diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3515127c..ebe3b7eb 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -15,11 +15,9 @@ repos: hooks: - id: helm-docs - repo: https://github.com/bridgecrewio/checkov.git - rev: 3.1.29 + rev: 3.1.51 hooks: - id: checkov - additional_dependencies: - - "cyclonedx-python-lib==5.2.0" # https://github.com/bridgecrewio/checkov/issues/5841 files: charts/.*\.yaml$ verbose: true args: diff --git a/charts/alfresco-sync-service/Chart.lock b/charts/alfresco-sync-service/Chart.lock index d632def5..c5c78458 100644 --- a/charts/alfresco-sync-service/Chart.lock +++ b/charts/alfresco-sync-service/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: alfresco-common repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 2.1.0 + version: 3.1.0 - name: activemq repository: https://alfresco.github.io/alfresco-helm-charts/ version: 3.3.0 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.5.6 -digest: sha256:8531ee83acd36b7cf125b8fa7da8db119d4af04f33d4463d3eb8a7838f9f5f03 -generated: "2023-09-20T17:57:49.465176+02:00" +digest: sha256:9277a39a6c08dca30ec812d13ff6dc78cd3ea471ca9ee9f2feb487f8e64d8b6b +generated: "2024-01-04T23:35:01.664108+01:00" diff --git a/charts/alfresco-sync-service/Chart.yaml b/charts/alfresco-sync-service/Chart.yaml index d41c738c..d0379d98 100644 --- a/charts/alfresco-sync-service/Chart.yaml +++ b/charts/alfresco-sync-service/Chart.yaml @@ -8,18 +8,20 @@ keywords: name: alfresco-sync-service sources: - https://github.com/Alfresco/acs-deployment -version: 4.5.1 +version: 5.0.0-alpha.0 appVersion: 4.0.1 icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4 dependencies: - name: alfresco-common - version: 2.1.0 + version: 3.1.0 repository: https://alfresco.github.io/alfresco-helm-charts/ - name: activemq version: 3.3.0 repository: https://alfresco.github.io/alfresco-helm-charts/ - condition: activemq.enabled + tags: + - ci - name: postgresql version: 12.5.6 repository: oci://registry-1.docker.io/bitnamicharts - condition: postgresql.enabled + tags: + - ci diff --git a/charts/alfresco-sync-service/README.md b/charts/alfresco-sync-service/README.md index 24fb71b9..9ecc3175 100644 --- a/charts/alfresco-sync-service/README.md +++ b/charts/alfresco-sync-service/README.md @@ -1,9 +1,11 @@ # alfresco-sync-service -![Version: 4.5.1](https://img.shields.io/badge/Version-4.5.1-informational?style=flat-square) ![AppVersion: 4.0.1](https://img.shields.io/badge/AppVersion-4.0.1-informational?style=flat-square) +![Version: 5.0.0-alpha.0](https://img.shields.io/badge/Version-5.0.0--alpha.0-informational?style=flat-square) ![AppVersion: 4.0.1](https://img.shields.io/badge/AppVersion-4.0.1-informational?style=flat-square) Alfresco Sync Service +Checkout [alfresco-content-services chart doc](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for an example of how to leverage this chart from an umbrella chart. + ## Source Code * @@ -13,29 +15,26 @@ Alfresco Sync Service | Repository | Name | Version | |------------|------|---------| | https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.3.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.1.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.0 | | oci://registry-1.docker.io/bitnamicharts | postgresql | 12.5.6 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| activemq.adminUser.password | string | `"admin"` | Password to use to set as the connection user for ActiveMQ | -| activemq.adminUser.user | string | `"admin"` | User to use to set as the connection user for ActiveMQ | -| activemq.enabled | bool | `false` | Toggle ActiveMQ chart dependency see [Alfresco ActiveMQ chart documentation](https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/activemq)) | -| activemq.nameOverride | string | `"activemq"` | | -| activemq.services.broker.ports.external.openwire | int | `61616` | | +| affinity | string | `""` | | | database.driver | string | `"org.postgresql.Driver"` | The JDBC Driver to connect to the DB. If different from the default make sure your container image ships it. | -| database.existingSecretName | string | `nil` | An existing kubernetes secret with DB info (prefered over using values) | -| database.password | string | `"admin"` | JDBC password to use to connect to the DB | +| database.existingConfigMap.keys.driver | string | `"DATABASE_DRIVER"` | configmap key where to find the JDBC driver class to use. The configmap may leverage the alfresco-repository.db.cm named template to auto-generate it from the sole url parameter. | +| database.existingConfigMap.keys.url | string | `"DATABASE_URL"` | configmap key where to find the URL of the database | +| database.existingConfigMap.name | string | `nil` | | +| database.existingSecret.keys.password | string | `"DATABASE_PASSWORD"` | Key within the secret holding the database password | +| database.existingSecret.keys.username | string | `"DATABASE_USERNAME"` | Key within the secret holding the database username | +| database.existingSecret.name | string | `nil` | Name of a pre-existing secret containing database credentials | +| database.password | string | `nil` | JDBC password to use to connect to the DB | | database.url | string | `nil` | JDBC url to connect to the external DB | -| database.user | string | `"alfresco"` | JDBC username to use to connect to the DB | -| environment.EXTRA_JAVA_OPTS | string | `""` | | +| database.username | string | `nil` | JDBC username to use to connect to the DB | | environment.JAVA_OPTS | string | `"-Dsync.metrics.reporter.graphite.enabled=false -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80"` | | -| global | object | `{"alfrescoRegistryPullSecrets":"quay-registry-secret","messageBroker":{"password":null,"url":null,"user":null},"strategy":{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0}}}` | Global definition of Docker registry pull secret which can be overridden from parent ACS Helm chart(s) | -| global.messageBroker.password | string | `nil` | Credential to use to authenticate to the broker | -| global.messageBroker.url | string | `nil` | A failover URI formatted string, see: https://activemq.apache.org/failover-transport-reference | -| global.messageBroker.user | string | `nil` | Username to authenticate as | +| global | object | `{"alfrescoRegistryPullSecrets":"quay-registry-secret","strategy":{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0}}}` | Global definition of Docker registry pull secret which can be overridden from parent ACS Helm chart(s) | | image.internalPort | int | `9090` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"quay.io/alfresco/service-sync"` | | @@ -46,26 +45,34 @@ Alfresco Sync Service | livenessProbe.initialDelaySeconds | int | `30` | | | livenessProbe.periodSeconds | int | `30` | | | livenessProbe.timeoutSeconds | int | `10` | | -| messageBroker.existingSecretName | string | `nil` | An existing k8s secret with broker details (preferred over using values) | +| messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | configmap key where to find the URL of the message broker | +| messageBroker.existingConfigMap.name | string | `nil` | Name of a pre-existing configmap containing message broker details | +| messageBroker.existingSecret.keys.password | string | `"BROKER_PASSWORD"` | Key within the secret holding the message broker password | +| messageBroker.existingSecret.keys.username | string | `"BROKER_USERNAME"` | Key within the secret holding the message broker username | +| messageBroker.existingSecret.name | string | `nil` | Name of a pre-existing secret containing message broker credentials | | messageBroker.nameOverride | string | `"activemq"` | A name that will be used as a base to get broker connection details | | messageBroker.password | string | `nil` | Credential to use to authenticate to the broker. | | messageBroker.url | string | `nil` | A failover URI formatted string, see: https://activemq.apache.org/failover-transport-reference | -| messageBroker.user | string | `nil` | Username to authenticate as. | +| messageBroker.username | string | `nil` | Username to authenticate as. | | nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | | podSecurityContext.fsGroup | int | `1000` | | | podSecurityContext.runAsGroup | int | `1000` | | | podSecurityContext.runAsNonRoot | bool | `true` | | | podSecurityContext.runAsUser | int | `33020` | | -| postgresql | object | `{"auth":{"database":"alfrescosync","enablePostgresUser":false,"password":"admin","username":"alfresco"},"enabled":false,"nameOverride":"postgresql-syncservice","primary":{"extendedConfiguration":"shared_buffers = 256MB\nmax_connections = 100\nwal_level = minimal\nmax_wal_senders = 0\nmax_replication_slots = 0\neffective_cache_size = 1024GB\nlog_min_messages = LOG\n"},"resources":{"limits":{"cpu":"2","memory":"2Gi"}}}` | Defines properties required by sync service for connecting to the database If you set database.external to true you will have to setup the JDBC driver, user, password and JdbcUrl as `driver`, `user`, `password` & `url` subelements of `database`. Also make sure that the container has the db driver | -| postgresql.enabled | bool | `false` | Toggle PostgreSQL chart dependency see [PostgreSQL Bitnami charts documentation](https://github.com/bitnami/charts/tree/main/bitnami/postgresql)) | | readinessProbe.failureThreshold | int | `12` | | | readinessProbe.initialDelaySeconds | int | `20` | | | readinessProbe.periodSeconds | int | `10` | | | readinessProbe.timeoutSeconds | int | `10` | | | replicaCount | int | `1` | | -| repository.host | string | `"alfresco-cs-repository"` | ACS repository host | -| repository.nameOverride | string | `nil` | A nameOverride use to compute an ACS repository service name | -| repository.port | int | `80` | ACS repository port | +| repository.existingConfigMap.keys.host | string | `"REPO_HOST"` | configmap key where to find the URL of the message broker | +| repository.existingConfigMap.keys.port | string | `"REPO_PORT"` | | +| repository.existingConfigMap.keys.scheme | string | `"REPO_SCHEME"` | | +| repository.existingConfigMap.name | string | `nil` | Name of a pre-existing configmap containing message broker details | +| repository.host | string | `nil` | ACS repository host | +| repository.port | string | `nil` | ACS repository port | +| repository.scheme | string | `nil` | ACS repository port | | resources.limits.cpu | string | `"2"` | | | resources.limits.memory | string | `"2000Mi"` | | | resources.requests.cpu | string | `"0.5"` | | @@ -73,5 +80,8 @@ Alfresco Sync Service | service.externalPort | int | `80` | | | service.name | string | `"syncservice"` | | | service.type | string | `"NodePort"` | | - -Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for information on the Helm charts and deployment instructions. +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `"alfresco-sync"` | | +| terminationGracePeriodSeconds | int | `60` | | +| tolerations | list | `[]` | | diff --git a/charts/alfresco-sync-service/README.md.gotmpl b/charts/alfresco-sync-service/README.md.gotmpl index 1fdf7d32..aec31491 100644 --- a/charts/alfresco-sync-service/README.md.gotmpl +++ b/charts/alfresco-sync-service/README.md.gotmpl @@ -5,6 +5,8 @@ {{ template "chart.description" . }} +Checkout [alfresco-content-services chart doc](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for an example of how to leverage this chart from an umbrella chart. + {{ template "chart.homepageLine" . }} {{ template "chart.maintainersSection" . }} @@ -14,5 +16,3 @@ {{ template "chart.requirementsSection" . }} {{ template "chart.valuesSection" . }} - -Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for information on the Helm charts and deployment instructions. diff --git a/charts/alfresco-sync-service/ci/default-values.yaml b/charts/alfresco-sync-service/ci/default-values.yaml index 0d6b1f97..8f27fc36 100644 --- a/charts/alfresco-sync-service/ci/default-values.yaml +++ b/charts/alfresco-sync-service/ci/default-values.yaml @@ -1,10 +1,39 @@ --- repository: host: dummy-repo + port: 80 activemq: - enabled: true + fullnameOverride: mqsync + adminUser: + user: &mquser admin + password: &mqpass admin messageBroker: - nameOverride: mqsync + url: failover:(nio://mqsync-broker:61616) + username: *mquser + password: *mqpass postgresql: - enabled: true - nameOverride: pgsync + fullnameOverride: pgsync + auth: + enablePostgresUser: false + username: &dbuser alfresco + password: &dbpass admin + database: alfresco-sync + primary: + extendedConfiguration: | + shared_buffers = 256MB + max_connections = 100 + wal_level = minimal + max_wal_senders = 0 + max_replication_slots = 0 + effective_cache_size = 1024GB + log_min_messages = LOG + resources: + limits: + cpu: "2" + memory: "2Gi" +database: + url: jdbc:postgresql://pgsync/alfresco-sync + username: *dbuser + password: *dbpass +tags: + ci: true diff --git a/charts/alfresco-sync-service/templates/NOTES.txt b/charts/alfresco-sync-service/templates/NOTES.txt deleted file mode 100644 index 3d482969..00000000 --- a/charts/alfresco-sync-service/templates/NOTES.txt +++ /dev/null @@ -1,45 +0,0 @@ -Alfresco Sync Service - - - _;p@@BBBB@@pw_ - ,@B@@@@@@@@@@@@@@BW_ - 0B@@@@@@@@@@@@@@@@@@@N_ - _,pp@@@@@pw,_ "0E@@@@@@@@@@@@@@@@@m $@@@pw,_ - ,@B@@@@@@@@@@BBBBW, TN@@@@@@@@@@@@BBBBb $LLLLLL@h_ - ;0@@@@@@@@@@@@BBBBBBBBp 0@@@@@@@@BBBBBBBB ]LLLLLLLLL@, - @@@@@@@@@@@@@@@BBBBBBBBRN """""TRR0BBBBBBBb 'LLP```$LLLLh - 0@@@@@@@@@@@@@@@BBR^" "MRB0L !P }LLLLL@ - $@@@@@@@@@@@@@@@P" ^ }LLLLLLb - ]@@@ENB0BNE@@B" }LLLLLLL - P"` ___ ` ,,wm p@mww, $55LLLLP - _a@@BBBBBBR" ,a@BBBBB $@bBBBB@m :,``,^}" - _pB@0BBBBBBBB" {EB0BBBBB $@bBBBM" ;`````L p_ - @N@@@@0BBBBBB" y, TBE0BBB $@bR^ :```,` @@@b_ - ,0@@@@@@@E0BBBE |BB@p T0@0B $@B :`,^ ,@@@@@N_ - 6@@@@@@@@@@EBB ABBBBBp "0b 0P ,mm-,,,,,,,,,,,,,,+^` ,@@@@@@@@N - ]E@@@@@@@@@@@@@ ,BBBBBBBBW_ ` ^""`````````````` _,pB@@@@@@@@@@b - ]@@@@@@@@@@@@@@ ^MMMMMMMMMM- .,,,,,,,,,, '0@@@@@@@@@@@@@b - ]E@@@@@@@@@@BP` _wwwwwwwwwwwww _ `0@@@@@@@@L $@@@@@@@@@@@@@E - 'N@@@@@@@BP ,@BRBRRRRRRRRRRRRRNNP ,@ ]@_ `TB@bbbB '@@@@@@@@@@@@@E - lN@@@@NP _@BbE ]@E $@@@, TBbbL jbbB@@@@@@@@@E" - '0@@B aBbbbE ,@B@E $@B@@@p TE BbbbbB@@@@@@B - '0 @@bbbbE ,@BbB@E $@bbB@@Bp @bbbbbbb@@@P` - ]NBBbbbE #BbbbbB@E $@bbbbR" @@@@@@@BRM" - $@@@@@Eb '"R0BB@E 0BRM" ```` _,w - $@@@@@@b ,@E@@@@@@@@N@@E - ]@@@@@@b ,@@@@@@@@@@@@@@@P - N@@@@@b ,L !