From d429e45729d2c5d4687a55997e4dad36a7ac7aaa Mon Sep 17 00:00:00 2001 From: George Taylor Date: Thu, 28 Nov 2024 19:06:21 +0000 Subject: [PATCH 01/17] chore: update readme v1 --- README.md | 125 ++++++++++++++++-------------------------------------- 1 file changed, 36 insertions(+), 89 deletions(-) diff --git a/README.md b/README.md index ea0b455..2b99a53 100644 --- a/README.md +++ b/README.md @@ -1,102 +1,49 @@ -### Purpose +# hmpps-delius-alfresco -These example instsructions explain how you would customise one particular dependant Helm chart and publish a newer version to GitHub pages. Instructions assume GitHub pages are already configured for your repo; see the reference section below +## Helm + Kustomize -### Start services -In order to start the alfresco-repository service, we need to make a valid license available in the namespace. A secret containing the license needs to be created: -```bash -ACS_NAMESPACE=hmpps-delius-alfrsco-poc -kubectl create secret generic alfresco-license \ - --namespace $ACS_NAMESPACE \ - --from-file /example/path/to/license/file.lic -``` +This repository contains the Helm and Kustomize configuration for the Delius Alfresco deployment. -Next We will need to ensure all services are up and running. -Start k8s services by executing helm command _(Helm will complain if a random secret is not created)_ +Rather than using/modifying the Helm chart directly, we use Kustomize to overlay the Helm chart with our custom configuration. +This allows us to keep the Helm chart as a dependency and only modify the configuration that we need to. -```bash -cd hmpps-delius-alfresco-poc/alfresco-content-services -export SECRET=$(openssl rand -base64 20) -export BUCKET_NAME=$(awk '{print substr($0, 0)}' <<< $(kubectl get secrets s3-bucket-output -o jsonpath='{.data.BUCKET_NAME}' | base64 -d)) -helm install alfresco-content-services . --values=./values.yaml \ ---set s3connector.config.bucketName=$BUCKET_NAME \ ---set global.tracking.sharedsecret=$SECRET -``` +### Usage + +Note: we use taskfile to simplify the commands. You can install taskfile by running `brew install go-task/tap/go-task`. + + +To deploy the Delius Alfresco stack, you can use the following command: -### Check the chart file for dependent charts and pull the required version -For the purpose of this demo, we will select the following service from the `Chart.yaml` file -```yaml -- condition: alfresco-sync-service.enabled - name: alfresco-sync-service - repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 4.1.0 ``` +task helm_upgrade ENV= DEBUG= ``` -1. Delete existing tar file for the sync service. There will be an error pulling the chart otherwise -rm -rf charts/alfresco-sync-service-4.1.0.tgz -2. Pull a particular version of `alfresco-sync-service` chart -helm pull alfresco-sync-service --repo https://alfresco.github.io/alfresco-helm-charts --version 4.1.0 -d charts --untar +This will deploy the Delius Alfresco stack to the specified environment. +The `DEBUG` flag can be used to enable debug mode, which will enable helm verbose logging + output the templated, +rendered and kustomized manifests to the environment directory. -3. The above command will pull a tar file called `charts/alfresco-sync-service-4.1.0.tgz` and then untar it into a directory called `alfresco-sync-service`. Delete the tar file -rm -rf charts/alfresco-sync-service-4.1.0.tgz -``` -### Modify charts - -1. Change the chart version in the newly pulled chart. For example change is from `4.1.0` to `4.1.1` -2. Make your changes and then test them by upgrading Helm release - ``` - - export SECRET=$(awk '{print substr($0, 19)}' <<< $(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d)) - - export BUCKET_NAME=$(awk '{print substr($0, 0)}' <<< $(kubectl get secrets s3-bucket-output -o jsonpath='{.data.BUCKET_NAME}' | base64 -d)) - - helm upgrade alfresco-content-services . --values=./values.yaml --set s3connector.config.bucketName=$BUCKET_NAME --set global.tracking.sharedsecret=$SECRET - - NOTE: For the release upgrade, use the existing secret. You will otherwise have to restart pods consuming those secrets - ``` -4. Once satisfied with your changes, create a package and add it to the docs directory - - "helm package charts/alfresco-sync-service -d ../docs" -5. Create / update an index file in docs directory - - "helm repo index ../docs --url https://ministryofjustice.github.io/hmpps-delius-alfresco-poc" - - -### Update the lock file and commit changes -Locate the `Chart.yaml` file and modify the repository URL and version. It should now look like the code snippet below after the change: -```yaml -- condition: alfresco-sync-service.enabled - name: alfresco-sync-service - repository: https://ministryofjustice.github.io/hmpps-delius-alfresco-poc/ - version: 4.1.1 -``` +### Configuration -1. Delete `charts/alfresco-sync-service` directory as it is no longer needed -2. Push your changes / docs directory to the feature branch -3. Update your GitHub pages settings so that the `source branch` is pointing to your feature branch -4. Update helm dependencies which will pull the updated charts and will update the lock file - - `helm dependency update .` -5. Push the lock file and charts dirctory to the feature branch and get merge approval -6. Merge into main branch -7. Update your GitHub pages settings so that the `source branch` is pointing to your main branch -8. Upgrade the helm release for the changes to be updated in kubernetes cluster - ``` - - export SECRET=$(awk '{print substr($0, 19)}' <<< $(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d)) - - helm upgrade alfresco-content-services . --values=./values.yaml --set global.tracking.sharedsecret=$SECRET - - NOTE: For the release upgrade, use the existing secret. You will otherwise have to restart pods consuming those secrets - ``` - -### Alternatively, pull a particular chart either directly from repository URL or by adding it in the local repo - -1. Pull a chart with a particular version direcly from the GitHub pages -- `helm pull alfresco-sync-service --repo https://ministryofjustice.github.io/hmpps-delius-alfresco-poc/ --version 4.1.1 -d charts --untar` - -2. Or add the updated chart in a local helm repo -``` -helm repo add alfresco-sync-service https://ministryofjustice.github.io/hmpps-delius-alfresco-poc/ +1. Helm values +The base helm values are stored in the `kustomize/base/values.yaml` file. +Each environment has its own values file, which is stored in the `kustomize/environments//values.yaml` file. +These values are combined when deploying the stack, with the environment values taking precedence. -helm search repo alfresco-sync-service -NAME CHART VERSION APP VERSION DESCRIPTION -alfresco-sync-service/alfresco-sync-service 4.1.1 3.9.0 Alfresco Sync Service -``` +2. Kustomize +The kustomize overlays are stored in the `kustomize/environments/` directory. +These overlays are applied to the Helm chart's resources to modify the configuration as needed for the environment. + + +### Secrets + +A number of secrets are required to deploy the Delius Alfresco stack. Some of these are set by the cloud-platform-environments repository, while others are set manually. -### References to various docs that explain how to set up GitHub pages and how to publish Helm charts -- [The Chart Repository Guide](https://helm.sh/docs/topics/chart_repository/#github-pages-example) -- [Chart Releaser Action to Automate GitHub Page Charts ](https://helm.sh/docs/howto/chart_releaser_action/#github-actions-workflow) -- [Example on how to publish a chart on GitHub pages](https://github.com/technosophos/tscharts) +Table: +| Secret Name | Description | Set By | example/required keys | +| --- | --- | --- | --- | +| amazon-mq-broker-secret | The secret for the Amazon MQ broker | cloud-platform-environments | see [cloud-platform-environments](https://github.com/ministryofjustice/cloud-platform-environments/blob/7968f9c66f6914d33db35b68209c55b2dcb25d7d/namespaces/live.cloud-platform.service.justice.gov.uk/hmpps-delius-alfresco-stage/resources/amq.tf#L218) | +| alfresco-license | The Alfresco license file | manual | ` : ` +| legacy-rds-instance | The RDS instance for the legacy Delius Alfresco stack | manual | `DATABASE_NAME: , DATABASE_USERNAME: , DATABASE_PASSWORD: , RDS_INSTANCE_ADDRESS: ` | +| rds-instance-outpur | The RDS instance for the CP Delius Alfresco stack | cloud-platform-environments | see [cloud-platform-environments](https://github.com/ministryofjustice/cloud-platform-environments/blob/7968f9c66f6914d33db35b68209c55b2dcb25d7d/namespaces/live.cloud-platform.service.justice.gov.uk/hmpps-delius-alfresco-stage/resources/rds.tf#L35) | +| quay-registry-secret | The secret for the Quay registry | manual | `.dockerconfigjson: {"auths":{"quay.io":{"username":"","password":"","email":"","auth":""}}}` | From 6964c0b62bf32a678428a8393d68d5a1adc1003b Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Dec 2024 15:24:16 +0000 Subject: [PATCH 02/17] new helm chart version updates --- .gitignore | 2 + .../templates/reindexing-config.yaml | 2 +- jobs/reindex/templates/reindexing-config.yaml | 2 +- .../templates/reindexing-config.yaml | 2 +- kustomize/base/kustomization.yaml | 11 +- kustomize/base/patch-ingress-repository.yaml | 2 +- kustomize/base/patch-ingress-share.yaml | 2 +- kustomize/base/patch-router.yaml | 4 +- kustomize/base/patch-shared-filestore.yaml | 17 - kustomize/base/values-versions.yaml | 80 +++ kustomize/base/values.yaml | 70 +-- kustomize/base/values703.yaml | 552 ++++++++++++++++++ kustomize/preprod/kustomization.yaml | 10 +- kustomize/preprod/patch-filestore-pvc.yaml | 8 - .../preprod/patch-ingress-repository.yaml | 10 +- kustomize/preprod/patch-ingress-share.yaml | 10 +- .../preprod/patch-live-indexing-content.yaml | 12 + .../patch-live-indexing-mediation.yaml | 12 + .../preprod/patch-live-indexing-metadata.yaml | 12 + .../preprod/patch-live-indexing-path.yaml | 12 + kustomize/preprod/patch-router.yaml | 12 + kustomize/preprod/patch-tika.yaml | 12 + .../preprod/patch-transform-imagemagick.yaml | 12 + .../preprod/patch-transform-libreoffice.yaml | 12 + kustomize/preprod/patch-transform-misc.yaml | 12 + kustomize/preprod/values.yaml | 46 +- 26 files changed, 800 insertions(+), 138 deletions(-) delete mode 100644 kustomize/base/patch-shared-filestore.yaml create mode 100644 kustomize/base/values-versions.yaml create