From 87730de81dd90faf3439b41abf5c9c5f10c1b565 Mon Sep 17 00:00:00 2001 From: pmacius Date: Fri, 11 Oct 2024 15:10:26 +0200 Subject: [PATCH 01/12] mq --- charts/alfresco-audit-storage/.helmignore | 23 ++++ charts/alfresco-audit-storage/Chart.lock | 12 ++ charts/alfresco-audit-storage/Chart.yaml | 20 +++ charts/alfresco-audit-storage/README.md | 70 ++++++++++ .../templates/_helpers-activemq.tpl | 47 +++++++ .../templates/_helpers-elasticsearch.tpl | 38 ++++++ .../templates/_helpers-event-ingestion.tpl | 38 ++++++ .../templates/_helpers.tpl | 62 +++++++++ .../templates/configmap-mq.yaml | 12 ++ .../templates/deployment.yaml | 69 ++++++++++ .../templates/ingress.yaml | 61 +++++++++ .../templates/secret-messagebroker.yaml | 13 ++ .../templates/service.yaml | 15 +++ .../templates/serviceaccount.yaml | 13 ++ charts/alfresco-audit-storage/values.yaml | 121 ++++++++++++++++++ 15 files changed, 614 insertions(+) create mode 100644 charts/alfresco-audit-storage/.helmignore create mode 100644 charts/alfresco-audit-storage/Chart.lock create mode 100644 charts/alfresco-audit-storage/Chart.yaml create mode 100644 charts/alfresco-audit-storage/README.md create mode 100644 charts/alfresco-audit-storage/templates/_helpers-activemq.tpl create mode 100644 charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl create mode 100644 charts/alfresco-audit-storage/templates/_helpers-event-ingestion.tpl create mode 100644 charts/alfresco-audit-storage/templates/_helpers.tpl create mode 100644 charts/alfresco-audit-storage/templates/configmap-mq.yaml create mode 100644 charts/alfresco-audit-storage/templates/deployment.yaml create mode 100644 charts/alfresco-audit-storage/templates/ingress.yaml create mode 100644 charts/alfresco-audit-storage/templates/secret-messagebroker.yaml create mode 100644 charts/alfresco-audit-storage/templates/service.yaml create mode 100644 charts/alfresco-audit-storage/templates/serviceaccount.yaml create mode 100644 charts/alfresco-audit-storage/values.yaml diff --git a/charts/alfresco-audit-storage/.helmignore b/charts/alfresco-audit-storage/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/alfresco-audit-storage/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/alfresco-audit-storage/Chart.lock b/charts/alfresco-audit-storage/Chart.lock new file mode 100644 index 000000000..1141864bf --- /dev/null +++ b/charts/alfresco-audit-storage/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: alfresco-common + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 3.1.3 +- name: activemq + repository: https://alfresco.github.io/alfresco-helm-charts/ + version: 3.5.5 +- name: elasticsearch + repository: https://helm.elastic.co + version: 7.17.3 +digest: sha256:1970af14455ce04403ef33717efb2c495743f954077a4cdf80747b587da21427 +generated: "2024-10-11T14:28:33.886886+02:00" diff --git a/charts/alfresco-audit-storage/Chart.yaml b/charts/alfresco-audit-storage/Chart.yaml new file mode 100644 index 000000000..7b8e79f9d --- /dev/null +++ b/charts/alfresco-audit-storage/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: alfresco-audit-storage +description: A Helm chart for Kubernetes to deploy Alfresco Audit Storage +type: application +version: 0.0.1-alpha.0 +appVersion: "0.0.1-A8" +dependencies: + - name: alfresco-common + version: 3.1.3 + repository: https://alfresco.github.io/alfresco-helm-charts/ + - name: activemq + version: 3.5.5 + repository: https://alfresco.github.io/alfresco-helm-charts/ + tags: + - ci + - name: elasticsearch + repository: https://helm.elastic.co + version: 7.17.3 + tags: + - ci diff --git a/charts/alfresco-audit-storage/README.md b/charts/alfresco-audit-storage/README.md new file mode 100644 index 000000000..c1898dd0b --- /dev/null +++ b/charts/alfresco-audit-storage/README.md @@ -0,0 +1,70 @@ +# alfresco-audit-storage + +![Version: 0.0.1-alpha.0](https://img.shields.io/badge/Version-0.0.1--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1-A8](https://img.shields.io/badge/AppVersion-0.0.1--A8-informational?style=flat-square) + +A Helm chart for Kubernetes to deploy Alfresco Audit Storage + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.5.5 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.3 | +| https://helm.elastic.co | elasticsearch | 7.17.3 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` | | +| image.tag | string | `"0.0.1-A8"` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| livenessProbe.httpGet.path | string | `"/"` | | +| livenessProbe.httpGet.port | string | `"http"` | | +| messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the URL of the message broker | +| messageBroker.existingConfigMap.name | string | `nil` | Alternatively, provide message broker connection details via an existing configmap | +| messageBroker.existingSecret | object | `{"keys":{"password":"BROKER_PASSWORD","username":"BROKER_USERNAME"},"name":null}` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | +| messageBroker.password | string | `nil` | Broker password | +| messageBroker.url | string | `nil` | Broker URL formatted as per: https://activemq.apache.org/failover-transport-reference | +| messageBroker.username | string | `nil` | Broker username | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | +| readinessProbe.httpGet.path | string | `"/"` | | +| readinessProbe.httpGet.port | string | `"http"` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| search.existingConfigMap.keys.url | string | `"SEARCH_URL"` | Key within the configmap holding the URL of the search/indexing service | +| search.existingConfigMap.name | string | `nil` | Alternatively, provide search/indexing service connection details via an existing configmap | +| search.existingSecret.keys.password | string | `"SEARCH_PASSWORD"` | Key within the secret that holds the search/indexing password | +| search.existingSecret.keys.username | string | `"SEARCH_USERNAME"` | Key within the secret that holds the search/indexing username | +| search.existingSecret.name | string | `nil` | Alternatively, provide search/indexing credentials via an existing secret | +| search.password | string | `nil` | The password required to access the search/indexing service, if any | +| search.url | string | `nil` | The URL where the search/indexing service is available | +| search.user | string | `nil` | The username required to access the search/indexing service, if any | +| securityContext | object | `{}` | | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automount | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tags.ci | bool | `false` | A chart tag used for Hyland's CI purpose. Do not set it to true. | +| tolerations | list | `[]` | | +| volumeMounts | list | `[]` | | +| volumes | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) diff --git a/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl b/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl new file mode 100644 index 000000000..059afd97b --- /dev/null +++ b/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl @@ -0,0 +1,47 @@ +{{/* + +Usage: include "alfresco-audit-storage.activemq.url" $ + +*/}} +{{- define "alfresco-audit-storage.activemq.url" -}} +{{- required "You need to provide an ActiveMQ URL using messageBroker.url or using an existingConfigMap check chart README file" $.Values.messageBroker.url }} +{{- end -}} + +{{/* + +Usage: include "alfresco-audit-storage.activemq.cm.env" $ + +*/}} +{{- define "alfresco-audit-storage.activemq.cm.env" -}} +{{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default $.Chart.Name) "mq")) "Chart" .Chart "Release" .Release }} +{{- with .Values.messageBroker }} +{{- $mqCm := coalesce .existingConfigMap.name (include "alfresco-audit-storage.fullname" $mqCtx) }} +- name: SPRING_ACTIVEMQ_BROKERURL + valueFrom: + configMapKeyRef: + name: {{ $mqCm }} + key: {{ .existingConfigMap.keys.url }} +{{- end -}} +{{- end -}} + +{{/* + +Usage: include "alfresco-audit-storage.activemq.secret.env" $ + +*/}} +{{- define "alfresco-audit-storage.activemq.secret.env" -}} +{{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "mq")) "Chart" .Chart "Release" .Release }} +{{- with .Values.messageBroker }} +{{- $mqSecret := coalesce .existingSecret.name (include "alfresco-audit-storage.fullname" $mqCtx) }} +- name: SPRING_ACTIVEMQ_USER + valueFrom: + secretKeyRef: + name: {{ $mqSecret }} + key: {{ .existingSecret.keys.username }} +- name: SPRING_ACTIVEMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $mqSecret }} + key: {{ .existingSecret.keys.password }} +{{- end -}} +{{- end -}} diff --git a/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl b/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl new file mode 100644 index 000000000..4986d794a --- /dev/null +++ b/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl @@ -0,0 +1,38 @@ +{{/* + +Usage: include "alfresco-audit-storage.config.audit.entryStorage.es.env" $ + +*/}} +{{- define "alfresco-audit-storage.config.audit.entryStorage.es.env" -}} +{{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} +{{- with .Values.search }} +{{- $esCm := coalesce .existingConfigMap.name (include "alfresco-audit-storage.fullname" $esCtx) }} +- name: SPRING_ELASTICSEARCH_REST_URIS + valueFrom: + configMapKeyRef: + name: {{ $esCm }} + key: {{ .existingConfigMap.keys.url }} +{{- end }} +{{- end -}} + +{{/* + +Usage: include "alfresco-audit-storage.config.audit.entryStorage.envCredentials" $ + +*/}} +{{- define "alfresco-audit-storage.config.audit.entryStorage.envCredentials" -}} +{{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} +{{- with .Values.search }} +{{- $esSecret := coalesce .existingSecret.name (include "alfresco-audit-storage.fullname" $esCtx) }} +- name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + name: {{ $esSecret }} + key: {{ .existingSecret.keys.username }} +- name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $esSecret }} + key: {{ .existingSecret.keys.password }} +{{- end }} +{{- end -}} diff --git a/charts/alfresco-audit-storage/templates/_helpers-event-ingestion.tpl b/charts/alfresco-audit-storage/templates/_helpers-event-ingestion.tpl new file mode 100644 index 000000000..ff3ff2d0a --- /dev/null +++ b/charts/alfresco-audit-storage/templates/_helpers-event-ingestion.tpl @@ -0,0 +1,38 @@ +{{/* + +Usage: include "alfresco-search-enterprise.config.spring.es.env" $ + +*/}} +{{- define "alfresco-search-enterprise.config.spring.es.env" -}} +{{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} +{{- with .Values.search }} +{{- $esCm := coalesce .existingConfigMap.name (include "alfresco-search-enterprise.fullname" $esCtx) }} +- name: SPRING_ELASTICSEARCH_REST_URIS + valueFrom: + configMapKeyRef: + name: {{ $esCm }} + key: {{ .existingConfigMap.keys.url }} +{{- end }} +{{- end -}} + +{{/* + +Usage: include "alfresco-search-enterprise.config.spring.envCredentials" $ + +*/}} +{{- define "alfresco-search-enterprise.config.spring.envCredentials" -}} +{{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} +{{- with .Values.search }} +{{- $esSecret := coalesce .existingSecret.name (include "alfresco-search-enterprise.fullname" $esCtx) }} +- name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + name: {{ $esSecret }} + key: {{ .existingSecret.keys.username }} +- name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $esSecret }} + key: {{ .existingSecret.keys.password }} +{{- end }} +{{- end -}} diff --git a/charts/alfresco-audit-storage/templates/_helpers.tpl b/charts/alfresco-audit-storage/templates/_helpers.tpl new file mode 100644 index 000000000..ce4cd4d8a --- /dev/null +++ b/charts/alfresco-audit-storage/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "alfresco-audit-storage.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "alfresco-audit-storage.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "alfresco-audit-storage.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "alfresco-audit-storage.labels" -}} +helm.sh/chart: {{ include "alfresco-audit-storage.chart" . }} +{{ include "alfresco-audit-storage.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "alfresco-audit-storage.selectorLabels" -}} +app.kubernetes.io/name: {{ include "alfresco-audit-storage.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "alfresco-audit-storage.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "alfresco-audit-storage.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/alfresco-audit-storage/templates/configmap-mq.yaml b/charts/alfresco-audit-storage/templates/configmap-mq.yaml new file mode 100644 index 000000000..cef8cd298 --- /dev/null +++ b/charts/alfresco-audit-storage/templates/configmap-mq.yaml @@ -0,0 +1,12 @@ +{{- if not .Values.messageBroker.existingConfigMap.name -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: >- + {{- $ctx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "mq")) "Chart" .Chart "Release" .Release }} + {{ template "alfresco-audit-storage.fullname" $ctx }} + labels: + {{- include "alfresco-audit-storage.labels" . | nindent 4 }} +data: + {{ template "alfresco-common.activemq.cm" (include "alfresco-audit-storage.activemq.url" .) }} +{{- end -}} diff --git a/charts/alfresco-audit-storage/templates/deployment.yaml b/charts/alfresco-audit-storage/templates/deployment.yaml new file mode 100644 index 000000000..1c5143343 --- /dev/null +++ b/charts/alfresco-audit-storage/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "alfresco-audit-storage.fullname" . }} + labels: + {{- include "alfresco-audit-storage.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "alfresco-audit-storage.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "alfresco-audit-storage.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "alfresco-audit-storage.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + {{- include "alfresco-audit-storage.activemq.secret.env" $ | nindent 12 }} + {{- include "alfresco-audit-storage.activemq.cm.env" $ | nindent 12 }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/alfresco-audit-storage/templates/ingress.yaml b/charts/alfresco-audit-storage/templates/ingress.yaml new file mode 100644 index 000000000..fb6e2c488 --- /dev/null +++ b/charts/alfresco-audit-storage/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "alfresco-audit-storage.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "alfresco-audit-storage.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-audit-storage/templates/secret-messagebroker.yaml b/charts/alfresco-audit-storage/templates/secret-messagebroker.yaml new file mode 100644 index 000000000..d6dad004d --- /dev/null +++ b/charts/alfresco-audit-storage/templates/secret-messagebroker.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.messageBroker.existingSecret.name }} +apiVersion: v1 +kind: Secret +metadata: + {{- $ctx := dict "Values" (dict "nameOverride" (printf "%s-%s" ($.Values.nameOverride | default $.Chart.Name) "mq")) "Chart" $.Chart "Release" $.Release }} + name: {{ template "alfresco-audit-storage.fullname" $ctx }} + labels: + {{- include "alfresco-audit-storage.labels" . | nindent 4 }} +type: Opaque +data: + BROKER_USERNAME: {{ .Values.messageBroker.username | default "" | b64enc | quote }} + BROKER_PASSWORD: {{ .Values.messageBroker.password | default "" | b64enc | quote }} +{{- end }} diff --git a/charts/alfresco-audit-storage/templates/service.yaml b/charts/alfresco-audit-storage/templates/service.yaml new file mode 100644 index 000000000..b95419951 --- /dev/null +++ b/charts/alfresco-audit-storage/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "alfresco-audit-storage.fullname" . }} + labels: + {{- include "alfresco-audit-storage.