@w_ ,#B@@@@@@@@@@@@@@@B - `0@@@@b _@@L [NbbB@Ww,,_ ,,p@BBbbbB@@@@@@@@@@@@@B - T@@@@@@@@@@b 'BbbbbbbBB@@bbbb@p TBbbbbbbbb@@@@@@@@@@@@P - "0@@@@@@@b 0@bb@BB@@@@@@@@@@Np "0BbbbB@@@@@@@@@@B" - `"MNNNEb 0BB@@@@@@@@@@@@@@@@p_ `"RNNNNNNNP"` - 'N@@@@@@@@@@@@@@@@@@E@p - "0@@@@@@@@@@@@@@@@B" - `TNNE@@@@ENBP" - - -Sync endpoint available at {{ printf "%s/%s" (default "" .Values.ingress.hostName) .Values.ingress.path }} -Using required components: - - Content repostory: http://{{ .Values.repository.host }}:{{ .Values.repository.port }} - - ActiveMQ: {{ template "alfresco-sync-service.brokerUrl" . }} - - SQL datbase: {{ template "alfresco-sync-service.dbUrl" . }} diff --git a/charts/alfresco-sync-service/templates/_helpers-db.tpl b/charts/alfresco-sync-service/templates/_helpers-db.tpl deleted file mode 100644 index 3f93d0c6..00000000 --- a/charts/alfresco-sync-service/templates/_helpers-db.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Get Database Username -*/}} -{{- define "alfresco-sync-service.dbUser" -}} -{{- $defaultUser := "alfresco" }} -{{- if .Values.postgresql.enabled }} -{{- coalesce .Values.postgresql.auth.username $defaultUser }} -{{- else }} -{{- coalesce .Values.database.user $defaultUser }} -{{- end }} -{{- end -}} - -{{/* -Get Database Password -*/}} -{{- define "alfresco-sync-service.dbPass" -}} -{{- $defaultPass := "admin" }} -{{- if .Values.postgresql.enabled }} -{{- coalesce .Values.postgresql.auth.password $defaultPass }} -{{- else }} -{{- coalesce .Values.database.password $defaultPass }} -{{- end }} -{{- end -}} - -{{/* -Get Database Driver -*/}} -{{- define "alfresco-sync-service.dbDriver" -}} -{{- $defaultDriver := "org.postgresql.Driver" }} -{{- if .Values.postgresql.enabled }} -{{- $defaultDriver }} -{{- else }} -{{- coalesce .Values.database.driver $defaultDriver }} -{{- end }} -{{- end -}} - -{{/* -Get Database URL -*/}} -{{- define "alfresco-sync-service.dbUrl" -}} -{{- if .Values.postgresql.enabled }} -{{- $pgsvcname := printf "%s-%s" .Release.Name .Values.postgresql.nameOverride }} -{{- $pgsvcport := "" }} -{{- if hasKey .Values.postgresql.primary "service" }} -{{- $pgsvcport := printf ":%s" (.Values.postgresql.primary.service.port | default 5432) }} -{{- end }} -{{- printf "jdbc:postgresql://%s%s/%s" $pgsvcname $pgsvcport .Values.postgresql.auth.database }} -{{- else }} -{{- required "To enable SyncService external database please provide .database.url" .Values.database.url }} -{{- end }} -{{- end -}} diff --git a/charts/alfresco-sync-service/templates/_helpers-mq.tpl b/charts/alfresco-sync-service/templates/_helpers-mq.tpl deleted file mode 100644 index 75f803b3..00000000 --- a/charts/alfresco-sync-service/templates/_helpers-mq.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Get ActiveMQ URL -*/}} -{{- define "alfresco-sync-service.brokerUrl" -}} -{{- $brokerOptions := "?timeout=3000&jms.useCompression=true" }} -{{- $brokerPort := .Values.activemq.services.broker.ports.external.openwire | int }} -{{- if .Values.activemq.enabled }} -{{- $brokerHostname := include "activemq.fullname" (dict "Values" .Values.activemq "Chart" .Chart "Release" .Release) }} -{{- printf "failover:(nio://%s-broker:%d)%s" $brokerHostname $brokerPort $brokerOptions }} -{{- else }} -{{- coalesce .Values.messageBroker.url .Values.global.messageBroker.url (printf "failover:(nio://%s-%s-broker:%d)%s" .Release.Name .Values.messageBroker.nameOverride $brokerPort $brokerOptions) -}} -{{- end }} -{{- end -}} - -{{/* -Get ActiveMQ Username -*/}} -{{- define "alfresco-sync-service.brokerUser" -}} -{{- if .Values.activemq.enabled }} -{{- .Values.activemq.adminUser.user -}} -{{- else }} -{{- coalesce .Values.messageBroker.user .Values.global.messageBroker.user "alfresco" -}} -{{- end }} -{{- end -}} - -{{/* -Get ActiveMQ Password -*/}} -{{- define "alfresco-sync-service.brokerPass" -}} -{{- if .Values.activemq.enabled }} -{{- .Values.activemq.adminUser.password -}} -{{- else }} -{{- coalesce .Values.messageBroker.password .Values.global.messageBroker.password "admin" -}} -{{- end }} -{{- end -}} - -{{/* -Get ActiveMQ secret -*/}} -{{- define "alfresco-sync-service.brokerSecret" -}} -{{- if .Values.activemq.enabled }} -{{- coalesce .Values.activemq.existingSecretName (printf "%s-messagebroker-secret" (include "alfresco-sync-service.fullname" . )) -}} -{{- else }} -{{- coalesce .Values.messageBroker.existingSecretName .Values.global.messageBroker.existingSecretName -}} -{{- end }} -{{- end -}} diff --git a/charts/alfresco-sync-service/templates/_helpers-name.tpl b/charts/alfresco-sync-service/templates/_helpers-name.tpl new file mode 100644 index 00000000..1832fb57 --- /dev/null +++ b/charts/alfresco-sync-service/templates/_helpers-name.tpl @@ -0,0 +1,35 @@ +{{/* +Compute database related resources name + +Usage "alfresco-sync-service.database" $ + +*/}} + +{{- define "alfresco-sync-service.database" -}} +{{- $ctx := dict "Values" (dict "nameOverride" "alfresco-sync-database") "Chart" .Chart "Release" .Release }} +{{- template "alfresco-sync-service.fullname" $ctx }} +{{- end -}} + +{{/* +Compute message broker related resources name + +Usage "alfresco-sync-service.message-broker" $ + +*/}} + +{{- define "alfresco-sync-service.message-broker" -}} +{{- $ctx := dict "Values" (dict "nameOverride" "alfresco-sync-mq") "Chart" .Chart "Release" .Release }} +{{- template "alfresco-sync-service.fullname" $ctx }} +{{- end -}} + +{{/* +Compute repository related resources name + +Usage "alfresco-sync-service.repository" $ + +*/}} + +{{- define "alfresco-sync-service.repository" -}} +{{- $ctx := dict "Values" (dict "nameOverride" "alfresco-sync-repo") "Chart" .Chart "Release" .Release }} +{{- template "alfresco-sync-service.fullname" $ctx }} +{{- end -}} diff --git a/charts/alfresco-sync-service/templates/_helpers.tpl b/charts/alfresco-sync-service/templates/_helpers.tpl index 2375db12..845f8c67 100644 --- a/charts/alfresco-sync-service/templates/_helpers.tpl +++ b/charts/alfresco-sync-service/templates/_helpers.tpl @@ -50,6 +50,17 @@ app.kubernetes.io/name: {{ include "alfresco-sync-service.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Create the name of the service account to use +*/}} +{{- define "alfresco-sync-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "alfresco-sync-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + {{- define "alfresco-sync-service.repository" -}} {{- if .Values.repository.nameOverride }} {{- printf "%s-%s" .Release.Name .Values.repository.nameOverride | trunc 63 | trimSuffix "-" }} diff --git a/charts/alfresco-sync-service/templates/config-syncservice.yaml b/charts/alfresco-sync-service/templates/config-syncservice.yaml deleted file mode 100644 index cbd6eed9..00000000 --- a/charts/alfresco-sync-service/templates/config-syncservice.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "alfresco-sync-service.fullname" . }}-configmap - labels: - {{- include "alfresco-sync-service.labels" . | nindent 4 }} -data: - JAVA_OPTS: >- - -Dsql.db.url={{ include "alfresco-sync-service.dbUrl" . }} - -Dsql.db.driver={{ include "alfresco-sync-service.dbDriver" . | quote }} - -Dsql.db.username=$DATABASE_USERNAME - -Dsql.db.password=$DATABASE_PASSWORD - -Drepo.hostname={{ template "alfresco-sync-service.repository" . }} - -Drepo.port={{ .Values.repository.port }} - -Ddw.server.applicationConnectors[0].type=http - -Dmessaging.broker.url=$BROKER_URL - -Dmessaging.username=$BROKER_USERNAME - -Dmessaging.password=$BROKER_PASSWORD - {{ .Values.environment.JAVA_OPTS }} - {{ .Values.environment.EXTRA_JAVA_OPTS }} diff --git a/charts/alfresco-sync-service/templates/configmap-database.yaml b/charts/alfresco-sync-service/templates/configmap-database.yaml new file mode 100644 index 00000000..5f4065e5 --- /dev/null +++ b/charts/alfresco-sync-service/templates/configmap-database.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.database.existingConfigMap.name }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: >- + {{ template "alfresco-sync-service.database" . }} + labels: + {{- include "alfresco-sync-service.labels" . | nindent 4 }} +data: + {{- with .Values.database }} + DATABASE_URL: {{ hasPrefix "jdbc:" .url | ternary .url (print "jdbc:" .url) }} + DATABASE_DRIVER: {{ template "alfresco-common.db.driver" . }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-sync-service/templates/configmap-mq.yaml b/charts/alfresco-sync-service/templates/configmap-mq.yaml new file mode 100644 index 00000000..68d45265 --- /dev/null +++ b/charts/alfresco-sync-service/templates/configmap-mq.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.messageBroker.existingConfigMap.name }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: >- + {{ template "alfresco-sync-service.message-broker" $ }} + labels: + {{- include "alfresco-sync-service.labels" . | nindent 4 }} +data: + {{- with .Values.messageBroker }} + {{ template "alfresco-common.activemq.cm" .url }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-sync-service/templates/configmap-repository.yaml b/charts/alfresco-sync-service/templates/configmap-repository.yaml new file mode 100644 index 00000000..a28d97e1 --- /dev/null +++ b/charts/alfresco-sync-service/templates/configmap-repository.yaml @@ -0,0 +1,18 @@ +{{- if not .Values.repository.existingConfigMap.name }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: >- + {{ template "alfresco-sync-service.repository" $ }} + labels: + {{- include "alfresco-sync-service.labels" . | nindent 4 }} +data: + {{- with .Values.repository }} + {{- $reqmsg := "You must provide repository details throught values or using an existing configmap" }} + REPO_HOST: {{ required $reqmsg .host }} + REPO_PORT: {{ required $reqmsg .port | quote }} + {{- with .scheme }} + REPO_SCHEME: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-sync-service/templates/configmap-syncservice.yaml b/charts/alfresco-sync-service/templates/configmap-syncservice.yaml new file mode 100644 index 00000000..b0334a81 --- /dev/null +++ b/charts/alfresco-sync-service/templates/configmap-syncservice.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "alfresco-sync-service.fullname" . }} + labels: + {{- include "alfresco-sync-service.labels" . | nindent 4 }} +data: + JAVA_OPTS: >- + -Dsql.db.url=$DATABASE_URL + -Dsql.db.driver=$DATABASE_DRIVER + -Dsql.db.username=$DATABASE_USERNAME + -Dsql.db.password=$DATABASE_PASSWORD + -Drepo.hostname=$REPO_HOST + -Drepo.port=$REPO_PORT + -Drepo.scheme=${REPO_SCHEME:-http} + -Ddw.server.applicationConnectors[0].type=http + -Dmessaging.broker.url=$BROKER_URL + -Dmessaging.username=$BROKER_USERNAME + -Dmessaging.password=$BROKER_PASSWORD + {{- with .Values.environment }} + {{ .JAVA_OPTS }} + {{- end }} + {{- range $key, $val := omit .Values.environment "JAVA_OPTS" }} + {{- $key }}: {{ $val | quote | nindent 2 }} + {{- end }} diff --git a/charts/alfresco-sync-service/templates/deployment-syncservice.yaml b/charts/alfresco-sync-service/templates/deployment-syncservice.yaml deleted file mode 100644 index bdbd07bc..00000000 --- a/charts/alfresco-sync-service/templates/deployment-syncservice.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "alfresco-sync-service.fullname" . }} - labels: - {{- include "alfresco-sync-service.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "alfresco-sync-service.selectorLabels" . | nindent 6 }} - strategy: - type: RollingUpdate - rollingUpdate: -{{ toYaml .Values.global.strategy.rollingUpdate | indent 6 }} - template: - metadata: - labels: - {{- include "alfresco-sync-service.selectorLabels" . | nindent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/config-syncservice.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret-database.yaml") . | sha256sum }} - spec: - {{- include "component-pod-security-context" .Values | indent 4 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }} - {{- end }} - {{- include "alfresco-content-services.imagePullSecrets" . | indent 6 }} - terminationGracePeriodSeconds: 60 - containers: - - name: syncservice - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- include "component-security-context" .Values | indent 6 }} - envFrom: - - secretRef: - name: {{ template "alfresco-sync-service.fullname" . }}-dbsecret - - configMapRef: - name: {{ template "alfresco-sync-service.fullname" . }}-configmap - - secretRef: - name: {{ template "alfresco-sync-service.brokerSecret" . }} - ports: - - name: serviceport - containerPort: 9090 - resources: {{- toYaml .Values.resources | nindent 12 }} - readinessProbe: - httpGet: - path: /alfresco/healthcheck - port: serviceport - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - livenessProbe: - httpGet: - path: /alfresco/healthcheck - port: serviceport - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - lifecycle: - preStop: - exec: - command: ["/opt/alfresco-sync-service/sync_service_entrypoint.sh", "stop"] diff --git a/charts/alfresco-sync-service/templates/deployment.yaml b/charts/alfresco-sync-service/templates/deployment.yaml new file mode 100644 index 00000000..92bf55ab --- /dev/null +++ b/charts/alfresco-sync-service/templates/deployment.yaml @@ -0,0 +1,136 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "alfresco-sync-service.fullname" . }} + labels: + {{- include "alfresco-sync-service.