From 86d2e9619701afc34c23aba55fdb645d6e337b77 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Fri, 9 Aug 2024 16:24:38 +0100 Subject: [PATCH] :sparkles: Uncouple the reindexing job from the main helm charts (#83) * update values for opensearch * add makefile +chart changes * Update values.yaml * Update values.yaml * update makefile * Update values.yaml * Update values.yaml * Update values.yaml * vars * Update values.yaml * Update values.yaml * images * config map * Revert "config map" This reverts commit e714ada49d662efc0f1975ab82d74d1c380d5592. * Reapply "config map" This reverts commit c47acb8b104e93bacb2fe666b342cb1e5b9aa28d. * config map * images * Squashed commit of the following: commit 6cda4f5909b44b8079126ed1c9ba53260a6e53fd Merge: a682b79 ca20a8c Author: George Taylor Date: Tue Jul 16 15:03:01 2024 +0100 Merge pull request #75 from ministryofjustice/fix-ingress-share-real Revert share ingress to dedicated hostname + enable redirect to /share commit ca20a8ce61135215f6a9446366c1685e4a44ee39 Author: George Taylor Date: Tue Jul 16 13:15:37 2024 +0100 redirect to /share commit a682b79d5b3357fc69bbb51ec98451ff7e7f7391 Merge: 066cecc 1780e23 Author: George Taylor Date: Tue Jul 16 11:23:05 2024 +0100 Merge pull request #74 from ministryofjustice/remove-share-sub-domain Remove share subdomain commit 1780e23e1d16e1f930fb70bb673952aeb6f74ad4 Author: George Taylor Date: Tue Jul 16 11:21:18 2024 +0100 remove share subdomain commit 066cecce0b371960c18c44a1df65a20ae3f4f3f9 Merge: 4d23e4b b21f656 Author: George Taylor Date: Thu Jul 11 15:36:49 2024 +0100 Merge pull request #73 from ministryofjustice/workflow-changes Update cloud-platform-deploy-release.yml commit b21f656110c1056f3bc502a429952e67e4a0ccd4 Author: George Taylor Date: Thu Jul 11 15:35:57 2024 +0100 Update cloud-platform-deploy-release.yml commit 4d23e4b37106f7124e5bab722e0e685bc1574127 Merge: 6aeb967 ca1cfb2 Author: George Taylor Date: Thu Jul 11 15:09:57 2024 +0100 Merge pull request #72 from ministryofjustice/add-airflow-ips chore: Add templated directory to .gitignore and update IP whitelist in values files commit ca1cfb2c87cbf0cb5e1903bef89a637f91dd537c Author: George Taylor Date: Thu Jul 11 15:08:14 2024 +0100 chore: Add templated directory to .gitignore and update IP whitelist in values files commit 6aeb96763b76dba46d040a826b35cf5253788e6a Merge: f6a7c0e 540fe64 Author: Prem Basumatary <142879429+pbasumatary@users.noreply.github.com> Date: Fri Jul 5 09:10:27 2024 +0100 Merge pull request #71 from ministryofjustice/NIT-1305-custom-scaling-times NIT-1305 fix error in script commit 540fe64dded67378e5e22b9ecd24f6cf50805e26 Author: Prem Basumatary Date: Fri Jul 5 09:03:12 2024 +0100 NIT-1305 fix error in script * Update ingress-share.yaml * vals * kustomize base * ingress * setup makefiel * ingress poc patches * correct poc ingress * Update values.yaml * update for helm values mergign * updates * kustomization base * rearrange patching for ingress to repeat less * fix ingress patching with allow list * :fire: remove alf charts * rename values files * :fire: disable reindexing job from helm values * :sparkles: Uncouple the reindexing job from the main helm charts tidy * Update values.yaml * Update values.yaml --- .gitignore | 2 + jobs/reindex/Chart.yaml | 6 ++ jobs/reindex/README.md | 93 +++++++++++++++++++ jobs/reindex/templates/_helpers.tpl | 24 +++++ jobs/reindex/templates/reindexing-config.yaml | 16 ++++ jobs/reindex/templates/reindexing-job.yaml | 89 ++++++++++++++++++ .../reindexing-prefixes-config-map.yaml | 78 ++++++++++++++++ jobs/reindex/values.yaml | 59 ++++++++++++ kustomize/base/kustomization.yaml | 3 +- .../patch-delete-reindexing-config-map.yaml | 5 + kustomize/base/patch-ingress-repository.yaml | 1 + kustomize/base/patch-ingress-share.yaml | 2 +- kustomize/base/values.yaml | 26 +++--- kustomize/kustomizer.sh | 3 +- kustomize/poc/patch-ingress-repository.yaml | 8 +- kustomize/poc/patch-ingress-share.yaml | 8 +- makefile | 12 +-- 17 files changed, 400 insertions(+), 35 deletions(-) create mode 100644 jobs/reindex/Chart.yaml create