From 7c32eb4d6987a9d64eb937c82c531f3f84dda1aa Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Thu, 15 Feb 2024 17:57:50 +0100 Subject: [PATCH 1/7] new adf chart --- helm/alfresco-content-services/Chart.lock | 16 +++++++------- helm/alfresco-content-services/Chart.yaml | 12 +++++------ helm/alfresco-content-services/README.md | 17 ++++++++------- helm/alfresco-content-services/values.yaml | 25 ++++++++++------------ 4 files changed, 34 insertions(+), 36 deletions(-) diff --git a/helm/alfresco-content-services/Chart.lock b/helm/alfresco-content-services/Chart.lock index 8528cfae4..b61a1d3ae 100644 --- a/helm/alfresco-content-services/Chart.lock +++ b/helm/alfresco-content-services/Chart.lock @@ -8,12 +8,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.8.5 -- name: common - repository: https://activiti.github.io/activiti-cloud-helm-charts - version: 8.2.0 -- name: common - repository: https://activiti.github.io/activiti-cloud-helm-charts - version: 8.2.0 +- name: alfresco-adf-app + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 0.1.0-alpha.0 +- name: alfresco-adf-app + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 0.1.0-alpha.0 - name: alfresco-repository repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.3.1 @@ -47,5 +47,5 @@ dependencies: - name: elasticsearch repository: https://helm.elastic.co version: 7.17.3 -digest: sha256:b2dcda33328757b71e6e5b175741472a69da7a19dc3fa601f1893a73c4577671 -generated: "2024-02-26T10:05:13.733896+01:00" +digest: sha256:cc80aec12da84f78bb0c0581a4918c0fbe732429f4996f409180519d23c1772a +generated: "2024-02-26T17:34:51.380468+01:00" diff --git a/helm/alfresco-content-services/Chart.yaml b/helm/alfresco-content-services/Chart.yaml index 8e613214c..3a99e5698 100644 --- a/helm/alfresco-content-services/Chart.yaml +++ b/helm/alfresco-content-services/Chart.yaml @@ -28,16 +28,16 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts alias: postgresql-sync condition: postgresql-sync.enabled - - name: common + - name: alfresco-adf-app alias: alfresco-control-center - repository: https://activiti.github.io/activiti-cloud-helm-charts - version: 8.2.0 + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 0.1.0-alpha.0 condition: >- alfresco-control-center.enabled - - name: common + - name: alfresco-adf-app alias: alfresco-digital-workspace - repository: https://activiti.github.io/activiti-cloud-helm-charts - version: 8.2.0 + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 0.1.0-alpha.0 condition: >- alfresco-digital-workspace.enabled - name: alfresco-repository diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index 9a4a426fc..23b23f3a4 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -16,9 +16,9 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | Repository | Name | Version | |------------|------|---------| -| https://activiti.github.io/activiti-cloud-helm-charts | alfresco-control-center(common) | 8.2.0 | -| https://activiti.github.io/activiti-cloud-helm-charts | alfresco-digital-workspace(common) | 8.2.0 | | https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.5.2 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-control-center(alfresco-adf-app) | 0.1.0-alpha.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-digital-workspace(alfresco-adf-app) | 0.1.0-alpha.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-ai-transformer | 1.1.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-ms365 | 0.6.1 | @@ -67,11 +67,13 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-control-center.env.API_URL | string | `"{protocol}//{hostname}{:port}"` | | | alfresco-control-center.env.APP_CONFIG_AUTH_TYPE | string | `"BASIC"` | | | alfresco-control-center.env.APP_CONFIG_PROVIDER | string | `"ECM"` | | +| alfresco-control-center.env.BASE_PATH | string | `"/control-center"` | | | alfresco-control-center.image.pullPolicy | string | `"IfNotPresent"` | | | alfresco-control-center.image.repository | string | `"quay.io/alfresco/alfresco-control-center"` | | | alfresco-control-center.image.tag | string | `"8.3.0"` | | -| alfresco-control-center.