given + existingConfigMap: + name: null + keys: + url: BROKER_URL + existingSecret: + name: null + keys: + username: BROKER_USERNAME + password: BROKER_PASSWORD +tags: + # -- A chart tag used for Hyland's CI purpose. Do not set it to true. + ci: false