OPSEXP-2293: align alfresco-ai-transformer chart with latest practices

charts/alfresco-ai-transformer/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: alfresco-common
   repository: https://alfresco.github.io/alfresco-helm-charts/
-  version: 2.1.0
+  version: 3.0.0
 - name: activemq
   repository: https://alfresco.github.io/alfresco-helm-charts/
-  version: 3.2.0
-digest: sha256:2253dbee6aa979a16ff69d391f074dd62adf48c7d41f12271eebaee3fb89e54f
-generated: "2023-08-18T17:01:09.053373+02:00"
+  version: 3.4.1
+digest: sha256:9cc0f93b3dd14c9dde5cb9d9f4b7540d9d40d02d66b2a8d8eabd9d7f4f033f5c
+generated: "2023-12-15T14:43:55.754327+01:00"

charts/alfresco-ai-transformer/Chart.yaml

@@ -2,13 +2,14 @@ apiVersion: v2
 name: alfresco-ai-transformer
 description: A Helm chart for deploying Alfresco ai transformer service
 type: application
-version: 0.4.1
+version: 1.0.0-alpha.1
 appVersion: 3.0.1
 dependencies:
   - name: alfresco-common
-    version: 2.1.0
+    version: 3.0.0
     repository: https://alfresco.github.io/alfresco-helm-charts/
   - name: activemq
-    version: 3.2.0
+    version: 3.4.1
     repository: https://alfresco.github.io/alfresco-helm-charts/
-    condition: activemq.enabled
+    tags:
+      - ci

charts/alfresco-ai-transformer/README.md

@@ -1,26 +1,32 @@
 # alfresco-ai-transformer
 
-![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.1](https://img.shields.io/badge/AppVersion-3.0.1-informational?style=flat-square)
+![Version: 1.0.0-alpha.1](https://img.shields.io/badge/Version-1.0.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.1](https://img.shields.io/badge/AppVersion-3.0.1-informational?style=flat-square)
 
 A Helm chart for deploying Alfresco ai transformer service
 
 ## Requirements
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.2.0 |
-| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.1.0 |
+| https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.4.1 |
+| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.0.0 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| activemq.enabled | bool | `false` |  |
-| aws.accessKey | string | `"XXXXXXXXXXXXXXXXXXXXXXXX"` | AWS credentials are required as documented at https://docs.alfresco.com/intelligence-services/latest/config/#default-configuration |
-| aws.comprehendRoleARN | string | `"arn:aws:iam::XXXXXXXXXXXX:role/ComprehendAsyncJobs"` |  |
-| aws.region | string | `"region-name"` |  |
-| aws.s3Bucket | string | `"s3-bucket-name"` |  |
-| aws.secretAccessKey | string | `"XXXXXXXXXXXXXXXXXXXXXXXX"` |  |
+| aws.accessKeyId | string | `nil` | AWS credentials are required as documented at https://docs.alfresco.com/intelligence-services/latest/config/#default-configuration |
+| aws.comprehendRoleARN | string | `nil` |  |
+| aws.existingConfigMap.keys.comprehendRoleARN | string | `"AWS_COMPREHEND_ROLE_ARN"` |  |
+| aws.existingConfigMap.keys.region | string | `"AWS_REGION"` |  |
+| aws.existingConfigMap.keys.s3Bucket | string | `"AWS_S3_BUCKET"` |  |
+| aws.existingConfigMap.name | string | `nil` |  |
+| aws.existingSecret.keys.accessKeyId | string | `"AWS_ACCESS_KEY_ID"` |  |
+| aws.existingSecret.keys.secretAccessKey | string | `"AWS_SECRET_ACCESS_KEY"` |  |
+| aws.existingSecret.name | string | `nil` |  |
+| aws.region | string | `nil` |  |
+| aws.s3Bucket | string | `nil` |  |
+| aws.secretAccessKey | string | `nil` |  |
 | environment.JAVA_OPTS | string | `"-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80"` |  |
 | global.alfrescoRegistryPullSecrets | string | `"quay-registry-secret"` |  |
 | image.internalPort | int | `8090` |  |
@@ -34,9 +40,11 @@ A Helm chart for deploying Alfresco ai transformer service
 | livenessProbe.maxTransforms | int | `10000` |  |
 | livenessProbe.periodSeconds | int | `20` |  |
 | livenessProbe.timeoutSeconds | int | `10` |  |
-| messageBroker.existingSecretName | string | `nil` | Alternatively, provide credentials via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys |
+| messageBroker.existingConfigMap | object | `{"keys":{"url":"BROKER_URL"},"name":null}` | Alternatively, provide credentials via an existing secret and set the keys as they are given |
+| messageBroker.existingSecret.keys.password | string | `"BROKER_PASSWORD"` |  |
+| messageBroker.existingSecret.keys.username | string | `"BROKER_USERNAME"` |  |
+| messageBroker.existingSecret.name | string | `nil` |  |
 | messageBroker.password | string | `nil` |  |
-| messageBroker.secretName | string | `"acs-alfresco-cs-brokersecret"` | Name of the secret managed by this chart |
 | messageBroker.url | string | `nil` |  |
 | messageBroker.user | string | `nil` |  |
 | nodeSelector | object | `{}` |  |
@@ -52,8 +60,15 @@ A Helm chart for deploying Alfresco ai transformer service
 | service.externalPort | int | `80` |  |
 | service.name | string | `"ai-transformer"` |  |
 | service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `"ai-transformer-sa"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| sfs.existingConfigMap.keys.url | string | `"FILE_STORE_URL"` |  |
+| sfs.existingConfigMap.name | string | `nil` |  |
+| sfs.url | string | `nil` | Alfresco Transformation filestore (e.g. http://acs-alfresco-transform-service) |
 | strategy.rollingUpdate.maxSurge | int | `1` |  |
 | strategy.rollingUpdate.maxUnavailable | int | `0` |  |
+| tags.ci | bool | `false` | A chart tag used for Hyland's CI purpose. Do not set it to true. |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