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | -| alfresco-control-center.ingress.path | string | `"/control-center"` | | +| alfresco-control-center.ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"5g"` | | +| alfresco-control-center.ingress.hosts[0].paths[0].path | string | `"/control-center"` | | +| alfresco-control-center.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | | alfresco-control-center.ingress.tls | list | `[]` | | | alfresco-control-center.nameOverride | string | `"alfresco-cc"` | | | alfresco-control-center.nodeSelector | object | `{}` | | @@ -84,17 +86,17 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-control-center.securityContext.capabilities.drop[1] | string | `"ALL"` | | | alfresco-control-center.securityContext.runAsNonRoot | bool | `true` | | | alfresco-control-center.securityContext.runAsUser | int | `101` | | -| alfresco-control-center.service.envType | string | `"frontend"` | | | alfresco-digital-workspace.enabled | bool | `true` | | | alfresco-digital-workspace.env.API_URL | string | `"{protocol}//{hostname}{:port}"` | | | alfresco-digital-workspace.env.APP_CONFIG_AUTH_TYPE | string | `"BASIC"` | | | alfresco-digital-workspace.env.APP_CONFIG_PROVIDER | string | `"ECM"` | | +| alfresco-digital-workspace.env.BASE_PATH | string | `"/workspace"` | | | alfresco-digital-workspace.image.pullPolicy | string | `"IfNotPresent"` | | | alfresco-digital-workspace.image.repository | string | `"quay.io/alfresco/alfresco-digital-workspace"` | | | alfresco-digital-workspace.image.tag | string | `"4.3.0"` | | -| alfresco-digital-workspace.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | | alfresco-digital-workspace.ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"5g"` | | -| alfresco-digital-workspace.ingress.path | string | `"/workspace"` | | +| alfresco-digital-workspace.ingress.hosts[0].paths[0].path | string | `"/workspace"` | | +| alfresco-digital-workspace.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | | alfresco-digital-workspace.ingress.tls | list | `[]` | | | alfresco-digital-workspace.nameOverride | string | `"alfresco-dw"` | | | alfresco-digital-workspace.nodeSelector | object | `{}` | | @@ -107,7 +109,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-digital-workspace.securityContext.capabilities.drop[1] | string | `"ALL"` | | | alfresco-digital-workspace.securityContext.runAsNonRoot | bool | `true` | | | alfresco-digital-workspace.securityContext.runAsUser | int | `101` | | -| alfresco-digital-workspace.service.envType | string | `"frontend"` | | | alfresco-repository.configuration.db.existingConfigMap.name | string | `"alfresco-infrastructure"` | | | alfresco-repository.configuration.db.existingSecret.name | string | `"alfresco-cs-database"` | | | alfresco-repository.configuration.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | | diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index 62923255d..8f6a53ad7 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -360,17 +360,14 @@ alfresco-digital-workspace: nodeSelector: {} enabled: true nameOverride: "alfresco-dw" - service: - envType: frontend ingress: - path: /workspace annotations: - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/proxy-body-size: "5g" tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local + hosts: + - paths: + - path: /workspace + pathType: Prefix image: repository: quay.io/alfresco/alfresco-digital-workspace tag: 4.3.0 @@ -381,6 +378,7 @@ alfresco-digital-workspace: APP_CONFIG_PROVIDER: "ECM" APP_CONFIG_AUTH_TYPE: "BASIC" API_URL: "{protocol}//{hostname}{:port}" + BASE_PATH: /workspace securityContext: runAsNonRoot: true runAsUser: 101 @@ -399,16 +397,14 @@ alfresco-control-center: nodeSelector: {} enabled: true nameOverride: "alfresco-cc" - service: - envType: frontend ingress: - path: /control-center annotations: - kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: "5g" tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local + hosts: + - paths: + - path: /control-center + pathType: Prefix image: repository: quay.io/alfresco/alfresco-control-center tag: 8.3.0 @@ -419,6 +415,7 @@ alfresco-control-center: APP_CONFIG_PROVIDER: "ECM" APP_CONFIG_AUTH_TYPE: "BASIC" API_URL: "{protocol}//{hostname}{:port}" + BASE_PATH: /control-center securityContext: runAsNonRoot: true runAsUser: 101 From 4b291416214d05d28321fda5de6359a2c6201789 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Wed, 21 Feb 2024 16:50:01 +0100 Subject: [PATCH 2/7] cleanup values --- helm/alfresco-content-services/README.md | 21 ------------ helm/alfresco-content-services/values.yaml | 37 ---------------------- 2 files changed, 58 deletions(-) diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index 23b23f3a4..ad715d905 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -45,7 +45,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | activemq.image.repository | string | `"quay.io/alfresco/alfresco-activemq"` | | | activemq.image.tag | string | `"5.18.3-jre17-rockylinux8"` | | | activemq.nameOverride | string | `"activemq"` | | -| activemq.nodeSelector | object | `{}` | Possibility to choose Node for pod, with a key-value pair label e.g {"kubernetes.io/hostname": multinode-demo-m02} | | alfresco-ai-transformer.enabled | bool | `false` | toggle deploying Alfresco ai transformer for more details about configuration check https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/alfresco-ai-transformer | | alfresco-ai-transformer.fullnameOverride | string | `"alfresco-intelligence-service"` | Enforce static resource naming in AIS so the ATS trouter can be given the URL of the service | | alfresco-ai-transformer.image.repository | string | `"quay.io/alfresco/alfresco-ai-docker-engine"` | | @@ -76,16 +75,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-control-center.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | | alfresco-control-center.ingress.tls | list | `[]` | | | alfresco-control-center.nameOverride | string | `"alfresco-cc"` | | -| alfresco-control-center.nodeSelector | object | `{}` | | -| alfresco-control-center.registryPullSecrets[0] | string | `"{{ $.Values.global.alfrescoRegistryPullSecrets }}"` | | -| alfresco-control-center.resources.limits.cpu | string | `"1"` | | -| alfresco-control-center.resources.limits.memory | string | `"512Mi"` | | -| alfresco-control-center.resources.requests.cpu | string | `"0.1"` | | -| alfresco-control-center.resources.requests.memory | string | `"128Mi"` | | -| alfresco-control-center.securityContext.capabilities.drop[0] | string | `"NET_RAW"` | | -| alfresco-control-center.securityContext.capabilities.drop[1] | string | `"ALL"` | | -| alfresco-control-center.securityContext.runAsNonRoot | bool | `true` | | -| alfresco-control-center.securityContext.runAsUser | int | `101` | | | alfresco-digital-workspace.enabled | bool | `true` | | | alfresco-digital-workspace.env.API_URL | string | `"{protocol}//{hostname}{:port}"` | | | alfresco-digital-workspace.env.APP_CONFIG_AUTH_TYPE | string | `"BASIC"` | | @@ -99,16 +88,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-digital-workspace.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | | alfresco-digital-workspace.ingress.tls | list | `[]` | | | alfresco-digital-workspace.nameOverride | string | `"alfresco-dw"` | | -| alfresco-digital-workspace.nodeSelector | object | `{}` | | -| alfresco-digital-workspace.registryPullSecrets[0] | string | `"{{ $.Values.global.alfrescoRegistryPullSecrets }}"` | | -| alfresco-digital-workspace.resources.limits.cpu | string | `"1"` | | -| alfresco-digital-workspace.resources.limits.memory | string | `"512Mi"` | | -| alfresco-digital-workspace.resources.requests.cpu | string | `"0.1"` | | -| alfresco-digital-workspace.resources.requests.memory | string | `"128Mi"` | | -| alfresco-digital-workspace.securityContext.capabilities.drop[0] | string | `"NET_RAW"` | | -| alfresco-digital-workspace.securityContext.capabilities.drop[1] | string | `"ALL"` | | -| alfresco-digital-workspace.securityContext.runAsNonRoot | bool | `true` | | -| alfresco-digital-workspace.securityContext.runAsUser | int | `101` | | | alfresco-repository.configuration.db.existingConfigMap.name | string | `"alfresco-infrastructure"` | | | alfresco-repository.configuration.db.existingSecret.name | string | `"alfresco-cs-database"` | | | alfresco-repository.configuration.