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "alfresco-audit-storage.selectorLabels" . | nindent 4 }} diff --git a/charts/alfresco-audit-storage/templates/serviceaccount.yaml b/charts/alfresco-audit-storage/templates/serviceaccount.yaml new file mode 100644 index 000000000..e41983990 --- /dev/null +++ b/charts/alfresco-audit-storage/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "alfresco-audit-storage.serviceAccountName" . }} + labels: + {{- include "alfresco-audit-storage.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/charts/alfresco-audit-storage/values.yaml b/charts/alfresco-audit-storage/values.yaml new file mode 100644 index 000000000..5fcfbff99 --- /dev/null +++ b/charts/alfresco-audit-storage/values.yaml @@ -0,0 +1,121 @@ +replicaCount: 1 + +image: + repository: quay.io/alfresco/alfresco-audit-storage + pullPolicy: IfNotPresent + tag: "0.0.1-A8" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +messageBroker: + # -- Broker URL formatted as per: + # https://activemq.apache.org/failover-transport-reference + url: null + # -- Broker username + username: null + # -- Broker password + password: null + existingConfigMap: + # -- Alternatively, provide message broker connection details via an existing + # configmap + name: null + keys: + # -- Key within the configmap holding the URL of the message broker + url: BROKER_URL + # -- Provide connection details alternatively via an existing secret that + # contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys + existingSecret: + name: null + keys: + username: BROKER_USERNAME + password: BROKER_PASSWORD + +search: + # -- The URL where the search/indexing service is available + url: null + # -- The username required to access the search/indexing service, if any + user: null + # -- The password required to access the search/indexing service, if any + password: null + existingConfigMap: + # -- Alternatively, provide search/indexing service connection details via + # an existing configmap + name: null + keys: + # -- Key within the configmap holding the URL of the search/indexing service + url: SEARCH_URL + existingSecret: + # -- Alternatively, provide search/indexing credentials via an existing secret + name: null + keys: + # -- Key within the secret that holds the search/indexing username + username: SEARCH_USERNAME + # -- Key within the secret that holds the search/indexing password + password: SEARCH_PASSWORD + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + +securityContext: {} + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + +livenessProbe: + httpGet: + path: / + port: http +readinessProbe: + httpGet: + path: / + port: http + +# Additional volumes on the output Deployment definition. +volumes: [] + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +tags: + # -- A chart tag used for Hyland's CI purpose. Do not set it to true. + ci: false From f14965d567418be927fddfe7e0d97db6566e0b3b Mon Sep 17 00:00:00 2001 From: pmacius Date: Fri, 11 Oct 2024 15:10:31 +0200 Subject: [PATCH 02/12] mq --- .../ci/default-values.yaml | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 charts/alfresco-audit-storage/ci/default-values.yaml diff --git a/charts/alfresco-audit-storage/ci/default-values.yaml b/charts/alfresco-audit-storage/ci/default-values.yaml new file mode 100644 index 000000000..e790586c2 --- /dev/null +++ b/charts/alfresco-audit-storage/ci/default-values.yaml @@ -0,0 +1,49 @@ +# avoid too long resource names being truncated and conflicting +nameOverride: aesc +reindexing: + # A database is required for reindexing, but Helm does not wait for the job to complete during installation. + enabled: true + # Allows tests to pass, otherwise when reindexing job is run as hook, installation will fail. + hookExecution: false + repository: + url: http://repository + db: + url: jdbc:postgresql://postgresql:5432/postgres +ats: + transform_url: http://alfresco-transform-services-router + sfs_url: http://alfresco-transform-services-sfs +contentMediaTypeCache: + enabled: false +resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "1" + memory: "1Gi" +search: + url: http://elasticsearch-master:9200 +elasticsearch: + replicas: 1 + clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" + esJavaOpts: "-Xmx512m -Xms512m" + resources: + requests: + cpu: "100m" + memory: "1Gi" + limits: + cpu: "1000m" + memory: "1Gi" +activemq: + fullnameOverride: activemq + resources: + requests: + cpu: "100m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "1Gi" +messageBroker: + url: nio://activemq-broker:61616 +tags: + ci: true From 211c7d1f7dbe3dd5a09b277942c2273cfcd2d531 Mon Sep 17 00:00:00 2001 From: pmacius Date: Fri, 11 Oct 2024 16:24:58 +0200 Subject: [PATCH 03/12] OPSEXP-2877 Add alfresco-audit-storage chart --- charts/alfresco-audit-storage/Chart.yaml | 2 +- charts/alfresco-audit-storage/README.md | 11 +++--- .../ci/default-values.yaml | 20 ++-------- .../templates/_helpers-event-ingestion.tpl | 38 ------------------- .../templates/configmap-elasticsearch.yaml | 17 +++++++++ .../templates/deployment.yaml | 6 +++ .../templates/secret-elasticsearch.yaml | 15 ++++++++ charts/alfresco-audit-storage/values.yaml | 17 ++++----- 8 files changed, 56 insertions(+), 70 deletions(-) delete mode 100644 charts/alfresco-audit-storage/templates/_helpers-event-ingestion.tpl create mode 100644 charts/alfresco-audit-storage/templates/configmap-elasticsearch.yaml create mode 100644 charts/alfresco-audit-storage/templates/secret-elasticsearch.yaml diff --git a/charts/alfresco-audit-storage/Chart.yaml b/charts/alfresco-audit-storage/Chart.yaml index 7b8e79f9d..f77cac078 100644 --- a/charts/alfresco-audit-storage/Chart.yaml +++ b/charts/alfresco-audit-storage/Chart.yaml @@ -3,7 +3,7 @@ name: alfresco-audit-storage description: A Helm chart for Kubernetes to deploy Alfresco Audit Storage type: application version: 0.0.1-alpha.0 -appVersion: "0.0.1-A8" +appVersion: 0.0.1-A8 dependencies: - name: alfresco-common version: 3.1.3 diff --git a/charts/alfresco-audit-storage/README.md b/charts/alfresco-audit-storage/README.md index c1898dd0b..3b469245e 100644 --- a/charts/alfresco-audit-storage/README.md +++ b/charts/alfresco-audit-storage/README.md @@ -17,6 +17,9 @@ A Helm chart for Kubernetes to deploy Alfresco Audit Storage | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | +| environment.AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD | int | `60000` | | +| environment.AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT | int | `1000` | | +| environment.SPRING_PROFILES_ACTIVE | string | `"durable-subscriptions"` | | | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` | | @@ -29,8 +32,7 @@ A Helm chart for Kubernetes to deploy Alfresco Audit Storage | ingress.hosts[0].paths[0].path | string | `"/"` | | | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | | ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | +| livenessProbe | object | `{}` | | | messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the URL of the message broker | | messageBroker.existingConfigMap.name | string | `nil` | Alternatively, provide message broker connection details via an existing configmap | | messageBroker.existingSecret | object | `{"keys":{"password":"BROKER_PASSWORD","username":"BROKER_USERNAME"},"name":null}` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | @@ -42,8 +44,7 @@ A Helm chart for Kubernetes to deploy Alfresco Audit Storage | podAnnotations | object | `{}` | | | podLabels | object | `{}` | | | podSecurityContext | object | `{}` | | -| readinessProbe.httpGet.path | string | `"/"` | | -| readinessProbe.httpGet.port | string | `"http"` | | +| readinessProbe | object | `{}` | | | replicaCount | int | `1` | | | resources | object | `{}` | | | search.existingConfigMap.keys.url | string | `"SEARCH_URL"` | Key within the configmap holding the URL of the search/indexing service | @@ -53,7 +54,7 @@ A Helm chart for Kubernetes to deploy Alfresco Audit Storage | search.existingSecret.name | string | `nil` | Alternatively, provide search/indexing credentials via an existing secret | | search.password | string | `nil` | The password required to access the search/indexing service, if any | | search.url | string | `nil` | The URL where the search/indexing service is available | -| search.user | string | `nil` | The username required to access the search/indexing service, if any | +| search.username | string | `nil` | The username required to access the search/indexing service, if any | | securityContext | object | `{}` | | | service.port | int | `80` | | | service.type | string | `"ClusterIP"` | | diff --git a/charts/alfresco-audit-storage/ci/default-values.yaml b/charts/alfresco-audit-storage/ci/default-values.yaml index e790586c2..d80a70d59 100644 --- a/charts/alfresco-audit-storage/ci/default-values.yaml +++ b/charts/alfresco-audit-storage/ci/default-values.yaml @@ -1,19 +1,5 @@ # avoid too long resource names being truncated and conflicting -nameOverride: aesc -reindexing: - # A database is required for reindexing, but Helm does not wait for the job to complete during installation. - enabled: true - # Allows tests to pass, otherwise when reindexing job is run as hook, installation will fail. - hookExecution: false - repository: - url: http://repository - db: - url: jdbc:postgresql://postgresql:5432/postgres -ats: - transform_url: http://alfresco-transform-services-router - sfs_url: http://alfresco-transform-services-sfs -contentMediaTypeCache: - enabled: false +nameOverride: aas resources: requests: cpu: "100m" @@ -21,8 +7,6 @@ resources: limits: cpu: "1" memory: "1Gi" -search: - url: http://elasticsearch-master:9200 elasticsearch: replicas: 1 clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" @@ -43,6 +27,8 @@ activemq: limits: cpu: "1000m" memory: "1Gi" +search: + url: http://elasticsearch-master:9200 messageBroker: url: nio://activemq-broker:61616 tags: diff --git a/charts/alfresco-audit-storage/templates/_helpers-event-ingestion.tpl b/charts/alfresco-audit-storage/templates/_helpers-event-ingestion.tpl deleted file mode 100644 index ff3ff2d0a..000000000 --- a/charts/alfresco-audit-storage/templates/_helpers-event-ingestion.tpl +++ /dev/null @@ -1,38 +0,0 @@ -{{/* - -Usage: include "alfresco-search-enterprise.config.spring.es.env" $ - -*/}} -{{- define "alfresco-search-enterprise.config.spring.es.env" -}} -{{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} -{{- with .Values.search }} -{{- $esCm := coalesce .existingConfigMap.name (include "alfresco-search-enterprise.fullname" $esCtx) }} -- name: SPRING_ELASTICSEARCH_REST_URIS - valueFrom: - configMapKeyRef: - name: {{ $esCm }} - key: {{ .existingConfigMap.keys.url }} -{{- end }} -{{- end -}} - -{{/* - -Usage: include "alfresco-search-enterprise.config.spring.envCredentials" $ - -*/}} -{{- define "alfresco-search-enterprise.config.spring.envCredentials" -}} -{{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} -{{- with .Values.search }} -{{- $esSecret := coalesce .existingSecret.name (include "alfresco-search-enterprise.fullname" $esCtx) }} -- name: SPRING_ELASTICSEARCH_REST_USERNAME - valueFrom: - secretKeyRef: - name: {{ $esSecret }} - key: {{ .existingSecret.keys.username }} -- name: SPRING_ELASTICSEARCH_REST_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $esSecret }} - key: {{ .existingSecret.keys.password }} -{{- end }} -{{- end -}} diff --git a/charts/alfresco-audit-storage/templates/configmap-elasticsearch.yaml b/charts/alfresco-audit-storage/templates/configmap-elasticsearch.yaml new file mode 100644 index 000000000..61ebfc0d6 --- /dev/null +++ b/charts/alfresco-audit-storage/templates/configmap-elasticsearch.yaml @@ -0,0 +1,17 @@ +{{- with .Values.search }} +{{- if not .existingConfigMap.name }} +apiVersion: v1 +kind: ConfigMap +metadata: + {{- $ctx := dict "Values" (dict "nameOverride" (printf "%s-%s" ($.Values.nameOverride | default $.Chart.Name) "es")) "Chart" $.Chart "Release" $.Release }} + name: {{ template "alfresco-audit-storage.fullname" $ctx }} + labels: + {{- include "alfresco-audit-storage.labels" $ | nindent 4 }} +data: + {{- $reqMsg := "Please provide elasticsearch connection details as .search.url values or using an .search.existingConfigMap." }} + {{- $esProtocol := required $reqMsg (include "alfresco-common.url.scheme" .url) }} + {{- $esHost := required $reqMsg (include "alfresco-common.url.host" .url) }} + {{- $esPort := required $reqMsg (include "alfresco-common.url.port" .url) }} + SEARCH_URL: {{ printf "%s://%s:%v" $esProtocol $esHost $esPort }} +{{- end }} +{{- end }} diff --git a/charts/alfresco-audit-storage/templates/deployment.yaml b/charts/alfresco-audit-storage/templates/deployment.yaml index 1c5143343..463edb549 100644 --- a/charts/alfresco-audit-storage/templates/deployment.yaml +++ b/charts/alfresco-audit-storage/templates/deployment.yaml @@ -41,6 +41,12 @@ spec: env: {{- include "alfresco-audit-storage.activemq.secret.env" $ | nindent 12 }} {{- include "alfresco-audit-storage.activemq.cm.env" $ | nindent 12 }} + {{- include "alfresco-audit-storage.config.audit.entryStorage.envCredentials" $ | nindent 12 }} + {{- include "alfresco-audit-storage.config.audit.entryStorage.es.env" $ | nindent 12 }} + {{- range $key, $val := $.Values.environment }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/charts/alfresco-audit-storage/templates/secret-elasticsearch.yaml b/charts/alfresco-audit-storage/templates/secret-elasticsearch.yaml new file mode 100644 index 000000000..656685260 --- /dev/null +++ b/charts/alfresco-audit-storage/templates/secret-elasticsearch.yaml @@ -0,0 +1,15 @@ +{{- with .Values.search }} +{{- if not .existingSecret.name }} +apiVersion: v1 +kind: Secret +metadata: + {{- $ctx := dict "Values" (dict "nameOverride" (printf "%s-%s" ($.Values.nameOverride | default $.Chart.Name) "es")) "Chart" $.Chart "Release" $.Release }} + name: {{ template "alfresco-audit-storage.fullname" $ctx }} + labels: + {{- include "alfresco-audit-storage.labels" $ | nindent 4 }} +type: Opaque +data: + SEARCH_USERNAME: {{ .username | default "" | b64enc | quote }} + SEARCH_PASSWORD: {{ .password | default "" | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/alfresco-audit-storage/values.yaml b/charts/alfresco-audit-storage/values.yaml index 5fcfbff99..b61f4e19c 100644 --- a/charts/alfresco-audit-storage/values.yaml +++ b/charts/alfresco-audit-storage/values.yaml @@ -9,6 +9,11 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +environment: + AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD: 60000 + AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT: 1000 + SPRING_PROFILES_ACTIVE: "durable-subscriptions" + messageBroker: # -- Broker URL formatted as per: # https://activemq.apache.org/failover-transport-reference @@ -36,7 +41,7 @@ search: # -- The URL where the search/indexing service is available url: null # -- The username required to access the search/indexing service, if any - user: null + username: null # -- The password required to access the search/indexing service, if any password: null existingConfigMap: @@ -95,14 +100,8 @@ ingress: resources: {} -livenessProbe: - httpGet: - path: / - port: http -readinessProbe: - httpGet: - path: / - port: http +livenessProbe: {} +readinessProbe: {} # Additional volumes on the output Deployment definition. volumes: [] From 52b8046562330b859af612418efc5ad6869889fb Mon Sep 17 00:00:00 2001 From: pmacius Date: Fri, 11 Oct 2024 14:26:15 +0000 Subject: [PATCH 04/12] Apply automatic changes --- charts/alfresco-audit-storage/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/alfresco-audit-storage/README.md b/charts/alfresco-audit-storage/README.md index 3b469245e..9635a2485 100644 --- a/charts/alfresco-audit-storage/README.md +++ b/charts/alfresco-audit-storage/README.md @@ -68,4 +68,4 @@ A Helm chart for Kubernetes to deploy Alfresco Audit Storage | volumes | list | `[]` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) From 813d5abe621b8d0f57febfa09dc8393640bc66d6 Mon Sep 17 00:00:00 2001 From: pmacius Date: Mon, 14 Oct 2024 11:01:09 +0200 Subject: [PATCH 05/12] no unittests yet, ci values to be appended, kibana?, not sure its working --- charts/alfresco-audit-storage/README.md | 32 +++++----- .../alfresco-audit-storage/README.md.gotmpl | 23 +++++++ .../templates/_helpers-elasticsearch.tpl | 6 +- ...p-elasticsearch.yaml => configmap-es.yaml} | 0 .../templates/configmap-mq.yaml | 5 +- .../templates/deployment.yaml | 23 +++---- .../templates/ingress.yaml | 61 ------------------- ...cret-elasticsearch.yaml => secret-es.yaml} | 0 ...cret-messagebroker.yaml => secret-mq.yaml} | 0 .../templates/service.yaml | 2 +- charts/alfresco-audit-storage/values.yaml | 40 ++++++------ 11 files changed, 72 insertions(+), 120 deletions(-) create mode 100644 charts/alfresco-audit-storage/README.md.gotmpl rename charts/alfresco-audit-storage/templates/{configmap-elasticsearch.yaml => configmap-es.yaml} (100%) delete mode 100644 charts/alfresco-audit-storage/templates/ingress.yaml rename charts/alfresco-audit-storage/templates/{secret-elasticsearch.yaml => secret-es.yaml} (100%) rename charts/alfresco-audit-storage/templates/{secret-messagebroker.yaml => secret-mq.yaml} (100%) diff --git a/charts/alfresco-audit-storage/README.md b/charts/alfresco-audit-storage/README.md index 9635a2485..5eb9ffad1 100644 --- a/charts/alfresco-audit-storage/README.md +++ b/charts/alfresco-audit-storage/README.md @@ -1,9 +1,16 @@ +--- +title: alfresco-audit-storage +parent: Charts Reference +--- + # alfresco-audit-storage ![Version: 0.0.1-alpha.0](https://img.shields.io/badge/Version-0.0.1--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1-A8](https://img.shields.io/badge/AppVersion-0.0.1--A8-informational?style=flat-square) A Helm chart for Kubernetes to deploy Alfresco Audit Storage +Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for an example of how to leverage this chart from an umbrella chart. + ## Requirements | Repository | Name | Version | @@ -19,20 +26,14 @@ A Helm chart for Kubernetes to deploy Alfresco Audit Storage | affinity | object | `{}` | | | environment.AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD | int | `60000` | | | environment.AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT | int | `1000` | | +| environment.AUDIT_EVENTINGESTION_URI | string | `"activemq:topic:alfresco.repo.event2"` | | | environment.SPRING_PROFILES_ACTIVE | string | `"durable-subscriptions"` | | | fullnameOverride | string | `""` | | +| global.alfrescoRegistryPullSecrets | string | `"quay-registry-secret"` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` | | | image.tag | string | `"0.0.1-A8"` | | | imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe | object | `{}` | | | messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the URL of the message broker | | messageBroker.existingConfigMap.name | string | `nil` | Alternatively, provide message broker connection details via an existing configmap | | messageBroker.existingSecret | object | `{"keys":{"password":"BROKER_PASSWORD","username":"BROKER_USERNAME"},"name":null}` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | @@ -43,10 +44,14 @@ A Helm chart for Kubernetes to deploy Alfresco Audit Storage | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | | podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| readinessProbe | object | `{}` | | +| podSecurityContext.fsGroup | int | `1000` | | +| podSecurityContext.runAsGroup | int | `1000` | | +| podSecurityContext.runAsUser | int | `33000` | | | replicaCount | int | `1` | | -| resources | object | `{}` | | +| resources.limits.cpu | string | `"1"` | | +| resources.limits.memory | string | `"512Mi"` | | +| resources.requests.cpu | string | `"0.5"` | | +| resources.requests.memory | string | `"256Mi"` | | | search.existingConfigMap.keys.url | string | `"SEARCH_URL"` | Key within the configmap holding the URL of the search/indexing service | | search.existingConfigMap.name | string | `nil` | Alternatively, provide search/indexing service connection details via an existing configmap | | search.existingSecret.keys.password | string | `"SEARCH_PASSWORD"` | Key within the secret that holds the search/indexing password | @@ -56,7 +61,7 @@ A Helm chart for Kubernetes to deploy Alfresco Audit Storage | search.url | string | `nil` | The URL where the search/indexing service is available | | search.username | string | `nil` | The username required to access the search/indexing service, if any | | securityContext | object | `{}` | | -| service.port | int | `80` | | +| service.port | int | `8081` | | | service.type | string | `"ClusterIP"` | | | serviceAccount.annotations | object | `{}` | | | serviceAccount.automount | bool | `true` | | @@ -66,6 +71,3 @@ A Helm chart for Kubernetes to deploy Alfresco Audit Storage | tolerations | list | `[]` | | | volumeMounts | list | `[]` | | | volumes | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/alfresco-audit-storage/README.md.gotmpl b/charts/alfresco-audit-storage/README.md.gotmpl new file mode 100644 index 000000000..53ced2645 --- /dev/null +++ b/charts/alfresco-audit-storage/README.md.gotmpl @@ -0,0 +1,23 @@ +--- +title: {{ template "chart.name" . }} +parent: Charts Reference +--- + +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for an example of how to leverage this chart from an umbrella chart. + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl b/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl index 4986d794a..1c400dfc0 100644 --- a/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl +++ b/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl @@ -7,7 +7,7 @@ Usage: include "alfresco-audit-storage.config.audit.entryStorage.es.env" $ {{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} {{- with .Values.search }} {{- $esCm := coalesce .existingConfigMap.name (include "alfresco-audit-storage.fullname" $esCtx) }} -- name: SPRING_ELASTICSEARCH_REST_URIS +- name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI valueFrom: configMapKeyRef: name: {{ $esCm }} @@ -24,12 +24,12 @@ Usage: include "alfresco-audit-storage.config.audit.entryStorage.envCredentials" {{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} {{- with .Values.search }} {{- $esSecret := coalesce .existingSecret.name (include "alfresco-audit-storage.fullname" $esCtx) }} -- name: SPRING_ELASTICSEARCH_REST_USERNAME +- name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME valueFrom: secretKeyRef: name: {{ $esSecret }} key: {{ .existingSecret.keys.username }} -- name: SPRING_ELASTICSEARCH_REST_PASSWORD +- name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_PASSWORD valueFrom: secretKeyRef: name: {{ $esSecret }} diff --git a/charts/alfresco-audit-storage/templates/configmap-elasticsearch.yaml b/charts/alfresco-audit-storage/templates/configmap-es.yaml similarity index 100% rename from charts/alfresco-audit-storage/templates/configmap-elasticsearch.yaml rename to charts/alfresco-audit-storage/templates/configmap-es.yaml diff --git a/charts/alfresco-audit-storage/templates/configmap-mq.yaml b/charts/alfresco-audit-storage/templates/configmap-mq.yaml index cef8cd298..7def1a5f2 100644 --- a/charts/alfresco-audit-storage/templates/configmap-mq.yaml +++ b/charts/alfresco-audit-storage/templates/configmap-mq.yaml @@ -2,9 +2,8 @@ apiVersion: v1 kind: ConfigMap metadata: - name: >- - {{- $ctx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "mq")) "Chart" .Chart "Release" .Release }} - {{ template "alfresco-audit-storage.fullname" $ctx }} + {{- $ctx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "mq")) "Chart" .Chart "Release" .Release }} + name: {{ template "alfresco-audit-storage.fullname" $ctx }} labels: {{- include "alfresco-audit-storage.labels" . | nindent 4 }} data: diff --git a/charts/alfresco-audit-storage/templates/deployment.yaml b/charts/alfresco-audit-storage/templates/deployment.yaml index 463edb549..4529b17a9 100644 --- a/charts/alfresco-audit-storage/templates/deployment.yaml +++ b/charts/alfresco-audit-storage/templates/deployment.yaml @@ -11,8 +11,12 @@ spec: {{- include "alfresco-audit-storage.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + checksum/config-es: {{ include (print $.Template.BasePath "/configmap-es.yaml") $ | sha256sum }} + checksum/config-mq: {{ include (print $.Template.BasePath "/configmap-mq.yaml") $ | sha256sum }} + checksum/secret-es: {{ include (print $.Template.BasePath "/secret-es.yaml") $ | sha256sum }} + checksum/secret-mq: {{ include (print $.Template.BasePath "/secret-mq.yaml") $ | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: @@ -21,19 +25,14 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "alfresco-common.imagePullSecrets" . | indent 6 }} + {{- include "alfresco-common.component-pod-security-context" .Values | indent 4 }} serviceAccountName: {{ include "alfresco-audit-storage.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: {{ printf "%s:%s" .Values.image.repository .Values.image.tag | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- include "alfresco-common.component-security-context" .Values | indent 8 }} ports: - name: http containerPort: {{ .Values.service.port }} @@ -47,10 +46,6 @@ spec: - name: {{ $key }} value: {{ $val | quote }} {{- end }} - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.volumeMounts }} diff --git a/charts/alfresco-audit-storage/templates/ingress.yaml b/charts/alfresco-audit-storage/templates/ingress.yaml deleted file mode 100644 index fb6e2c488..000000000 --- a/charts/alfresco-audit-storage/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "alfresco-audit-storage.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "alfresco-audit-storage.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/alfresco-audit-storage/templates/secret-elasticsearch.yaml b/charts/alfresco-audit-storage/templates/secret-es.yaml similarity index 100% rename from charts/alfresco-audit-storage/templates/secret-elasticsearch.yaml rename to charts/alfresco-audit-storage/templates/secret-es.yaml diff --git a/charts/alfresco-audit-storage/templates/secret-messagebroker.yaml b/charts/alfresco-audit-storage/templates/secret-mq.yaml similarity index 100% rename from charts/alfresco-audit-storage/templates/secret-messagebroker.yaml rename to charts/alfresco-audit-storage/templates/secret-mq.yaml diff --git a/charts/alfresco-audit-storage/templates/service.yaml b/charts/alfresco-audit-storage/templates/service.yaml index b95419951..c250b3197 100644 --- a/charts/alfresco-audit-storage/templates/service.yaml +++ b/charts/alfresco-audit-storage/templates/service.yaml @@ -10,6 +10,6 @@ spec: - port: {{ .Values.service.port }} targetPort: http protocol: TCP - name: http + name: http-traffic selector: {{- include "alfresco-audit-storage.selectorLabels" . | nindent 4 }} diff --git a/charts/alfresco-audit-storage/values.yaml b/charts/alfresco-audit-storage/values.yaml index b61f4e19c..3bbf70ada 100644 --- a/charts/alfresco-audit-storage/values.yaml +++ b/charts/alfresco-audit-storage/values.yaml @@ -1,5 +1,8 @@ replicaCount: 1 +global: + alfrescoRegistryPullSecrets: quay-registry-secret + image: repository: quay.io/alfresco/alfresco-audit-storage pullPolicy: IfNotPresent @@ -10,6 +13,7 @@ nameOverride: "" fullnameOverride: "" environment: + AUDIT_EVENTINGESTION_URI: activemq:topic:alfresco.repo.event2 AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD: 60000 AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT: 1000 SPRING_PROFILES_ACTIVE: "durable-subscriptions" @@ -74,34 +78,24 @@ serviceAccount: podAnnotations: {} podLabels: {} -podSecurityContext: {} +podSecurityContext: + runAsUser: 33000 + runAsGroup: 1000 + fsGroup: 1000 securityContext: {} service: type: ClusterIP - port: 80 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - -livenessProbe: {} -readinessProbe: {} + port: 8081 + +resources: + requests: + cpu: "0.5" + memory: "256Mi" + limits: + cpu: "1" + memory: "512Mi" # Additional volumes on the output Deployment definition. volumes: [] From 800b7060f63987a430164492ccd824cf6fe14634 Mon Sep 17 00:00:00 2001 From: pmacius Date: Mon, 14 Oct 2024 12:55:25 +0200 Subject: [PATCH 06/12] add probes --- charts/alfresco-audit-storage/README.md | 8 ++++++++ .../templates/deployment.yaml | 4 ++++ charts/alfresco-audit-storage/values.yaml | 13 +++++++++++++ 3 files changed, 25 insertions(+) diff --git a/charts/alfresco-audit-storage/README.md b/charts/alfresco-audit-storage/README.md index 5eb9ffad1..12f195e30 100644 --- a/charts/alfresco-audit-storage/README.md +++ b/charts/alfresco-audit-storage/README.md @@ -34,6 +34,10 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs | image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` | | | image.tag | string | `"0.0.1-A8"` | | | imagePullSecrets | list | `[]` | | +| livenessProbe.httpGet.path | string | `"/actuator/health/liveness"` | | +| livenessProbe.httpGet.port | string | `"http"` | | +| livenessProbe.initialDelaySeconds | int | `15` | | +| livenessProbe.periodSeconds | int | `60` | | | messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the URL of the message broker | | messageBroker.existingConfigMap.name | string | `nil` | Alternatively, provide message broker connection details via an existing configmap | | messageBroker.existingSecret | object | `{"keys":{"password":"BROKER_PASSWORD","username":"BROKER_USERNAME"},"name":null}` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | @@ -47,6 +51,10 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs | podSecurityContext.fsGroup | int | `1000` | | | podSecurityContext.runAsGroup | int | `1000` | | | podSecurityContext.runAsUser | int | `33000` | | +| readinessProbe.httpGet.path | string | `"/actuator/health/readiness"` | | +| readinessProbe.httpGet.port | string | `"http"` | | +| readinessProbe.initialDelaySeconds | int | `15` | | +| readinessProbe.periodSeconds | int | `60` | | | replicaCount | int | `1` | | | resources.limits.cpu | string | `"1"` | | | resources.limits.memory | string | `"512Mi"` | | diff --git a/charts/alfresco-audit-storage/templates/deployment.yaml b/charts/alfresco-audit-storage/templates/deployment.yaml index 4529b17a9..a27e3162f 100644 --- a/charts/alfresco-audit-storage/templates/deployment.yaml +++ b/charts/alfresco-audit-storage/templates/deployment.yaml @@ -46,6 +46,10 @@ spec: - name: {{ $key }} value: {{ $val | quote }} {{- end }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.volumeMounts }} diff --git a/charts/alfresco-audit-storage/values.yaml b/charts/alfresco-audit-storage/values.yaml index 3bbf70ada..0495f1dbb 100644 --- a/charts/alfresco-audit-storage/values.yaml +++ b/charts/alfresco-audit-storage/values.yaml @@ -41,6 +41,19 @@ messageBroker: username: BROKER_USERNAME password: BROKER_PASSWORD +livenessProbe: + httpGet: + path: /actuator/health/liveness + port: http + initialDelaySeconds: 15 + periodSeconds: 60 +readinessProbe: + httpGet: + path: /actuator/health/readiness + port: http + initialDelaySeconds: 15 + periodSeconds: 60 + search: # -- The URL where the search/indexing service is available url: null From ddd7e5005a634e691e75f67b75b706902098269e Mon Sep 17 00:00:00 2001 From: pmacius Date: Mon, 14 Oct 2024 15:53:57 +0200 Subject: [PATCH 07/12] review comments --- charts/alfresco-audit-storage/README.md | 28 +- .../ci/default-values.yaml | 5 +- .../templates/_helpers-activemq.tpl | 6 +- .../templates/_helpers-elasticsearch.tpl | 4 +- .../templates/configmap-es.yaml | 4 +- .../templates/configmap-mq.yaml | 2 +- .../templates/deployment.yaml | 4 - .../templates/secret-es.yaml | 2 +- .../templates/secret-mq.yaml | 10 +- charts/alfresco-audit-storage/test.yaml | 665 ++++++++++++++++++ charts/alfresco-audit-storage/values.yaml | 46 +- 11 files changed, 719 insertions(+), 57 deletions(-) create mode 100644 charts/alfresco-audit-storage/test.yaml diff --git a/charts/alfresco-audit-storage/README.md b/charts/alfresco-audit-storage/README.md index 12f195e30..7be51abb4 100644 --- a/charts/alfresco-audit-storage/README.md +++ b/charts/alfresco-audit-storage/README.md @@ -24,6 +24,14 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | +| elasticSearchConnection.existingConfigMap.keys.url | string | `"SEARCH_URL"` | Key within the configmap holding the URL of the elasticsearch service | +| elasticSearchConnection.existingConfigMap.name | string | `nil` | Alternatively, provide elasticsearch service connection details via an existing configmap | +| elasticSearchConnection.existingSecret.keys.password | string | `"SEARCH_PASSWORD"` | Key within the secret that holds the elasticsearch password | +| elasticSearchConnection.existingSecret.keys.username | string | `"SEARCH_USERNAME"` | Key within the secret that holds the elasticsearch username | +| elasticSearchConnection.existingSecret.name | string | `nil` | Alternatively, provide elasticsearch credentials via an existing secret | +| elasticSearchConnection.password | string | `nil` | The password required to access the elasticsearch service, if any | +| elasticSearchConnection.url | string | `nil` | The URL where the elasticsearch service is available | +| elasticSearchConnection.username | string | `nil` | The username required to access the elasticsearch service, if any | | environment.AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD | int | `60000` | | | environment.AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT | int | `1000` | | | environment.AUDIT_EVENTINGESTION_URI | string | `"activemq:topic:alfresco.repo.event2"` | | @@ -38,12 +46,12 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs | livenessProbe.httpGet.port | string | `"http"` | | | livenessProbe.initialDelaySeconds | int | `15` | | | livenessProbe.periodSeconds | int | `60` | | -| messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the URL of the message broker | -| messageBroker.existingConfigMap.name | string | `nil` | Alternatively, provide message broker connection details via an existing configmap | -| messageBroker.existingSecret | object | `{"keys":{"password":"BROKER_PASSWORD","username":"BROKER_USERNAME"},"name":null}` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | -| messageBroker.password | string | `nil` | Broker password | -| messageBroker.url | string | `nil` | Broker URL formatted as per: https://activemq.apache.org/failover-transport-reference | -| messageBroker.username | string | `nil` | Broker username | +| messageBrokerConnection.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the URL of the message broker | +| messageBrokerConnection.existingConfigMap.name | string | `nil` | Alternatively, provide message broker connection details via an existing configmap | +| messageBrokerConnection.existingSecret | object | `{"keys":{"password":"BROKER_PASSWORD","username":"BROKER_USERNAME"},"name":null}` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | +| messageBrokerConnection.password | string | `nil` | Broker password | +| messageBrokerConnection.url | string | `nil` | Broker URL formatted as per: https://activemq.apache.org/failover-transport-reference | +| messageBrokerConnection.username | string | `nil` | Broker username | | nameOverride | string | `""` | | | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | @@ -60,14 +68,6 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs | resources.limits.memory | string | `"512Mi"` | | | resources.requests.cpu | string | `"0.5"` | | | resources.requests.memory | string | `"256Mi"` | | -| search.existingConfigMap.keys.url | string | `"SEARCH_URL"` | Key within the configmap holding the URL of the search/indexing service | -| search.existingConfigMap.name | string | `nil` | Alternatively, provide search/indexing service connection details via an existing configmap | -| search.existingSecret.keys.password | string | `"SEARCH_PASSWORD"` | Key within the secret that holds the search/indexing password | -| search.existingSecret.keys.username | string | `"SEARCH_USERNAME"` | Key within the secret that holds the search/indexing username | -| search.existingSecret.name | string | `nil` | Alternatively, provide search/indexing credentials via an existing secret | -| search.password | string | `nil` | The password required to access the search/indexing service, if any | -| search.url | string | `nil` | The URL where the search/indexing service is available | -| search.username | string | `nil` | The username required to access the search/indexing service, if any | | securityContext | object | `{}` | | | service.port | int | `8081` | | | service.type | string | `"ClusterIP"` | | diff --git a/charts/alfresco-audit-storage/ci/default-values.yaml b/charts/alfresco-audit-storage/ci/default-values.yaml index d80a70d59..729c77f72 100644 --- a/charts/alfresco-audit-storage/ci/default-values.yaml +++ b/charts/alfresco-audit-storage/ci/default-values.yaml @@ -1,4 +1,3 @@ -# avoid too long resource names being truncated and conflicting nameOverride: aas resources: requests: @@ -27,9 +26,9 @@ activemq: limits: cpu: "1000m" memory: "1Gi" -search: +elasticSearchConnection: url: http://elasticsearch-master:9200 -messageBroker: +messageBrokerConnection: url: nio://activemq-broker:61616 tags: ci: true diff --git a/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl b/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl index 059afd97b..e7af7bda4 100644 --- a/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl +++ b/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl @@ -4,7 +4,7 @@ Usage: include "alfresco-audit-storage.activemq.url" $ */}} {{- define "alfresco-audit-storage.activemq.url" -}} -{{- required "You need to provide an ActiveMQ URL using messageBroker.url or using an existingConfigMap check chart README file" $.Values.messageBroker.url }} +{{- required "You need to provide an ActiveMQ URL using messageBrokerConnection.url or using an existingConfigMap check chart README file" $.Values.messageBrokerConnection.url }} {{- end -}} {{/* @@ -14,7 +14,7 @@ Usage: include "alfresco-audit-storage.activemq.cm.env" $ */}} {{- define "alfresco-audit-storage.activemq.cm.env" -}} {{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default $.Chart.Name) "mq")) "Chart" .Chart "Release" .Release }} -{{- with .Values.messageBroker }} +{{- with .Values.messageBrokerConnection }} {{- $mqCm := coalesce .existingConfigMap.name (include "alfresco-audit-storage.fullname" $mqCtx) }} - name: SPRING_ACTIVEMQ_BROKERURL valueFrom: @@ -31,7 +31,7 @@ Usage: include "alfresco-audit-storage.activemq.secret.env" $ */}} {{- define "alfresco-audit-storage.activemq.secret.env" -}} {{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "mq")) "Chart" .Chart "Release" .Release }} -{{- with .Values.messageBroker }} +{{- with .Values.messageBrokerConnection }} {{- $mqSecret := coalesce .existingSecret.name (include "alfresco-audit-storage.fullname" $mqCtx) }} - name: SPRING_ACTIVEMQ_USER valueFrom: diff --git a/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl b/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl index 1c400dfc0..e767197be 100644 --- a/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl +++ b/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl @@ -5,7 +5,7 @@ Usage: include "alfresco-audit-storage.config.audit.entryStorage.es.env" $ */}} {{- define "alfresco-audit-storage.config.audit.entryStorage.es.env" -}} {{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} -{{- with .Values.search }} +{{- with .Values.elasticSearchConnection }} {{- $esCm := coalesce .existingConfigMap.name (include "alfresco-audit-storage.fullname" $esCtx) }} - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI valueFrom: @@ -22,7 +22,7 @@ Usage: include "alfresco-audit-storage.config.audit.entryStorage.envCredentials" */}} {{- define "alfresco-audit-storage.config.audit.entryStorage.envCredentials" -}} {{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} -{{- with .Values.search }} +{{- with .Values.elasticSearchConnection }} {{- $esSecret := coalesce .existingSecret.name (include "alfresco-audit-storage.fullname" $esCtx) }} - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME valueFrom: diff --git a/charts/alfresco-audit-storage/templates/configmap-es.yaml b/charts/alfresco-audit-storage/templates/configmap-es.yaml index 61ebfc0d6..0f45a82f4 100644 --- a/charts/alfresco-audit-storage/templates/configmap-es.yaml +++ b/charts/alfresco-audit-storage/templates/configmap-es.yaml @@ -1,4 +1,4 @@ -{{- with .Values.search }} +{{- with .Values.elasticSearchConnection }} {{- if not .existingConfigMap.name }} apiVersion: v1 kind: ConfigMap @@ -8,7 +8,7 @@ metadata: labels: {{- include "alfresco-audit-storage.labels" $ | nindent 4 }} data: - {{- $reqMsg := "Please provide elasticsearch connection details as .search.url values or using an .search.existingConfigMap." }} + {{- $reqMsg := "Please provide elasticsearch connection details as .elasticSearchConnection.url values or using an .elasticSearchConnection.existingConfigMap." }} {{- $esProtocol := required $reqMsg (include "alfresco-common.url.scheme" .url) }} {{- $esHost := required $reqMsg (include "alfresco-common.url.host" .url) }} {{- $esPort := required $reqMsg (include "alfresco-common.url.port" .url) }} diff --git a/charts/alfresco-audit-storage/templates/configmap-mq.yaml b/charts/alfresco-audit-storage/templates/configmap-mq.yaml index 7def1a5f2..e370f9171 100644 --- a/charts/alfresco-audit-storage/templates/configmap-mq.yaml +++ b/charts/alfresco-audit-storage/templates/configmap-mq.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.messageBroker.existingConfigMap.name -}} +{{- if not .Values.messageBrokerConnection.existingConfigMap.name -}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/alfresco-audit-storage/templates/deployment.yaml b/charts/alfresco-audit-storage/templates/deployment.yaml index a27e3162f..5556bde21 100644 --- a/charts/alfresco-audit-storage/templates/deployment.yaml +++ b/charts/alfresco-audit-storage/templates/deployment.yaml @@ -12,10 +12,6 @@ spec: template: metadata: annotations: - checksum/config-es: {{ include (print $.Template.BasePath "/configmap-es.yaml") $ | sha256sum }} - checksum/config-mq: {{ include (print $.Template.BasePath "/configmap-mq.yaml") $ | sha256sum }} - checksum/secret-es: {{ include (print $.Template.BasePath "/secret-es.yaml") $ | sha256sum }} - checksum/secret-mq: {{ include (print $.Template.BasePath "/secret-mq.yaml") $ | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/alfresco-audit-storage/templates/secret-es.yaml b/charts/alfresco-audit-storage/templates/secret-es.yaml index 656685260..645c020d2 100644 --- a/charts/alfresco-audit-storage/templates/secret-es.yaml +++ b/charts/alfresco-audit-storage/templates/secret-es.yaml @@ -1,4 +1,4 @@ -{{- with .Values.search }} +{{- with .Values.elasticSearchConnection }} {{- if not .existingSecret.name }} apiVersion: v1 kind: Secret diff --git a/charts/alfresco-audit-storage/templates/secret-mq.yaml b/charts/alfresco-audit-storage/templates/secret-mq.yaml index d6dad004d..f8ddb5ab1 100644 --- a/charts/alfresco-audit-storage/templates/secret-mq.yaml +++ b/charts/alfresco-audit-storage/templates/secret-mq.yaml @@ -1,13 +1,15 @@ -{{- if not .Values.messageBroker.existingSecret.name }} +{{- with .Values.messageBrokerConnection }} +{{- if not .existingSecret.name }} apiVersion: v1 kind: Secret metadata: {{- $ctx := dict "Values" (dict "nameOverride" (printf "%s-%s" ($.Values.nameOverride | default $.Chart.Name) "mq")) "Chart" $.Chart "Release" $.Release }} name: {{ template "alfresco-audit-storage.fullname" $ctx }} labels: - {{- include "alfresco-audit-storage.labels" . | nindent 4 }} + {{- include "alfresco-audit-storage.labels" $ | nindent 4 }} type: Opaque data: - BROKER_USERNAME: {{ .Values.messageBroker.username | default "" | b64enc | quote }} - BROKER_PASSWORD: {{ .Values.messageBroker.password | default "" | b64enc | quote }} + BROKER_USERNAME: {{ .username | default "" | b64enc | quote }} + BROKER_PASSWORD: {{ .password | default "" | b64enc | quote }} +{{- end }} {{- end }} diff --git a/charts/alfresco-audit-storage/test.yaml b/charts/alfresco-audit-storage/test.yaml new file mode 100644 index 000000000..83f804dbf --- /dev/null +++ b/charts/alfresco-audit-storage/test.yaml @@ -0,0 +1,665 @@ +--- +# Source: alfresco-audit-storage/charts/elasticsearch/templates/poddisruptionbudget.