OPSEXP-2877 Add alfresco-audit-storage chart

charts/alfresco-audit-storage/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/alfresco-audit-storage/Chart.lock

@@ -0,0 +1,12 @@
+dependencies:
+- name: alfresco-common
+  repository: https://alfresco.github.io/alfresco-helm-charts/
+  version: 3.1.3
+- name: activemq
+  repository: https://alfresco.github.io/alfresco-helm-charts/
+  version: 3.5.5
+- name: elasticsearch
+  repository: https://helm.elastic.co
+  version: 7.17.3
+digest: sha256:1970af14455ce04403ef33717efb2c495743f954077a4cdf80747b587da21427
+generated: "2024-10-11T14:28:33.886886+02:00"

charts/alfresco-audit-storage/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+name: alfresco-audit-storage
+description: A Helm chart for Kubernetes to deploy Alfresco Audit Storage
+type: application
+version: 0.1.0-alpha.0
+appVersion: 0.0.1-A8
+dependencies:
+  - name: alfresco-common
+    version: 3.1.3
+    repository: https://alfresco.github.io/alfresco-helm-charts/
+  - name: activemq
+    version: 3.5.5
+    repository: https://alfresco.github.io/alfresco-helm-charts/
+    tags:
+      - ci
+  - name: elasticsearch
+    repository: https://helm.elastic.co
+    version: 7.17.3
+    tags:
+      - ci

charts/alfresco-audit-storage/README.md

@@ -0,0 +1,81 @@
+---
+title: alfresco-audit-storage
+parent: Charts Reference
+---
+
+# alfresco-audit-storage
+
+![Version: 0.1.0-alpha.0](https://img.shields.io/badge/Version-0.1.0--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1-A8](https://img.shields.io/badge/AppVersion-0.0.1--A8-informational?style=flat-square)
+
+A Helm chart for Kubernetes to deploy Alfresco Audit Storage
+
+Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for an example of how to leverage this chart from an umbrella chart.
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.5.5 |
+| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.3 |
+| https://helm.elastic.co | elasticsearch | 7.17.3 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| environment.AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD | int | `60000` |  |
+| environment.AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT | int | `1000` |  |
+| environment.AUDIT_EVENTINGESTION_URI | string | `"activemq:topic:alfresco.repo.event2"` |  |
+| environment.SPRING_PROFILES_ACTIVE | string | `"durable-subscriptions"` |  |
+| fullnameOverride | string | `""` |  |
+| global.alfrescoRegistryPullSecrets | string | `"quay-registry-secret"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` |  |
+| image.tag | string | `"0.0.1-A8"` |  |
+| imagePullSecrets | list | `[]` |  |
+| index.existingConfigMap.keys.url | string | `"SEARCH_URL"` | Key within the configmap holding the URL of the elasticsearch service |
+| index.existingConfigMap.name | string | `nil` | Alternatively, provide elasticsearch service connection details via an existing configmap |
+| index.existingSecret.keys.password | string | `"SEARCH_PASSWORD"` | Key within the secret that holds the elasticsearch password |
+| index.existingSecret.keys.username | string | `"SEARCH_USERNAME"` | Key within the secret that holds the elasticsearch username |
+| index.existingSecret.name | string | `nil` | Alternatively, provide elasticsearch credentials via an existing secret |
+| index.password | string | `nil` | The password required to access the elasticsearch service, if any |
+| index.url | string | `nil` | The URL where the elasticsearch service is available |
+| index.username | string | `nil` | The username required to access the elasticsearch service, if any |
+| livenessProbe.httpGet.path | string | `"/actuator/health/liveness"` |  |
+| livenessProbe.httpGet.port | string | `"http"` |  |
+| livenessProbe.initialDelaySeconds | int | `15` |  |
+| livenessProbe.periodSeconds | int | `60` |  |
+| messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the URL of the message broker |
+| messageBroker.existingConfigMap.name | string | `nil` | Alternatively, provide message broker connection details via an existing configmap |
+| messageBroker.existingSecret | object | `{"keys":{"password":"BROKER_PASSWORD","username":"BROKER_USERNAME"},"name":null}` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys |
+| messageBroker.password | string | `nil` | Broker password |
+| messageBroker.url | string | `nil` | Broker URL formatted as per: https://activemq.apache.org/failover-transport-reference |
+| messageBroker.username | string | `nil` | Broker username |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext.fsGroup | int | `1000` |  |
+| podSecurityContext.runAsGroup | int | `1000` |  |
+| podSecurityContext.runAsUser | int | `33000` |  |
+| readinessProbe.httpGet.path | string | `"/actuator/health/readiness"` |  |
+| readinessProbe.httpGet.port | string | `"http"` |  |
+| readinessProbe.initialDelaySeconds | int | `15` |  |
+| readinessProbe.periodSeconds | int | `60` |  |
+| replicaCount | int | `1` |  |
+| resources.limits.cpu | string | `"1"` |  |
+| resources.limits.memory | string | `"512Mi"` |  |
+| resources.requests.cpu | string | `"0.5"` |  |
+| resources.requests.memory | string | `"256Mi"` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `8081` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.automount | bool | `true` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tags.ci | bool | `false` | A chart tag used for Hyland's CI purpose. Do not set it to true. |
+| tolerations | list | `[]` |  |
+| volumeMounts | list | `[]` |  |
+| volumes | list | `[]` |  |