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "alfresco-sync-service.selectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + rollingUpdate: +{{ toYaml .Values.global.strategy.rollingUpdate | indent 6 }} + template: + metadata: + labels: + {{- include "alfresco-sync-service.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "alfresco-common.component-pod-security-context" .Values | indent 4 }} + serviceAccountName: {{ include "alfresco-sync-service.serviceAccountName" . }} + {{- include "alfresco-common.imagePullSecrets" . | indent 6 }} + terminationGracePeriodSeconds: {{ .terminationGracePeriodSeconds }} + containers: + - name: syncservice + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- include "alfresco-common.component-security-context" .Values | indent 6 }} + envFrom: + - configMapRef: + name: {{ template "alfresco-sync-service.fullname" . }} + env: + {{- with .Values.database }} + {{- $dbSecret := coalesce .existingSecret.name (include "alfresco-sync-service.database" $) }} + {{- $dbCm := coalesce .existingConfigMap.name (include "alfresco-sync-service.database" $) }} + - name: DATABASE_USERNAME + valueFrom: + secretKeyRef: + name: {{ $dbSecret }} + key: {{ .existingSecret.keys.username }} + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $dbSecret }} + key: {{ .existingSecret.keys.password }} + - name: DATABASE_URL + valueFrom: + configMapKeyRef: + name: {{ $dbCm }} + key: {{ .existingConfigMap.keys.url }} + - name: DATABASE_DRIVER + valueFrom: + configMapKeyRef: + name: {{ $dbCm }} + key: {{ .existingConfigMap.keys.driver }} + {{- end }} + {{- with .Values.messageBroker }} + {{- $mqSecret := coalesce .existingSecret.name (include "alfresco-sync-service.message-broker" $) }} + {{- $mqCm := coalesce .existingConfigMap.name (include "alfresco-sync-service.message-broker" $) }} + - name: BROKER_USERNAME + valueFrom: + secretKeyRef: + name: {{ $mqSecret }} + key: {{ .existingSecret.keys.username }} + - name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $mqSecret }} + key: {{ .existingSecret.keys.password }} + - name: BROKER_URL + valueFrom: + configMapKeyRef: + name: {{ $mqCm }} + key: {{ .existingConfigMap.keys.url }} + {{- end }} + {{- with .Values.repository }} + {{- $repoCm := coalesce .existingConfigMap.name (include "alfresco-sync-service.repository" $) }} + - name: REPO_HOST + valueFrom: + configMapKeyRef: + name: {{ $repoCm }} + key: {{ .existingConfigMap.keys.host }} + - name: REPO_PORT + valueFrom: + configMapKeyRef: + name: {{ $repoCm }} + key: {{ .existingConfigMap.keys.port }} + - name: REPO_SCHEME + valueFrom: + configMapKeyRef: + name: {{ $repoCm }} + key: {{ .existingConfigMap.keys.scheme }} + optional: true + {{- end }} + ports: + - name: serviceport + containerPort: 9090 + resources: {{- toYaml .Values.resources | nindent 12 }} + readinessProbe: + httpGet: + path: /alfresco/healthcheck + port: serviceport + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + livenessProbe: + httpGet: + path: /alfresco/healthcheck + port: serviceport + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + lifecycle: + preStop: + exec: + command: ["/opt/alfresco-sync-service/sync_service_entrypoint.sh", "stop"] + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/alfresco-sync-service/templates/ingress.yaml b/charts/alfresco-sync-service/templates/ingress.yaml index ff78387f..8e2867fb 100644 --- a/charts/alfresco-sync-service/templates/ingress.yaml +++ b/charts/alfresco-sync-service/templates/ingress.yaml @@ -1,11 +1,10 @@ {{- $serviceName := (include "alfresco-sync-service.fullname" .) -}} {{- $servicePort := .Values.service.externalPort -}} -apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ template "alfresco-sync-service.fullname" . }}-ingress + name: {{ template "alfresco-sync-service.fullname" . }} annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /alfresco/$2 nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/session-cookie-name: "sync_affinity_route" @@ -15,6 +14,7 @@ metadata: {{- end }} spec: + ingressClassName: nginx {{- if .Values.ingress.tls }} tls: {{- range .Values.ingress.tls }} @@ -34,7 +34,5 @@ spec: {{- end }} paths: - path: {{ .Values.ingress.path }}(/|$)(.*) - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: Prefix - {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $) | nindent 10 }} diff --git a/charts/alfresco-sync-service/templates/secret-database.yaml b/charts/alfresco-sync-service/templates/secret-database.yaml index 1e3017e3..e3c284d5 100644 --- a/charts/alfresco-sync-service/templates/secret-database.yaml +++ b/charts/alfresco-sync-service/templates/secret-database.yaml @@ -1,10 +1,14 @@ +{{- if not .Values.database.existingSecret.name }} apiVersion: v1 kind: Secret metadata: - name: {{ template "alfresco-sync-service.fullname" . }}-dbsecret + name: >- + {{ template "alfresco-sync-service.database" $ }} labels: {{- include "alfresco-sync-service.labels" . | nindent 4 }} type: Opaque +{{- $reqmsg := "Either provide database credentials as values, or provide a secret that contains them." }} data: - DATABASE_USERNAME: {{ include "alfresco-sync-service.dbUser" . | b64enc | quote }} - DATABASE_PASSWORD: {{ include "alfresco-sync-service.dbPass" . | b64enc | quote }} + DATABASE_USERNAME: {{ required $reqmsg .Values.database.username | b64enc | quote }} + DATABASE_PASSWORD: {{ required $reqmsg .Values.database.password | b64enc | quote }} +{{- end }} diff --git a/charts/alfresco-sync-service/templates/secret-message-broker.yaml b/charts/alfresco-sync-service/templates/secret-message-broker.yaml index 41f2b236..69b5060d 100644 --- a/charts/alfresco-sync-service/templates/secret-message-broker.yaml +++ b/charts/alfresco-sync-service/templates/secret-message-broker.yaml @@ -1,13 +1,13 @@ -{{- if not .Values.messageBroker.existingSecretName }} +{{- if not .Values.messageBroker.existingSecret.name }} apiVersion: v1 kind: Secret metadata: - name: {{ template "alfresco-sync-service.fullname" . }}-messagebroker-secret + name: {{ template "alfresco-sync-service.message-broker" $ }} labels: {{- include "alfresco-sync-service.labels" . | nindent 4 }} type: Opaque data: - BROKER_URL: {{ include "alfresco-sync-service.brokerUrl" . | b64enc | quote }} - BROKER_USERNAME: {{ include "alfresco-sync-service.brokerUser" . | b64enc | quote }} - BROKER_PASSWORD: {{ include "alfresco-sync-service.brokerPass" . | b64enc | quote }} + {{- $reqmsg := "Either provide message broker credentials as values, or provide a secret that contains them." }} + BROKER_USERNAME: {{ required $reqmsg .Values.messageBroker.username | b64enc | quote }} + BROKER_PASSWORD: {{ required $reqmsg .Values.messageBroker.password | b64enc | quote }} {{- end }} diff --git a/charts/alfresco-sync-service/templates/serviceaccount.yaml b/charts/alfresco-sync-service/templates/serviceaccount.yaml new file mode 100644 index 00000000..8e8e5bd4 --- /dev/null +++ b/charts/alfresco-sync-service/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "alfresco-sync-service.serviceAccountName" . }} + labels: + {{- include "alfresco-sync-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-sync-service/tests/database_test.yaml b/charts/alfresco-sync-service/tests/database_test.yaml index 13e7c794..7263fdf4 100644 --- a/charts/alfresco-sync-service/tests/database_test.yaml +++ b/charts/alfresco-sync-service/tests/database_test.yaml @@ -1,24 +1,24 @@ --- suite: test database secret templates: - - config-syncservice.yaml + - configmap-database.yaml - secret-database.yaml tests: - - it: should render default JDBC values + - it: should render JDBC values + values: &testvalues + - values/test_values.yaml set: postgresql: enabled: true + template: configmap-database.yaml asserts: - - matchRegex: - path: data.JAVA_OPTS - pattern: >- - -Dsql\.db\.url=jdbc:postgresql:\/\/RELEASE-NAME-postgresql-syncservice\/alfrescosync\s+ - template: config-syncservice.yaml - - matchRegex: - path: data.JAVA_OPTS - pattern: >- - -Dsql\.db\.driver="org.postgresql.Driver"\s+ - template: config-syncservice.yaml + - equal: + path: data.DATABASE_URL + value: >- + jdbc:postgresql://postgresql-syncservice/alfresco-sync + - equal: + path: data.DATABASE_DRIVER + value: org.postgresql.Driver - equal: path: data.DATABASE_USERNAME value: YWxmcmVzY28= @@ -27,24 +27,21 @@ tests: path: data.DATABASE_PASSWORD value: YWRtaW4= template: secret-database.yaml - - it: should render provided JDBC varlues + - it: should render provided JDBC values set: database: url: jdbc:mysql://mysqldb:1234/somedb - user: scott + username: scott password: tiger driver: com.mysql.cj.jdbc.Driver + template: configmap-database.yaml asserts: - - matchRegex: - path: data.JAVA_OPTS - pattern: >- - -Dsql\.db\.url=jdbc:mysql://mysqldb:1234/somedb\s+ - template: config-syncservice.yaml - - matchRegex: - path: data.JAVA_OPTS - pattern: >- - -Dsql\.db\.driver="com.mysql.cj.jdbc.Driver"\s+ - template: config-syncservice.yaml + - equal: + path: data.DATABASE_URL + value: jdbc:mysql://mysqldb:1234/somedb + - equal: + path: data.DATABASE_DRIVER + value: com.mysql.cj.jdbc.Driver - equal: path: data.DATABASE_USERNAME value: c2NvdHQ= diff --git a/charts/alfresco-sync-service/tests/deployment-syncservice_test.yaml b/charts/alfresco-sync-service/tests/deployment-syncservice_test.yaml deleted file mode 100644 index b7befda3..00000000 --- a/charts/alfresco-sync-service/tests/deployment-syncservice_test.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -suite: test deployment -templates: - - deployment-syncservice.yaml - - config-syncservice.yaml - - secret-database.yaml -tests: - - it: should have basic metadata in place - set: &values - postgresql: - enabled: true - asserts: - - equal: - path: metadata.name - value: RELEASE-NAME-alfresco-sync-service - template: deployment-syncservice.yaml - - - it: should render cpu and memory limits - set: *values - asserts: - - equal: - path: spec.template.spec.containers[0].resources - value: - requests: - cpu: "0.5" - memory: "800Mi" - limits: - cpu: "2" - memory: "2000Mi" - template: deployment-syncservice.yaml diff --git a/charts/alfresco-sync-service/tests/deployment_test.yaml b/charts/alfresco-sync-service/tests/deployment_test.yaml new file mode 100644 index 00000000..7027bc33 --- /dev/null +++ b/charts/alfresco-sync-service/tests/deployment_test.yaml @@ -0,0 +1,289 @@ +--- +suite: test deployment +templates: + - deployment.yaml + - serviceaccount.yaml +tests: + - it: should render deployment with some defaults + template: deployment.yaml + values: &testvalues + - values/test_values.yaml + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-alfresco-sync-service + - isNull: + path: spec.template.spec.nodeSelector + - isNull: + path: spec.template.spec.affinity + - isNull: + path: spec.template.spec.tolerations + - equal: + path: spec.template.spec.containers[0].resources + value: + requests: + cpu: "0.5" + memory: "800Mi" + limits: + cpu: "2" + memory: "2000Mi" + - contains: + path: spec.template.spec.containers[0].env + content: + name: REPO_HOST + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-alfresco-sync-repo + key: REPO_HOST + - contains: + path: spec.template.spec.containers[0].env + content: + name: REPO_PORT + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-alfresco-sync-repo + key: REPO_PORT + - contains: + path: spec.template.spec.containers[0].env + content: + name: REPO_SCHEME + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-alfresco-sync-repo + key: REPO_SCHEME + optional: true + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_URL + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-alfresco-sync-database + key: DATABASE_URL + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_DRIVER + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-alfresco-sync-database + key: DATABASE_DRIVER + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_USERNAME + valueFrom: + secretKeyRef: + name: RELEASE-NAME-alfresco-sync-database + key: DATABASE_USERNAME + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-alfresco-sync-database + key: DATABASE_PASSWORD + - contains: + path: spec.template.spec.containers[0].env + content: + name: BROKER_URL + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-alfresco-sync-mq + key: BROKER_URL + - contains: + path: spec.template.spec.containers[0].env + content: + name: BROKER_USERNAME + valueFrom: + secretKeyRef: + name: RELEASE-NAME-alfresco-sync-mq + key: BROKER_USERNAME + - contains: + path: spec.template.spec.containers[0].env + content: + name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-alfresco-sync-mq + key: BROKER_PASSWORD + - it: should render deployment with pre-exisiting resources and without a service account + set: + repository: + existingConfigMap: + name: myrepo + keys: + host: ACS_HOST + port: ACS_PORT + scheme: ACS_PROTO + database: + existingConfigMap: + name: mydb + keys: + url: DBURL + driver: DBDRIVER + existingSecret: + name: mydbcreds + keys: + username: DBUSER + password: DBPASS + messageBroker: + existingConfigMap: + name: mymq + keys: + url: MQURL + existingSecret: + name: mymqcreds + keys: + username: MQUSER + password: MQPASS + serviceAccount: + create: false + name: null + template: deployment.yaml + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: default + - hasDocuments: + count: 0 + template: serviceaccount.