mode 100644 kustomize/base/values703.yaml delete mode 100644 kustomize/preprod/patch-filestore-pvc.yaml create mode 100644 kustomize/preprod/patch-live-indexing-content.yaml create mode 100644 kustomize/preprod/patch-live-indexing-mediation.yaml create mode 100644 kustomize/preprod/patch-live-indexing-metadata.yaml create mode 100644 kustomize/preprod/patch-live-indexing-path.yaml create mode 100644 kustomize/preprod/patch-router.yaml create mode 100644 kustomize/preprod/patch-tika.yaml create mode 100644 kustomize/preprod/patch-transform-imagemagick.yaml create mode 100644 kustomize/preprod/patch-transform-libreoffice.yaml create mode 100644 kustomize/preprod/patch-transform-misc.yaml diff --git a/.gitignore b/.gitignore index 052a22a..d7349ee 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ kustomize/base/resources.yaml jobs/reindex/values-reindex-*.yaml completed.txt ids.json +alfresco-content-services/ +s3-config/ diff --git a/jobs/reindex-list/templates/reindexing-config.yaml b/jobs/reindex-list/templates/reindexing-config.yaml index 6616917..aec8c2e 100644 --- a/jobs/reindex-list/templates/reindexing-config.yaml +++ b/jobs/reindex-list/templates/reindexing-config.yaml @@ -5,7 +5,7 @@ metadata: data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} - ALFRESCO_SHAREDFILESTORE_BASEURL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} diff --git a/jobs/reindex/templates/reindexing-config.yaml b/jobs/reindex/templates/reindexing-config.yaml index b9086dc..57711c7 100644 --- a/jobs/reindex/templates/reindexing-config.yaml +++ b/jobs/reindex/templates/reindexing-config.yaml @@ -5,7 +5,7 @@ metadata: data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} - ALFRESCO_SHAREDFILESTORE_BASEURL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} diff --git a/jobs/reindex_date/templates/reindexing-config.yaml b/jobs/reindex_date/templates/reindexing-config.yaml index 90ab791..11199b1 100644 --- a/jobs/reindex_date/templates/reindexing-config.yaml +++ b/jobs/reindex_date/templates/reindexing-config.yaml @@ -5,7 +5,7 @@ metadata: data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} - ALFRESCO_SHAREDFILESTORE_BASEURL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 7e9a02e..4242f51 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -7,10 +7,9 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - - path: patch-delete-reindexing-config-map.yaml - - path: patch-live-path-indexing.yaml - - path: patch-live-metadata-indexing.yaml - - path: patch-live-content-indexing.yaml - - path: patch-live-mediation-indexing.yaml - - path: patch-shared-filestore.yaml + # - path: patch-delete-reindexing-config-map.yaml + # - path: patch-live-path-indexing.yaml + # - path: patch-live-metadata-indexing.yaml + # - path: patch-live-content-indexing.yaml + # - path: patch-live-mediation-indexing.yaml - path: patch-router.yaml diff --git a/kustomize/base/patch-ingress-repository.yaml b/kustomize/base/patch-ingress-repository.yaml index 2362385..ddd5f53 100644 --- a/kustomize/base/patch-ingress-repository.yaml +++ b/kustomize/base/patch-ingress-repository.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository annotations: external-dns.alpha.kubernetes.io/aws-weight: "100" kubernetes.io/ingress.class: default diff --git a/kustomize/base/patch-ingress-share.yaml b/kustomize/base/patch-ingress-share.yaml index ed6a361..66f58b7 100644 --- a/kustomize/base/patch-ingress-share.yaml +++ b/kustomize/base/patch-ingress-share.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share annotations: external-dns.alpha.kubernetes.io/aws-weight: "100" kubernetes.io/ingress.class: default diff --git a/kustomize/base/patch-router.yaml b/kustomize/base/patch-router.yaml index f904722..ac1e81e 100644 --- a/kustomize/base/patch-router.yaml +++ b/kustomize/base/patch-router.yaml @@ -1,12 +1,12 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: alfresco-content-services-alfresco-router + name: alfresco-content-services-transform-router spec: template: spec: containers: - - name: alfresco-content-services + - name: alfresco-transform-service env: - name: SPRING_ACTIVEMQ_POOL_ENABLED value: "true" diff --git a/kustomize/base/patch-shared-filestore.yaml b/kustomize/base/patch-shared-filestore.yaml deleted file mode 100644 index 20a82b7..0000000 --- a/kustomize/base/patch-shared-filestore.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-filestore -spec: - strategy: - type: Recreate - rollingUpdate: null - template: - spec: - containers: - - name: alfresco-content-services - env: - - name: scheduler.content.age.millis - value: "518400000" # 3 days - - name: scheduler.cleanup.interval - value: "259200000" # 1 days diff --git a/kustomize/base/values-versions.yaml b/kustomize/base/values-versions.yaml new file mode 100644 index 0000000..aec48f2 --- /dev/null +++ b/kustomize/base/values-versions.yaml @@ -0,0 +1,80 @@ +# This values file can be used to install ACS 7.3.x using the latest version of +# the chart +alfresco-repository: + image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository + tag: release_7.3.2_elasticsearch-r5.0.1-content-latest +alfresco-ai-transformer: + image: + tag: 1.5.1 +share: + image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share + tag: release_7.3.2_elasticsearch-r5.0.1-share-latest +alfresco-transform-service: + transformrouter: + image: + repository: quay.io/alfresco/alfresco-transform-router + tag: 2.1.1 + pdfrenderer: + image: + tag: 3.1.1 + imagemagick: + image: + tag: 3.1.1 + libreoffice: + image: + tag: 3.1.1 + tika: + image: + tag: 3.1.1 + transformmisc: + image: + tag: 3.1.1 + filestore: + image: + tag: 2.1.1 +alfresco-search: + searchServicesImage: + tag: 2.0.5.2 + insightEngineImage: + tag: 2.0.5.2 +alfresco-search-enterprise: + enabled: false + liveIndexing: + mediation: + image: + tag: 3.2.0.2 + content: + image: + tag: 3.2.0.2 + metadata: + image: + tag: 3.2.0.2 + path: + image: + tag: 3.2.0.2 + reindexing: + image: + tag: 3.2.0.2 +alfresco-digital-workspace: + image: + tag: 3.1.1 +alfresco-control-center: + image: + tag: 7.9.0 +postgresql: + image: + tag: 14.4.0 +postgresql-syncservice: + image: + tag: 14.4.0 +alfresco-sync-service: + image: + tag: 3.11.1 +alfresco-connector-ms365: + image: + tag: 1.1.3.2 +alfresco-connector-msteams: + image: + tag: 1.1.0 diff --git a/kustomize/base/values.yaml b/kustomize/base/values.yaml index 94d1640..ae4b2b6 100644 --- a/kustomize/base/values.yaml +++ b/kustomize/base/values.yaml @@ -78,6 +78,7 @@ repository: -Dsystem.delete_not_exists.timeout_seconds=3600 -Dfilecontentstore.subsystem.name=S3 -Ds3.flatRoot=false + -Dsfs.url=https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk securityContext: allowPrivilegeEscalation: false runAsNonRoot: true @@ -564,74 +565,7 @@ aiTransformer: # -- Declares the alfresco-shared-file-store used by the content repository # and transform service filestore: - replicaCount: 1 - nodeSelector: {} - image: - repository: ghcr.io/ministryofjustice/hmpps-delius-alfresco-shared-file-store - tag: 2.1.2-4 - pullPolicy: IfNotPresent - internalPort: 8099 - initContainer: - image: - repository: busybox - tag: 1.35.0 - pullPolicy: IfNotPresent - resources: - limits: - cpu: "0.50" - memory: "10Mi" - service: - name: filestore - type: ClusterIP - externalPort: 80 - securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - podSecurityContext: - runAsUser: 33030 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - cpu: "0.25" - memory: "200Mi" - limits: - cpu: "2" - memory: "2000Mi" - environment: - scheduler.content.age.millis: "86400000" - scheduler.cleanup.interval: "86400000" - JAVA_OPTS: >- - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - readinessProbe: - initialDelaySeconds: 20 - periodSeconds: 60 - timeoutSeconds: 10 - livenessProbe: - initialDelaySeconds: 10 - periodSeconds: 20 - timeoutSeconds: 10 - livenessPercent: 150 - livenessSavePeriodSeconds: 600 - persistence: - # -- Persist filestore data - enabled: true - # -- Specify a storageClass for dynamic provisioning - accessModes: - - ReadWriteOnce - # -- Bind PVC based on storageClass (e.g. dynamic provisionning) - storageClass: - # -- Use pre-provisioned pv through its claim (e.g. static provisionning) - existingClaim: null - data: - mountPath: "/tmp/Alfresco" - subPath: "alfresco-content-services/filestore-data" + enabled: false # -- Define the alfresco-share properties to use in the k8s cluster # This is the default presentation layer(UI) of Alfresco Content Services share: diff --git a/kustomize/base/values703.yaml b/kustomize/base/values703.yaml new file mode 100644 index 0000000..077ea1e --- /dev/null +++ b/kustomize/base/values703.yaml @@ -0,0 +1,552 @@ +# This is a YAML-formatted file. +# It declares variables to be passed into your templates. +# ACS will be created in a k8s cluster with a minimum of 16GB memory to split +# among below nodes: +# 2 x repository, 1 x share, 1 x postgres and +# 1 x transformers (pdfrenderer, imagemagick, libreoffice, tika, misc) +# +# Limit container memory and assign X percentage to JVM. There are couple of +# ways to allocate JVM Memory for ACS Containers, for example: +# JAVA_OPTS: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap" +# But, as per Oracle docs +# (https://docs.oracle.com/javase/9/gctuning/parallel-collector1.htm#JSGCT-GUID-CAB83393-3438-44ED-98F0-D15641B43C7D) +# If container memory is not explicitly set, then the above flags will default +# max heap to 1/4th of container's memory which may not be ideal. Hence, setting +# up explicit Container memory and then assigning a percentage of it to the JVM +# for performance tuning. +infrastructure: + configMapName: &infrastructure_cmName alfresco-infrastructure +global: + # -- list of trusted URLs. + # URLs a re used to configure Cross-origin protections + # Also the first entry is considered the main hosting domain of the platform. + known_urls: null # added to each environment values file + # -- For a full information of configuring the outbound email system, see + # https://docs.alfresco.com/content-services/latest/config/email/#manage-outbound-emails + mail: + # -- SMTP server to use for the system to send outgoing email + host: null + # -- SMTP server port + port: 587 + # -- SMTP protocol to use. Either smtp or smtps + protocol: smtp + username: anonymous + password: null + smtp: + auth: true + starttls: + enable: true + smtps: + auth: true + search: + # -- set this URL if you have an external search service + url: null # set by helm install task as inline value + # -- set the type of search service used externally (solr6 or elasticsearch) + flavor: elasticsearch + # -- set the security level used with the external search service (secret, none or https) + securecomms: none + # -- Mandatory secret to provide when using Solr search with 'secret' security level + sharedSecret: null + # -- Name of the secret managed by this chart + secretName: &acs_search_secretName alfresco-search-secret + # -- If a private image registry a secret can be defined and passed to + # kubernetes, see: + # https://github.com/Alfresco/acs-deployment/blob/a924ad6670911f64f1bba680682d266dd4ea27fb/docs/helm/eks-deployment.md#docker-registry-secret + alfrescoRegistryPullSecrets: quay-registry-secret + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + registryPullSecrets: + - quay-registry-secret + ai: + # -- Enable AI capabilities in ADW AI plugin + enabled: false +database: + # -- Enable using an external database for Alfresco Content Services. Must disable `postgresql.enabled` when true. + external: true + # -- Postgresql jdbc driver name ex: org.postgresql.Driver. It should be available in the container image. + driver: null + # -- External Postgresql database user + user: null + # -- External Postgresql database password + password: null + # -- External Postgresql jdbc url ex: `jdbc:postgresql://oldfashioned-mule-postgresql-acs:5432/alfresco` + url: null + # -- Name of the secret managed by this chart + configMapName: *infrastructure_cmName + # -- Name of the secret managed by this chart + # secretName: &acs_database_secretName alfresco-cs-database + # -- An existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys. + # When using embedded postgres you need to also set `postgresql.existingSecret`. + existingSecretName: rds-instance-output +# -- Activemq connection details (activemq.enabled must also be set to false) +messageBroker: + url: null + user: null + password: null + # -- Name of the secret managed by this chart + # secretName: &acs_messageBroker_secretName acs-alfresco-cs-brokersecret + existingSecretName: amazon-mq-broker-secret +alfresco-repository: + environment: + JAVA_OPTS: >- + -Dindex.subsystem.name=elasticsearch + -Delasticsearch.indexName=alfresco + -Delasticsearch.createIndexIfNotExists=true + -Dtransform.service.enabled=true + -XX:MinRAMPercentage=50 + -XX:MaxRAMPercentage=80 + -Dencryption.keystore.type=JCEKS + -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede + -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.aliases=metadata + -Dmetadata-keystore.metadata.algorithm=DESede + -Dsystem.workflow.engine.activiti.enabled=false + -Dsystem.prop_table_cleaner.algorithm=V2 + -Dsystem.delete_not_exists.read_only=false + -Dsystem.delete_not_exists.timeout_seconds=3600 + -Dfilecontentstore.subsystem.name=S3 + -Dsfs.url=https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk + nameOverride: alfresco-repository + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + podSecurityContext: + runAsNonRoot: true + runAsUser: 33000 + runAsGroup: 1000 + fsGroup: 1000 + # -- The startup probe to cover the worse case startup time for slow clusters + startupProbe: + periodSeconds: 30 + failureThreshold: 10 + # The repository readiness probe is used to check startup only as a failure + # of the liveness probe later will result in the pod being restarted. + readinessProbe: + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + livenessProbe: + initialDelaySeconds: 130 + periodSeconds: 20 + timeoutSeconds: 15 + # image: set by environment values file + configuration: + repository: + existingConfigMap: repository + existingSecrets: + - name: alfresco-license + key: Alfresco-ent73-NOMSNationalOffenderManagementService-Expires10.03.2025.lic + purpose: acs-license + - name: s3-connector-config + purpose: subsystems:ContentStore:S3 + db: + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: rds-instance-output + messageBroker: + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: amazon-mq-broker-secret + search: + flavor: elasticsearch + # existingConfigMap: + # name: *infrastructure_cmName + # existingSecret: + # name: *acs_search_secretName + # keys: + # username: SEARCH_USERNAME + # password: SEARCH_PASSWORD + persistence: + # -- Persist repository data + enabled: false + baseSize: 20Gi + # -- Specify a storageClass for dynamic provisioning + accessModes: + - ReadWriteOnce +activemq: + nameOverride: activemq + enabled: false + # -- Possibility to choose Node for pod, with a key-value pair label + # e.g {"kubernetes.io/hostname": multinode-demo-m02} + nodeSelector: {} + adminUser: + # -- Default username for the embedded broker admin user + user: admin + # -- Default password for the embedded broker admin user + password: admin + existingSecretName: amazon-mq-broker-secret + existingSecretName: null +alfresco-connector-ms365: + # -- Enable/Disable Alfresco Content Connector for Microsoft 365 + enabled: false + image: + repository: quay.io/alfresco/alfresco-ooi-service + tag: 2.0.0 + repository: + existingConfigMap: + # -- Name of the configmap which hold the repository connection details + name: *infrastructure_cmName + keys: + # -- Name of the key in the configmap which points to the repository + # service hostname + host: repo_svc_name + # -- Name of the key in the configmap which points to the repository + # service port + port: repo_svc_port +alfresco-connector-msteams: + # -- Enable/Disable Alfresco Content Connector for Microsoft Teams + enabled: false + image: + repository: quay.io/alfresco/alfresco-ms-teams-service + tag: 2.0.0 +alfresco-transform-service: + enabled: true + messageBroker: + existingSecretName: amazon-mq-broker-secret + transformrouter: + # -- Declares the alfresco-transform-router service used by the content repository + # to route transformation requests + enabled: true + replicaCount: 2 + # image: # set by environment values file + pdfrenderer: + # -- Declares the alfresco-pdf-renderer service used by the content repository + # to transform pdf files + enabled: true + # image: set by environment values file + imagemagick: + # -- Declares the alfresco-imagemagick service used by the content repository + # to transform image files + enabled: true + # image: set by environment values file + libreoffice: + # -- Declares the alfresco-libreoffice service used by the content repository + # to transform office files + enabled: true + # image: set by environment values file + tika: + # -- Declares the alfresco-tika service used by the content repository + # to transform office files + enabled: true + # image: set by environment values file + transformmisc: + # -- Declares the alfresco-tika service used by the content repository + # to transform office files + enabled: true + image: + repository: alfresco/alfresco-transform-misc + tag: 5.0.1 + filestore: + # -- Declares the alfresco-shared-file-store used by the content repository + # and transform service + # due to platform constraints, the filestore is in MP + enabled: false + replicaCount: 0 + image: + repository: quay.io/alfresco/alfresco-shared-file-store + tag: 4.0.1 + persistence: + # -- Persist filestore data + enabled: true + data: + mountPath: "/tmp/Alfresco" + subPath: "alfresco-content-services/filestore-data" +share: + # -- toggle deploying Alfresco Share UI + enabled: true + # image: set by environment values file + nameOverride: share + repository: + existingConfigMap: + # -- Name of the configmap which hold the repository connection details + name: *infrastructure_cmName + keys: + # -- Name of the key in the configmap which points to the repository + # service hostname + host: repo_svc_name + # -- Name of the key in the configmap which points to the repository + # service port + port: repo_svc_port + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - NET_RAW + - ALL + seccompProfile: + type: RuntimeDefault + podSecurityContext: + runAsUser: 65534 + resources: + requests: + cpu: "1" + memory: "512Mi" + limits: + cpu: "4" + memory: "2000Mi" +alfresco-search: + enabled: false + repository: + existingConfigMap: + name: *infrastructure_cmName + keys: + host: repo_svc_name + port: repo_svc_port + securecomms: SEARCH_SECURECOMMS + existingSecret: + name: *acs_search_secretName + keys: + sharedSecret: SOLR_SECRET + searchServicesImage: + repository: quay.io/alfresco/search-services + tag: 2.0.8.2 + insightEngineImage: + repository: quay.io/alfresco/insight-engine + tag: 2.0.8.2 + nameOverride: alfresco-search + # If an external Solr service is to be used then enabled must be set to false + # and external has to be configured accordingly. + external: + # -- Host dns/ip of the external solr6 instance. + host: null + # -- Port of the external solr6 instance. + port: null + alfresco-insight-zeppelin: + enabled: false + ingress: + # -- Alfresco Search services endpoint ('/solr') + enabled: false + # -- Default solr basic auth user/password: admin / admin + # You can create your own with htpasswd utility & encode it with base64. + # Example: `echo -n "$(htpasswd -nbm admin admin)" | base64 | tr -d '\n'` + # basicAuth: YWRtaW46JGFwcjEkVVJqb29uS00kSEMuS1EwVkRScFpwSHB2a3JwTDd1Lg== + basicAuth: null + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local +alfresco-search-enterprise: + enabled: true + search: + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: *acs_search_secretName + ats: + existingConfigMap: + name: *infrastructure_cmName + messageBroker: + existingConfigMap: + name: *infrastructure_cmName + existingSecretName: amazon-mq-broker-secret + liveIndexing: + # set in value-versions yaml + mediation: + image: + tag: 4.0.0.1 + content: + image: + tag: 4.0.0.1 + metadata: + image: + tag: 4.0.0.1 + path: + image: + tag: 4.0.0.1 + reindexing: + enabled: false # leave as false - reindexing job is now standalone + repository: + existingConfigMap: + name: *infrastructure_cmName + db: + existingSecret: + name: rds-instance-output + existingConfigMap: + name: *infrastructure_cmName + image: + tag: 4.0.0.1 +alfresco-digital-workspace: + nodeSelector: {} + enabled: false + nameOverride: "alfresco-dw" + service: + envType: frontend + ingress: + path: /workspace + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: "5g" + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + image: + repository: quay.io/alfresco/alfresco-digital-workspace + tag: 4.3.0 + pullPolicy: IfNotPresent + registryPullSecrets: + - "{{ $.Values.global.alfrescoRegistryPullSecrets }}" + env: + APP_CONFIG_PROVIDER: "ECM" + APP_CONFIG_AUTH_TYPE: "BASIC" + API_URL: "{protocol}//{hostname}{:port}" + extraEnv: |- + {{- if .Values.global.ai.enabled }} + - name: APP_CONFIG_PLUGIN_AI_SERVICE + value: '{{ .Values.global.ai.enabled }}' + {{- end }} + securityContext: + runAsNonRoot: true + runAsUser: 101 + capabilities: + drop: + - NET_RAW + - ALL + resources: + requests: + cpu: "0.25" + memory: "256Mi" + limits: + cpu: "1" + memory: "1024Mi" +alfresco-control-center: + nodeSelector: {} + enabled: false + nameOverride: "alfresco-cc" + service: + envType: frontend + ingress: + path: /control-center + annotations: + kubernetes.io/ingress.class: nginx + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + image: + repository: quay.io/alfresco/alfresco-control-center + tag: 8.3.0 + pullPolicy: IfNotPresent + registryPullSecrets: + - "{{ $.Values.global.alfrescoRegistryPullSecrets }}" + env: + APP_CONFIG_PROVIDER: "ECM" + APP_CONFIG_AUTH_TYPE: "BASIC" + API_URL: "{protocol}//{hostname}{:port}" + securityContext: + runAsNonRoot: true + runAsUser: 101 + capabilities: + drop: + - NET_RAW + - ALL + resources: + requests: + cpu: "0.25" + memory: "256Mi" + limits: + cpu: "1" + memory: "1024Mi" +postgresql: + # -- Toggle embedded postgres for Alfresco Content Services repository + # Check [PostgreSQL Bitnami chart + # Documentation](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) + enabled: false + nameOverride: postgresql-acs + image: + tag: 14.4.0 + pullPolicy: IfNotPresent + commonAnnotations: + application: alfresco-content-services + auth: + existingSecret: null + username: alfresco + password: alfresco + database: alfresco + primary: + extendedConfiguration: | + max_connections = 250 + shared_buffers = 512MB + effective_cache_size = 2GB + wal_level = minimal + max_wal_senders = 0 + max_replication_slots = 0 + log_min_messages = LOG + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "8" + memory: "8Gi" + service: + ports: + postgresql: 5432 + persistence: + # -- set the storageClass to use for dynamic provisioning. + # setting it to null means "default storageClass". + storageClass: null + # -- provide an existing persistent volume claim name to persist SQL data + # Make sure the root folder has the appropriate permissions/ownership set. + existingClaim: null + subPath: "alfresco-content-services/database-data" +alfresco-sync-service: + # -- Toggle deployment of Alfresco Sync Service (Desktop-Sync) + # Check [Alfresco Sync Service + # Documentation](https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/alfresco-sync-service) + enabled: false + image: + tag: 4.0.1 + postgresql: + enabled: true + image: + tag: 14.4.0 + auth: + enablePostgresUser: false + username: alfresco + password: admin + database: syncservice-postgresql + primary: + resources: + requests: + cpu: 250m + memory: 1Gi + limits: + cpu: "4" + memory: 4Gi + messageBroker: + existingSecretName: amazon-mq-broker-secret + repository: + nameOverride: alfresco-repository + port: 80 + # -- toggle deploying Alfresco ai transformer +alfresco-ai-transformer: + enabled: false + messageBroker: + existingSecretName: amazon-mq-broker-secret + image: + repository: quay.io/alfresco/alfresco-ai-docker-engine + tag: 3.0.1 +# aws: +# accessKey: +# secretAccessKey: +# region: +# s3Bucket: +# comprehendRoleARN: +elasticsearch: + # -- Enables the embedded elasticsearch cluster + enabled: false + replicas: 1 + clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" diff --git a/kustomize/preprod/kustomization.yaml b/kustomize/preprod/kustomization.yaml index 757ef78..b01d7a7 100644 --- a/kustomize/preprod/kustomization.yaml +++ b/kustomize/preprod/kustomization.yaml @@ -7,4 +7,12 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - - path: patch-filestore-pvc.yaml + # - path: patch-live-indexing-path.yaml + # - path: patch-live-indexing-content.yaml + # - path: patch-live-indexing-mediation.yaml + # - path: patch-live-indexing-metadata.yaml + - path: patch-router.yaml + # - path: patch-tika.yaml + # - path: patch-transform-misc.yaml + # - path: patch-transform-libreoffice.yaml + # - path: patch-transform-imagemagick.yaml diff --git a/kustomize/preprod/patch-filestore-pvc.yaml b/kustomize/preprod/patch-filestore-pvc.yaml deleted file mode 100644 index 58bcc70..0000000 --- a/kustomize/preprod/patch-filestore-pvc.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: filestore-default-pvc -spec: - resources: - requests: - storage: 4000Gi diff --git a/kustomize/preprod/patch-ingress-repository.yaml b/kustomize/preprod/patch-ingress-repository.yaml index 5d4911e..7ff5f4e 100644 --- a/kustomize/preprod/patch-ingress-repository.yaml +++ b/kustomize/preprod/patch-ingress-repository.yaml @@ -1,10 +1,10 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-preprod-green + nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" spec: rules: - host: hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: /api-explorer diff --git a/kustomize/preprod/patch-ingress-share.yaml b/kustomize/preprod/patch-ingress-share.yaml index 4eb86e9..d896720 100644 --- a/kustomize/preprod/patch-ingress-share.yaml +++ b/kustomize/preprod/patch-ingress-share.yaml @@ -1,10 +1,10 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-preprod-green + nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" spec: rules: - host: share.hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share port: number: 80 path: /share/page/ diff --git a/kustomize/preprod/patch-live-indexing-content.yaml b/kustomize/preprod/patch-live-indexing-content.yaml new file mode 100644 index 0000000..107f989 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-content.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-metadata +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-metadata + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-mediation.yaml b/kustomize/preprod/patch-live-indexing-mediation.yaml new file mode 100644 index 0000000..7c071b1 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-mediation.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-content +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-content + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-metadata.yaml b/kustomize/preprod/patch-live-indexing-metadata.yaml new file mode 100644 index 0000000..fe075ec --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-metadata.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-mediation +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-mediation + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-path.yaml b/kustomize/preprod/patch-live-indexing-path.yaml new file mode 100644 index 0000000..d4f1798 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-path.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-path +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-path + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-router.yaml b/kustomize/preprod/patch-router.yaml new file mode 100644 index 0000000..5fccf66 --- /dev/null +++ b/kustomize/preprod/patch-router.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-transform-router +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-tika.yaml b/kustomize/preprod/patch-tika.yaml new file mode 100644 index 0000000..ea02ac6 --- /dev/null +++ b/kustomize/preprod/patch-tika.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-cs-tika +spec: + template: + spec: + containers: + - name: alfresco-content-services + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-imagemagick.yaml b/kustomize/preprod/patch-transform-imagemagick.yaml new file mode 100644 index 0000000..4026fe5 --- /dev/null +++ b/kustomize/preprod/patch-transform-imagemagick.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-cs-imagemagick +spec: + template: + spec: + containers: + - name: alfresco-content-services + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-libreoffice.yaml b/kustomize/preprod/patch-transform-libreoffice.yaml new file mode 100644 index 0000000..1d7c521 --- /dev/null +++ b/kustomize/preprod/patch-transform-libreoffice.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-cs-libreoffice +spec: + template: + spec: + containers: + - name: alfresco-content-services + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-misc.yaml b/kustomize/preprod/patch-transform-misc.yaml new file mode 100644 index 0000000..eee6508 --- /dev/null +++ b/kustomize/preprod/patch-transform-misc.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-cs-transform-misc +spec: + template: + spec: + containers: + - name: alfresco-content-services + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/values.yaml b/kustomize/preprod/values.yaml index 2335747..0b78bb3 100644 --- a/kustomize/preprod/values.yaml +++ b/kustomize/preprod/values.yaml @@ -1,6 +1,6 @@ # this file overrides values defined in ./values.yaml repository: - # -- The startup probe to cover the worse case startup time for slow clusters + # -- The startup probe to cover the worse case startup time for slow clusters # startupProbe: # periodSeconds: 30 # failureThreshold: 40 @@ -14,7 +14,7 @@ repository: # periodSeconds: 20 # timeoutSeconds: 15 # failureThreshold: 40 - replicaCount: 10 + replicaCount: 1 image: tag: release_7.3.2_elasticsearch-r5.0.2-content-latest resources: # requests and limits set closer together to ensure CP stability @@ -30,29 +30,33 @@ share: replicaCount: 1 image: tag: release_7.3.2_elasticsearch-r5.0.2-share-latest -externalHost: hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk externalProtocol: https externalPort: 443 -tika: - replicaCount: 8 - resources: - limits: - cpu: 2 - memory: 4Gi -transformrouter: - replicaCount: 12 - resources: - requests: - cpu: "0.75" - memory: "300Mi" - limits: - cpu: "2" - memory: "756Mi" +alfresco-transform-service: + tika: + replicaCount: 1 + resources: + limits: + cpu: 2 + memory: 4Gi + transformrouter: + replicaCount: 1 + resources: + requests: + cpu: "0.75" + memory: "300Mi" + limits: + cpu: "2" + memory: "756Mi" alfresco-search-enterprise: liveIndexing: content: - replicaCount: 8 + replicaCount: 1 mediation: - replicaCount: 4 + replicaCount: 1 metadata: - replicaCount: 4 + replicaCount: 1 + +global: + known_urls: + - https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk From d0237e044e9997806ad24d04e226c0fd1ced7817 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Dec 2024 15:24:25 +0000 Subject: [PATCH 03/17] Update Taskfile.yml --- Taskfile.yml | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/Taskfile.yml b/Taskfile.yml index 5ae8504..eca8339 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -10,6 +10,11 @@ vars: sh: kubectl get svc --namespace {{.NAMESPACE}} | grep 'opensearch-proxy-service-cloud-platform' | awk '{ print $1 }' OPENSEARCH_HOST: sh: echo "{{.OPEN_SEARCH_PREFIX}}.