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: "elasticsearch-master-pdb" +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: "elasticsearch-master" +--- +# Source: alfresco-audit-storage/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: audit-aas + labels: + helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 + app.kubernetes.io/name: aas + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "0.0.1-A8" + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: true +--- +# Source: alfresco-audit-storage/charts/activemq/templates/secret-activemq.yaml +apiVersion: v1 +kind: Secret +metadata: + name: activemq-brokersecret + labels: + helm.sh/chart: activemq-3.5.5 + app.kubernetes.io/name: activemq + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "5.18.5" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: activemq +type: Opaque +data: + BROKER_USERNAME: "YWRtaW4=" + BROKER_PASSWORD: "YWRtaW4=" +--- +# Source: alfresco-audit-storage/templates/secret-es.yaml +apiVersion: v1 +kind: Secret +metadata: + name: audit-aas-es + labels: + helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 + app.kubernetes.io/name: aas + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "0.0.1-A8" + app.kubernetes.io/managed-by: Helm +type: Opaque +data: + SEARCH_USERNAME: "" + SEARCH_PASSWORD: "" +--- +# Source: alfresco-audit-storage/templates/secret-mq.yaml +apiVersion: v1 +kind: Secret +metadata: + name: audit-aas-mq + labels: + helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 + app.kubernetes.io/name: aas + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "0.0.1-A8" + app.kubernetes.io/managed-by: Helm +type: Opaque +data: + BROKER_USERNAME: "" + BROKER_PASSWORD: "" +--- +# Source: alfresco-audit-storage/templates/configmap-es.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: audit-aas-es + labels: + helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 + app.kubernetes.io/name: aas + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "0.0.1-A8" + app.kubernetes.io/managed-by: Helm +data: + SEARCH_URL: http://elasticsearch-master:9200 +--- +# Source: alfresco-audit-storage/templates/configmap-mq.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: audit-aas-mq + labels: + helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 + app.kubernetes.io/name: aas + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "0.0.1-A8" + app.kubernetes.io/managed-by: Helm +data: + BROKER_URL: failover:(nio://activemq-broker:61616) +--- +# Source: alfresco-audit-storage/charts/activemq/templates/pvc-activemq.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: activemq-default-pvc +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: "20Gi" +--- +# Source: alfresco-audit-storage/charts/activemq/templates/svc-activemq-broker.yaml +apiVersion: v1 +kind: Service +metadata: + name: activemq-broker + labels: + helm.sh/chart: activemq-3.5.5 + app.kubernetes.io/name: activemq + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "5.18.5" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: activemq +spec: + type: ClusterIP + ports: + - port: 61613 + targetPort: 61613 + name: stomp + protocol: TCP + - port: 61616 + targetPort: 61616 + name: openwire + protocol: TCP + - port: 5672 + targetPort: 5672 + name: amqp + protocol: TCP + selector: + app.kubernetes.io/name: activemq + app.kubernetes.io/instance: audit +--- +# Source: alfresco-audit-storage/charts/activemq/templates/svc-activemq-web-console.yaml +apiVersion: v1 +kind: Service +metadata: + name: activemq-web-console + labels: + helm.sh/chart: activemq-3.5.5 + app.kubernetes.io/name: activemq + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "5.18.5" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: activemq +spec: + type: NodePort + ports: + - port: 8161 + targetPort: 8161 + name: web-console + protocol: TCP + selector: + app.kubernetes.io/name: activemq + app.kubernetes.io/instance: audit +--- +# Source: alfresco-audit-storage/charts/elasticsearch/templates/service.yaml +kind: Service +apiVersion: v1 +metadata: + name: elasticsearch-master + labels: + heritage: "Helm" + release: "audit" + chart: "elasticsearch" + app: "elasticsearch-master" + annotations: + {} +spec: + type: ClusterIP + selector: + release: "audit" + chart: "elasticsearch" + app: "elasticsearch-master" + publishNotReadyAddresses: false + ports: + - name: http + protocol: TCP + port: 9200 + - name: transport + protocol: TCP + port: 9300 +--- +# Source: alfresco-audit-storage/charts/elasticsearch/templates/service.yaml +kind: Service +apiVersion: v1 +metadata: + name: elasticsearch-master-headless + labels: + heritage: "Helm" + release: "audit" + chart: "elasticsearch" + app: "elasticsearch-master" + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve + # Create endpoints also if the related pod isn't ready + publishNotReadyAddresses: true + selector: + app: "elasticsearch-master" + ports: + - name: http + port: 9200 + - name: transport + port: 9300 +--- +# Source: alfresco-audit-storage/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: audit-aas + labels: + helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 + app.kubernetes.io/name: aas + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "0.0.1-A8" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 8081 + targetPort: http + protocol: TCP + name: http-traffic + selector: + app.kubernetes.io/name: aas + app.kubernetes.io/instance: audit +--- +# Source: alfresco-audit-storage/charts/activemq/templates/deployment-activemq.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: activemq + labels: + helm.sh/chart: activemq-3.5.5 + app.kubernetes.io/name: activemq + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "5.18.5" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: activemq +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: activemq + app.kubernetes.io/instance: audit + template: + metadata: + labels: + helm.sh/chart: activemq-3.5.5 + app.kubernetes.io/name: activemq + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "5.18.5" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: activemq + spec: + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 33031 + imagePullSecrets: + - name: quay-registry-secret + containers: + - name: activemq + image: "alfresco/alfresco-activemq:5.18.5-jre17-rockylinux8" + imagePullPolicy: IfNotPresent + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + env: + - name: ACTIVEMQ_CONFIG_MINMEMORY + value: "512" + - name: ACTIVEMQ_CONFIG_MAXMEMORY + value: "1Gi" + - name: ACTIVEMQ_BROKER_NAME + value: "activemq" + - name: ACTIVEMQ_ADMIN_LOGIN + valueFrom: + secretKeyRef: + name: activemq-brokersecret + key: BROKER_USERNAME + - name: ACTIVEMQ_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: activemq-brokersecret + key: BROKER_PASSWORD + ports: + - name: stomp + containerPort: 61613 + - name: openwire + containerPort: 61616 + - name: amqp + containerPort: 5672 + - name: web-console + containerPort: 8161 + readinessProbe: + tcpSocket: + port: 61616 + initialDelaySeconds: 5 + periodSeconds: 10 + failureThreshold: 6 + timeoutSeconds: 1 + livenessProbe: + tcpSocket: + port: 61616 + initialDelaySeconds: 60 + periodSeconds: 10 + failureThreshold: 6 + timeoutSeconds: 1 + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi + volumeMounts: + - name: data + mountPath: /opt/activemq/data + subPath: alfresco-infrastructure/activemq-data + volumes: + - name: data + persistentVolumeClaim: + claimName: >- + activemq-default-pvc + terminationGracePeriodSeconds: 1 +--- +# Source: alfresco-audit-storage/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: audit-aas + labels: + helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 + app.kubernetes.io/name: aas + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "0.0.1-A8" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: aas + app.kubernetes.io/instance: audit + template: + metadata: + annotations: + labels: + helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 + app.kubernetes.io/name: aas + app.kubernetes.io/instance: audit + app.kubernetes.io/version: "0.0.1-A8" + app.kubernetes.io/managed-by: Helm + spec: + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 33000 + serviceAccountName: audit-aas + containers: + - name: alfresco-audit-storage + image: "quay.io/alfresco/alfresco-audit-storage:0.0.1-A8" + imagePullPolicy: IfNotPresent + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + ports: + - name: http + containerPort: 8081 + protocol: TCP + env: + + - name: SPRING_ACTIVEMQ_USER + valueFrom: + secretKeyRef: + name: audit-aas-mq + key: BROKER_USERNAME + - name: SPRING_ACTIVEMQ_PASSWORD + valueFrom: + secretKeyRef: + name: audit-aas-mq + key: BROKER_PASSWORD + + - name: SPRING_ACTIVEMQ_BROKERURL + valueFrom: + configMapKeyRef: + name: audit-aas-mq + key: BROKER_URL + + - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME + valueFrom: + secretKeyRef: + name: audit-aas-es + key: SEARCH_USERNAME + - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_PASSWORD + valueFrom: + secretKeyRef: + name: audit-aas-es + key: SEARCH_PASSWORD + + - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI + valueFrom: + configMapKeyRef: + name: audit-aas-es + key: SEARCH_URL + - name: AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD + value: "60000" + - name: AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT + value: "1000" + - name: AUDIT_EVENTINGESTION_URI + value: "activemq:topic:alfresco.repo.event2" + - name: SPRING_PROFILES_ACTIVE + value: "durable-subscriptions" + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: http + initialDelaySeconds: 15 + periodSeconds: 60 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: http + initialDelaySeconds: 15 + periodSeconds: 60 + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi +--- +# Source: alfresco-audit-storage/charts/elasticsearch/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: elasticsearch-master + labels: + heritage: "Helm" + release: "audit" + chart: "elasticsearch" + app: "elasticsearch-master" + annotations: + esMajorVersion: "7" +spec: + serviceName: elasticsearch-master-headless + selector: + matchLabels: + app: "elasticsearch-master" + replicas: 1 + podManagementPolicy: Parallel + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: elasticsearch-master + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30Gi + template: + metadata: + name: "elasticsearch-master" + labels: + release: "audit" + chart: "elasticsearch" + app: "elasticsearch-master" + annotations: + + spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 + automountServiceAccountToken: true + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - "elasticsearch-master" + topologyKey: kubernetes.io/hostname + terminationGracePeriodSeconds: 120 + volumes: + enableServiceLinks: true + initContainers: + - name: configure-sysctl + securityContext: + runAsUser: 0 + privileged: true + image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.3" + imagePullPolicy: "IfNotPresent" + command: ["sysctl", "-w", "vm.max_map_count=262144"] + resources: + {} + + containers: + - name: "elasticsearch" + securityContext: + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1000 + image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.3" + imagePullPolicy: "IfNotPresent" + readinessProbe: + exec: + command: + - bash + - -c + - | + set -e + # If the node is starting up wait for the cluster to be ready (request params: "wait_for_status=yellow&timeout=1s" ) + # Once it has started only check that the node itself is responding + START_FILE=/tmp/.es_start_file + + # Disable nss cache to avoid filling dentry cache when calling curl + # This is required with Elasticsearch Docker using nss < 3.52 + export NSS_SDB_USE_CACHE=no + + http () { + local path="${1}" + local args="${2}" + set -- -XGET -s + + if [ "$args" != "" ]; then + set -- "$@" $args + fi + + if [ -n "${ELASTIC_PASSWORD}" ]; then + set -- "$@" -u "elastic:${ELASTIC_PASSWORD}" + fi + + curl --output /dev/null -k "$@" "http://127.0.0.1:9200${path}" + } + + if [ -f "${START_FILE}" ]; then + echo 'Elasticsearch is already running, lets check the node is healthy' + HTTP_CODE=$(http "/" "-w %{http_code}") + RC=$? + if [[ ${RC} -ne 0 ]]; then + echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} http://127.0.0.1:9200/ failed with RC ${RC}" + exit ${RC} + fi + # ready if HTTP code 200, 503 is tolerable if ES version is 6.x + if [[ ${HTTP_CODE} == "200" ]]; then + exit 0 + elif [[ ${HTTP_CODE} == "503" && "7" == "6" ]]; then + exit 0 + else + echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} http://127.0.0.1:9200/ failed with HTTP code ${HTTP_CODE}" + exit 1 + fi + + else + echo 'Waiting for elasticsearch cluster to become ready (request params: "wait_for_status=yellow&timeout=1s" )' + if http "/_cluster/health?wait_for_status=yellow&timeout=1s" "--fail" ; then + touch ${START_FILE} + exit 0 + else + echo 'Cluster is not yet ready (request params: "wait_for_status=yellow&timeout=1s" )' + exit 1 + fi + fi + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 3 + timeoutSeconds: 5 + ports: + - name: http + containerPort: 9200 + - name: transport + containerPort: 9300 + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 1Gi + env: + - name: node.name + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: cluster.initial_master_nodes + value: "elasticsearch-master-0," + - name: discovery.seed_hosts + value: "elasticsearch-master-headless" + - name: cluster.name + value: "elasticsearch" + - name: network.host + value: "0.0.0.0" + - name: cluster.deprecation_indexing.enabled + value: "false" + - name: ES_JAVA_OPTS + value: "-Xmx512m -Xms512m" + - name: node.data + value: "true" + - name: node.ingest + value: "true" + - name: node.master + value: "true" + - name: node.ml + value: "true" + - name: node.remote_cluster_client + value: "true" + volumeMounts: + - name: "elasticsearch-master" + mountPath: /usr/share/elasticsearch/data +--- +# Source: alfresco-audit-storage/charts/elasticsearch/templates/test/test-elasticsearch-health.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "audit-xdmwn-test" + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 + containers: + - name: "audit-kweot-test" + image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.3" + imagePullPolicy: "IfNotPresent" + command: + - "sh" + - "-c" + - | + #!