mode 100644 jobs/reindex/README.md create mode 100644 jobs/reindex/templates/_helpers.tpl create mode 100644 jobs/reindex/templates/reindexing-config.yaml create mode 100644 jobs/reindex/templates/reindexing-job.yaml create mode 100644 jobs/reindex/templates/reindexing-prefixes-config-map.yaml create mode 100644 jobs/reindex/values.yaml create mode 100644 kustomize/base/patch-delete-reindexing-config-map.yaml diff --git a/.gitignore b/.gitignore index 6aa73f2..018fff4 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ templated/ kustomize/base/charts/ kustomize/overlays/**/charts/ +kustomize/overlays/**/output.yaml +kustomize/base/resources.yaml diff --git a/jobs/reindex/Chart.yaml b/jobs/reindex/Chart.yaml new file mode 100644 index 0000000..2e2bfd0 --- /dev/null +++ b/jobs/reindex/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 3.3.0 +description: A Helm chart for deploying Alfresco Elasticsearch reindexing job +name: delius-alfresco-search-enterprise-reindexing +type: application +version: 1.2.0 diff --git a/jobs/reindex/README.md b/jobs/reindex/README.md new file mode 100644 index 0000000..573005f --- /dev/null +++ b/jobs/reindex/README.md @@ -0,0 +1,93 @@ +# alfresco-search-enterprise + +![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.3.0](https://img.shields.io/badge/AppVersion-3.3.0-informational?style=flat-square) + +A Helm chart for deploying Alfresco Elasticsearch connector + +Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for information on the Helm charts and deployment instructions. + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.1.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.0.0 | +| https://helm.elastic.co | elasticsearch | 7.17.3 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| activemq.enabled | bool | `false` | Enable embedded broker - useful when testing this chart in standalone | +| affinity | object | `{}` | | +| contentMediaTypeCache.enabled | bool | `true` | | +| contentMediaTypeCache.refreshTime | string | `"0 0 * * * *"` | | +| elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | | +| elasticsearch.enabled | bool | `false` | Enable embedded elasticsearch - useful when using this chart in standalone | +| elasticsearch.replicas | int | `1` | | +| fullnameOverride | string | `""` | | +| global.alfrescoRegistryPullSecrets | string | `"quay-registry-secret"` | | +| global.elasticsearch | object | `{"existingSecretName":null,"host":null,"password":null,"port":null,"protocol":null,"user":null}` | Shared connections details for Elasticsearch/Opensearch cluster | +| global.elasticsearch.existingSecretName | string | `nil` | Alternatively, provide connection details via an existing secret that contains ELASTICSEARCH_USERNAME and ELASTICSEARCH_PASSWORD keys | +| global.elasticsearch.host | string | `nil` | The host where service is available | +| global.elasticsearch.password | string | `nil` | The password required to access the service, if any | +| global.elasticsearch.port | string | `nil` | The port where service is available | +| global.elasticsearch.protocol | string | `nil` | Valid values are http or https | +| global.elasticsearch.user | string | `nil` | The username required to access the service, if any | +| imagePullSecrets | list | `[]` | | +| indexName | string | `"alfresco"` | Name of the existing search index, usually created by repo | +| liveIndexing.content.image.pullPolicy | string | `"IfNotPresent"` | | +| liveIndexing.content.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-live-indexing-content"` | | +| liveIndexing.content.image.tag | string | `"3.3.0"` | | +| liveIndexing.content.replicaCount | int | `1` | | +| liveIndexing.mediation.image.pullPolicy | string | `"IfNotPresent"` | | +| liveIndexing.mediation.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-live-indexing-mediation"` | | +| liveIndexing.mediation.image.tag | string | `"3.3.0"` | | +| liveIndexing.metadata.image.pullPolicy | string | `"IfNotPresent"` | | +| liveIndexing.metadata.