{{.NAMESPACE}}.svc.cluster.local" + MESSAGEBROKER_URL: + sh: | + kubectl get secrets amazon-mq-broker-secret -o json | \ + jq -r ".data | map_values(@base64d) | .BROKER_URL" | \ + sed -e 's/(/\\(/g' -e 's/)/\\)/g' -e 's/,/\\,/g' ALLOWLIST: sh: yq 'join(",")' ./kustomize/{{.ENV}}/allowlist.yaml RDS_JDBC_URL: @@ -22,7 +27,7 @@ vars: ATOMIC: "true" ATOMIC_FLAG: sh: if [ "{{.ATOMIC}}" = "true" ]; then echo "--atomic"; else echo ""; fi - CHART_VERSION: "6.0.2" + CHART_VERSION: "7.0.3" tasks: helm_upgrade: @@ -82,11 +87,12 @@ tasks: cmds: - | helm upgrade --install alfresco-content-services alfresco/alfresco-content-services --version {{.CHART_VERSION}} --namespace {{.NAMESPACE}} \ - --values=../base/values.yaml --values=values.yaml \ + --values=../base/values703.yaml --values=../base/values-versions.yaml --values=values.yaml \ --set s3connector.config.bucketName={{.BUCKET_NAME}} \ --set database.url={{.RDS_JDBC_URL}} \ - --set global.elasticsearch.host={{.OPENSEARCH_HOST}} \ - --set alfresco-search-enterprise.searchIndex.host={{.OPENSEARCH_HOST}} \ + --set-string messageBroker.url="{{.MESSAGEBROKER_URL}}" \ + --set global.search.url=http://{{.OPENSEARCH_HOST}}:8080 \ + --set global.search.host={{.OPENSEARCH_HOST}} \ --wait --timeout=60m \ --post-renderer ../kustomizer.sh --post-renderer-args "{{.HELM_POST_RENDERER_ARGS}}" \ {{.DEBUG_FLAG}} {{.ATOMIC_FLAG}} @@ -103,15 +109,15 @@ tasks: cmds: - yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i patch-ingress-repository.yaml - yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i patch-ingress-share.yaml - + simple_reindex: cmds: - - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=27451380" --set "toId=27908429" --namespace {{.NAMESPACE}} + - | + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=52000100" --set "toId=52001000" --namespace {{.NAMESPACE}} reindex_list: cmds: - - | + - | # Set your batch size (you can adjust this number as needed) BATCH_SIZE=40 @@ -178,23 +184,20 @@ tasks: if [ "$index" -gt 0 ]; then create_helm_job "${batch[@]}" fi - + echo "All jobs have been created!" echo "Cleaning up..." helm uninstall "reindex-list-${RANDOM_ID}" --namespace {{.NAMESPACE}} echo "Cleanup complete!" - - - simple_reindex_date: cmds: - - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=201707060001" --set "toTime=201707070001" --namespace {{.NAMESPACE}} + - | + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=201711280001" --set "toTime=201712280001" --namespace {{.NAMESPACE}} simple_reindex_date_metadata-only: cmds: - - | + - | helm install "reindex-default-date-meta" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=202402010100" --set "toTime=202402100100" --set "content=false" --namespace {{.NAMESPACE}} batch_reindex: @@ -249,7 +252,7 @@ tasks: for item in $previous_completed; do pending=$(echo "$pending" | grep -v "$item") done - + total_items=$(echo "$pending" | wc -l) echo "Total items: $total_items" @@ -275,11 +278,11 @@ tasks: if [ $running_jobs -ge {{.CONCURRENCY}} ]; then echo "No available slots, waiting for 5 seconds" sleep 5 - else + else echo "Found at least 1 available slot!" echo "Available slots left: $(({{.CONCURRENCY}} - $running_jobs))" # run the job - echo "helm install reindex-${start}-${end} ./jobs/reindex --set global.elasticsearch.host={{.OPENSEARCH_HOST}} --set fromId=${start} --set toId=${end} --namespace {{.NAMESPACE}}" + echo "helm install reindex-${start}-${end} ./jobs/reindex --set global.elasticsearch.host={{.OPENSEARCH_HOST}} --set fromId=${start} --set toId=${end} --namespace {{.NAMESPACE}}" helm install "reindex-${start}-${end}" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=${start}" --set "toId=${end}" --namespace {{.NAMESPACE}} # Remove the item from the list pending=$(echo "$pending" | tail -n +2) @@ -330,4 +333,3 @@ tasks: echo "Uninstalling release: $release" helm uninstall "$release" -n "$NAMESPACE" done - \ No newline at end of file From 47c029617ac8ea9756232ed7db94ba788fa21a22 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Dec 2024 17:46:41 +0000 Subject: [PATCH 04/17] values changes --- kustomize/base/values-versions.yaml | 14 ---------- kustomize/base/values703.yaml | 27 ++++++++++++++++--- .../preprod/patch-ingress-repository.yaml | 2 +- kustomize/preprod/patch-ingress-share.yaml | 2 +- kustomize/preprod/values.yaml | 13 +++------ 5 files changed, 28 insertions(+), 30 deletions(-) diff --git a/kustomize/base/values-versions.yaml b/kustomize/base/values-versions.yaml index aec48f2..578608f 100644 --- a/kustomize/base/values-versions.yaml +++ b/kustomize/base/values-versions.yaml @@ -1,16 +1,3 @@ -# This values file can be used to install ACS 7.3.x using the latest version of -# the chart -alfresco-repository: - image: - repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository - tag: release_7.3.2_elasticsearch-r5.0.1-content-latest -alfresco-ai-transformer: - image: - tag: 1.5.1 -share: - image: - repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share - tag: release_7.3.2_elasticsearch-r5.0.1-share-latest alfresco-transform-service: transformrouter: image: @@ -40,7 +27,6 @@ alfresco-search: insightEngineImage: tag: 2.0.5.2 alfresco-search-enterprise: - enabled: false liveIndexing: mediation: image: diff --git a/kustomize/base/values703.yaml b/kustomize/base/values703.yaml index 077ea1e..d37ff22 100644 --- a/kustomize/base/values703.yaml +++ b/kustomize/base/values703.yaml @@ -108,7 +108,8 @@ alfresco-repository: -Dsystem.delete_not_exists.read_only=false -Dsystem.delete_not_exists.timeout_seconds=3600 -Dfilecontentstore.subsystem.name=S3 - -Dsfs.url=https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk + CATALINA_OPTS: >- + -Ds3.bucketLocation=eu-west-2 nameOverride: alfresco-repository securityContext: allowPrivilegeEscalation: false @@ -146,8 +147,18 @@ alfresco-repository: - name: alfresco-license key: Alfresco-ent73-NOMSNationalOffenderManagementService-Expires10.03.2025.lic purpose: acs-license - - name: s3-connector-config - purpose: subsystems:ContentStore:S3 + - name: s3-bucket-output + key: ACCESSKEY + purpose: property:s3.accessKey + - name: s3-bucket-output + key: SECRETKEY + purpose: property:s3.secretKey + - name: s3-bucket-output + key: BUCKET_NAME + purpose: property:s3.bucketName + - name: sfs-url + key: SFS_URL + purpose: property:sfs.url db: existingConfigMap: name: *infrastructure_cmName @@ -350,21 +361,29 @@ alfresco-search-enterprise: messageBroker: existingConfigMap: name: *infrastructure_cmName - existingSecretName: amazon-mq-broker-secret + existingSecret: + name: amazon-mq-broker-secret + keys: + username: BROKER_USERNAME + password: BROKER_PASSWORD liveIndexing: # set in value-versions yaml mediation: image: tag: 4.0.0.1 + replicaCount: 1 content: image: tag: 4.0.0.1 + replicaCount: 1 metadata: image: tag: 4.0.0.1 + replicaCount: 1 path: image: tag: 4.0.0.1 + replicaCount: 1 reindexing: enabled: false # leave as false - reindexing job is now standalone repository: diff --git a/kustomize/preprod/patch-ingress-repository.yaml b/kustomize/preprod/patch-ingress-repository.yaml index 7ff5f4e..34b3ff0 100644 --- a/kustomize/preprod/patch-ingress-repository.yaml +++ b/kustomize/preprod/patch-ingress-repository.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-repository annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: - host: hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/preprod/patch-ingress-share.yaml b/kustomize/preprod/patch-ingress-share.yaml index d896720..2f22313 100644 --- a/kustomize/preprod/patch-ingress-share.yaml +++ b/kustomize/preprod/patch-ingress-share.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-share annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: - host: share.hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/preprod/values.yaml b/kustomize/preprod/values.yaml index 0b78bb3..5fab91d 100644 --- a/kustomize/preprod/values.yaml +++ b/kustomize/preprod/values.yaml @@ -1,5 +1,5 @@ # this file overrides values defined in ./values.yaml -repository: +alfresco-repository: # -- The startup probe to cover the worse case startup time for slow clusters # startupProbe: # periodSeconds: 30 @@ -16,6 +16,7 @@ repository: # failureThreshold: 40 replicaCount: 1 image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository tag: release_7.3.2_elasticsearch-r5.0.2-content-latest resources: # requests and limits set closer together to ensure CP stability requests: @@ -29,6 +30,7 @@ repository: share: replicaCount: 1 image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share tag: release_7.3.2_elasticsearch-r5.0.2-share-latest externalProtocol: https externalPort: 443 @@ -48,15 +50,6 @@ alfresco-transform-service: limits: cpu: "2" memory: "756Mi" -alfresco-search-enterprise: - liveIndexing: - content: - replicaCount: 1 - mediation: - replicaCount: 1 - metadata: - replicaCount: 1 - global: known_urls: - https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk From a477b3f433a7ad7d4ec86729a21972ac83206722 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Dec 2024 18:21:05 +0000 Subject: [PATCH 05/17] patching --- jobs/reindex/templates/reindexing-config.yaml | 2 +- kustomize/base/kustomization.yaml | 8 +++---- .../patch-delete-reindexing-config-map.yaml | 5 ----- .../base/patch-live-mediation-indexing.yaml | 22 ------------------- kustomize/preprod/kustomization.yaml | 10 +-------- kustomize/preprod/patch-infra-config-map.yaml | 6 +++++ .../preprod/patch-live-indexing-content.yaml | 12 ---------- .../patch-live-indexing-mediation.yaml | 12 ---------- .../preprod/patch-live-indexing-metadata.yaml | 12 ---------- .../preprod/patch-live-indexing-path.yaml | 12 ---------- kustomize/preprod/patch-router.yaml | 12 ---------- kustomize/preprod/patch-tika.yaml | 12 ---------- .../preprod/patch-transform-imagemagick.yaml | 12 ---------- .../preprod/patch-transform-libreoffice.yaml | 12 ---------- kustomize/preprod/patch-transform-misc.yaml | 12 ---------- 15 files changed, 11 insertions(+), 150 deletions(-) delete mode 100644 kustomize/base/patch-delete-reindexing-config-map.yaml delete mode 100644 kustomize/base/patch-live-mediation-indexing.yaml create mode 100644 kustomize/preprod/patch-infra-config-map.