charts/alfresco-audit-storage/README.md.gotmpl

@@ -0,0 +1,23 @@
+---
+title: {{ template "chart.name" . }}
+parent: Charts Reference
+---
+
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for an example of how to leverage this chart from an umbrella chart.
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}

charts/alfresco-audit-storage/ci/default-values.yaml

@@ -0,0 +1,34 @@
+nameOverride: aas
+resources:
+  requests:
+    cpu: "100m"
+    memory: "128Mi"
+  limits:
+    cpu: "1"
+    memory: "1Gi"
+elasticsearch:
+  replicas: 1
+  clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"
+  esJavaOpts: "-Xmx512m -Xms512m"
+  resources:
+    requests:
+      cpu: "100m"
+      memory: "1Gi"
+    limits:
+      cpu: "1000m"
+      memory: "1Gi"
+activemq:
+  fullnameOverride: activemq
+  resources:
+    requests:
+      cpu: "100m"
+      memory: "512Mi"
+    limits:
+      cpu: "1000m"
+      memory: "1Gi"
+index:
+  url: http://elasticsearch-master:9200
+messageBroker:
+  url: nio://activemq-broker:61616
+tags:
+  ci: true

charts/alfresco-audit-storage/templates/_helpers-activemq.tpl

@@ -0,0 +1,47 @@
+{{/*
+
+Usage: include "alfresco-audit-storage.activemq.url" $
+
+*/}}
+{{- define "alfresco-audit-storage.activemq.url" -}}
+{{- required "You need to provide an ActiveMQ URL using messageBroker.url or using an existingConfigMap check chart README file" $.Values.messageBroker.url }}
+{{- end -}}
+
+{{/*
+
+Usage: include "alfresco-audit-storage.activemq.cm.env" $
+
+*/}}
+{{- define "alfresco-audit-storage.activemq.cm.env" -}}
+{{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default $.Chart.Name) "mq")) "Chart" .Chart "Release" .Release }}
+{{- with .Values.messageBroker }}
+{{- $mqCm := coalesce .existingConfigMap.name (include "alfresco-audit-storage.fullname" $mqCtx) }}
+- name: SPRING_ACTIVEMQ_BROKERURL
+  valueFrom:
+    configMapKeyRef:
+      name: {{ $mqCm }}
+      key: {{ .existingConfigMap.keys.url }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+
+Usage: include "alfresco-audit-storage.activemq.secret.env" $
+
+*/}}
+{{- define "alfresco-audit-storage.activemq.secret.env" -}}
+{{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "mq")) "Chart" .Chart "Release" .Release }}
+{{- with .Values.messageBroker }}
+{{- $mqSecret := coalesce .existingSecret.name (include "alfresco-audit-storage.fullname" $mqCtx) }}
+- name: SPRING_ACTIVEMQ_USER
+  valueFrom:
+    secretKeyRef:
+      name: {{ $mqSecret }}
+      key: {{ .existingSecret.keys.username }}
+- name: SPRING_ACTIVEMQ_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ $mqSecret }}
+      key: {{ .existingSecret.keys.password }}
+{{- end -}}
+{{- end -}}

charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl

@@ -0,0 +1,38 @@
+{{/*
+
+Usage: include "alfresco-audit-storage.config.audit.entryStorage.es.env" $
+
+*/}}
+{{- define "alfresco-audit-storage.config.audit.entryStorage.es.env" -}}
+{{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }}
+{{- with .Values.index }}
+{{- $esCm := coalesce .existingConfigMap.name (include "alfresco-audit-storage.fullname" $esCtx) }}
+- name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI
+  valueFrom:
+    configMapKeyRef:
+      name: {{ $esCm }}
+      key: {{ .existingConfigMap.keys.url }}
+{{- end }}
+{{- end -}}
+
+{{/*
+
+Usage: include "alfresco-audit-storage.config.audit.entryStorage.envCredentials" $
+
+*/}}
+{{- define "alfresco-audit-storage.config.audit.entryStorage.envCredentials" -}}
+{{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }}
+{{- with .Values.index }}
+{{- $esSecret := coalesce .existingSecret.name (include "alfresco-audit-storage.fullname" $esCtx) }}
+- name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $esSecret }}
+      key: {{ .existingSecret.keys.username }}
+- name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ $esSecret }}
+      key: {{ .existingSecret.keys.password }}
+{{- end }}
+{{- end -}}

charts/alfresco-audit-storage/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "alfresco-audit-storage.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "alfresco-audit-storage.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "alfresco-audit-storage.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "alfresco-audit-storage.labels" -}}
+helm.sh/chart: {{ include "alfresco-audit-storage.chart" . }}
+{{ include "alfresco-audit-storage.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: {{ .Chart.Name }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "alfresco-audit-storage.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "alfresco-audit-storage.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "alfresco-audit-storage.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "alfresco-audit-storage.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/alfresco-audit-storage/templates/configmap-es.yaml

@@ -0,0 +1,17 @@
+{{- with .Values.index }}
+{{- if not .existingConfigMap.name }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  {{- $ctx := dict "Values" (dict "nameOverride" (printf "%s-%s" ($.Values.nameOverride | default $.Chart.Name) "es")) "Chart" $.Chart "Release" $.Release }}
+  name: {{ template "alfresco-audit-storage.fullname" $ctx }}
+  labels:
+    {{- include "alfresco-audit-storage.labels" $ | nindent 4 }}
+data:
+  {{- $reqMsg := "Please provide elasticsearch connection details as .index.url values or using an .index.existingConfigMap." }}
+  {{- $esProtocol := required $reqMsg (include "alfresco-common.url.scheme" .url) }}
+  {{- $esHost := required $reqMsg (include "alfresco-common.url.host" .url) }}
+  {{- $esPort := required $reqMsg (include "alfresco-common.url.port" .url) }}
+  SEARCH_URL: {{ printf "%s://%s:%v" $esProtocol $esHost $esPort }}
+{{- end }}
+{{- end }}

charts/alfresco-audit-storage/templates/configmap-mq.yaml

@@ -0,0 +1,11 @@
+{{- if not .Values.messageBroker.existingConfigMap.name -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  {{- $ctx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "mq")) "Chart" .Chart "Release" .Release }}
+  name: {{ template "alfresco-audit-storage.fullname" $ctx }}
+  labels:
+    {{- include "alfresco-audit-storage.labels" . | nindent 4 }}
+data:
+  {{ template "alfresco-common.activemq.cm" (include "alfresco-audit-storage.activemq.url" .) }}
+{{- end -}}