charts/alfresco-ai-transformer/ci/default-values.yaml

@@ -6,11 +6,27 @@ resources:
     cpu: "1"
     memory: "500Mi"
 activemq:
-  enabled: true
+  fullnameOverride: activemq
   resources:
     requests:
       cpu: "100m"
       memory: "512Mi"
     limits:
       cpu: "1000m"
       memory: "1Gi"
+  adminUser: &mquser
+    user: someone
+    password: something
+aws:
+  accessKeyId: AAAAAAAAAAAAAAAAA
+  secretAccessKey: ZZZZZZZZZZZZZZZZZ
+  s3Bucket: somebucket
+  region: us-east-1
+  comprehendRoleARN: arn:aws:iam::000000000000:user/comprehend
+sfs:
+  url: http://acs-alfresco-transform-service
+messageBroker:
+  <<: *mquser
+  url: failover:(nio://activemq:61616)
+tags:
+  ci: true

charts/alfresco-ai-transformer/templates/_helpers.tpl

@@ -40,6 +40,7 @@ helm.sh/chart: {{ include "alfresco-ai-transformer.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: {{ template "alfresco-ai-transformer.name" . }}
 {{- end }}
 
 {{/*
@@ -49,3 +50,14 @@ Selector labels
 app.kubernetes.io/name: {{ include "alfresco-ai-transformer.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "alfresco-ai-transformer.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "alfresco-ai-transformer.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/alfresco-ai-transformer/templates/config-ai-transformer.yaml

@@ -5,17 +5,9 @@ metadata:
   labels:
     {{- include "alfresco-ai-transformer.labels" . | nindent 4 }}
 data:
-  {{- if .Values.environment }}
   {{- range $key, $val := .Values.environment }}
   {{ $key }}: {{ $val | quote }}
   {{- end }}
-  {{- end }}
-  FILE_STORE_URL: http://{{ template "alfresco.shortname" . }}-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file
-  AWS_ACCESS_KEY: {{ .Values.aws.accessKey }}
-  AWS_SECRET_ACCESS_KEY: {{ .Values.aws.secretAccessKey }}
-  AWS_REGION: {{ .Values.aws.region }}
-  AWS_S3_BUCKET: {{ .Values.aws.s3Bucket }}
-  AWS_COMPREHEND_ROLE_ARN: {{ .Values.aws.comprehendRoleARN }}
   livenessPercent: "{{ .Values.livenessProbe.livenessPercent }}"
   livenessTransformPeriodSeconds: "{{ .Values.livenessProbe.livenessTransformPeriodSeconds }}"
   maxTransforms: "{{ .Values.livenessProbe.maxTransforms }}"

charts/alfresco-ai-transformer/templates/config-aws.yaml

@@ -0,0 +1,13 @@
+{{- if not .Values.aws.existingConfigMap.name }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  {{- $cmCtx := dict "Values" (dict "nameOverride" "aws-comprehend") "Chart" .Chart "Release" .Release }}
+  name: {{ template "alfresco-ai-transformer.fullname" $cmCtx }}
+  labels:
+    {{- include "alfresco-ai-transformer.labels" . | nindent 4 }}
+data:
+  AWS_REGION: {{ .Values.aws.region }}
+  AWS_S3_BUCKET: {{ .Values.aws.s3Bucket }}
+  AWS_COMPREHEND_ROLE_ARN: {{ .Values.aws.comprehendRoleARN }}
+{{- end }}