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-content.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-mediation.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-metadata.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-path.yaml delete mode 100644 kustomize/preprod/patch-router.yaml delete mode 100644 kustomize/preprod/patch-tika.yaml delete mode 100644 kustomize/preprod/patch-transform-imagemagick.yaml delete mode 100644 kustomize/preprod/patch-transform-libreoffice.yaml delete mode 100644 kustomize/preprod/patch-transform-misc.yaml diff --git a/jobs/reindex/templates/reindexing-config.yaml b/jobs/reindex/templates/reindexing-config.yaml index 57711c7..14d1ca7 100644 --- a/jobs/reindex/templates/reindexing-config.yaml +++ b/jobs/reindex/templates/reindexing-config.yaml @@ -6,7 +6,7 @@ data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ - ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-transform-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} {{- if .Values.environment }} diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 4242f51..a3547aa 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -7,9 +7,7 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - # - path: patch-delete-reindexing-config-map.yaml - # - path: patch-live-path-indexing.yaml - # - path: patch-live-metadata-indexing.yaml - # - path: patch-live-content-indexing.yaml - # - path: patch-live-mediation-indexing.yaml + - path: patch-live-path-indexing.yaml + - path: patch-live-metadata-indexing.yaml + - path: patch-live-content-indexing.yaml - path: patch-router.yaml diff --git a/kustomize/base/patch-delete-reindexing-config-map.yaml b/kustomize/base/patch-delete-reindexing-config-map.yaml deleted file mode 100644 index f46c94b..0000000 --- a/kustomize/base/patch-delete-reindexing-config-map.yaml +++ /dev/null @@ -1,5 +0,0 @@ -$patch: delete -apiVersion: v1 -kind: ConfigMap -metadata: - name: alfresco-content-services-alfresco-search-enterprise-reindexing-configmap diff --git a/kustomize/base/patch-live-mediation-indexing.yaml b/kustomize/base/patch-live-mediation-indexing.yaml deleted file mode 100644 index 4dd4cd3..0000000 --- a/kustomize/base/patch-live-mediation-indexing.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-mediation -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-mediation - env: - - name: SPRING_ACTIVEMQ_POOL_ENABLED - value: "true" - - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS - value: "100" - - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT - value: "30000" # 30 seconds idle timeout - - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT - value: "60000" # 60 seconds expiry timeout - - name: JAVA_OPTS - value: "-Dspring.activemq.packages.trustAll=true" - # - name: INPUT_ALFRESCO_MEDIATION_BATCH_EVENT_CHANNEL - # value: sjms-batch:mediation.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 diff --git a/kustomize/preprod/kustomization.yaml b/kustomize/preprod/kustomization.yaml index b01d7a7..e4a32fb 100644 --- a/kustomize/preprod/kustomization.yaml +++ b/kustomize/preprod/kustomization.yaml @@ -7,12 +7,4 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - # - path: patch-live-indexing-path.yaml - # - path: patch-live-indexing-content.yaml - # - path: patch-live-indexing-mediation.yaml - # - path: patch-live-indexing-metadata.yaml - - path: patch-router.yaml - # - path: patch-tika.yaml - # - path: patch-transform-misc.yaml - # - path: patch-transform-libreoffice.yaml - # - path: patch-transform-imagemagick.yaml + - path: patch-infra-config-map.yaml diff --git a/kustomize/preprod/patch-infra-config-map.yaml b/kustomize/preprod/patch-infra-config-map.yaml new file mode 100644 index 0000000..d448b9f --- /dev/null +++ b/kustomize/preprod/patch-infra-config-map.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alfresco-infrastructure +data: + SFS_URL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-live-indexing-content.yaml b/kustomize/preprod/patch-live-indexing-content.yaml deleted file mode 100644 index 107f989..0000000 --- a/kustomize/preprod/patch-live-indexing-content.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-metadata -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-metadata - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-mediation.yaml b/kustomize/preprod/patch-live-indexing-mediation.yaml deleted file mode 100644 index 7c071b1..0000000 --- a/kustomize/preprod/patch-live-indexing-mediation.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-content -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-content - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-metadata.yaml b/kustomize/preprod/patch-live-indexing-metadata.yaml deleted file mode 100644 index fe075ec..0000000 --- a/kustomize/preprod/patch-live-indexing-metadata.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-mediation -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-mediation - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-path.yaml b/kustomize/preprod/patch-live-indexing-path.yaml deleted file mode 100644 index d4f1798..0000000 --- a/kustomize/preprod/patch-live-indexing-path.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-path -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-path - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-router.yaml b/kustomize/preprod/patch-router.yaml deleted file mode 100644 index 5fccf66..0000000 --- a/kustomize/preprod/patch-router.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-transform-router -spec: - template: - spec: - containers: - - name: alfresco-transform-service - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-tika.yaml b/kustomize/preprod/patch-tika.yaml deleted file mode 100644 index ea02ac6..0000000 --- a/kustomize/preprod/patch-tika.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-cs-tika -spec: - template: - spec: - containers: - - name: alfresco-content-services - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-imagemagick.yaml b/kustomize/preprod/patch-transform-imagemagick.yaml deleted file mode 100644 index 4026fe5..0000000 --- a/kustomize/preprod/patch-transform-imagemagick.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-cs-imagemagick -spec: - template: - spec: - containers: - - name: alfresco-content-services - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-libreoffice.yaml b/kustomize/preprod/patch-transform-libreoffice.yaml deleted file mode 100644 index 1d7c521..0000000 --- a/kustomize/preprod/patch-transform-libreoffice.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-cs-libreoffice -spec: - template: - spec: - containers: - - name: alfresco-content-services - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-misc.yaml b/kustomize/preprod/patch-transform-misc.yaml deleted file mode 100644 index eee6508..0000000 --- a/kustomize/preprod/patch-transform-misc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-cs-transform-misc -spec: - template: - spec: - containers: - - name: alfresco-content-services - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file From 4491bcbde99c0389008ec35d44dc598b1316e62e Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Dec 2024 22:05:55 +0000 Subject: [PATCH 06/17] patching for filestore url --- Taskfile.yml | 2 +- .../base/patch-live-mediation-indexing.yaml | 28 +++++++++++++++++++ kustomize/base/values.yaml | 2 +- kustomize/preprod/kustomization.yaml | 10 +++++++ kustomize/preprod/patch-infra-config-map.yaml | 2 +- .../preprod/patch-live-indexing-content.yaml | 12 ++++++++ .../patch-live-indexing-mediation.yaml | 16 +++++++++++ .../preprod/patch-live-indexing-metadata.yaml | 12 ++++++++ .../preprod/patch-live-indexing-path.yaml | 12 ++++++++ kustomize/preprod/patch-router.yaml | 12 ++++++++ kustomize/preprod/patch-tika.yaml | 12 ++++++++ .../preprod/patch-transform-imagemagick.yaml | 12 ++++++++ .../preprod/patch-transform-libreoffice.yaml | 12 ++++++++ kustomize/preprod/patch-transform-misc.yaml | 12 ++++++++ kustomize/preprod/values.yaml | 14 +++++----- kustomize/stage/values.yaml | 2 -- 16 files changed, 160 insertions(+), 12 deletions(-) create mode 100644 kustomize/base/patch-live-mediation-indexing.yaml create mode 100644 kustomize/preprod/patch-live-indexing-content.yaml create mode 100644 kustomize/preprod/patch-live-indexing-mediation.yaml create mode 100644 kustomize/preprod/patch-live-indexing-metadata.yaml create mode 100644 kustomize/preprod/patch-live-indexing-path.yaml create mode 100644 kustomize/preprod/patch-router.yaml create mode 100644 kustomize/preprod/patch-tika.yaml create mode 100644 kustomize/preprod/patch-transform-imagemagick.yaml create mode 100644 kustomize/preprod/patch-transform-libreoffice.yaml create mode 100644 kustomize/preprod/patch-transform-misc.yaml diff --git a/Taskfile.yml b/Taskfile.yml index eca8339..e5adc76 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -113,7 +113,7 @@ tasks: simple_reindex: cmds: - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=52000100" --set "toId=52001000" --namespace {{.NAMESPACE}} + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=52000000" --set "toId=53000000" --namespace {{.NAMESPACE}} reindex_list: cmds: diff --git a/kustomize/base/patch-live-mediation-indexing.yaml b/kustomize/base/patch-live-mediation-indexing.yaml new file mode 100644 index 0000000..d91f4df --- /dev/null +++ b/kustomize/base/patch-live-mediation-indexing.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: alfresco-search-enterprise-mediation +spec: + serviceName: alfresco-search-enterprise-mediation + selector: + matchLabels: + app: alfresco-search-enterprise-mediation + strategy: + type: Recreate + template: + spec: + containers: + - name: alfresco-search-enterprise-mediation + env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAX_CONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" # 30 seconds idle timeout + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" # 60 seconds expiry timeout + - name: JAVA_OPTS + value: "-Dspring.activemq.packages.trustAll=true" + # - name: INPUT_ALFRESCO_MEDIATION_BATCH_EVENT_CHANNEL + # value: sjms-batch:mediation.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&consumerCount=20 diff --git a/kustomize/base/values.yaml b/kustomize/base/values.yaml index ae4b2b6..f79c415 100644 --- a/kustomize/base/values.yaml +++ b/kustomize/base/values.yaml @@ -78,7 +78,7 @@ repository: -Dsystem.delete_not_exists.timeout_seconds=3600 -Dfilecontentstore.subsystem.name=S3 -Ds3.flatRoot=false - -Dsfs.url=https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk + -Dsfs.url=https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/ securityContext: allowPrivilegeEscalation: false runAsNonRoot: true diff --git a/kustomize/preprod/kustomization.yaml b/kustomize/preprod/kustomization.yaml index e4a32fb..9625ecc 100644 --- a/kustomize/preprod/kustomization.yaml +++ b/kustomize/preprod/kustomization.yaml @@ -7,4 +7,14 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml + # - path: patch-live-indexing-path.yaml + # - path: patch-live-indexing-content.yaml + # - path: patch-live-indexing-mediation.yaml + # - path: patch-live-indexing-metadata.yaml + - path: patch-router.yaml + - path: patch-tika.yaml + - path: patch-transform-misc.yaml + - path: patch-transform-libreoffice.yaml + - path: patch-transform-imagemagick.yaml - path: patch-infra-config-map.yaml + diff --git a/kustomize/preprod/patch-infra-config-map.yaml b/kustomize/preprod/patch-infra-config-map.yaml index d448b9f..3ec98b6 100644 --- a/kustomize/preprod/patch-infra-config-map.yaml +++ b/kustomize/preprod/patch-infra-config-map.yaml @@ -3,4 +3,4 @@ kind: ConfigMap metadata: name: alfresco-infrastructure data: - SFS_URL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file + SFS_URL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-content.yaml b/kustomize/preprod/patch-live-indexing-content.yaml new file mode 100644 index 0000000..7c071b1 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-content.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-content +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-content + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-mediation.yaml b/kustomize/preprod/patch-live-indexing-mediation.yaml new file mode 100644 index 0000000..2696c33 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-mediation.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: alfresco-search-enterprise-mediation +spec: + serviceName: alfresco-search-enterprise-mediation + selector: + matchLabels: + app: alfresco-search-enterprise-mediation + template: + spec: + containers: + - name: alfresco-search-enterprise-mediation + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-metadata.yaml b/kustomize/preprod/patch-live-indexing-metadata.yaml new file mode 100644 index 0000000..107f989 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-metadata.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-metadata +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-metadata + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-path.yaml b/kustomize/preprod/patch-live-indexing-path.yaml new file mode 100644 index 0000000..d4f1798 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-path.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-path +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-path + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-router.yaml b/kustomize/preprod/patch-router.yaml new file mode 100644 index 0000000..5fccf66 --- /dev/null +++ b/kustomize/preprod/patch-router.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-transform-router +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-tika.yaml b/kustomize/preprod/patch-tika.yaml new file mode 100644 index 0000000..547125a --- /dev/null +++ b/kustomize/preprod/patch-tika.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-tika +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-imagemagick.yaml b/kustomize/preprod/patch-transform-imagemagick.yaml new file mode 100644 index 0000000..3819ee0 --- /dev/null +++ b/kustomize/preprod/patch-transform-imagemagick.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-imagemagick +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-libreoffice.yaml b/kustomize/preprod/patch-transform-libreoffice.yaml new file mode 100644 index 0000000..c3ffa1f --- /dev/null +++ b/kustomize/preprod/patch-transform-libreoffice.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-libreoffice +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-misc.yaml b/kustomize/preprod/patch-transform-misc.yaml new file mode 100644 index 0000000..58b0f3c --- /dev/null +++ b/kustomize/preprod/patch-transform-misc.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-transform-misc +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/values.yaml b/kustomize/preprod/values.yaml index 5fab91d..2babfb0 100644 --- a/kustomize/preprod/values.yaml +++ b/kustomize/preprod/values.yaml @@ -14,7 +14,7 @@ alfresco-repository: # periodSeconds: 20 # timeoutSeconds: 15 # failureThreshold: 40 - replicaCount: 1 + replicaCount: 10 image: repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository tag: release_7.3.2_elasticsearch-r5.0.2-content-latest @@ -25,8 +25,6 @@ alfresco-repository: limits: cpu: 4 memory: 10Gi - persistence: - baseSize: 100Gi share: replicaCount: 1 image: @@ -36,20 +34,22 @@ externalProtocol: https externalPort: 443 alfresco-transform-service: tika: - replicaCount: 1 + replicaCount: 4 resources: limits: cpu: 2 memory: 4Gi transformrouter: - replicaCount: 1 + replicaCount: 8 resources: requests: cpu: "0.75" - memory: "300Mi" + memory: "512Mi" limits: cpu: "2" - memory: "756Mi" + memory: "1024Mi" global: known_urls: - https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + - https://share.hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + - https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk diff --git a/kustomize/stage/values.yaml b/kustomize/stage/values.yaml index cb84319..1e2f7cd 100644 --- a/kustomize/stage/values.yaml +++ b/kustomize/stage/values.yaml @@ -24,8 +24,6 @@ repository: limits: cpu: 4 memory: 10Gi - persistence: - baseSize: 100Gi share: replicaCount: 1 image: From 098625d4c9ce5899428be9a1cc5d7163705c242a Mon Sep 17 00:00:00 2001 From: George Taylor Date: Thu, 5 Dec 2024 01:29:15 +0000 Subject: [PATCH 07/17] Update readme (#117) * fix: matrix env typo (#110) * chore: add awscli to utils container (#111) * correct values for preprod * move to config map as source of truth * create config map with correct values in it and update size limit --------- Co-authored-by: Andrew Moore <20435317+andrewmooreio@users.noreply.github.com> --- .github/workflows/opensearch-backup.yml | 3 +- Taskfile.yml | 4 +- .../templates/reindexing-config.yaml | 2 +- .../templates/reindexing-config.yaml | 2 +- kustomize/base/kustomization.yaml | 11 ++- .../patch-delete-reindexing-config-map.yaml | 5 ++ ....yaml => patch-live-indexing-content.yaml} | 7 +- ...aml => patch-live-indexing-mediation.yaml} | 10 +-- ...yaml => patch-live-indexing-metadata.yaml} | 7 +- .../patch-live-indexing-path.yaml | 7 +- kustomize/base/patch-live-path-indexing.yaml | 22 ----- kustomize/base/patch-router.yaml | 5 ++ kustomize/{preprod => base}/patch-tika.yaml | 5 +- .../patch-transform-imagemagick.yaml | 6 +- .../patch-transform-libreoffice.yaml | 5 +- .../patch-transform-misc.yaml | 5 +- kustomize/base/values703.yaml | 4 +- kustomize/preprod/alf-prop-config-map.yaml | 80 +++++++++++++++++++ kustomize/preprod/kustomization.yaml | 10 +-- kustomize/preprod/patch-infra-config-map.yaml | 3 +- .../preprod/patch-ingress-repository.yaml | 2 +- kustomize/preprod/patch-ingress-share.yaml | 2 +- .../preprod/patch-live-indexing-content.yaml | 12 --- .../patch-live-indexing-mediation.yaml | 16 ---- .../preprod/patch-live-indexing-metadata.yaml | 12 --- kustomize/preprod/patch-router.yaml | 12 --- kustomize/preprod/values.yaml | 20 ++++- tools/utils/Dockerfile | 2 +- 28 files changed, 166 insertions(+), 115 deletions(-) create mode 100644 kustomize/base/patch-delete-reindexing-config-map.yaml rename kustomize/base/{patch-live-content-indexing.yaml => patch-live-indexing-content.yaml} (77%) rename kustomize/base/{patch-live-mediation-indexing.yaml => patch-live-indexing-mediation.yaml} (73%) rename kustomize/base/{patch-live-metadata-indexing.yaml => patch-live-indexing-metadata.yaml} (77%) rename kustomize/{preprod => base}/patch-live-indexing-path.yaml (53%) delete mode 100644 kustomize/base/patch-live-path-indexing.yaml rename kustomize/{preprod => base}/patch-tika.yaml (56%) rename kustomize/{preprod => base}/patch-transform-imagemagick.yaml (57%) rename kustomize/{preprod => base}/patch-transform-libreoffice.yaml (57%) rename kustomize/{preprod => base}/patch-transform-misc.yaml (57%) create mode 100644 kustomize/preprod/alf-prop-config-map.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-content.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-mediation.