diff --git a/.github/workflows/docker-compose-community.yml b/.github/workflows/docker-compose-community.yml index 300c7915a..bfc629fdf 100644 --- a/.github/workflows/docker-compose-community.yml +++ b/.github/workflows/docker-compose-community.yml @@ -6,6 +6,7 @@ on: branches: - master - release/** + - next/** paths: - docker-compose/community-docker-compose.yml - test/postman/docker-compose/** diff --git a/.github/workflows/docker-compose-enterprise.yml b/.github/workflows/docker-compose-enterprise.yml index 756379a2d..f287aa18b 100644 --- a/.github/workflows/docker-compose-enterprise.yml +++ b/.github/workflows/docker-compose-enterprise.yml @@ -6,6 +6,7 @@ on: branches: - master - release/** + - next/** paths: - "! docker-compose/community-docker-compose.yml" - docker-compose/** diff --git a/.github/workflows/helm-community.yml b/.github/workflows/helm-community.yml index bf4da4c2f..dd9320d68 100644 --- a/.github/workflows/helm-community.yml +++ b/.github/workflows/helm-community.yml @@ -5,6 +5,7 @@ on: branches: - master - release/** + - next/** paths: - helm/** - test/postman/helm/** @@ -51,6 +52,11 @@ jobs: --from-file=.dockerconfigjson=$HOME/.docker/config.json \ --type=kubernetes.io/dockerconfigjson + - name: Set nginx ingress config + run: | + kubectl -n ingress-nginx patch cm ingress-nginx-controller \ + -p '{"data": {"allow-snippet-annotations":"true"}}' + - name: Helm install run: | helm dep up ./helm/alfresco-content-services diff --git a/.github/workflows/helm-enterprise.yml b/.github/workflows/helm-enterprise.yml index 7de159d72..99852b87a 100644 --- a/.github/workflows/helm-enterprise.yml +++ b/.github/workflows/helm-enterprise.yml @@ -5,6 +5,7 @@ on: branches: - master - release/** + - next/** paths: - helm/** - test/postman/helm/** @@ -99,7 +100,7 @@ jobs: uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v3.3.0 with: ingress-nginx-ref: controller-v1.8.2 - + - name: Set nginx ingress config run: | kubectl -n ingress-nginx patch cm ingress-nginx-controller \ @@ -111,6 +112,11 @@ jobs: --from-file=.dockerconfigjson=$HOME/.docker/config.json \ --type=kubernetes.io/dockerconfigjson + - name: Set nginx ingress config + run: | + kubectl -n ingress-nginx patch cm ingress-nginx-controller \ + -p '{"data": {"allow-snippet-annotations":"true"}}' + - name: Helm install run: | helm dep up ./helm/alfresco-content-services diff --git a/.github/workflows/helm-static-checks.yml b/.github/workflows/helm-static-checks.yml index 9ad79351f..dcc58f4f3 100644 --- a/.github/workflows/helm-static-checks.yml +++ b/.github/workflows/helm-static-checks.yml @@ -5,6 +5,7 @@ on: branches: - master - release/** + - next/** paths: - helm/** - test/postman/helm/** diff --git a/.github/workflows/pre-commit-compose.yml b/.github/workflows/pre-commit-compose.yml index 0447a3ea4..7966f2b7a 100644 --- a/.github/workflows/pre-commit-compose.yml +++ b/.github/workflows/pre-commit-compose.yml @@ -6,6 +6,7 @@ on: branches: - master - release/** + - next/** paths: - docker-compose/** - .pre-commit-config.yaml diff --git a/.github/workflows/pre-commit-helm.yml b/.github/workflows/pre-commit-helm.yml index 876b3b7b7..d8816a581 100644 --- a/.github/workflows/pre-commit-helm.yml +++ b/.github/workflows/pre-commit-helm.yml @@ -6,6 +6,7 @@ on: branches: - master - release/** + - next/** paths: - helm/** - test/postman/helm/** diff --git a/helm/alfresco-content-services/7.0.N_values.yaml b/helm/alfresco-content-services/7.0.N_values.yaml index 85cf70621..f03aaaad9 100644 --- a/helm/alfresco-content-services/7.0.N_values.yaml +++ b/helm/alfresco-content-services/7.0.N_values.yaml @@ -1,6 +1,6 @@ # This values file can be used to install ACS 7.0.x using the latest version of # the chart -repository: +alfresco-repository: image: tag: 7.0.1.10 alfresco-ai-transformer: @@ -32,6 +32,8 @@ share: image: tag: 7.0.1.3 alfresco-search: + repository: + securecomms: none searchServicesImage: tag: 2.0.2.2 alfresco-digital-workspace: diff --git a/helm/alfresco-content-services/7.1.N_values.yaml b/helm/alfresco-content-services/7.1.N_values.yaml index acd546955..4dea79b57 100644 --- a/helm/alfresco-content-services/7.1.N_values.yaml +++ b/helm/alfresco-content-services/7.1.N_values.yaml @@ -1,6 +1,6 @@ # This values file can be used to install ACS 7.1.x using the latest version of # the chart -repository: +alfresco-repository: image: tag: 7.1.1.8 alfresco-ai-transformer: @@ -32,6 +32,8 @@ share: image: tag: 7.1.1.8 alfresco-search: + repository: + securecomms: none searchServicesImage: tag: 2.0.2.2 alfresco-search-enterprise: diff --git a/helm/alfresco-content-services/7.2.N_values.yaml b/helm/alfresco-content-services/7.2.N_values.yaml index 85dfd960b..9eec660cc 100644 --- a/helm/alfresco-content-services/7.2.N_values.yaml +++ b/helm/alfresco-content-services/7.2.N_values.yaml @@ -1,6 +1,6 @@ # This values file can be used to install ACS 7.2.x using the latest version of # the chart -repository: +alfresco-repository: image: tag: 7.2.1.12 alfresco-ai-transformer: diff --git a/helm/alfresco-content-services/7.3.N_values.yaml b/helm/alfresco-content-services/7.3.N_values.yaml index 057ec1a2f..85b585712 100644 --- a/helm/alfresco-content-services/7.3.N_values.yaml +++ b/helm/alfresco-content-services/7.3.N_values.yaml @@ -1,6 +1,6 @@ # This values file can be used to install ACS 7.3.x using the latest version of # the chart -repository: +alfresco-repository: image: tag: 7.3.1 alfresco-ai-transformer: diff --git a/helm/alfresco-content-services/7.4.N_values.yaml b/helm/alfresco-content-services/7.4.N_values.yaml index a1d3c05ab..dc5c6b8b8 100644 --- a/helm/alfresco-content-services/7.4.N_values.yaml +++ b/helm/alfresco-content-services/7.4.N_values.yaml @@ -1,6 +1,6 @@ # This values file can be used to install ACS 7.4.x using the latest version of # the chart -repository: +alfresco-repository: image: tag: 7.4.1.1 alfresco-transform-service: diff --git a/helm/alfresco-content-services/Chart.lock b/helm/alfresco-content-services/Chart.lock index 13f5ee48a..d3b8a4fa7 100644 --- a/helm/alfresco-content-services/Chart.lock +++ b/helm/alfresco-content-services/Chart.lock @@ -11,6 +11,9 @@ dependencies: - name: common repository: https://activiti.github.io/activiti-cloud-helm-charts version: 7.11.0 +- name: alfresco-repository + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 0.1.0-alpha.8 - name: activemq repository: https://alfresco.github.io/alfresco-helm-charts/ version: 3.3.0 @@ -19,7 +22,7 @@ dependencies: version: 0.2.0 - name: alfresco-search-service repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 1.3.0 + version: 2.0.0-alpha.2 - name: alfresco-sync-service repository: https://alfresco.github.io/alfresco-helm-charts/ version: 4.3.0 @@ -38,5 +41,5 @@ dependencies: - name: alfresco-ai-transformer repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.3.0 -digest: sha256:dd03e4dd3198c86c65e35b2ac43cb2883a91cd27b943319b3ecd6b19ded3d283 -generated: "2023-09-08T16:36:16.483837+02:00" +digest: sha256:c7e9f04977366989ad65cce34d440772066efd76fe0a1998dd6a9c4ed37e8cc9 +generated: "2023-09-18T12:59:32.145111+02:00" diff --git a/helm/alfresco-content-services/Chart.yaml b/helm/alfresco-content-services/Chart.yaml index b4f04d375..24e16f8f2 100644 --- a/helm/alfresco-content-services/Chart.yaml +++ b/helm/alfresco-content-services/Chart.yaml @@ -35,6 +35,9 @@ dependencies: version: 7.11.0 condition: >- alfresco-digital-workspace.enabled + - name: alfresco-repository + version: 0.1.0-alpha.8 + repository: https://alfresco.github.io/alfresco-helm-charts/ - name: activemq version: 3.3.0 repository: https://alfresco.github.io/alfresco-helm-charts/ @@ -46,7 +49,7 @@ dependencies: - name: alfresco-search-service alias: alfresco-search repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 1.3.0 + version: 2.0.0-alpha.2 condition: alfresco-search.enabled - name: alfresco-sync-service repository: https://alfresco.github.io/alfresco-helm-charts/ diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index 92e7bfe79..eb568934a 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -23,8 +23,9 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.1.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-ms365 | 0.4.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-msteams | 0.2.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.1.0-alpha.8 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search-enterprise | 2.0.0-alpha.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search(alfresco-search-service) | 1.3.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search(alfresco-search-service) | 2.0.0-alpha.2 | | https://alfresco.github.io/alfresco-helm-charts/ | share(alfresco-share) | 0.1.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-sync-service | 4.3.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-transform-service | 0.2.0 | @@ -98,6 +99,20 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-digital-workspace.securityContext.runAsNonRoot | bool | `true` | | | alfresco-digital-workspace.securityContext.runAsUser | int | `101` | | | alfresco-digital-workspace.service.envType | string | `"frontend"` | | +| alfresco-repository.configuration.db.existingConfigMap.name | string | `"alfresco-infrastructure"` | | +| alfresco-repository.configuration.db.existingSecret.name | string | `"alfresco-cs-database"` | | +| alfresco-repository.configuration.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | | +| alfresco-repository.configuration.messageBroker.existingSecret.name | string | `"alfresco-cs-database"` | | +| alfresco-repository.configuration.repository.existingConfigMap | string | `"repository"` | | +| alfresco-repository.configuration.search.existingConfigMap.name | string | `"alfresco-infrastructure"` | | +| alfresco-repository.configuration.search.existingSecret.name | string | `"solr-shared-secret"` | | +| alfresco-repository.configuration.search.flavor | string | `"solr6"` | | +| alfresco-repository.image.repository | string | `"quay.io/alfresco/alfresco-content-repository"` | | +| alfresco-repository.image.tag | string | `"23.1.0-A27"` | | +| alfresco-repository.nameOverride | string | `"alfresco-repository"` | | +| alfresco-repository.persistence.accessModes | list | `["ReadWriteMany"]` | Specify a storageClass for dynamic provisioning | +| alfresco-repository.persistence.baseSize | string | `"20Gi"` | | +| alfresco-repository.persistence.enabled | bool | `true` | Persist repository data | | alfresco-search-enterprise.elasticsearch.enabled | bool | `true` | Enables the embedded elasticsearch cluster | | alfresco-search-enterprise.enabled | bool | `false` | | | alfresco-search-enterprise.liveIndexing.content.image.tag | string | `"4.0.0-M1"` | | @@ -105,8 +120,8 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-search-enterprise.liveIndexing.metadata.image.tag | string | `"4.0.0-M1"` | | | alfresco-search-enterprise.liveIndexing.path.image.tag | string | `"4.0.0-M1"` | | | alfresco-search-enterprise.messageBroker.existingSecretName | string | `"acs-alfresco-cs-brokersecret"` | | -| alfresco-search-enterprise.reindexing.db.existingConfigMap.name | string | `"acs-alfresco-cs-dbconfigmap"` | | -| alfresco-search-enterprise.reindexing.db.existingSecret.name | string | `"acs-alfresco-cs-dbsecret"` | | +| alfresco-search-enterprise.reindexing.db.existingConfigMap.name | string | `"alfresco-infrastructure"` | | +| alfresco-search-enterprise.reindexing.db.existingSecret.name | string | `"alfresco-cs-database"` | | | alfresco-search-enterprise.reindexing.enabled | bool | `true` | | | alfresco-search-enterprise.reindexing.image.tag | string | `"4.0.0-M1"` | | | alfresco-search.alfresco-insight-zeppelin.enabled | bool | `false` | | @@ -117,6 +132,12 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-search.ingress.enabled | bool | `false` | Alfresco Search services endpoint ('/solr') | | alfresco-search.ingress.tls | list | `[]` | | | alfresco-search.nameOverride | string | `"alfresco-search"` | | +| alfresco-search.repository.existingConfigMap.keys.host | string | `"repo_svc_name"` | | +| alfresco-search.repository.existingConfigMap.keys.port | string | `"repo_svc_port"` | | +| alfresco-search.repository.existingConfigMap.keys.securecomms | string | `"SEARCH_SECURECOMMS"` | | +| alfresco-search.repository.existingConfigMap.name | string | `"alfresco-infrastructure"` | | +| alfresco-search.repository.existingSecret.keys.sharedSecret | string | `"SOLR_SECRET"` | | +| alfresco-search.repository.existingSecret.name | string | `"solr-shared-secret"` | | | alfresco-search.searchServicesImage.repository | string | `"quay.io/alfresco/search-services"` | | | alfresco-search.searchServicesImage.tag | string | `"2.0.8.1"` | | | alfresco-sync-service.enabled | bool | `true` | Toggle deployment of Alfresco Sync Service (Desktop-Sync) Check [Alfresco Sync Service Documentation](https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/alfresco-sync-service) | @@ -132,7 +153,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-sync-service.postgresql.primary.resources.limits.memory | string | `"4Gi"` | | | alfresco-sync-service.postgresql.primary.resources.requests.cpu | string | `"250m"` | | | alfresco-sync-service.postgresql.primary.resources.requests.memory | string | `"1Gi"` | | -| alfresco-sync-service.repository.nameOverride | string | `"alfresco-cs-repository"` | | +| alfresco-sync-service.repository.nameOverride | string | `"alfresco-repository"` | | | alfresco-sync-service.repository.port | int | `80` | | | alfresco-transform-service.enabled | bool | `true` | | | alfresco-transform-service.filestore.enabled | bool | `true` | Declares the alfresco-shared-file-store used by the content repository and transform service | @@ -163,12 +184,12 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-transform-service.transformrouter.image.tag | string | `"3.1.0-M1"` | | | alfresco-transform-service.transformrouter.replicaCount | int | `2` | | | apiexplorer | object | `{"ingress":{"path":"/api-explorer"}}` | Declares the api-explorer service used by the content repository | -| database.configMapName | string | `"acs-alfresco-cs-dbconfigmap"` | | +| database.configMapName | string | `"alfresco-infrastructure"` | Name of the secret managed by this chart | | database.driver | string | `nil` | Postgresql jdbc driver name ex: org.postgresql.Driver. It should be available in the container image. | | database.existingSecretName | string | `nil` | An existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys. When using embedded postgres you need to also set `postgresql.existingSecret`. | | database.external | bool | `false` | Enable using an external database for Alfresco Content Services. Must disable `postgresql.enabled` when true. | | database.password | string | `nil` | External Postgresql database password | -| database.secretName | string | `"acs-alfresco-cs-dbsecret"` | Name of the secret managed by this chart | +| database.secretName | string | `"alfresco-cs-database"` | Name of the secret managed by this chart | | database.url | string | `nil` | External Postgresql jdbc url ex: `jdbc:postgresql://oldfashioned-mule-postgresql-acs:5432/alfresco` | | database.user | string | `nil` | External Postgresql database user | | email | object | `{"handler":{"folder":{"overwriteDuplicates":true}},"inbound":{"emailContributorsAuthority":"EMAIL_CONTRIBUTORS","enabled":false,"unknownUser":"anonymous"},"initContainers":{"pemToKeystore":{"image":{"pullPolicy":"IfNotPresent","repository":"registry.access.redhat.com/redhat-sso-7/sso71-openshift","tag":"1.1-16"}},"pemToTruststore":{"image":{"pullPolicy":"IfNotPresent","repository":"registry.access.redhat.com/redhat-sso-7/sso71-openshift","tag":"1.1-16"}},"setPerms":{"image":{"pullPolicy":"IfNotPresent","repository":"busybox","tag":"1.35.0"}}},"server":{"allowed":{"senders":".*"},"auth":{"enabled":true},"blocked":{"senders":null},"connections":{"max":3},"domain":null,"enableTLS":true,"enabled":false,"hideTLS":false,"port":1125,"requireTLS":false},"ssl":{"secretName":null}}` | For a full information of configuring the inbound email system, see https://docs.alfresco.com/content-services/latest/config/email/#manage-inbound-emails | @@ -188,11 +209,12 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | global.tracking.auth | string | `"secret"` | Select how solr and repo authenticate to each other none: work only prior to acs 7.2 (and was the default) secret: use a shared secret (to specify using `tracking.sharedsecret`) https: to use mTLS auth (require appropriate certificate configuration) | | global.tracking.sharedsecret | string | `nil` | Shared secret to authenticate repo/solr traffic. Strong enough secret can be generated with `openssl rand 20 -base64` | | imap | object | `{"mail":{"from":{"default":null},"to":{"default":null}},"server":{"enabled":false,"host":"0.0.0.0","imap":{"enabled":true},"imaps":{"enabled":true,"port":1144},"port":1143}}` | For a full information of configuring the imap subsystem, see https://docs.alfresco.com/content-services/latest/config/email/#enable-imap-protocol-using-alfresco-globalproperties | +| infrastructure.configMapName | string | `"alfresco-infrastructure"` | | | mail | object | `{"encoding":"UTF-8","existingSecretName":null,"from":{"default":null,"enabled":false},"host":null,"password":null,"port":25,"protocol":"smtps","smtp":{"auth":true,"debug":false,"starttls":{"enable":true},"timeout":30000},"smtps":{"auth":true,"starttls":{"enable":true}},"username":null}` | For a full information of configuring the outbound email system, see https://docs.alfresco.com/content-services/latest/config/email/#manage-outbound-emails | | mail.existingSecretName | string | `nil` | An existing kubernetes secret that contains MAIL_PASSWORD as per `mail.password` value | | mail.from.default | string | `nil` | Specifies the email address from which email notifications are sent | | mail.host | string | `nil` | SMTP(S) host server to enable delivery of site invitations, activity notifications and workflow tasks by email | -| messageBroker | object | `{"password":null,"secretName":"acs-alfresco-cs-brokersecret","url":null,"user":null}` | Activemq connection setting when activemq.enabled=false Can reference an external broker details, or help spread details of an internal one. | +| messageBroker | object | `{"password":null,"secretName":"acs-alfresco-cs-brokersecret","url":null,"user":null}` | Activemq connection details (activemq.enabled msut also be set to false) | | messageBroker.secretName | string | `"acs-alfresco-cs-brokersecret"` | Name of the secret managed by this chart | | metadataKeystore.defaultKeyPassword | string | `"oKIWzVdEdA"` | | | metadataKeystore.defaultKeystorePassword | string | `"mp6yc0UD9e"` | | @@ -214,58 +236,12 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | postgresql.primary.resources.requests.cpu | string | `"500m"` | | | postgresql.primary.resources.requests.memory | string | `"1Gi"` | | | repository.adminPassword | string | `"209c6174da490caeb422f3fa5a7ae634"` | Administrator password for ACS in NTLM hash format to set at bootstrap time | -| repository.command | list | `[]` | | | repository.edition | string | `"Enterprise"` | | -| repository.environment.JAVA_OPTS | string | `"-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 -Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.algorithm=DESede"` | | | repository.existingSecretName | string | `nil` | An existing secret that contains REPO_ADMIN_PASSWORD as an alternative for `repository.adminPassword` value | -| repository.extraInitContainers | list | `[]` | | | repository.extraLogStatements | object | `{}` | Provide additional log statements by adding classes and/or packages in a key:value maner org.alfresco.repo.content.transform.TransformerDebug: debug | -| repository.extraSideContainers | list | `[]` | | -| repository.extraVolumeMounts | list | `[]` | | -| repository.extraVolumes | list | `[]` | | -| repository.image.hazelcastPort | int | `5701` | | -| repository.image.internalPort | int | `8080` | | -| repository.image.pullPolicy | string | `"IfNotPresent"` | | -| repository.image.repository | string | `"quay.io/alfresco/alfresco-content-repository"` | | -| repository.image.tag | string | `"23.1.0-M4"` | | -| repository.ingress.annotations | object | `{}` | | -| repository.ingress.maxUploadSize | string | `"5g"` | | -| repository.ingress.path | string | `"/"` | | -| repository.ingress.tls | list | `[]` | | -| repository.initContainers.db.image.pullPolicy | string | `"IfNotPresent"` | | -| repository.initContainers.db.image.repository | string | `"busybox"` | | -| repository.initContainers.db.image.tag | string | `"1.35.0"` | | -| repository.initContainers.db.resources.limits.cpu | string | `"0.25"` | | -| repository.initContainers.db.resources.limits.memory | string | `"10Mi"` | | | repository.licenseSecret | string | `nil` | The name of the secret holding the ACS repository license if any. it must be contained within a `data['*.lic']` property For details on how to manage license, see: https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/examples/alf_license.md | -| repository.livenessProbe.initialDelaySeconds | int | `130` | | -| repository.livenessProbe.periodSeconds | int | `20` | | -| repository.livenessProbe.timeoutSeconds | int | `10` | | -| repository.nodeSelector | object | `{}` | | -| repository.persistence.accessModes | list | `["ReadWriteMany"]` | Specify a storageClass for dynamic provisioning | -| repository.persistence.baseSize | string | `"20Gi"` | | -| repository.persistence.data.mountPath | string | `"/usr/local/tomcat/alf_data"` | | -| repository.persistence.data.subPath | string | `"alfresco-content-services/repository-data"` | | -| repository.persistence.enabled | bool | `true` | Persist repository data | -| repository.persistence.existingClaim | string | `nil` | Use pre-provisioned pv through its claim (e.g. static provisioning) | -| repository.persistence.storageClass | string | `nil` | Bind PVC based on storageClass (e.g. dynamic provisioning) | -| repository.podSecurityContext.fsGroup | int | `1000` | | -| repository.podSecurityContext.runAsGroup | int | `1000` | | -| repository.podSecurityContext.runAsNonRoot | bool | `true` | | -| repository.podSecurityContext.runAsUser | int | `33000` | | -| repository.readinessProbe.failureThreshold | int | `6` | | -| repository.readinessProbe.initialDelaySeconds | int | `60` | | -| repository.readinessProbe.periodSeconds | int | `20` | | -| repository.readinessProbe.timeoutSeconds | int | `10` | | | repository.replicaCount | int | `2` | | -| repository.resources.limits.cpu | string | `"4"` | | -| repository.resources.limits.memory | string | `"8Gi"` | | -| repository.resources.requests.cpu | string | `"250m"` | | -| repository.resources.requests.memory | string | `"2Gi"` | | | repository.service.externalPort | int | `80` | | -| repository.service.name | string | `"alfresco"` | | -| repository.service.type | string | `"ClusterIP"` | | -| repository.startupProbe | object | `{"failureThreshold":10,"periodSeconds":30}` | The startup probe to cover the worse case startup time for slow clusters | | repository.strategy.type | string | `"Recreate"` | | | s3connector.config.bucketLocation | string | `nil` | | | s3connector.config.bucketName | string | `nil` | | @@ -275,13 +251,14 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | s3connector.secrets.awsKmsKeyId | string | `nil` | | | s3connector.secrets.encryption | string | `nil` | | | s3connector.secrets.secretKey | string | `nil` | | +| search.secretName | string | `"solr-shared-secret"` | Name of the secret managed by this chart | | share.enabled | bool | `true` | toggle deploying Alfresco Share UI | | share.image.repository | string | `"quay.io/alfresco/alfresco-share"` | | | share.image.tag | string | `"23.1.0-M4"` | | | share.nameOverride | string | `"share"` | | | share.repository.existingConfigMap.keys.host | string | `"repo_svc_name"` | Name of the key in the configmap which points to the repository service hostname | | share.repository.existingConfigMap.keys.port | string | `"repo_svc_port"` | Name of the key in the configmap which points to the repository service port | -| share.repository.existingConfigMap.name | string | `"infrastructure-repository"` | Name of the configmap which hold the repositoy connection details | +| share.repository.