/usr/bin/env bash -e + curl -XGET --fail 'elasticsearch-master:9200/_cluster/health?wait_for_status=yellow&timeout=1s' + restartPolicy: Never diff --git a/charts/alfresco-audit-storage/values.yaml b/charts/alfresco-audit-storage/values.yaml index 0495f1dbb..15e49cc2c 100644 --- a/charts/alfresco-audit-storage/values.yaml +++ b/charts/alfresco-audit-storage/values.yaml @@ -12,13 +12,26 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +livenessProbe: + httpGet: + path: /actuator/health/liveness + port: http + initialDelaySeconds: 15 + periodSeconds: 60 +readinessProbe: + httpGet: + path: /actuator/health/readiness + port: http + initialDelaySeconds: 15 + periodSeconds: 60 + environment: AUDIT_EVENTINGESTION_URI: activemq:topic:alfresco.repo.event2 AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD: 60000 AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT: 1000 SPRING_PROFILES_ACTIVE: "durable-subscriptions" -messageBroker: +messageBrokerConnection: # -- Broker URL formatted as per: # https://activemq.apache.org/failover-transport-reference url: null @@ -41,40 +54,27 @@ messageBroker: username: BROKER_USERNAME password: BROKER_PASSWORD -livenessProbe: - httpGet: - path: /actuator/health/liveness - port: http - initialDelaySeconds: 15 - periodSeconds: 60 -readinessProbe: - httpGet: - path: /actuator/health/readiness - port: http - initialDelaySeconds: 15 - periodSeconds: 60 - -search: - # -- The URL where the search/indexing service is available +elasticSearchConnection: + # -- The URL where the elasticsearch service is available url: null - # -- The username required to access the search/indexing service, if any + # -- The username required to access the elasticsearch service, if any username: null - # -- The password required to access the search/indexing service, if any + # -- The password required to access the elasticsearch service, if any password: null existingConfigMap: - # -- Alternatively, provide search/indexing service connection details via + # -- Alternatively, provide elasticsearch service connection details via # an existing configmap name: null keys: - # -- Key within the configmap holding the URL of the search/indexing service + # -- Key within the configmap holding the URL of the elasticsearch service url: SEARCH_URL existingSecret: - # -- Alternatively, provide search/indexing credentials via an existing secret + # -- Alternatively, provide elasticsearch credentials via an existing secret name: null keys: - # -- Key within the secret that holds the search/indexing username + # -- Key within the secret that holds the elasticsearch username username: SEARCH_USERNAME - # -- Key within the secret that holds the search/indexing password + # -- Key within the secret that holds the elasticsearch password password: SEARCH_PASSWORD serviceAccount: From 9e4b4271345dfc61bd78f9ba1e18644cc68eb9e7 Mon Sep 17 00:00:00 2001 From: pmacius Date: Mon, 14 Oct 2024 16:11:52 +0200 Subject: [PATCH 08/12] remove testing file add configmap tests --- .../templates/_helpers.tpl | 1 + charts/alfresco-audit-storage/test.yaml | 665 ------------------ .../tests/configmaps_test.yaml | 58 ++ .../tests/values/embedded-charts-values.yaml | 4 + 4 files changed, 63 insertions(+), 665 deletions(-) delete mode 100644 charts/alfresco-audit-storage/test.yaml create mode 100644 charts/alfresco-audit-storage/tests/configmaps_test.yaml create mode 100644 charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml diff --git a/charts/alfresco-audit-storage/templates/_helpers.tpl b/charts/alfresco-audit-storage/templates/_helpers.tpl index ce4cd4d8a..a9b7866dc 100644 --- a/charts/alfresco-audit-storage/templates/_helpers.tpl +++ b/charts/alfresco-audit-storage/templates/_helpers.tpl @@ -40,6 +40,7 @@ helm.sh/chart: {{ include "alfresco-audit-storage.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: {{ .Chart.Name }} {{- end }} {{/* diff --git a/charts/alfresco-audit-storage/test.yaml b/charts/alfresco-audit-storage/test.yaml deleted file mode 100644 index 83f804dbf..000000000 --- a/charts/alfresco-audit-storage/test.yaml +++ /dev/null @@ -1,665 +0,0 @@ ---- -# Source: alfresco-audit-storage/charts/elasticsearch/templates/poddisruptionbudget.yaml -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: "elasticsearch-master-pdb" -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: "elasticsearch-master" ---- -# Source: alfresco-audit-storage/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: audit-aas - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -automountServiceAccountToken: true ---- -# Source: alfresco-audit-storage/charts/activemq/templates/secret-activemq.yaml -apiVersion: v1 -kind: Secret -metadata: - name: activemq-brokersecret - labels: - helm.sh/chart: activemq-3.5.5 - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "5.18.5" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: activemq -type: Opaque -data: - BROKER_USERNAME: "YWRtaW4=" - BROKER_PASSWORD: "YWRtaW4=" ---- -# Source: alfresco-audit-storage/templates/secret-es.yaml -apiVersion: v1 -kind: Secret -metadata: - name: audit-aas-es - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -type: Opaque -data: - SEARCH_USERNAME: "" - SEARCH_PASSWORD: "" ---- -# Source: alfresco-audit-storage/templates/secret-mq.yaml -apiVersion: v1 -kind: Secret -metadata: - name: audit-aas-mq - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -type: Opaque -data: - BROKER_USERNAME: "" - BROKER_PASSWORD: "" ---- -# Source: alfresco-audit-storage/templates/configmap-es.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: audit-aas-es - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -data: - SEARCH_URL: http://elasticsearch-master:9200 ---- -# Source: alfresco-audit-storage/templates/configmap-mq.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: audit-aas-mq - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -data: - BROKER_URL: failover:(nio://activemq-broker:61616) ---- -# Source: alfresco-audit-storage/charts/activemq/templates/pvc-activemq.yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: activemq-default-pvc -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: "20Gi" ---- -# Source: alfresco-audit-storage/charts/activemq/templates/svc-activemq-broker.yaml -apiVersion: v1 -kind: Service -metadata: - name: activemq-broker - labels: - helm.sh/chart: activemq-3.5.5 - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "5.18.5" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: activemq -spec: - type: ClusterIP - ports: - - port: 61613 - targetPort: 61613 - name: stomp - protocol: TCP - - port: 61616 - targetPort: 61616 - name: openwire - protocol: TCP - - port: 5672 - targetPort: 5672 - name: amqp - protocol: TCP - selector: - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit ---- -# Source: alfresco-audit-storage/charts/activemq/templates/svc-activemq-web-console.yaml -apiVersion: v1 -kind: Service -metadata: - name: activemq-web-console - labels: - helm.sh/chart: activemq-3.5.5 - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "5.18.5" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: activemq -spec: - type: NodePort - ports: - - port: 8161 - targetPort: 8161 - name: web-console - protocol: TCP - selector: - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit ---- -# Source: alfresco-audit-storage/charts/elasticsearch/templates/service.yaml -kind: Service -apiVersion: v1 -metadata: - name: elasticsearch-master - labels: - heritage: "Helm" - release: "audit" - chart: "elasticsearch" - app: "elasticsearch-master" - annotations: - {} -spec: - type: ClusterIP - selector: - release: "audit" - chart: "elasticsearch" - app: "elasticsearch-master" - publishNotReadyAddresses: false - ports: - - name: http - protocol: TCP - port: 9200 - - name: transport - protocol: TCP - port: 9300 ---- -# Source: alfresco-audit-storage/charts/elasticsearch/templates/service.yaml -kind: Service -apiVersion: v1 -metadata: - name: elasticsearch-master-headless - labels: - heritage: "Helm" - release: "audit" - chart: "elasticsearch" - app: "elasticsearch-master" - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve - # Create endpoints also if the related pod isn't ready - publishNotReadyAddresses: true - selector: - app: "elasticsearch-master" - ports: - - name: http - port: 9200 - - name: transport - port: 9300 ---- -# Source: alfresco-audit-storage/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: audit-aas - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -spec: - type: ClusterIP - ports: - - port: 8081 - targetPort: http - protocol: TCP - name: http-traffic - selector: - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit ---- -# Source: alfresco-audit-storage/charts/activemq/templates/deployment-activemq.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: activemq - labels: - helm.sh/chart: activemq-3.5.5 - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "5.18.5" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: activemq -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - template: - metadata: - labels: - helm.sh/chart: activemq-3.5.5 - app.kubernetes.io/name: activemq - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "5.18.5" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: activemq - spec: - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsUser: 33031 - imagePullSecrets: - - name: quay-registry-secret - containers: - - name: activemq - image: "alfresco/alfresco-activemq:5.18.5-jre17-rockylinux8" - imagePullPolicy: IfNotPresent - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - env: - - name: ACTIVEMQ_CONFIG_MINMEMORY - value: "512" - - name: ACTIVEMQ_CONFIG_MAXMEMORY - value: "1Gi" - - name: ACTIVEMQ_BROKER_NAME - value: "activemq" - - name: ACTIVEMQ_ADMIN_LOGIN - valueFrom: - secretKeyRef: - name: activemq-brokersecret - key: BROKER_USERNAME - - name: ACTIVEMQ_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: activemq-brokersecret - key: BROKER_PASSWORD - ports: - - name: stomp - containerPort: 61613 - - name: openwire - containerPort: 61616 - - name: amqp - containerPort: 5672 - - name: web-console - containerPort: 8161 - readinessProbe: - tcpSocket: - port: 61616 - initialDelaySeconds: 5 - periodSeconds: 10 - failureThreshold: 6 - timeoutSeconds: 1 - livenessProbe: - tcpSocket: - port: 61616 - initialDelaySeconds: 60 - periodSeconds: 10 - failureThreshold: 6 - timeoutSeconds: 1 - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 512Mi - volumeMounts: - - name: data - mountPath: /opt/activemq/data - subPath: alfresco-infrastructure/activemq-data - volumes: - - name: data - persistentVolumeClaim: - claimName: >- - activemq-default-pvc - terminationGracePeriodSeconds: 1 ---- -# Source: alfresco-audit-storage/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: audit-aas - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - template: - metadata: - annotations: - labels: - helm.sh/chart: alfresco-audit-storage-0.0.1-alpha.0 - app.kubernetes.io/name: aas - app.kubernetes.io/instance: audit - app.kubernetes.io/version: "0.0.1-A8" - app.kubernetes.io/managed-by: Helm - spec: - imagePullSecrets: - - name: quay-registry-secret - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsUser: 33000 - serviceAccountName: audit-aas - containers: - - name: alfresco-audit-storage - image: "quay.io/alfresco/alfresco-audit-storage:0.0.1-A8" - imagePullPolicy: IfNotPresent - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - ports: - - name: http - containerPort: 8081 - protocol: TCP - env: - - - name: SPRING_ACTIVEMQ_USER - valueFrom: - secretKeyRef: - name: audit-aas-mq - key: BROKER_USERNAME - - name: SPRING_ACTIVEMQ_PASSWORD - valueFrom: - secretKeyRef: - name: audit-aas-mq - key: BROKER_PASSWORD - - - name: SPRING_ACTIVEMQ_BROKERURL - valueFrom: - configMapKeyRef: - name: audit-aas-mq - key: BROKER_URL - - - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME - valueFrom: - secretKeyRef: - name: audit-aas-es - key: SEARCH_USERNAME - - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_PASSWORD - valueFrom: - secretKeyRef: - name: audit-aas-es - key: SEARCH_PASSWORD - - - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI - valueFrom: - configMapKeyRef: - name: audit-aas-es - key: SEARCH_URL - - name: AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD - value: "60000" - - name: AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT - value: "1000" - - name: AUDIT_EVENTINGESTION_URI - value: "activemq:topic:alfresco.repo.event2" - - name: SPRING_PROFILES_ACTIVE - value: "durable-subscriptions" - livenessProbe: - httpGet: - path: /actuator/health/liveness - port: http - initialDelaySeconds: 15 - periodSeconds: 60 - readinessProbe: - httpGet: - path: /actuator/health/readiness - port: http - initialDelaySeconds: 15 - periodSeconds: 60 - resources: - limits: - cpu: "1" - memory: 1Gi - requests: - cpu: 100m - memory: 128Mi ---- -# Source: alfresco-audit-storage/charts/elasticsearch/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: elasticsearch-master - labels: - heritage: "Helm" - release: "audit" - chart: "elasticsearch" - app: "elasticsearch-master" - annotations: - esMajorVersion: "7" -spec: - serviceName: elasticsearch-master-headless - selector: - matchLabels: - app: "elasticsearch-master" - replicas: 1 - podManagementPolicy: Parallel - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: elasticsearch-master - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 30Gi - template: - metadata: - name: "elasticsearch-master" - labels: - release: "audit" - chart: "elasticsearch" - app: "elasticsearch-master" - annotations: - - spec: - securityContext: - fsGroup: 1000 - runAsUser: 1000 - automountServiceAccountToken: true - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - "elasticsearch-master" - topologyKey: kubernetes.io/hostname - terminationGracePeriodSeconds: 120 - volumes: - enableServiceLinks: true - initContainers: - - name: configure-sysctl - securityContext: - runAsUser: 0 - privileged: true - image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.3" - imagePullPolicy: "IfNotPresent" - command: ["sysctl", "-w", "vm.max_map_count=262144"] - resources: - {} - - containers: - - name: "elasticsearch" - securityContext: - capabilities: - drop: - - ALL - runAsNonRoot: true - runAsUser: 1000 - image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.3" - imagePullPolicy: "IfNotPresent" - readinessProbe: - exec: - command: - - bash - - -c - - | - set -e - # If the node is starting up wait for the cluster to be ready (request params: "wait_for_status=yellow&timeout=1s" ) - # Once it has started only check that the node itself is responding - START_FILE=/tmp/.es_start_file - - # Disable nss cache to avoid filling dentry cache when calling curl - # This is required with Elasticsearch Docker using nss < 3.52 - export NSS_SDB_USE_CACHE=no - - http () { - local path="${1}" - local args="${2}" - set -- -XGET -s - - if [ "$args" != "" ]; then - set -- "$@" $args - fi - - if [ -n "${ELASTIC_PASSWORD}" ]; then - set -- "$@" -u "elastic:${ELASTIC_PASSWORD}" - fi - - curl --output /dev/null -k "$@" "http://127.0.0.1:9200${path}" - } - - if [ -f "${START_FILE}" ]; then - echo 'Elasticsearch is already running, lets check the node is healthy' - HTTP_CODE=$(http "/" "-w %{http_code}") - RC=$? - if [[ ${RC} -ne 0 ]]; then - echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} http://127.0.0.1:9200/ failed with RC ${RC}" - exit ${RC} - fi - # ready if HTTP code 200, 503 is tolerable if ES version is 6.x - if [[ ${HTTP_CODE} == "200" ]]; then - exit 0 - elif [[ ${HTTP_CODE} == "503" && "7" == "6" ]]; then - exit 0 - else - echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} http://127.0.0.1:9200/ failed with HTTP code ${HTTP_CODE}" - exit 1 - fi - - else - echo 'Waiting for elasticsearch cluster to become ready (request params: "wait_for_status=yellow&timeout=1s" )' - if http "/_cluster/health?wait_for_status=yellow&timeout=1s" "--fail" ; then - touch ${START_FILE} - exit 0 - else - echo 'Cluster is not yet ready (request params: "wait_for_status=yellow&timeout=1s" )' - exit 1 - fi - fi - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 3 - timeoutSeconds: 5 - ports: - - name: http - containerPort: 9200 - - name: transport - containerPort: 9300 - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 1Gi - env: - - name: node.name - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: cluster.initial_master_nodes - value: "elasticsearch-master-0," - - name: discovery.seed_hosts - value: "elasticsearch-master-headless" - - name: cluster.name - value: "elasticsearch" - - name: network.host - value: "0.0.0.0" - - name: cluster.deprecation_indexing.enabled - value: "false" - - name: ES_JAVA_OPTS - value: "-Xmx512m -Xms512m" - - name: node.data - value: "true" - - name: node.ingest - value: "true" - - name: node.master - value: "true" - - name: node.ml - value: "true" - - name: node.remote_cluster_client - value: "true" - volumeMounts: - - name: "elasticsearch-master" - mountPath: /usr/share/elasticsearch/data ---- -# Source: alfresco-audit-storage/charts/elasticsearch/templates/test/test-elasticsearch-health.yaml -apiVersion: v1 -kind: Pod -metadata: - name: "audit-xdmwn-test" - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": hook-succeeded -spec: - securityContext: - fsGroup: 1000 - runAsUser: 1000 - containers: - - name: "audit-kweot-test" - image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.3" - imagePullPolicy: "IfNotPresent" - command: - - "sh" - - "-c" - - | - #!