charts/alfresco-ai-transformer/templates/config-message-broker.yaml

@@ -0,0 +1,12 @@
+{{- if not .Values.messageBroker.existingConfigMap.name }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  {{- $mqCtx := dict "Values" (dict "nameOverride" "ai-mq") "Chart" .Chart "Release" .Release }}
+  name: {{ template "alfresco-ai-transformer.fullname" $mqCtx }}
+  labels:
+    {{- include "alfresco-ai-transformer.labels" $ | nindent 4 }}
+data:
+  {{- $reqmsg := "Please provide a valid broker URL with messageBroker.url or as a configmap key using messageBroker.existingConfigMap" }}
+  {{ template "alfresco-common.activemq.cm" (required $reqmsg .Values.messageBroker.url) }}
+{{- end }}

charts/alfresco-ai-transformer/templates/config-sfs.yaml

@@ -0,0 +1,12 @@
+{{- if not .Values.sfs.existingConfigMap.name }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  {{- $cmCtx := dict "Values" (dict "nameOverride" "ai-sfs") "Chart" .Chart "Release" .Release }}
+  name: {{ template "alfresco-ai-transformer.fullname" $cmCtx }}
+  labels:
+    {{- include "alfresco-ai-transformer.labels" . | nindent 4 }}
+data:
+  {{- $reqmsg := "You must provide a base URL for the filestore service as sfs.url" }}
+  FILE_STORE_URL: {{ printf "%s/alfresco/api/-default-/private/sfs/versions/1/file"  (required $reqmsg .Values.sfs.url) }}
+{{- end }}

charts/alfresco-ai-transformer/templates/deployment-ai-transformer.yaml

@@ -15,16 +15,15 @@ spec:
       {{- toYaml .Values.strategy.rollingUpdate | nindent 6 }}
   template:
     metadata:
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/config-ai-transformer.yaml") . | sha256sum }}
       labels:
         {{- include "alfresco-ai-transformer.selectorLabels" . | nindent 8 }}
     spec:
-    {{- include "component-pod-security-context" .Values | indent 4 }}
-    {{- if .Values.nodeSelector }}
+      serviceAccountName: {{ include "alfresco-ai-transformer.serviceAccountName" . }}
+      {{- include "alfresco-common.component-pod-security-context" .Values | indent 4 }}
+      {{- if .Values.nodeSelector }}
       nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
-    {{- end }}
-      {{- include "alfresco-content-services.imagePullSecrets" . | indent 6 }}
+      {{- end }}
+      {{- include "alfresco-common.imagePullSecrets" . | indent 6 }}
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -58,14 +57,67 @@ spec:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- include "component-security-context" .Values | indent 8 }}
+          {{- include "alfresco-common.component-security-context" .Values | indent 8 }}
           envFrom:
           - configMapRef:
               name: {{ template "alfresco-ai-transformer.fullname" . }}
-          - secretRef:
-              name: {{ default (printf "%s-messagebroker-secret" (include "alfresco-ai-transformer.fullname" $)) $.Values.messageBroker.existingSecretName }}
           env:
-            {{- include "activemq.env" . | nindent 12 }}
+            {{- $mqSecretCtx := dict "Values" (dict "nameOverride" "ai-mq") "Chart" $.Chart "Release" $.Release }}
+            {{- $mqSecret := coalesce .Values.messageBroker.existingSecret.name (include "alfresco-ai-transformer.fullname" $mqSecretCtx) }}
+            {{- $awsSecretCtx := dict "Values" (dict "nameOverride" "aws-comprehend") "Chart" $.Chart "Release" $.Release }}
+            {{- $awsSecret := coalesce .Values.aws.existingSecret.name (include "alfresco-ai-transformer.fullname" $awsSecretCtx) }}
+            {{- $awsCmCtx := dict "Values" (dict "nameOverride" "aws-comprehend") "Chart" $.Chart "Release" $.Release }}
+            {{- $awsCm := coalesce .Values.aws.existingConfigMap.name (include "alfresco-ai-transformer.fullname" $awsCmCtx) }}
+            {{- $mqCmCtx := dict "Values" (dict "nameOverride" "ai-mq") "Chart" $.Chart "Release" $.Release }}
+            {{- $mqCm := coalesce .Values.messageBroker.existingSecret.name (include "alfresco-ai-transformer.fullname" $mqCmCtx) }}
+            {{- $sfsCmCtx := dict "Values" (dict "nameOverride" "ai-sfs") "Chart" .Chart "Release" .Release }}
+            {{- $sfsCm := coalesce .Values.sfs.existingConfigMap.name (include "alfresco-ai-transformer.fullname" $sfsCmCtx) }}
+            - name: BROKER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $mqSecret }}
+                  key: {{ .Values.messageBroker.existingSecret.keys.username }}
+            - name: BROKER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $mqSecret }}
+                  key: {{ .Values.messageBroker.existingSecret.keys.password }}
+            - name: BROKER_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $mqCm }}
+                  key: {{ .Values.messageBroker.existingConfigMap.keys.url }}
+            - name: FILE_STORE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $sfsCm }}
+                  key: {{ .Values.sfs.existingConfigMap.keys.url }}
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $awsSecret }}
+                  key: {{ .Values.aws.existingSecret.keys.accessKeyId }}
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $awsSecret }}
+                  key: {{ .Values.aws.existingSecret.keys.secretAccessKey }}
+            - name: AWS_REGION
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $awsCm }}
+                  key: {{ .Values.aws.existingConfigMap.keys.region }}
+            - name: AWS_S3_BUCKET
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $awsCm }}
+                  key: {{ .Values.aws.existingConfigMap.keys.s3Bucket }}
+            - name: AWS_COMPREHEND_ROLE_ARN
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $awsCm }}
+                  key: {{ .Values.aws.existingConfigMap.keys.comprehendRoleARN }}
+
           ports:
               - containerPort: {{ .Values.image.internalPort }}
           resources: {{- toYaml .Values.resources | nindent 12 }}

charts/alfresco-ai-transformer/templates/secret-aws.yaml

@@ -0,0 +1,16 @@
+{{- if not .Values.aws.existingSecret.name }}
+apiVersion: v1
+kind: Secret
+metadata:
+  {{- $secretCtx := dict "Values" (dict "nameOverride" "aws-comprehend") "Chart" .Chart "Release" .Release }}
+  name: {{ template "alfresco-ai-transformer.fullname" $secretCtx }}
+  labels:
+    {{- include "alfresco-ai-transformer.labels" . | nindent 4 }}
+type: Opaque
+data:
+  {{- with .Values.aws}}
+  {{- $reqmsg := "You need to pass AWS credentials as values aws.%s or provide an aws.existingSecret.name" }}
+  AWS_ACCESS_KEY_ID: {{ required (printf $reqmsg "accesseyId") .accessKeyId | b64enc | quote }}
+  AWS_SECRET_ACCESS_KEY: {{ required (printf $reqmsg "secretAccessKey") .secretAccessKey | b64enc | quote }}
+  {{- end }}
+{{- end }}

charts/alfresco-ai-transformer/templates/secret-messagebroker.yaml

@@ -1,19 +1,13 @@
-{{- if not .Values.messageBroker.existingSecretName }}
+{{- if not .Values.messageBroker.existingSecret.name }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ template "alfresco-ai-transformer.fullname" . }}-messagebroker-secret
+  {{- $mqCtx := dict "Values" (dict "nameOverride" "ai-mq") "Chart" .Chart "Release" .Release }}
+  name: {{ template "alfresco-ai-transformer.fullname" $mqCtx }}
   labels:
     {{- include "alfresco-ai-transformer.labels" $ | nindent 4 }}
 type: Opaque
 data:
-  {{- if .Values.activemq.enabled }}
-  BROKER_URL: {{ printf "failover:(nio://%s-activemq-broker:61616)?timeout=3000&jms.useCompression=true" (include "alfresco-ai-transformer.fullname" .) | b64enc | quote }}
-  BROKER_USERNAME: {{ .Values.activemq.adminUser.user | b64enc | quote }}
-  BROKER_PASSWORD: {{ .Values.activemq.adminUser.password | b64enc | quote }}
-  {{- else }}
-  BROKER_URL: {{ required "Disabling in-cluster ActiveMQ requires passing (at least) messageBroker.url" .Values.messageBroker.url | b64enc | quote }}
   BROKER_USERNAME: {{ .Values.messageBroker.user | b64enc | quote }}
   BROKER_PASSWORD: {{ .Values.messageBroker.password | b64enc | quote }}
-  {{- end }}
 {{- end }}

charts/alfresco-ai-transformer/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "alfresco-ai-transformer.serviceAccountName" . }}
+  labels:
+    {{- include "alfresco-ai-transformer.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}