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which hold the repositoy connection details | Alfresco Content Service will be deployed in a Kubernetes cluster. This cluster needs a at least 32GB memory to split among below pods: diff --git a/helm/alfresco-content-services/community_values.yaml b/helm/alfresco-content-services/community_values.yaml index 2764dc43e..152f52ca6 100644 --- a/helm/alfresco-content-services/community_values.yaml +++ b/helm/alfresco-content-services/community_values.yaml @@ -2,6 +2,7 @@ # the latest version of the chart repository: edition: Community +alfresco-repository: replicaCount: 1 image: repository: alfresco/alfresco-content-repository-community diff --git a/helm/alfresco-content-services/templates/_helpers-ats.tpl b/helm/alfresco-content-services/templates/_helpers-ats.tpl index c44ad2819..4941d24bf 100644 --- a/helm/alfresco-content-services/templates/_helpers-ats.tpl +++ b/helm/alfresco-content-services/templates/_helpers-ats.tpl @@ -2,23 +2,23 @@ Local transformers config */}} {{- define "alfresco-content-service.localTransformConfig" -}} --DlocalTransform.core-aio.url= --DlocalTransform.pdfrenderer.url=http://{{ template "alfresco-transform-service.deployment-pdfrenderer.name" . }} --DlocalTransform.imagemagick.url=http://{{ template "alfresco-transform-service.deployment-imagemagick.name" . }} --DlocalTransform.libreoffice.url=http://{{ template "alfresco-transform-service.deployment-libreoffice.name" . }} --DlocalTransform.tika.url=http://{{ template "alfresco-transform-service.deployment-tika.name" . }} --DlocalTransform.misc.url=http://{{ template "alfresco-transform-service.deployment-transform-misc.name" . }} +localTransform.core-aio.url= +localTransform.pdfrenderer.url=http://{{ template "alfresco-transform-service.deployment-pdfrenderer.name" . }} +localTransform.imagemagick.url=http://{{ template "alfresco-transform-service.deployment-imagemagick.name" . }} +localTransform.libreoffice.url=http://{{ template "alfresco-transform-service.deployment-libreoffice.name" . }} +localTransform.tika.url=http://{{ template "alfresco-transform-service.deployment-tika.name" . }} +localTransform.misc.url=http://{{ template "alfresco-transform-service.deployment-transform-misc.name" . }} {{- end -}} {{/* ATS Tengines config */}} {{- define "alfresco-content-service.tengineConfig" -}} --Dalfresco-pdf-renderer.url=http://{{ template "alfresco-transform-service.deployment-pdfrenderer.name" . }} --Dimg.url=http://{{ template "alfresco-transform-service.deployment-imagemagick.name" . }} --Djodconverter.url=http://{{ template "alfresco-transform-service.deployment-libreoffice.name" . }} --Dtika.url=http://{{ template "alfresco-transform-service.deployment-tika.name" . }} --Dtransform.misc.url=http://{{ template "alfresco-transform-service.deployment-transform-misc.name" . }} +alfresco-pdf-renderer.url=http://{{ template "alfresco-transform-service.deployment-pdfrenderer.name" . }} +img.url=http://{{ template "alfresco-transform-service.deployment-imagemagick.name" . }} +jodconverter.url=http://{{ template "alfresco-transform-service.deployment-libreoffice.name" . }} +tika.url=http://{{ template "alfresco-transform-service.deployment-tika.name" . }} +transform.misc.url=http://{{ template "alfresco-transform-service.deployment-transform-misc.name" . }} {{- end -}} {{/* @@ -30,8 +30,8 @@ Get Alfresco Content Service configuration for Alfresco Transform Service {{- if and $atsCtx.Values.filestore.enabled $atsCtx.Values.transformrouter.enabled }} {{- $routerCtx := (dict "Values" (dict "nameOverride" "router" ) "Chart" .Chart "Release" .Release) }} {{- $sfsCtx := (dict "Values" (dict "nameOverride" "filestore" ) "Chart" .Chart "Release" .Release) }} --Dtransform.service.url=http://{{ template "alfresco-transform-service.deployment-transform-router.name" $atsCtx }} --Dsfs.url=http://{{ template "alfresco-transform-service.deployment-filestore.name" $atsCtx }} +transform.service.url=http://{{ template "alfresco-transform-service.deployment-transform-router.name" $atsCtx }} +sfs.url=http://{{ template "alfresco-transform-service.deployment-filestore.name" $atsCtx }} {{ template "alfresco-content-service.tengineConfig" $atsCtx }} {{- end }} {{- end }} diff --git a/helm/alfresco-content-services/templates/_helpers-database.tpl b/helm/alfresco-content-services/templates/_helpers-database.tpl new file mode 100644 index 000000000..eb6282ee0 --- /dev/null +++ b/helm/alfresco-content-services/templates/_helpers-database.tpl @@ -0,0 +1,17 @@ +{{/* +Compute the repository database URL + +Usage: include "alfresco-content-service.database.repo" $ + +*/}} +{{- define "alfresco-content-service.database.repo" -}} +{{- with .Values }} + {{- if and (not .database.url) (not .postgresql.enabled) }} + {{- fail "You must either set database.url or postgresql.enabled" }} + {{- else }} + {{- $pg_port := .postgresql.primary.service.ports.postgresql | toString }} + {{- $pg_url := printf "postgresql://%s-%s:%s/%s" $.Release.Name .postgresql.nameOverride $pg_port .postgresql.auth.database }} + {{- .database.url | default $pg_url }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/helm/alfresco-content-services/templates/_helpers-legacy.tpl b/helm/alfresco-content-services/templates/_helpers-legacy.tpl new file mode 100644 index 000000000..04ab456e0 --- /dev/null +++ b/helm/alfresco-content-services/templates/_helpers-legacy.tpl @@ -0,0 +1,21 @@ +{{/* +Create a default fully qualified name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "alfresco-content-services.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "content-services.fullname" -}} +{{- template "alfresco-content-services.fullname" . }} +{{- end -}} + +{{- define "content-services.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" -}} +{{- end }} + +{{- define "content-services.activemq.fullname" -}} +{{- $data := dict "Release" .Release "Values" .Values.activemq "Chart" (dict "Name" "activemq") }} +{{- include "activemq.fullname" $data }} +{{- end }} diff --git a/helm/alfresco-content-services/templates/_helpers-message-broker.tpl b/helm/alfresco-content-services/templates/_helpers-message-broker.tpl new file mode 100644 index 000000000..f89ff15e1 --- /dev/null +++ b/helm/alfresco-content-services/templates/_helpers-message-broker.tpl @@ -0,0 +1,13 @@ +{{/* +Compute the Message broker URL + +Usage: include "alfresco-content-service.mq.url" $ + +*/}} +{{- define "alfresco-content-service.mq.url" -}} + {{- if .Values.activemq.enabled }} + {{- printf "failover:(nio://%s-broker:61616)?timeout=3000&jms.useCompression=true" (include "content-services.activemq.fullname" .) }} + {{- else }} + {{ required "Disabling in-cluster ActiveMQ requires passing (at least) messageBroker.url" .Values.messageBroker.url }} + {{- end }} +{{- end }} diff --git a/helm/alfresco-content-services/templates/_helpers-search.tpl b/helm/alfresco-content-services/templates/_helpers-search.tpl index bb8f7f65e..f0bed7363 100644 --- a/helm/alfresco-content-services/templates/_helpers-search.tpl +++ b/helm/alfresco-content-services/templates/_helpers-search.tpl @@ -1,32 +1,43 @@ {{/* -Alfresco Repository index subsystem +Compute the search URL + +Usage: include "alfresco-content-service.search.url" $ + */}} -{{- define "repository.indexSubsystem" -}} -{{- if or (index .Values "alfresco-search" "enabled") (index .Values "alfresco-search" "external" "host") -}} - solr6 -{{- else if index .Values "alfresco-search-enterprise" "enabled" -}} - elasticsearch -{{- else -}} - none +{{- define "alfresco-content-service.search.url" -}} +{{- with .Values }} + {{- if or .search.url $.Values.global.elasticsearch.url }} + {{- .search.url | default $.Values.global.elasticsearch.url }} + {{- else if and (index . "alfresco-search-enterprise" "enabled") (index . "alfresco-search-enterprise" "elasticsearch" "enabled") }} + {{- with (index . "alfresco-search-enterprise") }} + {{/* DRY needs a named template in subchart */}} + {{- printf "%s://%s-%s:%s" .elasticsearch.protocol .elasticsearch.clusterName .elasticsearch.nodeGroup .elasticsearch.httpPort }} + {{- end }} + {{- else if (index . "alfresco-search" "enabled") }} + {{/* DEPRECATE use chart.fullname with built ctx instead */}} + {{- template "alfresco-search-service.fullname" . }}-solr + {{- else }} + {{- fail "You must either set search.url, alfresco-search-enterprise.enabled or alfresco-search.enabled" }} + {{- end }} {{- end }} {{- end -}} {{/* -Alfresco Repository search configuration +Compute the search "flavor" + +Usage: include "alfresco-content-service.search.flavor" $ + */}} -{{- define "repository.indexConfig" -}} -{{- if index .Values "alfresco-search" "external" "host" }} --Dsolr.host={{ index .Values "alfresco-search" "external" "host" }} --Dsolr.port={{ index .Values "alfresco-search" "external" "port" | default 8983 }} --Dsolr.base.url={{ template "alfresco-search.baseurl" . }} --Dsolr.secureComms={{ .Values.global.tracking.auth | default "secret" }} -{{- else if index .Values "alfresco-search" "enabled" -}} -{{- $alfrescoSearchContext := dict "Chart" $.Chart "Release" $.Release "Values" (index .Values "alfresco-search") }} --Dsolr.host={{ template "alfresco-search.host" $alfrescoSearchContext }} --Dsolr.port={{ template "alfresco-search.svcPort" $alfrescoSearchContext }} --Dsolr.base.url={{ index .Values "alfresco-search" "ingress" "path" | default "/solr" }} --Dsolr.secureComms={{ .Values.global.tracking.auth | default "secret" }} -{{- else if index .Values "alfresco-search-enterprise" "enabled" }} -{{- template "repo.elasticsearch.config" . }} +{{- define "alfresco-content-service.search.flavor" -}} +{{- with .Values }} + {{- if .search.flavor }} + {{- .search.flavor }} + {{- else if (index . "alfresco-search-enterprise" "enabled") }} + {{- print "elasticsearch" }} + {{- else if (index . "alfresco-search" "enabled") }} + {{- print "solr6" }} + {{- else }} + {{- print "noindex" }} + {{- end }} {{- end }} {{- end -}} diff --git a/helm/alfresco-content-services/templates/_helpers.tpl b/helm/alfresco-content-services/templates/_helpers.tpl index 1ece8d3ed..aedb27c51 100644 --- a/helm/alfresco-content-services/templates/_helpers.tpl +++ b/helm/alfresco-content-services/templates/_helpers.tpl @@ -1,17 +1,62 @@ {{/* -Create a default fully qualified name. +Expand the name of the chart. +*/}} +{{- define "alfresco-content-services.