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | | diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index 8f6a53ad7..fcc707a06 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -160,9 +160,6 @@ activemq: tag: 5.18.3-jre17-rockylinux8 nameOverride: activemq enabled: true - # -- Possibility to choose Node for pod, with a key-value pair label - # e.g {"kubernetes.io/hostname": multinode-demo-m02} - nodeSelector: {} adminUser: # -- Default username for the embedded broker admin user user: admin @@ -357,7 +354,6 @@ alfresco-search-enterprise: image: tag: 4.0.0.1 alfresco-digital-workspace: - nodeSelector: {} enabled: true nameOverride: "alfresco-dw" ingress: @@ -372,29 +368,12 @@ alfresco-digital-workspace: repository: quay.io/alfresco/alfresco-digital-workspace tag: 4.3.0 pullPolicy: IfNotPresent - registryPullSecrets: - - "{{ $.Values.global.alfrescoRegistryPullSecrets }}" env: APP_CONFIG_PROVIDER: "ECM" APP_CONFIG_AUTH_TYPE: "BASIC" API_URL: "{protocol}//{hostname}{:port}" BASE_PATH: /workspace - securityContext: - runAsNonRoot: true - runAsUser: 101 - capabilities: - drop: - - NET_RAW - - ALL - resources: - requests: - cpu: "0.1" - memory: "128Mi" - limits: - cpu: "1" - memory: "512Mi" alfresco-control-center: - nodeSelector: {} enabled: true nameOverride: "alfresco-cc" ingress: @@ -409,27 +388,11 @@ alfresco-control-center: repository: quay.io/alfresco/alfresco-control-center tag: 8.3.0 pullPolicy: IfNotPresent - registryPullSecrets: - - "{{ $.Values.global.alfrescoRegistryPullSecrets }}" env: APP_CONFIG_PROVIDER: "ECM" APP_CONFIG_AUTH_TYPE: "BASIC" API_URL: "{protocol}//{hostname}{:port}" BASE_PATH: /control-center - securityContext: - runAsNonRoot: true - runAsUser: 101 - capabilities: - drop: - - NET_RAW - - ALL - resources: - requests: - cpu: "0.1" - memory: "128Mi" - limits: - cpu: "1" - memory: "512Mi" postgresql: # -- Toggle embedded postgres for Alfresco Content Services repository # Check [PostgreSQL Bitnami chart From 21ccbd677705d5615e74b1281f3b4bd9b216d6d4 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 26 Feb 2024 17:34:13 +0100 Subject: [PATCH 3/7] API_URL is the old name of APP_CONFIG_BPM_HOST --- helm/acs-sso-example/docs/sso-guide.md | 1 - helm/acs-sso-example/values.yaml | 1 - helm/alfresco-content-services/README.md | 2 -- helm/alfresco-content-services/values.yaml | 2 -- 4 files changed, 6 deletions(-) diff --git a/helm/acs-sso-example/docs/sso-guide.md b/helm/acs-sso-example/docs/sso-guide.md index 97ec59359..dcd0d22cc 100644 --- a/helm/acs-sso-example/docs/sso-guide.md +++ b/helm/acs-sso-example/docs/sso-guide.md @@ -437,7 +437,6 @@ alfresco-content-app: env: APP_CONFIG_PROVIDER: ECM APP_CONFIG_AUTH_TYPE: OAUTH - API_URL: "{protocol}//{hostname}{:port}" APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco" APP_CONFIG_OAUTH2_CLIENTID: alfresco APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html" diff --git a/helm/acs-sso-example/values.yaml b/helm/acs-sso-example/values.yaml index 6348222ae..be3b60a15 100644 --- a/helm/acs-sso-example/values.yaml +++ b/helm/acs-sso-example/values.yaml @@ -240,7 +240,6 @@ alfresco-content-app: env: APP_CONFIG_PROVIDER: ECM APP_CONFIG_AUTH_TYPE: OAUTH - API_URL: "{protocol}//{hostname}{:port}" APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco" APP_CONFIG_OAUTH2_CLIENTID: alfresco APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html" diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index ad715d905..ff465085b 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -63,7 +63,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-connector-msteams.image.repository | string | `"quay.io/alfresco/alfresco-ms-teams-service"` | | | alfresco-connector-msteams.image.tag | string | `"2.0.0"` | | | alfresco-control-center.enabled | bool | `true` | | -| alfresco-control-center.env.API_URL | string | `"{protocol}//{hostname}{:port}"` | | | alfresco-control-center.env.APP_CONFIG_AUTH_TYPE | string | `"BASIC"` | | | alfresco-control-center.env.APP_CONFIG_PROVIDER | string | `"ECM"` | | | alfresco-control-center.env.BASE_PATH | string | `"/control-center"` | | @@ -76,7 +75,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-control-center.ingress.tls | list | `[]` | | | alfresco-control-center.nameOverride | string | `"alfresco-cc"` | | | alfresco-digital-workspace.enabled | bool | `true` | | -| alfresco-digital-workspace.env.API_URL | string | `"{protocol}//{hostname}{:port}"` | | | alfresco-digital-workspace.env.APP_CONFIG_AUTH_TYPE | string | `"BASIC"` | | | alfresco-digital-workspace.env.APP_CONFIG_PROVIDER | string | `"ECM"` | | | alfresco-digital-workspace.env.BASE_PATH | string | `"/workspace"` | | diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index fcc707a06..3ec9f7561 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -371,7 +371,6 @@ alfresco-digital-workspace: env: APP_CONFIG_PROVIDER: "ECM" APP_CONFIG_AUTH_TYPE: "BASIC" - API_URL: "{protocol}//{hostname}{:port}" BASE_PATH: /workspace alfresco-control-center: enabled: true @@ -391,7 +390,6 @@ alfresco-control-center: env: APP_CONFIG_PROVIDER: "ECM" APP_CONFIG_AUTH_TYPE: "BASIC" - API_URL: "{protocol}//{hostname}{:port}" BASE_PATH: /control-center postgresql: # -- Toggle embedded postgres for Alfresco Content Services repository From 973bd77aa0cc251471995189349af08057f9d5ef Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 26 Feb 2024 17:59:13 +0100 Subject: [PATCH 4/7] debug adf apps --- .github/workflows/helm-enterprise.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/helm-enterprise.yml b/.github/workflows/helm-enterprise.yml index 084c69754..5f58e672c 100644 --- a/.github/workflows/helm-enterprise.yml +++ b/.github/workflows/helm-enterprise.yml @@ -138,6 +138,8 @@ jobs: helm ls --all-namespaces kubectl get all --all-namespaces kubectl describe pod + kubectl logs -l app.kubernetes.io/name=alfresco-dw --tail=-1 + kubectl logs -l app.kubernetes.io/name=alfresco-cc --tail=-1 - name: Run Newman tests uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v.3.0.0 From 6b580b47ef9f91f988d91aaf9ccb6e4a61889285 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Tue, 27 Feb 2024 14:36:08 +0100 Subject: [PATCH 5/7] reuse the previous activiti common user id --- helm/alfresco-content-services/README.md | 5 +++++ helm/alfresco-content-services/values.yaml | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index ff465085b..d9e0ca5df 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -86,6 +86,11 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-digital-workspace.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | | alfresco-digital-workspace.ingress.tls | list | `[]` | | | alfresco-digital-workspace.nameOverride | string | `"alfresco-dw"` | | +| alfresco-digital-workspace.securityContext.allowPrivilegeEscalation | bool | `false` | | +| alfresco-digital-workspace.securityContext.capabilities.drop[0] | string | `"NET_RAW"` | | +| alfresco-digital-workspace.securityContext.capabilities.drop[1] | string | `"ALL"` | | +| alfresco-digital-workspace.securityContext.runAsNonRoot | bool | `true` | | +| alfresco-digital-workspace.securityContext.runAsUser | int | `101` | | | alfresco-repository.configuration.db.existingConfigMap.name | string | `"alfresco-infrastructure"` | | | alfresco-repository.configuration.db.existingSecret.name | string | `"alfresco-cs-database"` | | | alfresco-repository.configuration.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | | diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index 3ec9f7561..c7bded85a 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -372,6 +372,14 @@ alfresco-digital-workspace: APP_CONFIG_PROVIDER: "ECM" APP_CONFIG_AUTH_TYPE: "BASIC" BASE_PATH: /workspace + securityContext: + runAsUser: 101 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL alfresco-control-center: enabled: true nameOverride: "alfresco-cc" From e1783ef4d6c3a97426d9ab85d215a0febee18728 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Wed, 28 Feb 2024 10:48:59 +0100 Subject: [PATCH 6/7] bump the chart --- .github/workflows/helm-enterprise.yml | 2 -- helm/alfresco-content-services/Chart.lock | 8 ++++---- helm/alfresco-content-services/Chart.yaml | 4 ++-- helm/alfresco-content-services/README.md | 9 ++------- helm/alfresco-content-services/values.yaml | 8 -------- 5 files changed, 8 insertions(+), 23 deletions(-) diff --git a/.github/workflows/helm-enterprise.yml b/.github/workflows/helm-enterprise.yml index 5f58e672c..084c69754 100644 --- a/.github/workflows/helm-enterprise.yml +++ b/.github/workflows/helm-enterprise.yml @@ -138,8 +138,6 @@ jobs: helm ls --all-namespaces kubectl get all --all-namespaces kubectl describe pod - kubectl logs -l app.kubernetes.io/name=alfresco-dw --tail=-1 - kubectl logs -l app.kubernetes.io/name=alfresco-cc --tail=-1 - name: Run Newman tests uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v.3.0.0 diff --git a/helm/alfresco-content-services/Chart.lock b/helm/alfresco-content-services/Chart.lock index b61a1d3ae..8c076a95c 100644 --- a/helm/alfresco-content-services/Chart.lock +++ b/helm/alfresco-content-services/Chart.lock @@ -10,10 +10,10 @@ dependencies: version: 12.8.5 - name: alfresco-adf-app repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 0.1.0-alpha.0 + version: 0.1.0-alpha.1 - name: alfresco-adf-app repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 0.1.0-alpha.0 + version: 0.1.0-alpha.1 - name: alfresco-repository repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.3.1 @@ -47,5 +47,5 @@ dependencies: - name: elasticsearch repository: https://helm.elastic.co version: 7.17.3 -digest: sha256:cc80aec12da84f78bb0c0581a4918c0fbe732429f4996f409180519d23c1772a -generated: "2024-02-26T17:34:51.380468+01:00" +digest: sha256:1d845c85e537427411a71a8934735c22c0ff3b56f9c0a54788f6c2a0cbeceef9 +generated: "2024-02-28T12:17:51.426045+01:00" diff --git a/helm/alfresco-content-services/Chart.yaml b/helm/alfresco-content-services/Chart.yaml index 3a99e5698..f175f57d9 100644 --- a/helm/alfresco-content-services/Chart.yaml +++ b/helm/alfresco-content-services/Chart.yaml @@ -31,13 +31,13 @@ dependencies: - name: alfresco-adf-app alias: alfresco-control-center repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 0.1.0-alpha.0 + version: 0.1.0-alpha.1 condition: >- alfresco-control-center.enabled - name: alfresco-adf-app alias: alfresco-digital-workspace repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 0.1.0-alpha.0 + version: 0.1.0-alpha.1 condition: >- alfresco-digital-workspace.enabled - name: alfresco-repository diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index d9e0ca5df..00144119b 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -17,8 +17,8 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | Repository | Name | Version | |------------|------|---------| | https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.5.2 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-control-center(alfresco-adf-app) | 0.1.0-alpha.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-digital-workspace(alfresco-adf-app) | 0.1.0-alpha.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-control-center(alfresco-adf-app) | 0.1.0-alpha.1 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-digital-workspace(alfresco-adf-app) | 0.1.0-alpha.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-ai-transformer | 1.1.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-ms365 | 0.6.1 | @@ -86,11 +86,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-digital-workspace.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | | alfresco-digital-workspace.ingress.tls | list | `[]` | | | alfresco-digital-workspace.nameOverride | string | `"alfresco-dw"` | | -| alfresco-digital-workspace.securityContext.allowPrivilegeEscalation | bool | `false` | | -| alfresco-digital-workspace.securityContext.capabilities.drop[0] | string | `"NET_RAW"` | | -| alfresco-digital-workspace.securityContext.capabilities.drop[1] | string | `"ALL"` | | -| alfresco-digital-workspace.securityContext.runAsNonRoot | bool | `true` | | -| alfresco-digital-workspace.securityContext.runAsUser | int | `101` | | | alfresco-repository.configuration.db.existingConfigMap.name | string | `"alfresco-infrastructure"` | | | alfresco-repository.configuration.db.existingSecret.name | string | `"alfresco-cs-database"` | | | alfresco-repository.configuration.