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-live-indexing-metadata"` | | +| liveIndexing.metadata.image.tag | string | `"3.3.0"` | | +| liveIndexing.metadata.replicaCount | int | `1` | | +| liveIndexing.path.image.pullPolicy | string | `"IfNotPresent"` | | +| liveIndexing.path.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-live-indexing-path"` | | +| liveIndexing.path.image.tag | string | `"3.3.0"` | | +| liveIndexing.path.replicaCount | int | `1` | | +| messageBroker.existingSecretName | string | `nil` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | +| messageBroker.password | string | `nil` | Broker password | +| messageBroker.url | string | `nil` | Broker URL formatted as per: https://activemq.apache.org/failover-transport-reference | +| messageBroker.user | string | `nil` | Broker username | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| pathIndexingComponent.enabled | bool | `true` | | +| podAnnotations | object | `{}` | | +| podSecurityContext | object | `{}` | | +| reindexing.enabled | bool | `true` | Create the one-shot job to trigger the reindexing of repo contents | +| reindexing.image.pullPolicy | string | `"IfNotPresent"` | | +| reindexing.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-reindexing"` | | +| reindexing.image.tag | string | `"3.3.0"` | | +| reindexing.initcontainers.waitForRepository.resources.limits.cpu | string | `"0.25"` | | +| reindexing.initcontainers.waitForRepository.resources.limits.memory | string | `"10Mi"` | | +| reindexing.pathIndexingEnabled | bool | `true` | | +| reindexing.postgresql.database | string | `"alfresco"` | The database name to use | +| reindexing.postgresql.existingSecretName | string | `nil` | Alternatively, provide connection details via an existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys | +| reindexing.postgresql.hostname | string | `"postgresql-acs"` | The host where database service is available | +| reindexing.postgresql.password | string | `nil` | The password required to access the service | +| reindexing.postgresql.port | int | `5432` | The port where service is available | +| reindexing.postgresql.url | string | `nil` | | +| reindexing.postgresql.user | string | `nil` | The username required to access the service | +| reindexing.resources.limits.cpu | string | `"2"` | | +| reindexing.resources.limits.memory | string | `"512Mi"` | | +| reindexing.resources.requests.cpu | string | `"0.5"` | | +| reindexing.resources.requests.memory | string | `"128Mi"` | | +| resources.limits.cpu | string | `"2"` | | +| resources.limits.memory | string | `"2048Mi"` | | +| resources.requests.cpu | string | `"0.5"` | | +| resources.requests.memory | string | `"256Mi"` | | +| searchIndex | object | `{"existingSecretName":null,"host":null,"password":null,"port":null,"protocol":null,"user":null}` | Overrides .Values.global.elasticsearch | +| searchIndex.existingSecretName | string | `nil` | Alternatively, provide connection details via an an existing secret that contains ELASTICSEARCH_USERNAME and ELASTICSEARCH_PASSWORD keys | +| searchIndex.host | string | `nil` | The host where service is available | +| searchIndex.password | string | `nil` | The password required to access the service, if any | +| searchIndex.port | string | `nil` | The port where service is available | +| searchIndex.protocol | string | `nil` | Valid values are http or https | +| searchIndex.user | string | `nil` | The username required to access the service, if any | +| securityContext | object | `{}` | | +| tolerations | list | `[]` | | diff --git a/jobs/reindex/templates/_helpers.tpl b/jobs/reindex/templates/_helpers.tpl new file mode 100644 index 0000000..41ba7f2 --- /dev/null +++ b/jobs/reindex/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{- define "content-services.shortname" -}} +{{- $name := (.Values.NameOverride | default "alfresco-cs") -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "spring.activemq.env" -}} +- name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) +- name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) +- name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) +{{- end -}} + +{{- define "alfresco-search-enterprise.searchIndexExistingSecretName" -}} +{{ .Values.global.elasticsearch.existingSecretName }} +{{- end -}} + +{{- define "alfresco-search-enterprise.config.spring" -}} +{{- if and (not .Values.global.elasticsearch.host) (not .Values.searchIndex.host) }} + {{ fail "Please provide external elasticsearch connection details as values under .global.elasticsearch or .searchIndex or enable the embedded elasticsearch via .elasticsearch.enabled" }} +{{- end }} + SPRING_ELASTICSEARCH_REST_URIS: "{{ .Values.global.elasticsearch.protocol }}://{{ .Values.global.elasticsearch.host }}:{{ .Values.global.elasticsearch.port }}" +{{- end -}} diff --git a/jobs/reindex/templates/reindexing-config.yaml b/jobs/reindex/templates/reindexing-config.yaml new file mode 100644 index 0000000..2f5f728 --- /dev/null +++ b/jobs/reindex/templates/reindexing-config.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: delius-alfresco-search-enterprise-reindexing-configmap +data: + ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" + {{ template "alfresco-search-enterprise.config.spring" . }} + ALFRESCO_SHAREDFILESTORE_BASEURL: http://delius-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://delius-alfresco-router/transform/config + ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} + SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} + {{- if .Values.environment }} + {{- range $key, $val := .Values.environment }} + {{ $key }}: {{ $val | quote }} + {{- end }} + {{- end }} diff --git a/jobs/reindex/templates/reindexing-job.yaml b/jobs/reindex/templates/reindexing-job.yaml new file mode 100644 index 0000000..bf2dbc5 --- /dev/null +++ b/jobs/reindex/templates/reindexing-job.yaml @@ -0,0 +1,89 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: delius-alfresco-search-enterprise-reindexing +spec: + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 33000 + seccompProfile: + type: RuntimeDefault + supplementalGroups: + - 1 + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + restartPolicy: Never + containers: + - name: delius-alfresco-search-enterprise-reindexing + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + resources: {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: delius-alfresco-reindexing-prefixes-file-volume + mountPath: /alf/reindex.prefixes-file.json + subPath: reindex.prefixes-file.json + envFrom: + - configMapRef: + name: delius-alfresco-search-enterprise-reindexing-configmap + - secretRef: + name: {{ .Values.messageBroker.existingSecretName }} # Ensure this value is set correctly + env: + - name: SPRING_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.existingSecretName }} # Ensure this value is set correctly + key: DATABASE_PASSWORD + - name: SPRING_DATASOURCE_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.existingSecretName }} # Ensure this value is set correctly + key: DATABASE_USERNAME + {{- include "spring.activemq.env" . | nindent 12 }} + - name: ALFRESCO_REINDEX_PREFIXES_FILE + value: file:///alf/reindex.prefixes-file.json + - name: SPRING_DATASOURCE_URL + valueFrom: + secretKeyRef: + name: rds-instance-output + key: RDS_JDBC_URL + ports: + - name: http + containerPort: 8080 + protocol: TCP + volumes: + - name: delius-alfresco-reindexing-prefixes-file-volume + configMap: + name: delius-alfresco-reindexing-prefixes-file-configmap + initContainers: + - name: wait-for-repository + image: curlimages/curl:7.79.1 + securityContext: + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 33000 + seccompProfile: + type: RuntimeDefault + resources: {{- toYaml .Values.initcontainers.waitForRepository.resources | nindent 12 }} + env: + - name: ALFRESCO_REPOSITORY_URL + value: http://delius-alfresco-cs-repository/alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- + command: [ "/bin/sh","-c" ] + # Delay running the reindexing to give Alfresco Repository a chance to fully initialise + args: [ "while [ $(curl -sw '%{http_code}' $ALFRESCO_REPOSITORY_URL -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for the Alfresco Repository...'; done; echo 'Alfresco is ready, delay reindexing to give a chance to fully initialise.'; sleep 30; echo 'Reindexing started!'" ] diff --git a/jobs/reindex/templates/reindexing-prefixes-config-map.yaml b/jobs/reindex/templates/reindexing-prefixes-config-map.yaml new file mode 100644 index 0000000..626e934 --- /dev/null +++ b/jobs/reindex/templates/reindexing-prefixes-config-map.yaml @@ -0,0 +1,78 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: delius-alfresco-reindexing-prefixes-file-configmap +data: + reindex.prefixes-file.json: | + { + "prefixUriMap":{ + "":"", + "http://www.alfresco.org/model/aos/1.0":"aos", + "http://www.alfresco.org/model/workflow/invite/nominated/1.0":"inwf", + "http://www.alfresco.org/model/solrfacetcustomproperty/1.0":"srftcustom", + "http://www.alfresco.org/model/datalist/1.0":"dl", + "http://www.alfresco.org/model/webdav/1.0":"webdav", + "http://www.alfresco.org/model/cmis/1.0/cs01ext":"cmisext", + "http://www.alfresco.org/model/distributionpolicies/1.0/model":"dp", + "http://www.alfresco.org/view/repository/1.0":"view", + "http://www.alfresco.org/model/download/1.0":"download", + "http://www.alfresco.org/model/publishing/twitter/1.0":"twitter", + "http://www.alfresco.org/model/action/1.0":"act", + "http://www.alfresco.org/system/registry/1.0":"reg", + "http://www.alfresco.org/model/user/1.0":"usr", + "http://www.alfresco.org/model/calendar":"ia", + "http://www.alfresco.org":"alf", + "http://www.alfresco.org/model/content/metadata/IPTCXMP/1.0":"iptcxmp", + "http://www.alfresco.org/model/application/1.0":"app", + "http://www.alfresco.org/model/surf/1.0":"surf", + "http://www.alfresco.org/model/versionstore/1.0":"ver", + "http://www.alfresco.org/system/modules/1.0":"module", + "http://www.alfresco.org/model/linksmodel/1.0":"lnk", + "http://iptc.org/std/Iptc4xmpExt/2008-02-29/":"Iptc4xmpExt", + "http://ns.adobe.com/photoshop/1.0/":"photoshop", + "http://www.alfresco.org/model/sync/1.0":"sync", + "http://ns.useplus.org/ldf/xmp/1.0/":"plus", + "http://www.alfresco.org/model/zaizi/gdpr/1.0":"gdpr", + "http://www.alfresco.org/model/remotecredentials/1.0":"rc", + "http://www.alfresco.org/model/emailserver/1.0":"emailserver", + "http://www.alfresco.org/model/hybridworkflow/1.0":"hwf", + "http://www.alfresco.org/model/sitecustomproperty/1.0":"stcp", + "http://www.alfresco.org/model/cmis/1.0/cs01":"cmis", + "http://www.alfresco.org/model/transfer/1.0":"trx", + "http://www.alfresco.org/model/rendition/1.0":"rn", + "http://www.alfresco.org/model/exif/1.0":"exif", + "http://www.alfresco.org/model/publishing/youtube/1.0":"youtube", + "http://ns.adobe.com/xap/1.0/rights/":"xmpRights", + "http://www.alfresco.org/model/custommodelmanagement/1.0":"cmm", + "http://www.alfresco.org/model/workflow/invite/moderated/1.0":"imwf", + "http://www.alfresco.org/model/forum/1.0":"fm", + "http://www.alfresco.org/model/rule/1.0":"rule", + "http://www.alfresco.org/model/publishing/linkedin/1.0":"linkedin", + "http://www.alfresco.org/model/publishing/slideshare/1.0":"slideshare", + "http://www.alfresco.org/model/system/1.0":"sys", + "http://www.alfresco.org/model/content/smartfolder/1.0":"smf", + "http://www.alfresco.org/model/zaizi/nomsspg/1.0":"nspg", + "http://www.alfresco.org/model/workflow/1.0":"wf", + "http://www.alfresco.org/model/qshare/1.0":"qshare", + "http://www.alfresco.org/model/versionstore/2.0":"ver2", + "http://www.alfresco.org/model/solrfacet/1.0":"srft", + "http://www.alfresco.org/model/audio/1.0":"audio", + "http://www.alfresco.org/model/blogintegration/1.0":"blg", + "http://www.alfresco.org/model/bpm/1.0":"bpm", + "http://www.alfresco.org/model/site/1.0":"st", + "http://www.alfresco.org/model/imap/1.0":"imap", + "http://www.alfresco.org/model/dictionary/1.0":"d", + "custom.model":"custom", + "http://www.alfresco.org/model/publishing/facebook/1.0":"facebook", + "http://www.alfresco.org/model/content/1.0":"cm", + "http://www.alfresco.org/model/cmis/custom":"cmiscustom", + "http://www.alfresco.org/model/devicesync/1.0":"devicesync", + "http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/":"Iptc4xmpCore", + "http://www.alfresco.org/model/googledocs/2.0":"gd2", + "http://www.alfresco.org/model/publishing/flickr/1.0":"flickr", + "http://www.alfresco.org/model/workflow/resetpassword/1.0":"resetpasswordwf", + "http://www.alfresco.org/model/cmis/1.0/alfcmis":"alfcmis", + "http://www.alfresco.org/model/publishing/1.0":"pub", + "http://purl.org/dc/elements/1.1/":"dc" + } + } diff --git a/jobs/reindex/values.yaml b/jobs/reindex/values.yaml new file mode 100644 index 0000000..f03d04c --- /dev/null +++ b/jobs/reindex/values.yaml @@ -0,0 +1,59 @@ +imagePullSecrets: quay-registry-secret +nameOverride: "" +fullnameOverride: "" +podAnnotations: {} +podSecurityContext: {} +securityContext: {} +nodeSelector: {} +tolerations: [] +affinity: {} +# -- Name of the existing search index, usually created by repo +indexName: alfresco +pathIndexingEnabled: true +postgresql: + url: null + hostname: + database: + existingSecretName: rds-instance-output +image: + tag: 4.0.1 + repository: quay.io/alfresco/alfresco-elasticsearch-reindexing +resources: + requests: + cpu: "0.5" + memory: "256Mi" + limits: + cpu: "2" + memory: "2048Mi" +initcontainers: + waitForRepository: + resources: + limits: + cpu: "0.25" + memory: "10Mi" +messageBroker: + # -- Broker URL formatted as per: + # https://activemq.apache.org/failover-transport-reference + url: null + # -- Broker username + user: null + # -- Broker password + password: null + # -- Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys + existingSecretName: acs-alfresco-cs-brokersecret +global: + alfrescoRegistryPullSecrets: quay-registry-secret + # -- Shared connections details for Elasticsearch/Opensearch cluster + elasticsearch: + # -- The host where service is available + host: null + # -- The port where service is available + port: 8080 + # -- Valid values are http or https + protocol: http + # -- The username required to access the service, if any + user: null + # -- The password required to access the service, if any + password: null + # -- Alternatively, provide connection details via an existing secret that contains ELASTICSEARCH_USERNAME and ELASTICSEARCH_PASSWORD keys + existingSecretName: diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index b53cccd..995a824 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -3,9 +3,8 @@ kind: Kustomization resources: - resources.yaml - - reindex-prefixes-config-map.yaml patches: - # - path: patch-job-reindexing.yaml - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml + - path: patch-delete-reindexing-config-map.yaml diff --git a/kustomize/base/patch-delete-reindexing-config-map.yaml b/kustomize/base/patch-delete-reindexing-config-map.yaml new file mode 100644 index 0000000..eff6c64 --- /dev/null +++ b/kustomize/base/patch-delete-reindexing-config-map.yaml @@ -0,0 +1,5 @@ +$patch: delete +apiVersion: v1 +kind: ConfigMap +metadata: + name: delius-alfresco-search-enterprise-reindexing-configmap diff --git a/kustomize/base/patch-ingress-repository.yaml b/kustomize/base/patch-ingress-repository.yaml index 5653f51..a883689 100644 --- a/kustomize/base/patch-ingress-repository.yaml +++ b/kustomize/base/patch-ingress-repository.yaml @@ -1,6 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + name: delius-alfresco-cs-repository name: alfresco-content-services-alfresco-cs-repository annotations: external-dns.alpha.kubernetes.io/aws-weight: "100" diff --git a/kustomize/base/patch-ingress-share.yaml b/kustomize/base/patch-ingress-share.yaml index 119fc74..6371de5 100644 --- a/kustomize/base/patch-ingress-share.yaml +++ b/kustomize/base/patch-ingress-share.