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} -{{- define "content-services.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- define "alfresco-content-services.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} -{{- define "content-services.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "alfresco-content-services.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} -{{- define "content-services.activemq.fullname" -}} -{{- $data := dict "Release" .Release "Values" .Values.activemq "Chart" (dict "Name" "activemq") }} -{{- include "activemq.fullname" $data }} +{{/* +Common labels +*/}} +{{- define "alfresco-content-services.labels" -}} +helm.sh/chart: {{ include "alfresco-content-services.chart" . }} +{{ include "alfresco-content-services.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "alfresco-content-services.selectorLabels" -}} +app.kubernetes.io/name: {{ include "alfresco-content-services.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "alfresco-content-services.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "alfresco-content-services.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} {{- end }} diff --git a/helm/alfresco-content-services/templates/config-repository-infrastructure.yaml b/helm/alfresco-content-services/templates/config-repository-infrastructure.yaml index 2979e53cd..633e6d4af 100644 --- a/helm/alfresco-content-services/templates/config-repository-infrastructure.yaml +++ b/helm/alfresco-content-services/templates/config-repository-infrastructure.yaml @@ -2,9 +2,27 @@ apiVersion: v1 kind: ConfigMap metadata: - name: infrastructure-repository + name: {{ .Values.infrastructure.configMapName }} labels: {{- include "repository.labels" . | nindent 4 }} data: - repo_svc_name: {{ template "content-services.shortname" . }}-repository + {{- $repoCtx := dict "Values" (index .Values "alfresco-repository") "Chart" .Chart "Release" .Release }} + repo_svc_name: {{ template "alfresco-repository.fullname" $repoCtx }} repo_svc_port: {{ .Values.repository.service.externalPort | quote }} + {{- $db_url := include "alfresco-content-service.database.repo" $ }} + {{ template "alfresco-repository.db.cm" (dict "url" $db_url "driver" .Values.database.driver) }} + {{ template "alfresco-repository.mq.cm" (include "alfresco-content-service.mq.url" .) }} + {{- $search_url := "" }} + {{- $search_flavor := include "alfresco-content-service.search.flavor" . }} + {{- $searchCtx := dict "Values" (index .Values "alfresco-search") "Chart" .Chart "Release" .Release }} + {{- if index .Values "alfresco-search" "enabled" }} + {{- $search_url = printf "http://%s-solr/solr" (include "alfresco-search-service.fullname" $searchCtx) }} + SEARCH_SECURECOMMS: {{ .Values.global.tracking.auth | default "secret" }} + SEARCH_HOST: {{ template "alfresco-common.url.host" $search_url }} + SEARCH_PORT: {{ include "alfresco-common.url.port" $search_url | quote }} + SOLR_BASE_URL: {{ include "alfresco-common.url.path" $search_url | default "/solr" }} + {{- end }} + {{- if ne "noindex" $search_flavor }} + SEARCH_URL: {{ $search_url }} + {{- end }} + SEARCH_FLAVOR: {{ template "alfresco-content-service.search.flavor" . }} diff --git a/helm/alfresco-content-services/templates/config-repository.yaml b/helm/alfresco-content-services/templates/config-repository.yaml index 6e4c70279..159409929 100644 --- a/helm/alfresco-content-services/templates/config-repository.yaml +++ b/helm/alfresco-content-services/templates/config-repository.yaml @@ -1,135 +1,104 @@ -# Defines the properties required by the content repository apiVersion: v1 kind: ConfigMap metadata: - # the name of the config map - name: {{ template "content-services.shortname" . }}-repository-configmap + name: repository labels: - {{- include "repository.labels" . | nindent 4 }} + {{- include "alfresco-content-services.labels" . | nindent 4 }} data: - # The JAVA_OPTS defined in the values.yaml file for the "repository" are set here using proper quotes - {{- if .Values.repository.environment }} - {{- range $key, $val := .Values.repository.environment }} - {{ $key }}: {{ tpl $val $ | quote }} - {{- end }} - {{- end }} - RELEASE_NAME: {{ .Release.Name }} - {{- $alfUrl := include "alfresco-common.external.url" . }} - ALFRESCO_OPTS: >- - -Ddeployment.method=HELM_CHART - -Dalfresco.cluster.enabled={{ gt (.Values.repository.replicaCount | int) 1 }} - {{- if .Values.repository.licenseSecret }} - -Ddir.license.external=/usr/local/tomcat/shared/classes/alfresco/extension/license/ - {{- end }} - -Dalfresco.host={{ template "alfresco-common.external.host" . }} - -Dalfresco.protocol={{ template "alfresco-common.external.scheme" . }} - -Dalfresco.port={{ template "alfresco-common.external.port" . }} - -Daos.baseUrlOverwrite={{ $alfUrl }}/alfresco/aos - -Dcsrf.filter.origin={{ $alfUrl }} - -Dcsrf.filter.referer={{ $alfUrl }}/.* + alfresco-global.properties: | + {{- $alfUrl := include "alfresco-common.external.url" . }} + deployment.method=HELM_CHART + alfresco.cluster.enabled={{ gt (.Values.repository.replicaCount | int) 1 }} + alfresco.host={{ template "alfresco-common.external.host" . }} + alfresco.protocol={{ template "alfresco-common.external.scheme" . }} + alfresco.port={{ template "alfresco-common.external.port" . }} + aos.baseUrlOverwrite={{ $alfUrl }}/alfresco/aos + csrf.filter.origin={{ $alfUrl }} + csrf.filter.referer={{ $alfUrl }}/.* {{- if .Values.share.enabled }} - -Dshare.protocol={{ template "alfresco-common.external.scheme" . }} - -Dshare.host={{ template "alfresco-common.external.host" . }} - -Dshare.port={{ template "alfresco-common.external.port" . }} - {{- end }} - {{- $subsys := include "repository.indexSubsystem" . -}} - {{- if ne $subsys "none" }} - {{- include "repository.indexConfig" . | indent 4 }} + share.protocol={{ template "alfresco-common.external.scheme" . }} + share.host={{ template "alfresco-common.external.host" . }} + share.port={{ template "alfresco-common.external.port" . }} {{- end }} - -Dindex.subsystem.name={{ $subsys }} - -Dlocal.transform.service.enabled={{ index .Values "alfresco-transform-service" "enabled" }} + alfresco_user_store.adminpassword={{ .Values.repository.adminPassword }} + local.transform.service.enabled={{ index .Values "alfresco-transform-service" "enabled" }} {{- with (index .Values "alfresco-transform-service") }} {{- $ats_for_enterprise := and .filestore.enabled .transformrouter.enabled }} - -Dtransform.service.enabled={{ and .enabled $ats_for_enterprise }} + transform.service.enabled={{ and .enabled $ats_for_enterprise }} {{- end }} {{- if index .Values "alfresco-transform-service" "enabled" }} {{- include "alfresco-content-service.atsConfig" . | indent 4 }} {{- end }} + {{/* {{- if .Values.s3connector.enabled }} {{- range $key, $val := .Values.s3connector.config }} - -Ds3.{{ $key }}={{ $val }} + s3.{{ $key }}={{ $val }} {{- end }} {{- end }} {{- if .Values.email.server.enabled }} - -Demail.server.enabled={{ .Values.email.server.enabled }} - -Demail.server.port={{ .Values.email.server.port }} - -Demail.server.domain={{ .Values.email.server.domain }} - -Demail.server.enableTLS={{ .Values.email.server.enableTLS }} - -Demail.server.hideTLS={{ .Values.email.server.hideTLS }} - -Demail.server.requireTLS={{ .Values.email.server.requireTLS }} - -Demail.server.auth.enabled={{ .Values.email.server.auth.enabled }} - -Demail.server.connections.max={{ .Values.email.server.connections.max }} - -Demail.server.allowed.senders={{ .Values.email.server.allowed.senders }} - -Demail.server.blocked.senders={{ .Values.email.server.blocked.senders }} - -Demail.inbound.enabled={{ .Values.email.inbound.enabled }} - -Demail.inbound.unknownUser={{ .Values.email.inbound.unknownUser }} - -Demail.inbound.emailContributorsAuthority={{ .Values.email.inbound.emailContributorsAuthority }} - -Demail.handler.folder.overwriteDuplicates={{ .Values.email.handler.folder.overwriteDuplicates }} - -Dimap.server.enabled={{ .Values.imap.server.enabled }} - -Dimap.server.port={{ .Values.imap.server.port }} - -Dimap.server.host={{ .Values.imap.server.host }} - -Dimap.server.imap.enabled={{ .Values.imap.server.imap.enabled }} - -Dimap.server.imaps.enabled={{ .Values.imap.server.imaps.enabled }} - -Dimap.server.imaps.port={{ .Values.imap.server.imaps.port }} - -Dimap.mail.from.default={{ .Values.imap.mail.from.default }} - -Dimap.mail.to.default={{ .Values.imap.mail.to.default }} - -Dsystem.usages.enabled=true - -Dnotification.email.siteinvite=true + email.server.enabled={{ .Values.email.server.enabled }} + email.server.port={{ .Values.email.server.port }} + email.server.domain={{ .Values.email.server.domain }} + email.server.enableTLS={{ .Values.email.server.enableTLS }} + email.server.hideTLS={{ .Values.email.server.hideTLS }} + email.server.requireTLS={{ .Values.email.server.requireTLS }} + email.server.auth.enabled={{ .Values.email.server.auth.enabled }} + email.server.connections.max={{ .Values.email.server.connections.max }} + email.server.allowed.senders={{ .Values.email.server.allowed.senders }} + email.server.blocked.senders={{ .Values.email.server.blocked.senders }} + email.inbound.enabled={{ .Values.email.inbound.enabled }} + email.inbound.unknownUser={{ .Values.email.inbound.unknownUser }} + email.inbound.emailContributorsAuthority={{ .Values.email.inbound.emailContributorsAuthority }} + email.handler.folder.overwriteDuplicates={{ .Values.email.handler.folder.overwriteDuplicates }} + imap.server.enabled={{ .Values.imap.server.enabled }} + imap.server.port={{ .Values.imap.server.port }} + imap.server.host={{ .Values.imap.server.host }} + imap.server.imap.enabled={{ .Values.imap.server.imap.enabled }} + imap.server.imaps.enabled={{ .Values.imap.server.imaps.enabled }} + imap.server.imaps.port={{ .Values.imap.server.imaps.port }} + imap.mail.from.default={{ .Values.imap.mail.from.default }} + imap.mail.to.default={{ .Values.imap.mail.to.default }} + system.usages.enabled=true + notification.email.siteinvite=true {{- if .Values.email.server.enableTLS }} - -Djavax.net.ssl.keyStore=/var/run/secrets/java.io/keystores/keystore.jks -Djavax.net.ssl.keyStorePassword=changeit + javax.net.ssl.keyStore=/var/run/secrets/java.io/keystores/keystore.jks -Djavax.net.ssl.keyStorePassword=changeit {{- end }} {{- end }} {{- if .Values.mail.host }} - -Dmail.encoding={{ .Values.mail.encoding }} - -Dmail.host={{ .Values.mail.host }} - -Dmail.port={{ .Values.mail.port }} - -Dmail.protocol={{ .Values.mail.protocol }} - -Dmail.username={{ .Values.mail.username }} - -Dmail.from.default={{ .Values.mail.from.default }} - -Dmail.from.enabled={{ .Values.mail.from.enabled }} - -Dmail.smtp.auth={{ .Values.mail.smtp.auth }} - -Dmail.smtp.debug={{ .Values.mail.smtp.debug }} - -Dmail.smtp.starttls.enable={{ .Values.mail.smtp.starttls.enable }} - -Dmail.smtp.timeout={{ .Values.mail.smtp.timeout }} - -Dmail.smtps.auth={{ .Values.mail.smtps.auth }} - -Dmail.smtps.starttls.enable={{ .Values.mail.smtps.starttls.enable }} + mail.encoding={{ .Values.mail.encoding }} + mail.host={{ .Values.mail.host }} + mail.port={{ .Values.mail.port }} + mail.protocol={{ .Values.mail.protocol }} + mail.username={{ .Values.mail.username }} + mail.from.default={{ .Values.mail.from.default }} + mail.from.enabled={{ .Values.mail.from.enabled }} + mail.smtp.auth={{ .Values.mail.smtp.auth }} + mail.smtp.debug={{ .Values.mail.smtp.debug }} + mail.smtp.starttls.enable={{ .Values.mail.smtp.starttls.enable }} + mail.smtp.timeout={{ .Values.mail.smtp.timeout }} + mail.smtps.auth={{ .Values.mail.smtps.auth }} + mail.smtps.starttls.enable={{ .Values.mail.smtps.starttls.enable }} {{- end }} {{- if index .Values "alfresco-sync-service" "enabled" }} - -Ddsync.service.uris={{ $alfUrl }}/syncservice - {{- else }} - -Devents.subsystem.autoStart=false - {{- end }} - CATALINA_OPTS: >- - $ALFRESCO_OPTS - -Ddb.driver={{ .Values.database.driver | default "org.postgresql.Driver" }} - {{- if eq .Values.database.external false }} - -Ddb.url=jdbc:postgresql://{{ printf "%s-%s" .Release.Name .Values.postgresql.nameOverride }}:{{ .Values.postgresql.primary.service.ports.postgresql }}/{{ .Values.postgresql.auth.database }} + dsync.service.uris={{ $alfUrl }}/syncservice {{- else }} - -Ddb.url={{ .Values.database.url }} + events.subsystem.autoStart=false {{- end }} {{- if and .Values.mail.host (or .Values.mail.password .Values.mail.existingSecretName) }} - -Dmail.password=$MAIL_PASSWORD + mail.password=$MAIL_PASSWORD {{- end }} - -Ddb.username=$DATABASE_USERNAME - -Ddb.password=$DATABASE_PASSWORD {{- if .Values.s3connector.enabled }} {{- if .Values.s3connector.secrets.accessKey }} - -Ds3.accessKey=$ACCESSKEY + s3.accessKey=$ACCESSKEY {{- end }} {{- if .Values.s3connector.secrets.secretKey }} - -Ds3.secretKey=$SECRETKEY + s3.secretKey=$SECRETKEY {{- end }} {{- if .Values.s3connector.secrets.encryption }} - -Ds3.encryption=$ENCRYPTION + s3.encryption=$ENCRYPTION {{- end }} {{- if .Values.s3connector.secrets.awsKmsKeyId }} - -Ds3.awsKmsKeyId=$KMSKEYID + s3.awsKmsKeyId=$KMSKEYID {{- end }} {{- end }} - -Dmetadata-keystore.password=$METADATA_KEYSTORE_PASSWORD - -Dmetadata-keystore.metadata.password=$METADATA_KEY_PASSWORD - -Dmessaging.broker.url=$BROKER_URL - -Dmessaging.broker.username=$BROKER_USERNAME - -Dmessaging.broker.password=$BROKER_PASSWORD - -Dencryption.ssl.truststore.location=$JAVA_HOME/lib/security/cacerts - -Dalfresco_user_store.adminpassword=$REPO_ADMIN_PASSWORD + */}} diff --git a/helm/alfresco-content-services/templates/deployment-repository.yaml b/helm/alfresco-content-services/templates/deployment-repository.yaml deleted file mode 100644 index df8ec8b0a..000000000 --- a/helm/alfresco-content-services/templates/deployment-repository.yaml +++ /dev/null @@ -1,247 +0,0 @@ -# Defines the deployment for the alfresco content repository app -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "content-services.shortname" . }}-repository - labels: - {{- include "repository.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.repository.replicaCount }} - selector: - matchLabels: - {{- include "repository.selectorLabels" . | nindent 6 }} - strategy: - {{- if eq .Values.repository.strategy.type "Recreate" }} - type: {{ .Values.repository.strategy.type }} - {{- else }} - type: RollingUpdate - rollingUpdate: -{{ toYaml .Values.global.strategy.rollingUpdate | indent 6 }} - {{- end }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/config-repository.yaml") . | sha256sum }} - checksum/secretDatabase: {{ include (print $.Template.BasePath "/secret-database.yaml") . | sha256sum }} - checksum/secretS3: {{ include (print $.Template.BasePath "/secret-s3.yaml") . | sha256sum }} - labels: - {{- include "repository.selectorLabels" . | nindent 8 }} - spec: - {{- include "component-pod-security-context" .Values.repository | indent 4 }} - {{- if .Values.repository.nodeSelector }} - nodeSelector: {{- .Values.repository.nodeSelector | toYaml | nindent 8 }} - {{- end }} - {{- include "alfresco-content-services.imagePullSecrets" . | indent 6 }} - containers: - {{- if .Values.repository.extraSideContainers }} -{{ tpl .Values.repository.extraSideContainers . | indent 8 }} - {{- end }} - - name: {{ .Chart.Name }} - image: "{{ .Values.repository.image.repository }}:{{ .Values.repository.image.tag }}" - imagePullPolicy: {{ .Values.repository.image.pullPolicy }} - {{- if .Values.repository.command }} - command: -{{ tpl .Values.repository.command . | indent 12 }} - {{- end }} - {{- include "component-security-context" .Values.repository | indent 8 }} - envFrom: - - secretRef: - name: {{ .Values.database.existingSecretName | default .Values.database.secretName }} - {{- if .Values.s3connector.enabled }} - - secretRef: - name: {{ default (printf "%s-s3secret" (include "content-services.shortname" .)) .Values.s3connector.existingSecretName }} - {{- end }} - {{- if and .Values.mail.host (or .Values.mail.password .Values.mail.existingSecretName) }} - - secretRef: - name: {{ default (printf "%s-mail-password" (include "content-services.shortname" .)) .Values.mail.existingSecretName }} - {{- end }} - - secretRef: - name: {{ template "content-services.shortname" . }}-metadata-keystore-secret - - secretRef: - name: {{ .Values.messageBroker.existingSecretName | default .Values.messageBroker.secretName }} - - secretRef: - name: {{ default (printf "%s-repository-secret" (include "content-services.shortname" .)) .Values.repository.existingSecretName }} - - configMapRef: - # config map to use, defined in config-repository.yaml - name: {{ template "content-services.shortname" . }}-repository-configmap - ports: - # internal port and the hazelcast port used for clustering - - containerPort: {{ .Values.repository.image.internalPort }} - - containerPort: {{ .Values.repository.image.hazelcastPort }} - {{- if and .Values.email.server.enabled .Values.email.inbound.enabled }} - - containerPort: {{ .Values.email.server.port }} - - containerPort: {{ .Values.imap.server.port }} - - containerPort: {{ .Values.imap.server.imaps.port }} - {{- end }} - resources: {{- toYaml .Values.repository.resources | nindent 12 }} - volumeMounts: - {{- if and (index .Values "alfresco-search" "enabled") (eq .Values.global.tracking.auth "secret") }} - - name: repository-properties - mountPath: /usr/local/tomcat/shared/classes/alfresco-global.properties - subPath: alfresco-global.properties - {{- end }} - - name: data - mountPath: {{ .Values.repository.persistence.data.mountPath }} - subPath: {{ .Values.repository.persistence.data.subPath }} - {{- if .Values.repository.licenseSecret }} - - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/license/ - name: acs-license - {{- end }} - {{- if .Values.repository.extraLogStatements }} - - name: repository-logging-properties-volume - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/custom-log4j.properties - subPath: custom-log4j.properties - - name: repository-logging-properties-volume - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/custom-log4j2.properties - subPath: custom-log4j2.properties - {{- end }} - startupProbe: - httpGet: - path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- - port: {{ .Values.repository.image.internalPort }} - periodSeconds: {{ .Values.repository.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.repository.startupProbe.failureThreshold }} - readinessProbe: - httpGet: - path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- - port: {{ .Values.repository.image.internalPort }} - initialDelaySeconds: {{ .Values.repository.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.repository.readinessProbe.periodSeconds }} - failureThreshold: {{ .Values.repository.readinessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.repository.readinessProbe.timeoutSeconds }} - livenessProbe: - httpGet: - path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-live- - port: {{ .Values.repository.image.internalPort }} - initialDelaySeconds: {{ .Values.repository.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.repository.livenessProbe.periodSeconds }} - failureThreshold: 1 - timeoutSeconds: {{ .Values.repository.livenessProbe.timeoutSeconds }} - lifecycle: - preStop: - exec: - command: ["/bin/bash", "-c", "sleep 20"] - initContainers: - {{- if .Values.repository.extraInitContainers }} - {{- toYaml .Values.repository.extraInitContainers | nindent 8 }} - {{- end }} - {{- if not .Values.database.external }} - - name: wait-db-ready - image: "{{ .Values.repository.initContainers.db.image.repository }}:{{ .Values.repository.initContainers.db.image.tag }}" - imagePullPolicy: {{ .Values.repository.initContainers.db.image.pullPolicy }} - {{- include "component-security-context" .Values.repository.initContainers.db | indent 8 }} - resources: {{- toYaml .Values.repository.initContainers.db.resources | nindent 12 }} - command: ['sh', '-c', 'until nc -w1 {{ printf "%s-%s" .Release.Name .Values.postgresql.nameOverride }} {{ .Values.postgresql.primary.service.ports.postgresql }}; do echo "waiting for {{ printf "%s-%s" .Release.Name .Values.postgresql.nameOverride }}"; sleep 2; done;'] - {{- end }} - {{- if and .Values.email.server.enabled .Values.email.inbound.enabled .Values.email.server.enableTLS }} - - name: pem-to-keystore - image: "{{ .Values.email.initContainers.pemToKeystore.image.repository }}:{{ .Values.email.initContainers.pemToKeystore.image.tag }}" - imagePullPolicy: {{ .Values.email.initContainers.pemToKeystore.image.pullPolicy }} - {{- include "component-security-context" .Values.repository.initContainers.pemToKeystore | indent 8 }} - env: - - name: keyfile - value: /var/run/secrets/certs/tls.key - - name: crtfile - value: /var/run/secrets/certs/tls.crt - - name: keystore_pkcs12 - value: /var/run/secrets/java.io/keystores/keystore.pkcs12 - - name: keystore_jks - value: /var/run/secrets/java.io/keystores/keystore.jks - - name: password - value: changeit - command: ['/bin/bash'] - args: ['-c', "openssl pkcs12 -export -inkey $keyfile -in $crtfile -out $keystore_pkcs12 -password pass:$password && keytool -importkeystore -noprompt -srckeystore $keystore_pkcs12 -srcstoretype pkcs12 -destkeystore $keystore_jks -storepass $password -srcstorepass $password"] - volumeMounts: - - mountPath: /var/run/secrets/java.io/keystores - name: email-keystore-volume - - mountPath: /var/run/secrets/certs - name: email-certs - - name: pem-to-truststore - image: "{{ .Values.email.initContainers.pemToTruststore.image.repository }}:{{ .Values.email.initContainers.pemToTruststore.image.tag }}" - imagePullPolicy: {{ .Values.email.initContainers.pemToTruststore.image.pullPolicy }} - {{- include "component-security-context" .Values.repository.initContainers.pemToTruststore | indent 8 }} - env: - - name: ca_bundle - value: /var/run/secrets/cacert/ca.crt - - name: truststore_jks - value: /var/run/secrets/java.io/keystores/truststore.jks - - name: password - value: changeit - command: ['/bin/bash'] - args: ['-c', "csplit -z -f crt- $ca_bundle '/-----BEGIN CERTIFICATE-----/' '{*}' && for file in crt-*; do keytool -import -noprompt -keystore $truststore_jks -file $file -storepass changeit -alias service-$file; done"] - volumeMounts: - - name: email-keystore-volume - mountPath: /var/run/secrets/java.io/keystores - - name: ca-cert - mountPath: /var/run/secrets/cacert - - name: set-perms - image: "{{ .Values.email.initContainers.setPerms.image.repository }}:{{ .Values.email.initContainers.setPerms.image.tag }}" - imagePullPolicy: {{ .Values.email.initContainers.setPerms.image.pullPolicy }} - {{- include "component-security-context" .Values.repository.initContainers.setPerms | indent 8 }} - env: - - name: keystore_dir - value: /var/run/secrets/java.io/keystores - command: ["sh", "-c", "chown -R 33000:1000 $keystore_dir"] - volumeMounts: - - name: email-keystore-volume - mountPath: /var/run/secrets/java.io/keystores - {{- end }} - volumes: - {{- include "data_volume" .Values.repository | nindent 8 }} - {{- if and (index .Values "alfresco-search" "enabled") (eq .Values.global.tracking.auth "secret") }} - - name: repository-properties - secret: - secretName: {{ template "alfresco.shortname" . }}-repository-properties-secret - defaultMode: 0400 - items: - - key: alfresco-global.properties - path: alfresco-global.properties - {{- end }} - {{- if .Values.repository.licenseSecret }} - - name: acs-license - secret: - secretName: {{ .Values.repository.licenseSecret }} - defaultMode: 0400 - {{- end }} - {{- if .Values.repository.extraLogStatements }} - - name : repository-logging-properties-volume - configMap: - name: {{ template "alfresco.shortname" . }}-custom-log4j-properties-configmap - items: - - key: custom-log4j.properties - path: custom-log4j.properties - - key: custom-log4j2.properties - path: custom-log4j2.properties - {{- end }} - - name: custom-pipeline-config-volume - configMap: - optional: true - name: custom-pipeline-config - - name: custom-rendition-config-volume - configMap: - optional: true - name: custom-rendition-config - - name: custom-mimetype-config-volume - configMap: - optional: true - name: custom-mimetype-config - - name: custom-queryset-config-volume - configMap: - optional: true - name: custom-queryset-config - {{- if and .Values.email.server.enabled .Values.email.inbound.enabled .Values.email.server.enableTLS }} - - name: email-keystore-volume - emptyDir: {} - - name: email-certs - secret: - secretName: {{ .Values.email.ssl.secretName }} - - name: ca-cert - secret: - secretName: {{ .Values.email.ssl.secretName }} - items: - - key: ca.crt - path: ca.crt - {{- end }} - {{- if .Values.repository.extraVolumes }} - {{- toYaml .Values.repository.extraVolumes | nindent 8 }} - {{- end }} diff --git a/helm/alfresco-content-services/templates/ingress-repository.yaml b/helm/alfresco-content-services/templates/ingress-repository.yaml deleted file mode 100644 index cd8c80b41..000000000 --- a/helm/alfresco-content-services/templates/ingress-repository.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- $serviceName := printf "%s-%s" (include "content-services.shortname" .) "repository" -}} -{{- $servicePort := .Values.repository.service.externalPort -}} -apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "content-services.shortname" . }}-repository - labels: - {{- include "repository.labels" . | nindent 4 }} - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/session-cookie-name: "alf_affinity_route" - nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" - # Default file limit (1m) check, document(s) above this size will throw 413 (Request Entity Too Large) error - nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.repository.ingress.maxUploadSize }} - {{- include "ingress_annotations" .Values.repository }} - {{- include "ingress_vhost_annotations" .Values.repository }} -spec: - {{- if .Values.repository.ingress.tls }} - tls: - {{- range .Values.repository.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- if .Values.repository.ingress.hostName }} - - host: {{ tpl .Values.repository.ingress.hostName . }} - http: - {{- else }} - - http: - {{- end }} - paths: - - path: {{ .Values.repository.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: Prefix - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $) | nindent 10 }} - - path: {{ .Values.apiexplorer.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: Prefix - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $) | nindent 10 }} diff --git a/helm/alfresco-content-services/templates/pvc.yaml b/helm/alfresco-content-services/templates/pvc.yaml deleted file mode 100644 index 2c7406021..000000000 --- a/helm/alfresco-content-services/templates/pvc.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{- if and (not .Values.repository.persistence.existingClaim) .Values.repository.persistence.enabled }} -{{ include "component_pvc" .Values.repository }} -{{- end }} diff --git a/helm/alfresco-content-services/templates/secret-repository-properties.yaml b/helm/alfresco-content-services/templates/secret-repository-properties.yaml index 64631d939..a61f73b02 100644 --- a/helm/alfresco-content-services/templates/secret-repository-properties.yaml +++ b/helm/alfresco-content-services/templates/secret-repository-properties.yaml @@ -2,10 +2,10 @@ apiVersion: v1 kind: Secret metadata: - name: {{ template "alfresco.shortname" . }}-repository-properties-secret + name: {{ .Values.search.secretName }} labels: {{- include "repository.labels" . | nindent 4 }} type: Opaque data: - alfresco-global.properties: {{ printf "%s%s" "solr.sharedSecret=" (include "tracking-shared-secret" .) | b64enc | quote }} + SOLR_SECRET: {{ include "tracking-shared-secret" . | b64enc | quote }} {{- end }} diff --git a/helm/alfresco-content-services/templates/svc-repository.yaml b/helm/alfresco-content-services/templates/svc-repository.yaml deleted file mode 100644 index 1ef759494..000000000 --- a/helm/alfresco-content-services/templates/svc-repository.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Defines the service for the alfresco content repository app -apiVersion: v1 -kind: Service -metadata: - name: {{ template "content-services.shortname" . }}-repository - labels: - {{- include "repository.labels" . | nindent 4 }} -spec: - type: {{ .Values.repository.service.type }} - ports: - - port: {{ include "repository.svcPort" . }} - targetPort: {{ include "repository.containerPort" . }} - name: {{ .Values.repository.service.name }} - {{- if and .Values.email.server.enabled .Values.email.inbound.enabled }} - - port: {{ .Values.email.server.port }} - targetPort: {{ .Values.email.server.port }} - name: {{ .Values.repository.service.name }}-email-inbound - protocol: TCP - - port: {{ .Values.imap.server.port }} - targetPort: {{ .Values.imap.server.port }} - name: {{ .Values.repository.service.name }}-email-imap - protocol: TCP - - port: {{ .Values.imap.server.imaps.port }} - targetPort: {{ .Values.imap.server.imaps.port }} - name: {{ .Values.repository.service.name }}-email-imap-secure - protocol: TCP - {{- end }} - selector: - {{- include "repository.selectorLabels" . | nindent 4 }} diff --git a/helm/alfresco-content-services/tests/activemq_test.yaml b/helm/alfresco-content-services/tests/activemq_test.yaml index 7ced676fe..4254ef2b4 100644 --- a/helm/alfresco-content-services/tests/activemq_test.yaml +++ b/helm/alfresco-content-services/tests/activemq_test.yaml @@ -4,38 +4,13 @@ suite: test alfresco-common library templates: - secret-message-broker.yaml - - deployment-repository.yaml - - config-repository.yaml - - secret-database.yaml - - secret-s3.yaml - - secret-repository.yaml - - config-dev-log4j-properties.yaml tests: - it: should render ActiveMQ embedded secret values: - values/test_values.yaml - values/externalBroker_values.yaml asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: acs-alfresco-cs-brokersecret - template: deployment-repository.yaml - equal: path: data.BROKER_URL value: ZmFpbG92ZXIobmlvOi8vc29tZWJyb2tlcjo2MTYxNik= template: secret-message-broker.yaml - - - it: should render custom secret - values: - - values/test_values.yaml - set: - messageBroker.existingSecretName: acs-credentials - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: acs-credentials - template: deployment-repository.yaml diff --git a/helm/alfresco-content-services/tests/config-repository_test.yaml b/helm/alfresco-content-services/tests/config-repository_test.yaml index 0ba878268..287a1f71a 100644 --- a/helm/alfresco-content-services/tests/config-repository_test.yaml +++ b/helm/alfresco-content-services/tests/config-repository_test.yaml @@ -3,51 +3,37 @@ suite: test config-repository manifest templates: - config-repository.yaml tests: - - it: should have CATALINA_OPTS with encryption.ssl.truststore.location set + - it: should have global properties rendered with default value for CSRF and baseUrl values: &testvalues - values/test_values.yaml + template: config-repository.yaml asserts: - matchRegex: - path: data.CATALINA_OPTS - pattern: |- - (^|[^\ ]\ )-Dencryption\.ssl\.truststore\.location=\$JAVA_HOME/lib/security/cacerts($|\ ) - template: config-repository.yaml - - - it: should have ALFRESCO_OPTS rendered with default value for CSRF and baseUrl - values: *testvalues - asserts: - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Daos\.baseUrlOverwrite=https://localhost/alfresco/aos($|\ ) - template: config-repository.yaml + path: &alfglob data["alfresco-global.properties"] + pattern: >- + \n *aos\.baseUrlOverwrite=https://localhost/alfresco/aos - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dcsrf\.filter\.origin=https://localhost($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *csrf\.filter\.origin=https://localhost - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dcsrf\.filter\.referer=https://localhost/\.\*($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *csrf\.filter\.referer=https://localhost/\.\* - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dshare.port=443($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *share.port=443 - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dshare.protocol=https($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *share.protocol=https - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dshare.host=localhost($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *share.host=localhost - - it: should have ALFRESCO_OPTS urls as per known_urls & without Share config + - it: should have global properties urls rendered as per known_urls & without Share config values: *testvalues set: share: @@ -55,83 +41,75 @@ tests: global: known_urls: - https://myecm.domain.tld:8443 + template: config-repository.yaml asserts: - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Daos\.baseUrlOverwrite=https://myecm.domain.tld:8443/alfresco/aos($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *aos\.baseUrlOverwrite=https://myecm.domain.tld:8443/alfresco/aos - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dcsrf\.filter\.origin=https://myecm.domain.tld:8443($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *csrf\.filter\.origin=https://myecm.domain.tld:8443 - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dcsrf\.filter\.referer=https://myecm.domain.tld:8443/\.\*($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *csrf\.filter\.referer=https://myecm.domain.tld:8443/\.\* - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dalfresco.port=8443($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *alfresco.port=8443 - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dalfresco.protocol=https($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *alfresco.protocol=https - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dalfresco.host=myecm.domain.tld($|\ ) - template: config-repository.yaml + path: *alfglob + pattern: >- + \n *alfresco.host=myecm.domain.tld - notMatchRegex: - path: data.ALFRESCO_OPTS - pattern: -Dshare.port= - template: config-repository.yaml + path: *alfglob + pattern: share.port= - notMatchRegex: - path: data.ALFRESCO_OPTS - pattern: -Dshare.protocol= - template: config-repository.yaml + path: *alfglob + pattern: share.protocol= - notMatchRegex: - path: data.ALFRESCO_OPTS - pattern: -Dshare.host= - template: config-repository.yaml + path: *alfglob + pattern: share.host= - - it: should have ALFRESCO_OPTS and CATALINA_OPTS when mail values are set - values: *testvalues - set: - mail: - host: smtp.example.com - password: smtpPassword - port: 25 - asserts: - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dmail\.host=smtp\.example\.com($|\ ) - template: config-repository.yaml - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|[^\ ]\ )-Dmail\.port=25($|\ ) - template: config-repository.yaml - - matchRegex: - path: data.CATALINA_OPTS - pattern: |- - (^|[^\ ]\ )-Dmail\.password=\$MAIL_PASSWORD($|\ ) - template: config-repository.yaml - - - it: should have CATALINA_OPTS with mail.password set when existing secret name is provided - values: *testvalues - set: - mail: - host: smtp.example.com - existingSecretName: existing - asserts: - - matchRegex: - path: data.CATALINA_OPTS - pattern: |- - (^|[^\ ]\ )-Dmail\.password=\$MAIL_PASSWORD($|\ ) - template: config-repository.yaml +# - it: should have ALFRESCO_OPTS and CATALINA_OPTS when mail values are set +# values: *testvalues +# set: +# mail: +# host: smtp.example.com +# password: smtpPassword +# port: 25 +# asserts: +# - matchRegex: +# path: *alfglob +# pattern: >- +# \n *mail\.host=smtp\.example\.com +# template: config-repository.yaml +# - matchRegex: +# path: *alfglob +# pattern: >- +# \n *mail\.port=25 +# template: config-repository.yaml +# - matchRegex: +# path: data.CATALINA_OPTS +# pattern: >- +# \n *mail\.password=\$MAIL_PASSWORD +# template: config-repository.yaml +# +# - it: should have CATALINA_OPTS with mail.password set when existing secret name is provided +# values: *testvalues +# set: +# mail: +# host: smtp.example.com +# existingSecretName: existing +# asserts: +# - matchRegex: +# path: *alfglob +# pattern: >- +# \n *mail\.password=\$MAIL_PASSWORD +# template: config-repository.yaml diff --git a/helm/alfresco-content-services/tests/deployment-repository_test.yaml b/helm/alfresco-content-services/tests/deployment-repository_test.yaml deleted file mode 100644 index 968fee21d..000000000 --- a/helm/alfresco-content-services/tests/deployment-repository_test.yaml +++ /dev/null @@ -1,253 +0,0 @@ ---- -suite: test repository manifest -templates: - - deployment-repository.yaml - - config-repository.yaml - - secret-database.yaml - - secret-s3.yaml - - secret-repository.yaml - - config-dev-log4j-properties.yaml -tests: - - it: should have basic metadata in place in deployment - values: &testvalues - - values/test_values.yaml - asserts: - - equal: - path: metadata.name - value: RELEASE-NAME-alfresco-cs-repository - template: deployment-repository.yaml - - - it: Log4j & Log4j2 test - values: *testvalues - set: - repository: - extraLogStatements: - org.alfresco.repo.content.transform.TransformerDebug: debug - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: repository-logging-properties-volume - configMap: - name: RELEASE-NAME-alfresco-custom-log4j-properties-configmap - items: - - key: custom-log4j.properties - path: custom-log4j.properties - - key: custom-log4j2.properties - path: custom-log4j2.properties - template: deployment-repository.yaml - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: repository-logging-properties-volume - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/custom-log4j.properties - subPath: custom-log4j.properties - template: deployment-repository.yaml - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: repository-logging-properties-volume - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/custom-log4j2.properties - subPath: custom-log4j2.properties - template: deployment-repository.yaml - - - it: should have default mail secret in env when email server is enabled - values: *testvalues - set: - mail: - host: smtp.example.org - password: smtpPassword - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: RELEASE-NAME-alfresco-cs-mail-password - template: deployment-repository.yaml - - - it: should have overridden secret in env when email server is enabled - values: *testvalues - set: - mail: - host: smtp.example.org - existingSecretName: whatever - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: whatever - template: deployment-repository.yaml - - - it: should have overridden secret in env when email server is enabled - values: *testvalues - asserts: - - notContains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: RELEASE-NAME-alfresco-cs-mail-password - template: deployment-repository.yaml - - - it: should have default secret in env - values: *testvalues - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: RELEASE-NAME-alfresco-cs-repository-secret - template: deployment-repository.yaml - - - it: should have overridden secret in env - values: *testvalues - set: - repository.existingSecretName: whatever - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: whatever - template: deployment-repository.yaml - - - it: should have s3 secret in env - values: *testvalues - set: - s3connector: - enabled: true - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: RELEASE-NAME-alfresco-cs-s3secret - template: deployment-repository.yaml - - - it: should have overridden s3 secret in env - values: *testvalues - set: - s3connector: - enabled: true - existingSecretName: whatever - asserts: - - contains: - path: spec.template.spec.containers[0].envFrom - content: - secretRef: - name: whatever - template: deployment-repository.yaml - - - it: should have a volume and a volumeMount for license - values: *testvalues - set: - repository: - licenseSecret: somesecret - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: acs-license - secret: - secretName: somesecret - defaultMode: 0400 - template: deployment-repository.yaml - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - mountPath: >- - /usr/local/tomcat/shared/classes/alfresco/extension/license/ - name: acs-license - template: deployment-repository.yaml - - - it: should have a volume and a volumeMount for alfresco-global.properties - values: *testvalues - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: repository-properties - secret: - secretName: RELEASE-NAME-alfresco-repository-properties-secret - defaultMode: 0400 - items: - - key: alfresco-global.properties - path: alfresco-global.properties - template: deployment-repository.yaml - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: repository-properties - mountPath: /usr/local/tomcat/shared/classes/alfresco-global.properties - subPath: alfresco-global.properties - template: deployment-repository.yaml - - - it: should render cpu and memory limits - values: *testvalues - asserts: - - equal: - path: spec.template.spec.containers[0].resources - value: - requests: - cpu: "250m" - memory: "2Gi" - limits: - cpu: "4" - memory: "8Gi" - template: deployment-repository.yaml - - - it: should have wait-db-ready initcontainer with in-cluster db - values: *testvalues - set: - database.external: false - asserts: - - equal: - path: spec.template.spec.initContainers[0].name - value: wait-db-ready - template: deployment-repository.yaml - - - it: should not have wait-db-ready initcontainer with external database - values: *testvalues - set: - database.external: true - asserts: - - isEmpty: - path: spec.template.spec.initContainers - template: deployment-repository.yaml - - isNotEmpty: - path: spec.template.spec.volumes - template: deployment-repository.yaml - - - it: should have custom init containers when defined - values: *testvalues - set: - repository.extraInitContainers: - - name: dummy-init-container - image: busybox:1.28 - command: ['sh', '-c', 'echo The app is running! && sleep 3600'] - asserts: - - contains: - path: spec.template.spec.initContainers - content: - name: dummy-init-container - image: busybox:1.28 - command: ['sh', '-c', 'echo The app is running! && sleep 3600'] - template: deployment-repository.yaml - - - it: should have custom extra volumes when defined - values: *testvalues - set: - repository.extraVolumes: - - name: test-volume - awsElasticBlockStore: - volumeID: "whatever" - fsType: ext4 - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: test-volume - awsElasticBlockStore: - volumeID: "whatever" - fsType: ext4 - template: deployment-repository.yaml diff --git a/helm/alfresco-content-services/tests/ingress-repository_test.yaml b/helm/alfresco-content-services/tests/ingress-repository_test.yaml deleted file mode 100644 index d561c3285..000000000 --- a/helm/alfresco-content-services/tests/ingress-repository_test.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -suite: test ingress for repository -templates: - - ingress-repository.yaml -tests: - - it: should render with default value alfresco-cs - values: &testvalues - - values/test_values.yaml - asserts: - - matchRegex: - path: metadata.name - pattern: ^RELEASE-NAME-alfresco-cs- - template: ingress-repository.yaml - - - it: should render with value set - values: *testvalues - set: - NameOverride: myacstest - asserts: - - matchRegex: - pattern: ^RELEASE-NAME-myacstest- - path: metadata.name - template: ingress-repository.yaml diff --git a/helm/alfresco-content-services/tests/pv-repository_test.yaml b/helm/alfresco-content-services/tests/pv-repository_test.yaml deleted file mode 100644 index a5e158394..000000000 --- a/helm/alfresco-content-services/tests/pv-repository_test.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -suite: test persistence -templates: - - config-repository.yaml - - config-dev-log4j-properties.yaml - - secret-database.yaml - - secret-s3.yaml - - secret-repository.yaml - - deployment-repository.yaml - - pvc.yaml -tests: - - it: should render an ephemeral volume - values: &testvalues - - values/test_values.yaml - set: - repository: - persistence: - enabled: false - asserts: - - contains: - path: spec.template.spec.volumes - content: - emptyDir: - sizeLimit: 20Gi - name: data - template: deployment-repository.yaml - - it: should render a deployment with set claim - values: *testvalues - set: - repository: - persistence: - enabled: true - existingClaim: mysfsvolume - asserts: - - equal: - path: >- - spec.template.spec.volumes[0].persistentVolumeClaim.claimName - value: mysfsvolume - template: deployment-repository.yaml - - it: should render a deployment with dynamic claim name - values: *testvalues - set: - repository: - persistence: - enabled: true - volumeMode: Block - accessModes: - - ReadWriteMany - - ReadOnlyMany - asserts: - - equal: - path: >- - spec.template.spec.volumes[0].persistentVolumeClaim.claimName - value: alfresco-default-pvc - template: deployment-repository.yaml - - isNull: - path: spec.storageClassName - template: pvc.yaml - documentIndex: 0 - - it: should render a deployment with provided storage class - values: *testvalues - set: - repository: - persistence: - enabled: true - storageClass: cheap - asserts: - - equal: - path: >- - spec.template.spec.volumes[0].persistentVolumeClaim.claimName - value: alfresco-cheap-pvc - template: deployment-repository.yaml - - equal: - path: spec.storageClassName - value: cheap - template: pvc.yaml - documentIndex: 0 diff --git a/helm/alfresco-content-services/tests/search_test.yaml b/helm/alfresco-content-services/tests/search_test.yaml deleted file mode 100644 index 24e0b34b0..000000000 --- a/helm/alfresco-content-services/tests/search_test.yaml +++ /dev/null @@ -1,71 +0,0 @@ ---- -suite: test search related rendering -templates: - - config-repository.yaml -tests: - - it: should configure ACS without any search subsystem - values: &testvalues - - values/test_values.yaml - set: - alfresco-search: - enabled: false - asserts: - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dindex.subsystem.name=none($|\ ) - - it: should configure ACS with external Solr - values: *testvalues - set: - alfresco-search: - enabled: false - external: - host: somehostwheresolrservesrequests - port: 8983 - asserts: - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dindex.subsystem.name=solr6($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dsolr.host=somehostwheresolrservesrequests($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dsolr.port=8983($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dsolr.secureComms=secret($|\ ) - - it: should configure ACS with external ElasticSearch - values: *testvalues - set: - alfresco-search: - enabled: false - alfresco-search-enterprise: - enabled: true - elasticsearch: - host: some.opensearch.endpoint - port: 443 - protocol: https - user: user - password: pass - asserts: - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Dindex.subsystem.name=elasticsearch($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Delasticsearch.host=some.opensearch.endpoint($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Delasticsearch.secureComms=https($|\ ) - - matchRegex: - path: data.ALFRESCO_OPTS - pattern: |- - (^|\w\s+)-Delasticsearch.user=user($|\ ) diff --git a/helm/alfresco-content-services/tests/secret-repository-properties_test.yaml b/helm/alfresco-content-services/tests/secret-repository-properties_test.yaml index b71e11f0a..e1a0fa630 100644 --- a/helm/alfresco-content-services/tests/secret-repository-properties_test.yaml +++ b/helm/alfresco-content-services/tests/secret-repository-properties_test.yaml @@ -8,6 +8,5 @@ tests: - values/test_values.yaml asserts: - equal: - path: data['alfresco-global.properties'] - value: c29sci5zaGFyZWRTZWNyZXQ9ZHVtbXk= - template: secret-repository-properties.yaml + path: data.SOLR_SECRET + value: ZHVtbXk= diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index 661e88873..d7760f54b 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -14,6 +14,67 @@ # max heap to 1/4th of container's memory which may not be ideal. Hence, setting # up explicit Container memory and then assigning a percentage of it to the JVM # for performance tuning. +infrastructure: + configMapName: &infrastructure_cmName alfresco-infrastructure +database: + # -- Enable using an external database for Alfresco Content Services. Must disable `postgresql.enabled` when true. + external: false + # -- Postgresql jdbc driver name ex: org.postgresql.Driver. It should be available in the container image. + driver: null + # -- External Postgresql database user + user: null + # -- External Postgresql database password + password: null + # -- External Postgresql jdbc url ex: `jdbc:postgresql://oldfashioned-mule-postgresql-acs:5432/alfresco` + url: null + # -- Name of the secret managed by this chart + configMapName: *infrastructure_cmName + # -- Name of the secret managed by this chart + secretName: &acs_database_secretName alfresco-cs-database + # -- An existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys. + # When using embedded postgres you need to also set `postgresql.existingSecret`. + existingSecretName: null +# -- Activemq connection details (activemq.enabled msut also be set to false) +messageBroker: + url: null + user: null + password: null + # -- Name of the secret managed by this chart + secretName: &acs_messageBroker_secretName acs-alfresco-cs-brokersecret +search: + # -- Name of the secret managed by this chart + secretName: &acs_search_secretName solr-shared-secret +alfresco-repository: + nameOverride: alfresco-repository + image: + repository: quay.io/alfresco/alfresco-content-repository + tag: 23.1.0-A27 + configuration: + repository: + existingConfigMap: repository + db: + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: *acs_database_secretName + messageBroker: + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: *acs_database_secretName + search: + flavor: solr6 + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: *acs_search_secretName + persistence: + # -- Persist repository data + enabled: true + baseSize: 20Gi + # -- Specify a storageClass for dynamic provisioning + accessModes: + - ReadWriteMany repository: # -- Administrator password for ACS in NTLM hash format to set at bootstrap time adminPassword: "209c6174da490caeb422f3fa5a7ae634" @@ -24,94 +85,10 @@ repository: licenseSecret: null edition: Enterprise replicaCount: 2 - nodeSelector: {} + service: + externalPort: 80 strategy: type: Recreate - image: - repository: quay.io/alfresco/alfresco-content-repository - tag: 23.1.0-M4 - pullPolicy: IfNotPresent - internalPort: 8080 - hazelcastPort: 5701 - initContainers: - db: - image: - repository: busybox - tag: 1.35.0 - pullPolicy: IfNotPresent - resources: - limits: - cpu: "0.25" - memory: "10Mi" - service: - name: alfresco - type: ClusterIP - externalPort: &repositoryExternalPort 80 - ingress: - path: / - maxUploadSize: "5g" - annotations: {} - # nginx.ingress.kubernetes.io/enable-cors: "true" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - environment: - JAVA_OPTS: >- - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - -Dencryption.keystore.type=JCEKS - -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding - -Dencryption.keyAlgorithm=DESede - -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore - -Dmetadata-keystore.aliases=metadata - -Dmetadata-keystore.metadata.algorithm=DESede - podSecurityContext: - runAsNonRoot: true - runAsUser: 33000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - cpu: "250m" - memory: "2Gi" - limits: - cpu: "4" - memory: "8Gi" - # -- The startup probe to cover the worse case startup time for slow clusters - startupProbe: - periodSeconds: 30 - failureThreshold: 10 - # The repository readiness probe is used to check startup only as a failure - # of the liveness probe later will result in the pod being restarted. - readinessProbe: - initialDelaySeconds: 60 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - livenessProbe: - initialDelaySeconds: 130 - periodSeconds: 20 - timeoutSeconds: 10 - persistence: - # -- Persist repository data - enabled: true - baseSize: 20Gi - # -- Specify a storageClass for dynamic provisioning - accessModes: - - ReadWriteMany - # -- Bind PVC based on storageClass (e.g. dynamic provisioning) - storageClass: null - # -- Use pre-provisioned pv through its claim (e.g. static provisioning) - existingClaim: null - data: - mountPath: /usr/local/tomcat/alf_data - subPath: alfresco-content-services/repository-data - extraVolumes: [] - extraVolumeMounts: [] - extraSideContainers: [] - extraInitContainers: [] - command: [] # -- Provide additional log statements by adding classes and/or packages in a # key:value maner org.alfresco.repo.content.transform.TransformerDebug: debug extraLogStatements: {} @@ -121,18 +98,7 @@ repository: apiexplorer: ingress: path: /api-explorer -# -- Activemq connection setting when activemq.enabled=false -# Can reference an external broker details, or help spread details of an -# internal one. -messageBroker: &acs_messageBroker - url: null - user: null - password: null - # -- Name of the secret managed by this chart - secretName: &acs_messageBroker_secretName acs-alfresco-cs-brokersecret - # -- Alternatively, provide credentials via an existing secret that contains - # BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys -activemq: &amq +activemq: nameOverride: activemq enabled: true # -- Possibility to choose Node for pod, with a key-value pair label @@ -239,7 +205,7 @@ share: repository: existingConfigMap: # -- Name of the configmap which hold the repositoy connection details - name: infrastructure-repository + name: *infrastructure_cmName keys: # -- Name of the key in the configmap which points to the repository # service hostname @@ -249,6 +215,17 @@ share: port: repo_svc_port alfresco-search: enabled: true + repository: + existingConfigMap: + name: *infrastructure_cmName + keys: + host: repo_svc_name + port: repo_svc_port + securecomms: SEARCH_SECURECOMMS + existingSecret: + name: *acs_search_secretName + keys: + sharedSecret: SOLR_SECRET searchServicesImage: repository: quay.io/alfresco/search-services tag: 2.0.8.1 @@ -274,23 +251,6 @@ alfresco-search: # - secretName: chart-example-tls # hosts: # - chart-example.local -database: - # -- Enable using an external database for Alfresco Content Services. Must disable `postgresql.enabled` when true. - external: false - # -- Postgresql jdbc driver name ex: org.postgresql.Driver. It should be available in the container image. - driver: null - # -- External Postgresql database user - user: null - # -- External Postgresql database password - password: null - # -- External Postgresql jdbc url ex: `jdbc:postgresql://oldfashioned-mule-postgresql-acs:5432/alfresco` - url: null - # -- Name of the secret managed by this chart - secretName: &acs_database_secretName acs-alfresco-cs-dbsecret - configMapName: &acs_database_configMapName acs-alfresco-cs-dbconfigmap - # -- An existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys. - # When using embedded postgres you need to also set `postgresql.existingSecret`. - existingSecretName: null alfresco-search-enterprise: enabled: false elasticsearch: @@ -317,7 +277,7 @@ alfresco-search-enterprise: existingSecret: name: *acs_database_secretName existingConfigMap: - name: *acs_database_configMapName + name: *infrastructure_cmName image: tag: 4.0.0-M1 alfresco-digital-workspace: @@ -571,8 +531,8 @@ alfresco-sync-service: messageBroker: existingSecretName: *acs_messageBroker_secretName repository: - nameOverride: alfresco-cs-repository - port: *repositoryExternalPort + nameOverride: alfresco-repository + port: 80 # -- toggle deploying Alfresco ai transformer alfresco-ai-transformer: enabled: false diff --git a/test/community-integration-test-values.yaml b/test/community-integration-test-values.yaml index e1f03798a..9438ca626 100644 --- a/test/community-integration-test-values.yaml +++ b/test/community-integration-test-values.yaml @@ -1,5 +1,5 @@ --- -repository: +alfresco-repository: resources: requests: cpu: "0.01" diff --git a/test/enterprise-integration-test-values.yaml b/test/enterprise-integration-test-values.yaml index 9a27b50a7..36993fa88 100644 --- a/test/enterprise-integration-test-values.yaml +++ b/test/enterprise-integration-test-values.yaml @@ -1,5 +1,5 @@ --- -repository: +alfresco-repository: resources: requests: cpu: "0.01" diff --git a/updatecli-matrix-targets.yaml b/updatecli-matrix-targets.yaml index 6ed2af116..2c6e9916f 100644 --- a/updatecli-matrix-targets.yaml +++ b/updatecli-matrix-targets.yaml @@ -13,7 +13,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues231 >- helm/alfresco-content-services/values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag helm_update_appVersion: true share: version: @@ -131,7 +131,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues74 >- helm/alfresco-content-services/7.4.N_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: @@ -245,7 +245,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues73 >- helm/alfresco-content-services/7.3.N_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: @@ -359,7 +359,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues72 >- helm/alfresco-content-services/7.2.N_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: @@ -473,7 +473,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues71 >- helm/alfresco-content-services/7.1.N_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: @@ -580,7 +580,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvalues70 >- helm/alfresco-content-services/7.0.N_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: @@ -667,7 +667,7 @@ matrix: compose_key: $.services.alfresco.image helm_target: &helmvaluesOss >- helm/alfresco-content-services/community_values.yaml - helm_key: $.repository.image.tag + helm_key: $.alfresco-repository.image.tag pattern: image: share: