From 47f375169b49380f88144045867694dc64b93aea Mon Sep 17 00:00:00 2001 From: Marcello Teodori <151025+mteodori@users.noreply.github.com> Date: Sat, 13 Mar 2021 00:58:26 +0100 Subject: [PATCH] AAE-4797 update to identity 3.0.0 (#108) --- .../alfresco-process-infrastructure/README.md | 38 ++++++++------ .../requirements.yaml | 2 +- .../templates/NOTES.txt | 4 ++ .../templates/ingress-identity.yaml | 40 --------------- .../values.yaml | 49 +++++++++++++------ 5 files changed, 61 insertions(+), 72 deletions(-) delete mode 100644 helm/alfresco-process-infrastructure/templates/ingress-identity.yaml diff --git a/helm/alfresco-process-infrastructure/README.md b/helm/alfresco-process-infrastructure/README.md index 2747032f2..435aefdff 100644 --- a/helm/alfresco-process-infrastructure/README.md +++ b/helm/alfresco-process-infrastructure/README.md @@ -24,7 +24,7 @@ Kubernetes: `>=1.15.0-0` | https://activiti.github.io/activiti-cloud-helm-charts | common | 7.1.0-M12 | | https://charts.bitnami.com/bitnami | postgresql | 9.1.1 | | https://charts.bitnami.com/bitnami | rabbitmq | 7.8.0 | -| https://kubernetes-charts.alfresco.com/stable | alfresco-identity-service | 2.1.0 | +| https://kubernetes-charts.alfresco.com/stable | alfresco-identity-service | 3.0.0 | ## Values @@ -87,10 +87,18 @@ Kubernetes: `>=1.15.0-0` | alfresco-deployment-service.projectReleaseVolume.storageClass | string | `"#{null}"` | storage class for project release volume, set to null spring expression to use default | | alfresco-deployment-service.rabbitmq.enabled | bool | `false` | | | alfresco-identity-service.enabled | bool | `true` | | -| alfresco-identity-service.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"false"` | | -| alfresco-identity-service.ingress.common.enabled | bool | `true` | | +| alfresco-identity-service.extraEnv | string | `"- name: KEYCLOAK_USER\n value: admin\n- name: KEYCLOAK_PASSWORD\n value: admin\n- name: KEYCLOAK_IMPORT\n value: /realm/alfresco-realm.json\n- name: PROXY_ADDRESS_FORWARDING\n value: \"true\"\n"` | | | alfresco-identity-service.ingress.enabled | bool | `false` | | -| alfresco-identity-service.keycloak.ingress.enabled | bool | `false` | | +| alfresco-identity-service.keycloak.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | +| alfresco-identity-service.keycloak.ingress.annotations."nginx.ingress.kubernetes.io/affinity" | string | `"cookie"` | | +| alfresco-identity-service.keycloak.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"false"` | | +| alfresco-identity-service.keycloak.ingress.annotations."nginx.ingress.kubernetes.io/proxy-buffer-size" | string | `"128k"` | | +| alfresco-identity-service.keycloak.ingress.annotations."nginx.ingress.kubernetes.io/session-cookie-hash" | string | `"sha1"` | | +| alfresco-identity-service.keycloak.ingress.annotations."nginx.ingress.kubernetes.io/session-cookie-name" | string | `"identity_affinity_route"` | | +| alfresco-identity-service.keycloak.ingress.enabled | bool | `true` | | +| alfresco-identity-service.keycloak.ingress.rules[0].host | string | `"{{ include \"common.keycloak-host\" . }}"` | | +| alfresco-identity-service.keycloak.ingress.rules[0].paths[0] | string | `"/auth"` | | +| alfresco-identity-service.keycloak.ingress.tls | list | `[]` | | | alfresco-identity-service.keycloak.keycloak.image.tag | string | `"1.4.0"` | | | alfresco-identity-service.keycloak.postgresql.imageTag | float | `11.7` | | | alfresco-identity-service.keycloak.postgresql.persistence.existingClaim | string | `""` | | @@ -151,7 +159,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[0].clientRoles.realm-management[7] | string | `"realm-admin"` | | | alfresco-identity-service.realm.alfresco.extraUsers[0].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[0].credentials[0].value | string | `"client"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[0].email | string | `"client@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[0].email | string | `"client@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[0].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[0].firstName | string | `"client"` | | | alfresco-identity-service.realm.alfresco.extraUsers[0].lastName | string | `"client"` | | @@ -163,7 +171,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[10].clientRoles.account[1] | string | `"view-profile"` | | | alfresco-identity-service.realm.alfresco.extraUsers[10].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[10].credentials[0].value | string | `"password"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[10].email | string | `"modeler-qa@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[10].email | string | `"modeler-qa@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[10].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[10].firstName | string | `"Modeler"` | | | alfresco-identity-service.realm.alfresco.extraUsers[10].lastName | string | `"User"` | | @@ -184,7 +192,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[1].clientRoles.realm-management[7] | string | `"realm-admin"` | | | alfresco-identity-service.realm.alfresco.extraUsers[1].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[1].credentials[0].value | string | `"password"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[1].email | string | `"superadminuser@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[1].email | string | `"superadminuser@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[1].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[1].firstName | string | `"Super Admin"` | | | alfresco-identity-service.realm.alfresco.extraUsers[1].lastName | string | `"User"` | | @@ -200,7 +208,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[2].clientRoles.account[1] | string | `"view-profile"` | | | alfresco-identity-service.realm.alfresco.extraUsers[2].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[2].credentials[0].value | string | `"password"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[2].email | string | `"devopsuser@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[2].email | string | `"devopsuser@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[2].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[2].firstName | string | `"DevOps"` | | | alfresco-identity-service.realm.alfresco.extraUsers[2].lastName | string | `"User"` | | @@ -212,7 +220,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[3].clientRoles.account[1] | string | `"view-profile"` | | | alfresco-identity-service.realm.alfresco.extraUsers[3].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[3].credentials[0].value | string | `"password"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[3].email | string | `"hruser@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[3].email | string | `"hruser@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[3].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[3].firstName | string | `"HR"` | | | alfresco-identity-service.realm.alfresco.extraUsers[3].groups[0] | string | `"/hr"` | | @@ -225,7 +233,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[4].clientRoles.account[1] | string | `"view-profile"` | | | alfresco-identity-service.realm.alfresco.extraUsers[4].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[4].credentials[0].value | string | `"password"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[4].email | string | `"processadminuser@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[4].email | string | `"processadminuser@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[4].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[4].firstName | string | `"Process Admin"` | | | alfresco-identity-service.realm.alfresco.extraUsers[4].groups[0] | string | `"/processadmin"` | | @@ -238,7 +246,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[5].clientRoles.account[1] | string | `"view-profile"` | | | alfresco-identity-service.realm.alfresco.extraUsers[5].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[5].credentials[0].value | string | `"password"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[5].email | string | `"salesuser@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[5].email | string | `"salesuser@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[5].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[5].firstName | string | `"Sales"` | | | alfresco-identity-service.realm.alfresco.extraUsers[5].groups[0] | string | `"/sales"` | | @@ -251,7 +259,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[6].clientRoles.account[1] | string | `"view-profile"` | | | alfresco-identity-service.realm.alfresco.extraUsers[6].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[6].credentials[0].value | string | `"password"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[6].email | string | `"testuser@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[6].email | string | `"testuser@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[6].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[6].firstName | string | `"Test"` | | | alfresco-identity-service.realm.alfresco.extraUsers[6].groups[0] | string | `"/testgroup"` | | @@ -264,7 +272,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[7].clientRoles.account[1] | string | `"view-profile"` | | | alfresco-identity-service.realm.alfresco.extraUsers[7].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[7].credentials[0].value | string | `"password"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[7].email | string | `"testadmin@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[7].email | string | `"testadmin@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[7].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[7].firstName | string | `"Test"` | | | alfresco-identity-service.realm.alfresco.extraUsers[7].groups[0] | string | `"/testgroup"` | | @@ -278,7 +286,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[8].clientRoles.account[1] | string | `"view-profile"` | | | alfresco-identity-service.realm.alfresco.extraUsers[8].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[8].credentials[0].value | string | `"password"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[8].email | string | `"identityuser@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[8].email | string | `"identityuser@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[8].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[8].firstName | string | `"Identity"` | | | alfresco-identity-service.realm.alfresco.extraUsers[8].lastName | string | `"Admin"` | | @@ -290,7 +298,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[9].clientRoles.account[1] | string | `"view-profile"` | | | alfresco-identity-service.realm.alfresco.extraUsers[9].credentials[0].type | string | `"password"` | | | alfresco-identity-service.realm.alfresco.extraUsers[9].credentials[0].value | string | `"password"` | | -| alfresco-identity-service.realm.alfresco.extraUsers[9].email | string | `"modeler@test.com"` | | +| alfresco-identity-service.realm.alfresco.extraUsers[9].email | string | `"modeler@example.com"` | | | alfresco-identity-service.realm.alfresco.extraUsers[9].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraUsers[9].firstName | string | `"Modeler"` | | | alfresco-identity-service.realm.alfresco.extraUsers[9].lastName | string | `"User"` | | diff --git a/helm/alfresco-process-infrastructure/requirements.yaml b/helm/alfresco-process-infrastructure/requirements.yaml index a8da22d0a..83f363ee1 100644 --- a/helm/alfresco-process-infrastructure/requirements.yaml +++ b/helm/alfresco-process-infrastructure/requirements.yaml @@ -4,7 +4,7 @@ dependencies: version: 7.1.0-M12 - name: alfresco-identity-service repository: https://kubernetes-charts.alfresco.com/stable - version: 2.1.0 + version: 3.0.0 condition: alfresco-identity-service.enabled - name: common repository: https://activiti.github.io/activiti-cloud-helm-charts diff --git a/helm/alfresco-process-infrastructure/templates/NOTES.txt b/helm/alfresco-process-infrastructure/templates/NOTES.txt index 00c11352d..e5a36cf48 100644 --- a/helm/alfresco-process-infrastructure/templates/NOTES.txt +++ b/helm/alfresco-process-infrastructure/templates/NOTES.txt @@ -10,8 +10,12 @@ To learn more about the release, try: Get the application URLs: * Alfresco Identity Service : {{ template "common.keycloak-url" . }} +{{- if index .Values "alfresco-modeling-app" "enabled" }} * Alfresco Modeling : {{ template "common.gateway-url" . }}{{ index .Values "alfresco-modeling-app" "ingress" "path" }} +{{- end -}} +{{- if index .Values "alfresco-admin-app" "enabled" }} * Alfresco Admin : {{ template "common.gateway-url" . }}{{ index .Values "alfresco-admin-app" "ingress" "path" }} +{{- end }} To see deployment status, try: diff --git a/helm/alfresco-process-infrastructure/templates/ingress-identity.yaml b/helm/alfresco-process-infrastructure/templates/ingress-identity.yaml deleted file mode 100644 index 0ca217cef..000000000 --- a/helm/alfresco-process-infrastructure/templates/ingress-identity.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (index .Values "alfresco-identity-service" "enabled") (index .Values "alfresco-identity-service" "ingress" "common" "enabled") }} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ template "keycloak.fullname" . }} - labels: - app: keycloak - chart: {{ template "alfresco-process-infrastructure.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with merge (index .Values "alfresco-identity-service" "ingress" "annotations") .Values.global.gateway.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - rules: - {{- if (include "alfresco-process-infrastructure.keycloak-host" .) }} - - host: {{ template "alfresco-process-infrastructure.keycloak-host" . }} - http: - {{- else }} - - http: - {{- end }} - paths: - - path: {{ index .Values "alfresco-identity-service" "ingress" "path" }} - backend: - serviceName: {{ template "keycloak.fullname" . }}-http - servicePort: {{ index .Values "alfresco-identity-service" "keycloak" "keycloak" "service" "port" }} - {{- if include "common.ingress-tls" . }} - tls: - - secretName: {{ template "common.ingress-tlssecretname" . }} - {{- if (include "alfresco-process-infrastructure.keycloak-host" .) }} - hosts: - - {{ template "alfresco-process-infrastructure.keycloak-host" . }} - {{- end }} - {{- end }} -{{- end }} diff --git a/helm/alfresco-process-infrastructure/values.yaml b/helm/alfresco-process-infrastructure/values.yaml index 880733527..f59559841 100644 --- a/helm/alfresco-process-infrastructure/values.yaml +++ b/helm/alfresco-process-infrastructure/values.yaml @@ -58,22 +58,39 @@ alfresco-identity-service: create: false ingress: enabled: false - common: - enabled: true - annotations: - nginx.ingress.kubernetes.io/enable-cors: "false" # disable NGINX CORS as it's managed by Identity Service keycloak: keycloak: image: tag: 1.4.0 ingress: - enabled: false + enabled: true + rules: + - host: '{{ include "common.keycloak-host" . }}' + paths: + - /auth + tls: [] + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-buffer-size: 128k + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/session-cookie-name: identity_affinity_route + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/enable-cors: "false" postgresql: tls: enabled: false imageTag: 11.7 persistence: existingClaim: "" # use default postgresql PVC + extraEnv: | + - name: KEYCLOAK_USER + value: admin + - name: KEYCLOAK_PASSWORD + value: admin + - name: KEYCLOAK_IMPORT + value: /realm/alfresco-realm.json + - name: PROXY_ADDRESS_FORWARDING + value: "true" realm: alfresco: client: @@ -149,7 +166,7 @@ alfresco-identity-service: enabled: true firstName: client lastName: client - email: client@test.com + email: client@example.com credentials: - type: password value: client @@ -176,7 +193,7 @@ alfresco-identity-service: enabled: true firstName: "Super Admin" lastName: "User" - email: superadminuser@test.com + email: superadminuser@example.com credentials: - type: password value: password @@ -207,7 +224,7 @@ alfresco-identity-service: enabled: true firstName: DevOps lastName: User - email: devopsuser@test.com + email: devopsuser@example.com credentials: - type: password value: password @@ -223,7 +240,7 @@ alfresco-identity-service: enabled: true firstName: HR lastName: User - email: hruser@test.com + email: hruser@example.com credentials: - type: password value: password @@ -241,7 +258,7 @@ alfresco-identity-service: enabled: true firstName: "Process Admin" lastName: User - email: processadminuser@test.com + email: processadminuser@example.com credentials: - type: password value: password @@ -259,7 +276,7 @@ alfresco-identity-service: enabled: true firstName: Sales lastName: User - email: salesuser@test.com + email: salesuser@example.com credentials: - type: password value: password @@ -277,7 +294,7 @@ alfresco-identity-service: enabled: true firstName: Test lastName: User - email: testuser@test.com + email: testuser@example.com credentials: - type: password value: password @@ -295,7 +312,7 @@ alfresco-identity-service: enabled: true firstName: Test lastName: Admin - email: testadmin@test.com + email: testadmin@example.com credentials: - type: password value: password @@ -314,7 +331,7 @@ alfresco-identity-service: enabled: true firstName: Identity lastName: Admin - email: identityuser@test.com + email: identityuser@example.com credentials: - type: password value: password @@ -330,7 +347,7 @@ alfresco-identity-service: enabled: true firstName: Modeler lastName: User - email: modeler@test.com + email: modeler@example.com credentials: - type: password value: password @@ -346,7 +363,7 @@ alfresco-identity-service: enabled: true firstName: Modeler lastName: User - email: modeler-qa@test.com + email: modeler-qa@example.com credentials: - type: password value: password