/usr/bin/env bash -e - curl -XGET --fail 'elasticsearch-master:9200/_cluster/health?wait_for_status=yellow&timeout=1s' - restartPolicy: Never diff --git a/charts/alfresco-audit-storage/tests/configmaps_test.yaml b/charts/alfresco-audit-storage/tests/configmaps_test.yaml new file mode 100644 index 000000000..f57ac131c --- /dev/null +++ b/charts/alfresco-audit-storage/tests/configmaps_test.yaml @@ -0,0 +1,58 @@ +--- +suite: test configmaps +templates: + - configmap-mq.yaml + - configmap-es.yaml +tests: + - it: should fail rendering manifest without required ActiveMQ values + asserts: + - failedTemplate: + errorMessage: >- + You need to provide an ActiveMQ URL using messageBrokerConnection.url or using an existingConfigMap check chart README file + template: configmap-mq.yaml + + - it: should create a cm from messageBroker provided values + values: &testvalues + - values/embedded-charts-values.yaml + asserts: + - equal: + path: data.BROKER_URL + value: failover:(nio://activemq-broker:61616) + template: configmap-mq.yaml + - equal: + path: data.SEARCH_URL + value: http://elasticsearch-master:9200 + template: configmap-es.yaml + + - it: should not render cm when existingConfigMap is set + values: *testvalues + set: + elasticSearchConnection.existingConfigMap: + name: external-mq-configmap + messageBrokerConnection.existingConfigMap: + name: external-es-configmap + asserts: + - hasDocuments: + count: 0 + template: configmap-es.yaml + - hasDocuments: + count: 0 + template: configmap-mq.yaml + + - it: should render labels for configmaps + values: *testvalues + set: + nameOverride: testName + chart: + version: 1.0.0 + appVersion: 2.0.0 + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/component: alfresco-audit-storage + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: testName + app.kubernetes.io/version: 2.0.0 + helm.sh/chart: alfresco-audit-storage-1.0.0 diff --git a/charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml b/charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml new file mode 100644 index 000000000..fd7f66853 --- /dev/null +++ b/charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml @@ -0,0 +1,4 @@ +elasticSearchConnection: + url: http://elasticsearch-master:9200 +messageBrokerConnection: + url: nio://activemq-broker:61616 From b3e284e3f85e8dc6b80f1cee3eeea508e9a4db0f Mon Sep 17 00:00:00 2001 From: pmacius Date: Mon, 14 Oct 2024 17:09:46 +0200 Subject: [PATCH 09/12] add tests --- .../tests/deployment_test.yaml | 198 ++++++++++++++++++ .../tests/secret-es_test.yaml | 35 ++++ .../tests/secret-mq_test.yaml | 34 +++ .../tests/service_test.yaml | 50 +++++ .../tests/serviceaccount_test.yaml | 35 ++++ 5 files changed, 352 insertions(+) create mode 100644 charts/alfresco-audit-storage/tests/deployment_test.yaml create mode 100644 charts/alfresco-audit-storage/tests/secret-es_test.yaml create mode 100644 charts/alfresco-audit-storage/tests/secret-mq_test.yaml create mode 100644 charts/alfresco-audit-storage/tests/service_test.yaml create mode 100644 charts/alfresco-audit-storage/tests/serviceaccount_test.yaml diff --git a/charts/alfresco-audit-storage/tests/deployment_test.yaml b/charts/alfresco-audit-storage/tests/deployment_test.yaml new file mode 100644 index 000000000..ff9be7080 --- /dev/null +++ b/charts/alfresco-audit-storage/tests/deployment_test.yaml @@ -0,0 +1,198 @@ +suite: test configmaps +templates: + - deployment.yaml +tests: + - it: should have default image pull secret + asserts: + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: quay-registry-secret + - it: should have default securityContext + asserts: + - equal: + path: spec.template.spec.securityContext + value: + runAsUser: 33000 + runAsGroup: 1000 + fsGroup: 1000 + - it: should have default container name + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: alfresco-audit-storage + - it: should have custom container image + set: + image: + repository: "custom-repo" + tag: "custom-tag" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "custom-repo:custom-tag" + - it: should have custom imagePullPolicy + set: + image: + pullPolicy: "Always" + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: "Always" + - it: should have default securityContext + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - it: should have default ports section + asserts: + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8081 + name: http + protocol: TCP + - it: should have envs section with external cm and secrets + set: + messageBrokerConnection: + existingConfigMap: + name: mq-external-config + keys: + url: BROKER_URL_EXTERNAL + existingSecret: + name: mq-external-secret + keys: + username: BROKER_USERNAME_EXTERNAL + password: BROKER_PASSWORD_EXTERNAL + elasticSearchConnection: + existingConfigMap: + name: es-external-config + keys: + url: SEARCH_URL_EXTERNAL + existingSecret: + name: es-external-secret + keys: + username: SEARCH_USERNAME_EXTERNAL + password: SEARCH_PASSWORD_EXTERNAL + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_ACTIVEMQ_USER + valueFrom: + secretKeyRef: + key: BROKER_USERNAME_EXTERNAL + name: mq-external-secret + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_ACTIVEMQ_PASSWORD + valueFrom: + secretKeyRef: + key: BROKER_PASSWORD_EXTERNAL + name: mq-external-secret + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_ACTIVEMQ_BROKERURL + valueFrom: + configMapKeyRef: + key: BROKER_URL_EXTERNAL + name: mq-external-config + - contains: + path: spec.template.spec.containers[0].env + content: + name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME + valueFrom: + secretKeyRef: + key: SEARCH_USERNAME_EXTERNAL + name: es-external-secret + - contains: + path: spec.template.spec.containers[0].env + content: + name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_PASSWORD + valueFrom: + secretKeyRef: + key: SEARCH_PASSWORD_EXTERNAL + name: es-external-secret + - contains: + path: spec.template.spec.containers[0].env + content: + name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI + valueFrom: + configMapKeyRef: + key: SEARCH_URL_EXTERNAL + name: es-external-config + - it: should contain default envs + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_ACTIVEMQ_USER + valueFrom: + secretKeyRef: + key: BROKER_USERNAME + name: RELEASE-NAME-alfresco-audit-storage-mq + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_ACTIVEMQ_PASSWORD + valueFrom: + secretKeyRef: + key: BROKER_PASSWORD + name: RELEASE-NAME-alfresco-audit-storage-mq + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_ACTIVEMQ_BROKERURL + valueFrom: + configMapKeyRef: + key: BROKER_URL + name: RELEASE-NAME-alfresco-audit-storage-mq + - contains: + path: spec.template.spec.containers[0].env + content: + name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME + valueFrom: + secretKeyRef: + key: SEARCH_USERNAME + name: RELEASE-NAME-alfresco-audit-storage-es + - contains: + path: spec.template.spec.containers[0].env + content: + name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_PASSWORD + valueFrom: + secretKeyRef: + key: SEARCH_PASSWORD + name: RELEASE-NAME-alfresco-audit-storage-es + - contains: + path: spec.template.spec.containers[0].env + content: + name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI + valueFrom: + configMapKeyRef: + key: SEARCH_URL + name: RELEASE-NAME-alfresco-audit-storage-es + - contains: + path: spec.template.spec.containers[0].env + content: + name: AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD + value: "60000" + - contains: + path: spec.template.spec.containers[0].env + content: + name: AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT + value: "1000" + - contains: + path: spec.template.spec.containers[0].env + content: + name: AUDIT_EVENTINGESTION_URI + value: activemq:topic:alfresco.repo.event2 + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_PROFILES_ACTIVE + value: durable-subscriptions diff --git a/charts/alfresco-audit-storage/tests/secret-es_test.yaml b/charts/alfresco-audit-storage/tests/secret-es_test.yaml new file mode 100644 index 000000000..0fd1d72bd --- /dev/null +++ b/charts/alfresco-audit-storage/tests/secret-es_test.yaml @@ -0,0 +1,35 @@ +--- +suite: test es credentials secret manifest +templates: + - secret-es.yaml +tests: + - it: should have empty credentials as default + asserts: + - equal: + path: data.SEARCH_USERNAME + value: "" + - equal: + path: data.SEARCH_PASSWORD + value: "" + + - it: should have credentials populated when credentials are set + set: + elasticSearchConnection: + username: admin + password: letmein + asserts: + - equal: + path: data.SEARCH_USERNAME + value: YWRtaW4= + - equal: + path: data.SEARCH_PASSWORD + value: bGV0bWVpbg== + + - it: should not have a secret when existingSecret is set + set: + elasticSearchConnection: + existingSecret: + name: whatever + asserts: + - hasDocuments: + count: 0 diff --git a/charts/alfresco-audit-storage/tests/secret-mq_test.yaml b/charts/alfresco-audit-storage/tests/secret-mq_test.yaml new file mode 100644 index 000000000..5e1fc6adb --- /dev/null +++ b/charts/alfresco-audit-storage/tests/secret-mq_test.yaml @@ -0,0 +1,34 @@ +--- +suite: test messagebroker credentials secret +templates: + - secret-mq.yaml +tests: + - it: should have empty credentials populated by default + asserts: + - equal: + path: data.BROKER_USERNAME + value: "" + - equal: + path: data.BROKER_PASSWORD + value: "" + + - it: should have credentials populated when messagebroker values are set + set: + messageBrokerConnection: + url: ssl://mq.domain.tld:61617 + username: ext-admin + password: ext-pass + asserts: + - equal: + path: data.BROKER_USERNAME + value: ZXh0LWFkbWlu + - equal: + path: data.BROKER_PASSWORD + value: ZXh0LXBhc3M= + + - it: should not have a secret when existingSecretName is set + set: + messageBrokerConnection.existingSecret.name: existing-secret + asserts: + - hasDocuments: + count: 0 diff --git a/charts/alfresco-audit-storage/tests/service_test.yaml b/charts/alfresco-audit-storage/tests/service_test.yaml new file mode 100644 index 000000000..5cb1ce275 --- /dev/null +++ b/charts/alfresco-audit-storage/tests/service_test.yaml @@ -0,0 +1,50 @@ +--- +suite: test service +templates: + - service.yaml +tests: + - it: render default service + asserts: + - equal: + path: spec.type + value: ClusterIP + - contains: + path: spec.ports + content: + port: 8081 + targetPort: http + protocol: TCP + name: http-traffic + + - it: render modified service + set: + service.type: NodePort + service.port: 2222 + asserts: + - equal: + path: spec.type + value: NodePort + - contains: + path: spec.ports + content: + port: 2222 + targetPort: http + protocol: TCP + name: http-traffic + + - it: should render labels for service + set: + nameOverride: testName + chart: + version: 1.0.0 + appVersion: 2.0.0 + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/component: alfresco-audit-storage + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: testName + app.kubernetes.io/version: 2.0.0 + helm.sh/chart: alfresco-audit-storage-1.0.0 diff --git a/charts/alfresco-audit-storage/tests/serviceaccount_test.yaml b/charts/alfresco-audit-storage/tests/serviceaccount_test.yaml new file mode 100644 index 000000000..ec3af63c7 --- /dev/null +++ b/charts/alfresco-audit-storage/tests/serviceaccount_test.yaml @@ -0,0 +1,35 @@ +--- +suite: test service +templates: + - serviceaccount.yaml +tests: + - it: should not have been rendered when disabled + set: + serviceAccount: + create: false + asserts: + - hasDocuments: + count: 0 + + - it: render default serviceaccount + asserts: + - equal: + path: automountServiceAccountToken + value: true + + - it: should render labels for serviceaccount + set: + nameOverride: testName + chart: + version: 1.0.0 + appVersion: 2.0.0 + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/component: alfresco-audit-storage + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: testName + app.kubernetes.io/version: 2.0.0 + helm.sh/chart: alfresco-audit-storage-1.0.0 From 0398b0a810d33d76ae10ff277c23b53642054203 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Maciusiak?= <158472457+pmacius@users.noreply.github.com> Date: Tue, 15 Oct 2024 09:02:34 +0200 Subject: [PATCH 10/12] Update charts/alfresco-audit-storage/Chart.yaml Co-authored-by: Giovanni Toraldo <71768+gionn@users.noreply.github.com> --- charts/alfresco-audit-storage/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/alfresco-audit-storage/Chart.yaml b/charts/alfresco-audit-storage/Chart.yaml index f77cac078..718985aff 100644 --- a/charts/alfresco-audit-storage/Chart.yaml +++ b/charts/alfresco-audit-storage/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: alfresco-audit-storage description: A Helm chart for Kubernetes to deploy Alfresco Audit Storage type: application -version: 0.0.1-alpha.0 +version: 0.1.0-alpha.0 appVersion: 0.0.1-A8 dependencies: - name: alfresco-common From 7b2ffd36bde1d168393bd9fadd41506abced4a95 Mon Sep 17 00:00:00 2001 From: pmacius Date: Tue, 15 Oct 2024 07:03:20 +0000 Subject: [PATCH 11/12] Apply automatic changes --- charts/alfresco-audit-storage/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/alfresco-audit-storage/README.md b/charts/alfresco-audit-storage/README.md index 7be51abb4..998c05558 100644 --- a/charts/alfresco-audit-storage/README.md +++ b/charts/alfresco-audit-storage/README.md @@ -5,7 +5,7 @@ parent: Charts Reference # alfresco-audit-storage -![Version: 0.0.1-alpha.0](https://img.shields.io/badge/Version-0.0.1--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1-A8](https://img.shields.io/badge/AppVersion-0.0.1--A8-informational?style=flat-square) +![Version: 0.1.0-alpha.0](https://img.shields.io/badge/Version-0.1.0--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1-A8](https://img.shields.io/badge/AppVersion-0.0.1--A8-informational?style=flat-square) A Helm chart for Kubernetes to deploy Alfresco Audit Storage From f0fc41f62fb40a2657a9b1307e2a08e179378eca Mon Sep 17 00:00:00 2001 From: pmacius Date: Tue, 15 Oct 2024 11:25:22 +0200 Subject: [PATCH 12/12] change values names --- charts/alfresco-audit-storage/README.md | 28 +++++++++---------- .../ci/default-values.yaml | 4 +-- .../templates/_helpers-activemq.tpl | 6 ++-- .../templates/_helpers-elasticsearch.tpl | 4 +-- .../templates/configmap-es.yaml | 4 +-- .../templates/configmap-mq.yaml | 2 +- .../templates/secret-es.yaml | 2 +- .../templates/secret-mq.yaml | 2 +- .../tests/configmaps_test.yaml | 6 ++-- .../tests/deployment_test.yaml | 4 +-- .../tests/secret-es_test.yaml | 4 +-- .../tests/secret-mq_test.yaml | 4 +-- .../tests/values/embedded-charts-values.yaml | 4 +-- charts/alfresco-audit-storage/values.yaml | 4 +-- 14 files changed, 39 insertions(+), 39 deletions(-) diff --git a/charts/alfresco-audit-storage/README.md b/charts/alfresco-audit-storage/README.md index 998c05558..e63fb3b40 100644 --- a/charts/alfresco-audit-storage/README.md +++ b/charts/alfresco-audit-storage/README.md @@ -24,14 +24,6 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | -| elasticSearchConnection.existingConfigMap.keys.url | string | `"SEARCH_URL"` | Key within the configmap holding the URL of the elasticsearch service | -| elasticSearchConnection.existingConfigMap.name | string | `nil` | Alternatively, provide elasticsearch service connection details via an existing configmap | -| elasticSearchConnection.existingSecret.keys.password | string | `"SEARCH_PASSWORD"` | Key within the secret that holds the elasticsearch password | -| elasticSearchConnection.existingSecret.keys.username | string | `"SEARCH_USERNAME"` | Key within the secret that holds the elasticsearch username | -| elasticSearchConnection.existingSecret.name | string | `nil` | Alternatively, provide elasticsearch credentials via an existing secret | -| elasticSearchConnection.password | string | `nil` | The password required to access the elasticsearch service, if any | -| elasticSearchConnection.url | string | `nil` | The URL where the elasticsearch service is available | -| elasticSearchConnection.username | string | `nil` | The username required to access the elasticsearch service, if any | | environment.AUDIT_EVENTINGESTION_DLQ_CONSUMEPERIOD | int | `60000` | | | environment.AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT | int | `1000` | | | environment.AUDIT_EVENTINGESTION_URI | string | `"activemq:topic:alfresco.repo.event2"` | | @@ -42,16 +34,24 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs | image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` | | | image.tag | string | `"0.0.1-A8"` | | | imagePullSecrets | list | `[]` | | +| index.existingConfigMap.keys.url | string | `"SEARCH_URL"` | Key within the configmap holding the URL of the elasticsearch service | +| index.existingConfigMap.name | string | `nil` | Alternatively, provide elasticsearch service connection details via an existing configmap | +| index.existingSecret.keys.password | string | `"SEARCH_PASSWORD"` | Key within the secret that holds the elasticsearch password | +| index.existingSecret.keys.username | string | `"SEARCH_USERNAME"` | Key within the secret that holds the elasticsearch username | +| index.existingSecret.name | string | `nil` | Alternatively, provide elasticsearch credentials via an existing secret | +| index.password | string | `nil` | The password required to access the elasticsearch service, if any | +| index.url | string | `nil` | The URL where the elasticsearch service is available | +| index.username | string | `nil` | The username required to access the elasticsearch service, if any | | livenessProbe.httpGet.path | string | `"/actuator/health/liveness"` | | | livenessProbe.httpGet.port | string | `"http"` | | | livenessProbe.initialDelaySeconds | int | `15` | | | livenessProbe.periodSeconds | int | `60` | | -| messageBrokerConnection.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the URL of the message broker | -| messageBrokerConnection.existingConfigMap.name | string | `nil` | Alternatively, provide message broker connection details via an existing configmap | -| messageBrokerConnection.existingSecret | object | `{"keys":{"password":"BROKER_PASSWORD","username":"BROKER_USERNAME"},"name":null}` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | -| messageBrokerConnection.password | string | `nil` | Broker password | -| messageBrokerConnection.url | string | `nil` | Broker URL formatted as per: https://activemq.apache.org/failover-transport-reference | -| messageBrokerConnection.username | string | `nil` | Broker username | +| messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the URL of the message broker | +| messageBroker.existingConfigMap.name | string | `nil` | Alternatively, provide message broker connection details via an existing configmap | +| messageBroker.existingSecret | object | `{"keys":{"password":"BROKER_PASSWORD","username":"BROKER_USERNAME"},"name":null}` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | +| messageBroker.password | string | `nil` | Broker password | +| messageBroker.url | string | `nil` | Broker URL formatted as per: https://activemq.apache.org/failover-transport-reference | +| messageBroker.username | string | `nil` | Broker username | | nameOverride | string | `""` | | | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | diff --git a/charts/alfresco-audit-storage/ci/default-values.yaml b/charts/alfresco-audit-storage/ci/default-values.yaml index 729c77f72..c04364e9e 100644 --- a/charts/alfresco-audit-storage/ci/default-values.yaml +++ b/charts/alfresco-audit-storage/ci/default-values.yaml @@ -26,9 +26,9 @@ activemq: limits: cpu: "1000m" memory: "1Gi" -elasticSearchConnection: +index: url: http://elasticsearch-master:9200 -messageBrokerConnection: +messageBroker: url: nio://activemq-broker:61616 tags: ci: true diff --git a/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl b/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl index e7af7bda4..059afd97b 100644 --- a/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl +++ b/charts/alfresco-audit-storage/templates/_helpers-activemq.tpl @@ -4,7 +4,7 @@ Usage: include "alfresco-audit-storage.activemq.url" $ */}} {{- define "alfresco-audit-storage.activemq.url" -}} -{{- required "You need to provide an ActiveMQ URL using messageBrokerConnection.url or using an existingConfigMap check chart README file" $.Values.messageBrokerConnection.url }} +{{- required "You need to provide an ActiveMQ URL using messageBroker.url or using an existingConfigMap check chart README file" $.Values.messageBroker.url }} {{- end -}} {{/* @@ -14,7 +14,7 @@ Usage: include "alfresco-audit-storage.activemq.cm.env" $ */}} {{- define "alfresco-audit-storage.activemq.cm.env" -}} {{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default $.Chart.Name) "mq")) "Chart" .Chart "Release" .Release }} -{{- with .Values.messageBrokerConnection }} +{{- with .Values.messageBroker }} {{- $mqCm := coalesce .existingConfigMap.name (include "alfresco-audit-storage.fullname" $mqCtx) }} - name: SPRING_ACTIVEMQ_BROKERURL valueFrom: @@ -31,7 +31,7 @@ Usage: include "alfresco-audit-storage.activemq.secret.env" $ */}} {{- define "alfresco-audit-storage.activemq.secret.env" -}} {{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "mq")) "Chart" .Chart "Release" .Release }} -{{- with .Values.messageBrokerConnection }} +{{- with .Values.messageBroker }} {{- $mqSecret := coalesce .existingSecret.name (include "alfresco-audit-storage.fullname" $mqCtx) }} - name: SPRING_ACTIVEMQ_USER valueFrom: diff --git a/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl b/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl index e767197be..77822147e 100644 --- a/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl +++ b/charts/alfresco-audit-storage/templates/_helpers-elasticsearch.tpl @@ -5,7 +5,7 @@ Usage: include "alfresco-audit-storage.config.audit.entryStorage.es.env" $ */}} {{- define "alfresco-audit-storage.config.audit.entryStorage.es.env" -}} {{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} -{{- with .Values.elasticSearchConnection }} +{{- with .Values.index }} {{- $esCm := coalesce .existingConfigMap.name (include "alfresco-audit-storage.fullname" $esCtx) }} - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI valueFrom: @@ -22,7 +22,7 @@ Usage: include "alfresco-audit-storage.config.audit.entryStorage.envCredentials" */}} {{- define "alfresco-audit-storage.config.audit.entryStorage.envCredentials" -}} {{- $esCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "es")) "Chart" .Chart "Release" .Release }} -{{- with .Values.elasticSearchConnection }} +{{- with .Values.index }} {{- $esSecret := coalesce .existingSecret.name (include "alfresco-audit-storage.fullname" $esCtx) }} - name: AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME valueFrom: diff --git a/charts/alfresco-audit-storage/templates/configmap-es.yaml b/charts/alfresco-audit-storage/templates/configmap-es.yaml index 0f45a82f4..0ef5f4309 100644 --- a/charts/alfresco-audit-storage/templates/configmap-es.yaml +++ b/charts/alfresco-audit-storage/templates/configmap-es.yaml @@ -1,4 +1,4 @@ -{{- with .Values.elasticSearchConnection }} +{{- with .Values.index }} {{- if not .existingConfigMap.name }} apiVersion: v1 kind: ConfigMap @@ -8,7 +8,7 @@ metadata: labels: {{- include "alfresco-audit-storage.labels" $ | nindent 4 }} data: - {{- $reqMsg := "Please provide elasticsearch connection details as .elasticSearchConnection.url values or using an .elasticSearchConnection.existingConfigMap." }} + {{- $reqMsg := "Please provide elasticsearch connection details as .index.url values or using an .index.existingConfigMap." }} {{- $esProtocol := required $reqMsg (include "alfresco-common.url.scheme" .url) }} {{- $esHost := required $reqMsg (include "alfresco-common.url.host" .url) }} {{- $esPort := required $reqMsg (include "alfresco-common.url.port" .url) }} diff --git a/charts/alfresco-audit-storage/templates/configmap-mq.yaml b/charts/alfresco-audit-storage/templates/configmap-mq.yaml index e370f9171..7def1a5f2 100644 --- a/charts/alfresco-audit-storage/templates/configmap-mq.yaml +++ b/charts/alfresco-audit-storage/templates/configmap-mq.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.messageBrokerConnection.existingConfigMap.name -}} +{{- if not .Values.messageBroker.existingConfigMap.name -}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/alfresco-audit-storage/templates/secret-es.yaml b/charts/alfresco-audit-storage/templates/secret-es.yaml index 645c020d2..49753cf70 100644 --- a/charts/alfresco-audit-storage/templates/secret-es.yaml +++ b/charts/alfresco-audit-storage/templates/secret-es.yaml @@ -1,4 +1,4 @@ -{{- with .Values.elasticSearchConnection }} +{{- with .Values.index }} {{- if not .existingSecret.name }} apiVersion: v1 kind: Secret diff --git a/charts/alfresco-audit-storage/templates/secret-mq.yaml b/charts/alfresco-audit-storage/templates/secret-mq.yaml index f8ddb5ab1..a291dc09c 100644 --- a/charts/alfresco-audit-storage/templates/secret-mq.yaml +++ b/charts/alfresco-audit-storage/templates/secret-mq.yaml @@ -1,4 +1,4 @@ -{{- with .Values.messageBrokerConnection }} +{{- with .Values.messageBroker }} {{- if not .existingSecret.name }} apiVersion: v1 kind: Secret diff --git a/charts/alfresco-audit-storage/tests/configmaps_test.yaml b/charts/alfresco-audit-storage/tests/configmaps_test.yaml index f57ac131c..fc16d635e 100644 --- a/charts/alfresco-audit-storage/tests/configmaps_test.yaml +++ b/charts/alfresco-audit-storage/tests/configmaps_test.yaml @@ -8,7 +8,7 @@ tests: asserts: - failedTemplate: errorMessage: >- - You need to provide an ActiveMQ URL using messageBrokerConnection.url or using an existingConfigMap check chart README file + You need to provide an ActiveMQ URL using messageBroker.url or using an existingConfigMap check chart README file template: configmap-mq.yaml - it: should create a cm from messageBroker provided values @@ -27,9 +27,9 @@ tests: - it: should not render cm when existingConfigMap is set values: *testvalues set: - elasticSearchConnection.existingConfigMap: + index.existingConfigMap: name: external-mq-configmap - messageBrokerConnection.existingConfigMap: + messageBroker.existingConfigMap: name: external-es-configmap asserts: - hasDocuments: diff --git a/charts/alfresco-audit-storage/tests/deployment_test.yaml b/charts/alfresco-audit-storage/tests/deployment_test.yaml index ff9be7080..6ae787551 100644 --- a/charts/alfresco-audit-storage/tests/deployment_test.yaml +++ b/charts/alfresco-audit-storage/tests/deployment_test.yaml @@ -57,7 +57,7 @@ tests: protocol: TCP - it: should have envs section with external cm and secrets set: - messageBrokerConnection: + messageBroker: existingConfigMap: name: mq-external-config keys: @@ -67,7 +67,7 @@ tests: keys: username: BROKER_USERNAME_EXTERNAL password: BROKER_PASSWORD_EXTERNAL - elasticSearchConnection: + index: existingConfigMap: name: es-external-config keys: diff --git a/charts/alfresco-audit-storage/tests/secret-es_test.yaml b/charts/alfresco-audit-storage/tests/secret-es_test.yaml index 0fd1d72bd..b787a3c09 100644 --- a/charts/alfresco-audit-storage/tests/secret-es_test.yaml +++ b/charts/alfresco-audit-storage/tests/secret-es_test.yaml @@ -14,7 +14,7 @@ tests: - it: should have credentials populated when credentials are set set: - elasticSearchConnection: + index: username: admin password: letmein asserts: @@ -27,7 +27,7 @@ tests: - it: should not have a secret when existingSecret is set set: - elasticSearchConnection: + index: existingSecret: name: whatever asserts: diff --git a/charts/alfresco-audit-storage/tests/secret-mq_test.yaml b/charts/alfresco-audit-storage/tests/secret-mq_test.yaml index 5e1fc6adb..12123a35a 100644 --- a/charts/alfresco-audit-storage/tests/secret-mq_test.yaml +++ b/charts/alfresco-audit-storage/tests/secret-mq_test.yaml @@ -14,7 +14,7 @@ tests: - it: should have credentials populated when messagebroker values are set set: - messageBrokerConnection: + messageBroker: url: ssl://mq.domain.tld:61617 username: ext-admin password: ext-pass @@ -28,7 +28,7 @@ tests: - it: should not have a secret when existingSecretName is set set: - messageBrokerConnection.existingSecret.name: existing-secret + messageBroker.existingSecret.name: existing-secret asserts: - hasDocuments: count: 0 diff --git a/charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml b/charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml index fd7f66853..d250e8a12 100644 --- a/charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml +++ b/charts/alfresco-audit-storage/tests/values/embedded-charts-values.yaml @@ -1,4 +1,4 @@ -elasticSearchConnection: +index: url: http://elasticsearch-master:9200 -messageBrokerConnection: +messageBroker: url: nio://activemq-broker:61616 diff --git a/charts/alfresco-audit-storage/values.yaml b/charts/alfresco-audit-storage/values.yaml index 15e49cc2c..d7f161673 100644 --- a/charts/alfresco-audit-storage/values.yaml +++ b/charts/alfresco-audit-storage/values.yaml @@ -31,7 +31,7 @@ environment: AUDIT_EVENTINGESTION_DLQ_CONSUMPTIONCOUNT: 1000 SPRING_PROFILES_ACTIVE: "durable-subscriptions" -messageBrokerConnection: +messageBroker: # -- Broker URL formatted as per: # https://activemq.apache.org/failover-transport-reference url: null @@ -54,7 +54,7 @@ messageBrokerConnection: username: BROKER_USERNAME password: BROKER_PASSWORD -elasticSearchConnection: +index: # -- The URL where the elasticsearch service is available url: null # -- The username required to access the elasticsearch service, if any