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: delius-alfresco-cs-share annotations: external-dns.alpha.kubernetes.io/aws-weight: "100" kubernetes.io/ingress.class: default diff --git a/kustomize/base/values.yaml b/kustomize/base/values.yaml index 40fa258..863773b 100644 --- a/kustomize/base/values.yaml +++ b/kustomize/base/values.yaml @@ -791,7 +791,7 @@ alfresco-search-enterprise: # -- The password required to access the service, if any password: null reindexing: - enabled: true + enabled: false # leave as false - reindexing job is now standalone postgresql: url: hostname: @@ -800,18 +800,18 @@ alfresco-search-enterprise: image: tag: 4.0.1 liveIndexing: - mediation: - image: - tag: 4.0.1 - content: - image: - tag: 4.0.1 - metadata: - image: - tag: 4.0.1 - path: - image: - tag: 4.0.1 + mediation: + image: + tag: 4.0.1 + content: + image: + tag: 4.0.1 + metadata: + image: + tag: 4.0.1 + path: + image: + tag: 4.0.1 alfresco-digital-workspace: nodeSelector: {} enabled: false diff --git a/kustomize/kustomizer.sh b/kustomize/kustomizer.sh index d47e8d1..d2b4825 100755 --- a/kustomize/kustomizer.sh +++ b/kustomize/kustomizer.sh @@ -5,13 +5,12 @@ do d) debug=${OPTARG};; esac done +debug=$(echo $debug | xargs) if [ "$debug" == "true" ]; then set -x cat > ../base/resources.yaml kubectl kustomize kubectl kustomize > output.yaml - echo "leaving helm template in resources.yaml" - echo "leaving kustomized helm template in output.yaml" else cat > ../base/resources.yaml kubectl kustomize diff --git a/kustomize/poc/patch-ingress-repository.yaml b/kustomize/poc/patch-ingress-repository.yaml index 6111c47..ca583ba 100644 --- a/kustomize/poc/patch-ingress-repository.yaml +++ b/kustomize/poc/patch-ingress-repository.yaml @@ -1,9 +1,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-repository + name: delius-alfresco-cs-repository annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfrsco-poc-green + external-dns.alpha.kubernetes.io/set-identifier: delius-alfresco-cs-repository-hmpps-delius-alfrsco-poc-green nginx.ingress.kubernetes.io/whitelist-source-range: placeholder spec: rules: @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: delius-alfresco-cs-repository port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: delius-alfresco-cs-repository port: number: 80 path: /api-explorer diff --git a/kustomize/poc/patch-ingress-share.yaml b/kustomize/poc/patch-ingress-share.yaml index 05e61d4..732b360 100644 --- a/kustomize/poc/patch-ingress-share.yaml +++ b/kustomize/poc/patch-ingress-share.yaml @@ -1,9 +1,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: delius-alfresco-cs-share annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfrsco-poc-green + external-dns.alpha.kubernetes.io/set-identifier: delius-alfresco-cs-share-hmpps-delius-alfrsco-poc-green nginx.ingress.kubernetes.io/whitelist-source-range: placeholder spec: rules: @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: delius-alfresco-cs-share port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: delius-alfresco-cs-share port: number: 80 path: /share/page/ diff --git a/makefile b/makefile index 7c7672a..face74b 100644 --- a/makefile +++ b/makefile @@ -1,18 +1,12 @@ # Define the Helm chart name and release name -CHART_NAME := alfresco-content-services +CHART_NAME := delius DEBUG := false ATOMIC := true # Helm upgrade/install command helm_upgrade: $(eval BUCKET_NAME := $(shell kubectl get secrets s3-bucket-output -o jsonpath='{.data.BUCKET_NAME}' | base64 -d)) - - @SECRET=$$(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d | awk '{print substr($$0, 19)}'); \ - if [ -z "$$SECRET" ]; then \ - echo "No secret found, generating a new one"; \ - SECRET=$$(openssl rand -base64 20); \ - fi; \ - if [ "$(ENV)" = "poc" ]; then \ + @if [ "$(ENV)" = "poc" ]; then \ NAMESPACE=hmpps-delius-alfrsco-$(ENV); \ else \ NAMESPACE=hmpps-delius-alfresco-$(ENV); \ @@ -41,7 +35,7 @@ helm_upgrade: helm upgrade --install $(CHART_NAME) alfresco/alfresco-content-services --version 6.0.2 --namespace $${NAMESPACE} \ --values=../base/values.yaml --values=./values.yaml \ --set s3connector.config.bucketName=$(BUCKET_NAME) \ - --set global.tracking.sharedsecret=$${SECRET} $${ATOMIC_FLAG} $${DEBUG_FLAG} --wait --timeout=20m \ + --wait --timeout=20m \ --post-renderer ../kustomizer.sh --post-renderer-args "$${HELM_POST_RENDERER_ARGS}"; \ yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i ./patch-ingress-repository.yaml; \ yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i ./patch-ingress-share.yaml