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | | diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index c7bded85a..3ec9f7561 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -372,14 +372,6 @@ alfresco-digital-workspace: APP_CONFIG_PROVIDER: "ECM" APP_CONFIG_AUTH_TYPE: "BASIC" BASE_PATH: /workspace - securityContext: - runAsUser: 101 - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW - - ALL alfresco-control-center: enabled: true nameOverride: "alfresco-cc" From 769f5199ee070813342d12dbf207ad38e379069c Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 4 Mar 2024 09:57:51 +0100 Subject: [PATCH 7/7] bump sso example --- helm/acs-sso-example/Chart.lock | 10 +++++----- helm/acs-sso-example/Chart.yaml | 6 +++--- helm/acs-sso-example/README.md | 2 +- helm/acs-sso-example/values.yaml | 21 ++------------------- 4 files changed, 11 insertions(+), 28 deletions(-) diff --git a/helm/acs-sso-example/Chart.lock b/helm/acs-sso-example/Chart.lock index 1ce4e4b81..4f6b30ceb 100644 --- a/helm/acs-sso-example/Chart.lock +++ b/helm/acs-sso-example/Chart.lock @@ -14,8 +14,8 @@ dependencies: - name: alfresco-share repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.3.0 -- name: common - repository: https://activiti.github.io/activiti-cloud-helm-charts - version: 8.2.0 -digest: sha256:ace366990857f02b8ea2848d2f7ac9c6fa7825e5b0176dc061bcd35e623ac318 -generated: "2024-01-25T23:34:16.851973+01:00" +- name: alfresco-adf-app + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 0.1.0-alpha.1 +digest: sha256:4f1a6344f79edcc99f5698d72d36cd9b00cf62ba279ce2ecccbe6fb6fea684c0 +generated: "2024-02-29T10:43:30.610971+01:00" diff --git a/helm/acs-sso-example/Chart.yaml b/helm/acs-sso-example/Chart.yaml index 95b6c27d8..9fb183533 100644 --- a/helm/acs-sso-example/Chart.yaml +++ b/helm/acs-sso-example/Chart.yaml @@ -43,8 +43,8 @@ dependencies: - name: alfresco-share repository: https://alfresco.github.io/alfresco-helm-charts/ version: 0.3.0 - - name: common + - name: alfresco-adf-app alias: alfresco-content-app - repository: https://activiti.github.io/activiti-cloud-helm-charts - version: 8.2.0 + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 0.1.0-alpha.1 icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4 diff --git a/helm/acs-sso-example/README.md b/helm/acs-sso-example/README.md index 0d4907590..32b12b905 100644 --- a/helm/acs-sso-example/README.md +++ b/helm/acs-sso-example/README.md @@ -31,8 +31,8 @@ deployment is destroyed or rolled back! | Repository | Name | Version | |------------|------|---------| -| https://activiti.github.io/activiti-cloud-helm-charts | alfresco-content-app(common) | 8.2.0 | | https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.4.1 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-content-app(alfresco-adf-app) | 0.1.0-alpha.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.1.3 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-share | 0.3.0 | | https://codecentric.github.io/helm-charts | keycloakx | 2.3.0 | diff --git a/helm/acs-sso-example/values.yaml b/helm/acs-sso-example/values.yaml index be3b60a15..05aa4fe36 100644 --- a/helm/acs-sso-example/values.yaml +++ b/helm/acs-sso-example/values.yaml @@ -223,12 +223,8 @@ alfresco-share: alfresco-content-app: nameOverride: alfresco-content-app enabled: true - service: - envType: frontend ingress: - ingressClassName: nginx - hostName: localhost - path: /workspace + className: nginx annotations: nginx.ingress.kubernetes.io/proxy-body-size: 5g nginx.ingress.kubernetes.io/proxy-buffer-size: 8k @@ -243,17 +239,4 @@ alfresco-content-app: APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco" APP_CONFIG_OAUTH2_CLIENTID: alfresco APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html" - securityContext: - runAsNonRoot: true - runAsUser: 101 - capabilities: - drop: - - NET_RAW - - ALL - resources: - requests: - cpu: "0.25" - memory: "256Mi" - limits: - cpu: "1" - memory: "1024Mi" + BASE_PATH: /