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: REPO_HOST + valueFrom: + configMapKeyRef: + name: myrepo + key: ACS_HOST + - contains: + path: spec.template.spec.containers[0].env + content: + name: REPO_PORT + valueFrom: + configMapKeyRef: + name: myrepo + key: ACS_PORT + - contains: + path: spec.template.spec.containers[0].env + content: + name: REPO_SCHEME + valueFrom: + configMapKeyRef: + name: myrepo + key: ACS_PROTO + optional: true + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_URL + valueFrom: + configMapKeyRef: + name: mydb + key: DBURL + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_DRIVER + valueFrom: + configMapKeyRef: + name: mydb + key: DBDRIVER + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_USERNAME + valueFrom: + secretKeyRef: + name: mydbcreds + key: DBUSER + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: mydbcreds + key: DBPASS + - contains: + path: spec.template.spec.containers[0].env + content: + name: BROKER_URL + valueFrom: + configMapKeyRef: + name: mymq + key: MQURL + - contains: + path: spec.template.spec.containers[0].env + content: + name: BROKER_USERNAME + valueFrom: + secretKeyRef: + name: mymqcreds + key: MQUSER + - contains: + path: spec.template.spec.containers[0].env + content: + name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + name: mymqcreds + key: MQPASS + - it: should have customized metadata in place in deployment + template: deployment.yaml + values: *testvalues + set: + nameOverride: dsync + nodeSelector: + disktype: ssd + tolerations: + - key: "skipme" + operator: "Exists" + effect: "NoSchedule" + affinity: |- + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + podLabels: + env: qa + podAnnotations: + some.annotations.for.stuff: something + some.annotations.for.otherstuff: somethingelse + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-dsync + - contains: + path: >- + spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms + content: + matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - contains: + path: spec.template.spec.tolerations + content: + key: "skipme" + operator: "Exists" + effect: "NoSchedule" + - isSubset: + path: spec.template.metadata.labels + content: + env: qa + - isSubset: + path: spec.template.metadata.annotations + content: + some.annotations.for.stuff: something + some.annotations.for.otherstuff: somethingelse + - isSubset: + path: spec.template.spec.nodeSelector + content: + disktype: ssd diff --git a/charts/alfresco-sync-service/tests/mq_test.yaml b/charts/alfresco-sync-service/tests/mq_test.yaml index 2c7474f8..e43ea921 100644 --- a/charts/alfresco-sync-service/tests/mq_test.yaml +++ b/charts/alfresco-sync-service/tests/mq_test.yaml @@ -2,79 +2,55 @@ suite: test MQ config templates: - secret-message-broker.yaml + - configmap-mq.yaml tests: - - it: should render default ActiveMQ details - set: - activemq: - enabled: true + - it: should render default ActiveMQ crdentials + values: &testvalues + - values/test_values.yaml + template: secret-message-broker.yaml asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-alfresco-sync-mq - equal: path: data.BROKER_URL - value: >- - ZmFpbG92ZXI6KG5pbzovL1JFTEVBU0UtTkFNRS1hY3RpdmVtcS1icm9rZXI6NjE2MTYpP3RpbWVvdXQ9MzAwMCZqbXMudXNlQ29tcHJlc3Npb249dHJ1ZQ== - template: secret-message-broker.yaml + value: failover:(nio://activemq:61616) + template: configmap-mq.yaml - equal: path: data.BROKER_USERNAME value: YWRtaW4= - template: secret-message-broker.yaml - equal: path: data.BROKER_PASSWORD value: YWRtaW4= - template: secret-message-broker.yaml - - it: should render broker URL based on sole nameOverride - set: - messageBroker: - url: - nameOverride: aKnownBrokerName - asserts: - - equal: - path: data.BROKER_URL - value: >- - ZmFpbG92ZXI6KG5pbzovL1JFTEVBU0UtTkFNRS1hS25vd25Ccm9rZXJOYW1lLWJyb2tlcjo2MTYxNik/dGltZW91dD0zMDAwJmptcy51c2VDb21wcmVzc2lvbj10cnVl - template: secret-message-broker.yaml - it: should render custom MQ config from dedicated Values context + values: *testvalues set: - global: - messageBroker: - url: failover:(ssl://globalmq-1:61617) - user: globaluser - password: globalpass + nameOverride: sync messageBroker: url: >- failover:(ssl://somemoresecuremq-1:61617,ssl://somemoresecuremq-2:61617) - user: scott + username: scott password: tiger + template: secret-message-broker.yaml asserts: - equal: path: data.BROKER_URL value: >- - ZmFpbG92ZXI6KHNzbDovL3NvbWVtb3Jlc2VjdXJlbXEtMTo2MTYxNyxzc2w6Ly9zb21lbW9yZXNlY3VyZW1xLTI6NjE2MTcp - template: secret-message-broker.yaml + failover:(ssl://somemoresecuremq-1:61617,ssl://somemoresecuremq-2:61617) + template: configmap-mq.yaml - equal: path: data.BROKER_USERNAME value: c2NvdHQ= - template: secret-message-broker.yaml - equal: path: data.BROKER_PASSWORD value: dGlnZXI= - template: secret-message-broker.yaml - - it: should render custom MQ config from global context + - it: should not render an MQ secrets + values: *testvalues set: - global: - messageBroker: - url: failover:(ssl://globalmq-1:61617) - user: globaluser - password: globalpass + messageBroker: + existingSecret: + name: mqcreds + template: secret-message-broker.yaml asserts: - - equal: - path: data.BROKER_URL - value: ZmFpbG92ZXI6KHNzbDovL2dsb2JhbG1xLTE6NjE2MTcp - template: secret-message-broker.yaml - - equal: - path: data.BROKER_USERNAME - value: Z2xvYmFsdXNlcg== - template: secret-message-broker.yaml - - equal: - path: data.BROKER_PASSWORD - value: Z2xvYmFscGFzcw== - template: secret-message-broker.yaml + - hasDocuments: + count: 0 diff --git a/charts/alfresco-sync-service/tests/repo_test.yaml b/charts/alfresco-sync-service/tests/repo_test.yaml index 9cf76195..a1900e3a 100644 --- a/charts/alfresco-sync-service/tests/repo_test.yaml +++ b/charts/alfresco-sync-service/tests/repo_test.yaml @@ -1,50 +1,30 @@ --- suite: test deployment templates: - - config-syncservice.yaml + - configmap-repository.yaml tests: - - it: should render default options + - it: should NOT render the repository confgimap set: - postgresql: - enabled: true - asserts: - - matchRegex: - path: data.JAVA_OPTS - pattern: >- - -Drepo.hostname=alfresco-cs-repository\s+ - - matchRegex: - path: data.JAVA_OPTS - pattern: >- - -Drepo.port=80\s+ - - it: should render options based on repo nameOverride - set: - postgresql: - enabled: true repository: - nameOverride: myKnownServiceName - port: 8080 + existingConfigMap: + name: mycm + asserts: + - hasDocuments: + count: 0 + - it: should fail render the repository confgimap asserts: - - matchRegex: - path: data.JAVA_OPTS - pattern: >- - -Drepo.hostname=RELEASE-NAME-myKnownServiceName\s+ - - matchRegex: - path: data.JAVA_OPTS - pattern: >- - -Drepo.port=8080\s+ - - it: should render options as provided in values + - failedTemplate: + errorMessage: >- + You must provide repository details throught values or using an existing configmap + - it: should render options based on repo values set: - postgresql: - enabled: true repository: - host: somerepohost - port: 8888 + host: acs-alfresco-repository + port: 80 asserts: - - matchRegex: - path: data.JAVA_OPTS - pattern: >- - -Drepo.hostname=somerepohost\s+ - - matchRegex: - path: data.JAVA_OPTS - pattern: >- - -Drepo.port=8888\s+ + - equal: + path: data.REPO_HOST + value: acs-alfresco-repository + - equal: + path: data.REPO_PORT + value: "80" diff --git a/charts/alfresco-sync-service/tests/values/test_values.yaml b/charts/alfresco-sync-service/tests/values/test_values.yaml new file mode 100644 index 00000000..57336314 --- /dev/null +++ b/charts/alfresco-sync-service/tests/values/test_values.yaml @@ -0,0 +1,8 @@ +database: + url: postgresql://postgresql-syncservice/alfresco-sync + username: alfresco + password: admin +messageBroker: + url: failover:(nio://activemq:61616) + username: admin + password: admin diff --git a/charts/alfresco-sync-service/values.yaml b/charts/alfresco-sync-service/values.yaml index e92f19e4..61fa4c3b 100644 --- a/charts/alfresco-sync-service/values.yaml +++ b/charts/alfresco-sync-service/values.yaml @@ -1,22 +1,15 @@ --- replicaCount: 1 -nodeSelector: {} # -- Global definition of Docker registry pull secret which can be overridden # from parent ACS Helm chart(s) global: - messageBroker: - # -- A failover URI formatted string, see: - # https://activemq.apache.org/failover-transport-reference - url: null - # -- Username to authenticate as - user: null - # -- Credential to use to authenticate to the broker - password: null alfrescoRegistryPullSecrets: quay-registry-secret strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 +podAnnotations: {} +podLabels: {} podSecurityContext: runAsUser: 33020 runAsGroup: 1000 @@ -31,11 +24,18 @@ environment: JAVA_OPTS: >- -Dsync.metrics.reporter.graphite.enabled=false -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 - EXTRA_JAVA_OPTS: "" service: name: syncservice type: NodePort externalPort: 80 +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "alfresco-sync" resources: requests: cpu: "0.5" @@ -54,27 +54,19 @@ readinessProbe: timeoutSeconds: 10 repository: # -- ACS repository host - host: alfresco-cs-repository + host: null # -- ACS repository port - port: 80 - # -- A nameOverride use to compute an ACS repository service name - nameOverride: null -activemq: - # -- Toggle ActiveMQ chart dependency - # see [Alfresco ActiveMQ chart - # documentation](https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/activemq)) - enabled: false - nameOverride: activemq - adminUser: - # -- User to use to set as the connection user for ActiveMQ - user: admin - # -- Password to use to set as the connection user for ActiveMQ - password: admin - services: - broker: - ports: - external: - openwire: 61616 + port: null + # -- ACS repository port + scheme: null + existingConfigMap: + # -- Name of a pre-existing configmap containing message broker details + name: null + keys: + # -- configmap key where to find the URL of the message broker + host: REPO_HOST + port: REPO_PORT + scheme: REPO_SCHEME messageBroker: # -- A failover URI formatted string, see: # https://activemq.apache.org/failover-transport-reference @@ -82,39 +74,23 @@ messageBroker: # -- A name that will be used as a base to get broker connection details nameOverride: activemq # -- Username to authenticate as. - user: null + username: null # -- Credential to use to authenticate to the broker. password: null - # -- An existing k8s secret with broker details (preferred over using values) - existingSecretName: null -# -- Defines properties required by sync service for connecting to the database -# If you set database.external to true you will have to setup the JDBC driver, -# user, password and JdbcUrl as `driver`, `user`, `password` & `url` subelements -# of `database`. Also make sure that the container has the db driver -postgresql: - # -- Toggle PostgreSQL chart dependency - # see [PostgreSQL Bitnami charts - # documentation](https://github.com/bitnami/charts/tree/main/bitnami/postgresql)) - enabled: false - nameOverride: postgresql-syncservice - auth: - enablePostgresUser: false - username: alfresco - password: admin - database: alfrescosync - primary: - extendedConfiguration: | - shared_buffers = 256MB - max_connections = 100 - wal_level = minimal - max_wal_senders = 0 - max_replication_slots = 0 - effective_cache_size = 1024GB - log_min_messages = LOG - resources: - limits: - cpu: "2" - memory: "2Gi" + existingConfigMap: + # -- Name of a pre-existing configmap containing message broker details + name: null + keys: + # -- configmap key where to find the URL of the message broker + url: BROKER_URL + existingSecret: + # -- Name of a pre-existing secret containing message broker credentials + name: null + keys: + # -- Key within the secret holding the message broker username + username: BROKER_USERNAME + # -- Key within the secret holding the message broker password + password: BROKER_PASSWORD database: # -- The JDBC Driver to connect to the DB. # If different from the default make sure your container image ships it. @@ -122,11 +98,26 @@ database: # -- JDBC url to connect to the external DB url: null # -- JDBC username to use to connect to the DB - user: alfresco + username: null # -- JDBC password to use to connect to the DB - password: admin - # -- An existing kubernetes secret with DB info (prefered over using values) - existingSecretName: null + password: null + existingConfigMap: + name: null + keys: + # -- configmap key where to find the URL of the database + url: DATABASE_URL + # -- configmap key where to find the JDBC driver class to use. + # The configmap may leverage the alfresco-repository.db.cm named + # template to auto-generate it from the sole url parameter. + driver: DATABASE_DRIVER + existingSecret: + # -- Name of a pre-existing secret containing database credentials + name: null + keys: + # -- Key within the secret holding the database username + username: DATABASE_USERNAME + # -- Key within the secret holding the database password + password: DATABASE_PASSWORD ingress: # -- useful when running Sync service without SSL termination done by a load # balancer, e.g. when ran on Minikube for testing purposes @@ -134,3 +125,8 @@ ingress: extraAnnotations: {} tls: [] path: /syncservice + +nodeSelector: {} +tolerations: [] +affinity: "" +terminationGracePeriodSeconds: 60