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-metadata.yaml delete mode 100644 kustomize/preprod/patch-router.yaml diff --git a/.github/workflows/opensearch-backup.yml b/.github/workflows/opensearch-backup.yml index ac3b5e3..783804e 100644 --- a/.github/workflows/opensearch-backup.yml +++ b/.github/workflows/opensearch-backup.yml @@ -16,6 +16,7 @@ on: - test - stage - preprod + - prod jobs: backup: @@ -24,7 +25,7 @@ jobs: strategy: matrix: - environment: ${{ github.event_name == 'schedule' && fromJson('["poc," "dev", "test", "stage"]') || fromJson(format('["{0}"]', github.event.inputs.environment)) }} + environment: ${{ github.event_name == 'schedule' && fromJson('["poc", "dev", "test", "stage"]') || fromJson(format('["{0}"]', github.event.inputs.environment)) }} environment: ${{ matrix.environment }}-preapproved diff --git a/Taskfile.yml b/Taskfile.yml index e5adc76..fe93bd9 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -113,7 +113,7 @@ tasks: simple_reindex: cmds: - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=52000000" --set "toId=53000000" --namespace {{.NAMESPACE}} + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=150000000" --set "toId=200000000" --namespace {{.NAMESPACE}} reindex_list: cmds: @@ -193,7 +193,7 @@ tasks: simple_reindex_date: cmds: - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=201711280001" --set "toTime=201712280001" --namespace {{.NAMESPACE}} + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=201707030001" --set "toTime=201707121301" --namespace {{.NAMESPACE}} simple_reindex_date_metadata-only: cmds: diff --git a/jobs/reindex-list/templates/reindexing-config.yaml b/jobs/reindex-list/templates/reindexing-config.yaml index aec8c2e..1de8cb2 100644 --- a/jobs/reindex-list/templates/reindexing-config.yaml +++ b/jobs/reindex-list/templates/reindexing-config.yaml @@ -6,7 +6,7 @@ data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ - ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-transform-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} {{- if .Values.environment }} diff --git a/jobs/reindex_date/templates/reindexing-config.yaml b/jobs/reindex_date/templates/reindexing-config.yaml index 11199b1..9c1cba6 100644 --- a/jobs/reindex_date/templates/reindexing-config.yaml +++ b/jobs/reindex_date/templates/reindexing-config.yaml @@ -6,7 +6,7 @@ data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ - ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-transform-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} {{- if .Values.environment }} diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index a3547aa..332fb04 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -7,7 +7,12 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - - path: patch-live-path-indexing.yaml - - path: patch-live-metadata-indexing.yaml - - path: patch-live-content-indexing.yaml + - path: patch-live-indexing-path.yaml + - path: patch-live-indexing-metadata.yaml + - path: patch-live-indexing-mediation.yaml + - path: patch-live-indexing-content.yaml - path: patch-router.yaml + - path: patch-tika.yaml + - path: patch-transform-misc.yaml + - path: patch-transform-libreoffice.yaml + - path: patch-transform-imagemagick.yaml diff --git a/kustomize/base/patch-delete-reindexing-config-map.yaml b/kustomize/base/patch-delete-reindexing-config-map.yaml new file mode 100644 index 0000000..f46c94b --- /dev/null +++ b/kustomize/base/patch-delete-reindexing-config-map.yaml @@ -0,0 +1,5 @@ +$patch: delete +apiVersion: v1 +kind: ConfigMap +metadata: + name: alfresco-content-services-alfresco-search-enterprise-reindexing-configmap diff --git a/kustomize/base/patch-live-content-indexing.yaml b/kustomize/base/patch-live-indexing-content.yaml similarity index 77% rename from kustomize/base/patch-live-content-indexing.yaml rename to kustomize/base/patch-live-indexing-content.yaml index 8d24aa9..f28469f 100644 --- a/kustomize/base/patch-live-content-indexing.yaml +++ b/kustomize/base/patch-live-indexing-content.yaml @@ -18,6 +18,9 @@ spec: value: "60000" # 60 seconds expiry timeout - name: JAVA_OPTS value: "-Dspring.activemq.packages.trustAll=true" - # - name: INPUT_ALFRESCO_CONTENT_BATCH_EVENT_CHANNEL - # value: sjms-batch:contentstore.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/base/patch-live-mediation-indexing.yaml b/kustomize/base/patch-live-indexing-mediation.yaml similarity index 73% rename from kustomize/base/patch-live-mediation-indexing.yaml rename to kustomize/base/patch-live-indexing-mediation.yaml index d91f4df..b5dfe50 100644 --- a/kustomize/base/patch-live-mediation-indexing.yaml +++ b/kustomize/base/patch-live-indexing-mediation.yaml @@ -4,9 +4,6 @@ metadata: name: alfresco-search-enterprise-mediation spec: serviceName: alfresco-search-enterprise-mediation - selector: - matchLabels: - app: alfresco-search-enterprise-mediation strategy: type: Recreate template: @@ -24,5 +21,8 @@ spec: value: "60000" # 60 seconds expiry timeout - name: JAVA_OPTS value: "-Dspring.activemq.packages.trustAll=true" - # - name: INPUT_ALFRESCO_MEDIATION_BATCH_EVENT_CHANNEL - # value: sjms-batch:mediation.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&consumerCount=20 + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/base/patch-live-metadata-indexing.yaml b/kustomize/base/patch-live-indexing-metadata.yaml similarity index 77% rename from kustomize/base/patch-live-metadata-indexing.yaml rename to kustomize/base/patch-live-indexing-metadata.yaml index 3d93309..ae99a76 100644 --- a/kustomize/base/patch-live-metadata-indexing.yaml +++ b/kustomize/base/patch-live-indexing-metadata.yaml @@ -18,5 +18,8 @@ spec: value: "60000" # 60 seconds expiry timeout - name: JAVA_OPTS value: "-Dspring.activemq.packages.trustAll=true" - # - name: INPUT_ALFRESCO_METADATA_BATCH_EVENT_CHANNEL - # value: sjms-batch:metadata.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/preprod/patch-live-indexing-path.yaml b/kustomize/base/patch-live-indexing-path.yaml similarity index 53% rename from kustomize/preprod/patch-live-indexing-path.yaml rename to kustomize/base/patch-live-indexing-path.yaml index d4f1798..5690f65 100644 --- a/kustomize/preprod/patch-live-indexing-path.yaml +++ b/kustomize/base/patch-live-indexing-path.yaml @@ -8,5 +8,10 @@ spec: containers: - name: alfresco-search-enterprise-path env: + - name: JAVA_OPTS + value: "-Dspring.activemq.packages.trustAll=true" - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/base/patch-live-path-indexing.yaml b/kustomize/base/patch-live-path-indexing.yaml deleted file mode 100644 index 14baae9..0000000 --- a/kustomize/base/patch-live-path-indexing.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-path -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-path - env: - # - name: SPRING_ACTIVEMQ_POOL_ENABLED - # value: "true" - # - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS - # value: "100" - # - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT - # value: "30000" # 30 seconds idle timeout - # - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT - # value: "60000" # 60 seconds expiry timeout - - name: JAVA_OPTS - value: "-Dspring.activemq.packages.trustAll=true" - # - name: INPUT_ALFRESCO_PATH_BATCH_EVENT_CHANNEL - # value: sjms-batch:path.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 diff --git a/kustomize/base/patch-router.yaml b/kustomize/base/patch-router.yaml index ac1e81e..d557fc5 100644 --- a/kustomize/base/patch-router.yaml +++ b/kustomize/base/patch-router.yaml @@ -16,3 +16,8 @@ spec: value: "30000" # 30 seconds idle timeout - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT value: "60000" # 60 seconds expiry timeout + - name: FILE_STORE_URL + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/preprod/patch-tika.yaml b/kustomize/base/patch-tika.yaml similarity index 56% rename from kustomize/preprod/patch-tika.yaml rename to kustomize/base/patch-tika.yaml index 547125a..0d2c6ce 100644 --- a/kustomize/preprod/patch-tika.yaml +++ b/kustomize/base/patch-tika.yaml @@ -9,4 +9,7 @@ spec: - name: alfresco-transform-service env: - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/preprod/patch-transform-imagemagick.yaml b/kustomize/base/patch-transform-imagemagick.yaml similarity index 57% rename from kustomize/preprod/patch-transform-imagemagick.yaml rename to kustomize/base/patch-transform-imagemagick.yaml index 3819ee0..cf9a79c 100644 --- a/kustomize/preprod/patch-transform-imagemagick.yaml +++ b/kustomize/base/patch-transform-imagemagick.yaml @@ -9,4 +9,8 @@ spec: - name: alfresco-transform-service env: - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API + diff --git a/kustomize/preprod/patch-transform-libreoffice.yaml b/kustomize/base/patch-transform-libreoffice.yaml similarity index 57% rename from kustomize/preprod/patch-transform-libreoffice.yaml rename to kustomize/base/patch-transform-libreoffice.yaml index c3ffa1f..1b87228 100644 --- a/kustomize/preprod/patch-transform-libreoffice.yaml +++ b/kustomize/base/patch-transform-libreoffice.yaml @@ -9,4 +9,7 @@ spec: - name: alfresco-transform-service env: - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/preprod/patch-transform-misc.yaml b/kustomize/base/patch-transform-misc.yaml similarity index 57% rename from kustomize/preprod/patch-transform-misc.yaml rename to kustomize/base/patch-transform-misc.yaml index 58b0f3c..c7b5611 100644 --- a/kustomize/preprod/patch-transform-misc.yaml +++ b/kustomize/base/patch-transform-misc.yaml @@ -9,4 +9,7 @@ spec: - name: alfresco-transform-service env: - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/base/values703.yaml b/kustomize/base/values703.yaml index d37ff22..abb37a1 100644 --- a/kustomize/base/values703.yaml +++ b/kustomize/base/values703.yaml @@ -142,7 +142,7 @@ alfresco-repository: # image: set by environment values file configuration: repository: - existingConfigMap: repository + existingConfigMap: alf-prop-config-map existingSecrets: - name: alfresco-license key: Alfresco-ent73-NOMSNationalOffenderManagementService-Expires10.03.2025.lic @@ -181,7 +181,7 @@ alfresco-repository: persistence: # -- Persist repository data enabled: false - baseSize: 20Gi + baseSize: 100Gi # -- Specify a storageClass for dynamic provisioning accessModes: - ReadWriteOnce diff --git a/kustomize/preprod/alf-prop-config-map.yaml b/kustomize/preprod/alf-prop-config-map.yaml new file mode 100644 index 0000000..8e9a9e6 --- /dev/null +++ b/kustomize/preprod/alf-prop-config-map.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alf-prop-config-map +data: + alfresco-global.properties: | + deployment.method=HELM_CHART + alfresco.cluster.enabled=true + alfresco.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + alfresco.protocol=https + alfresco.port=443 + aos.baseUrlOverwrite=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + csrf.filter.origin=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + csrf.filter.referer=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/.* + share.protocol=https + share.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + share.port=443 + local.transform.service.enabled=true + transform.service.enabled=false + localTransform.core-aio.url= + localTransform.pdfrenderer.url=http://alfresco-content-services-pdfrenderer + localTransform.imagemagick.url=http://alfresco-content-services-imagemagick + localTransform.libreoffice.url=http://alfresco-content-services-libreoffice + localTransform.tika.url=http://alfresco-content-services-tika + localTransform.misc.url=http://alfresco-content-services-transform-misc + events.subsystem.autoStart=false + + #Zaizi additions + zaizi.noms.root.folder=NOMS + zaizi.noms.crn.pattern=([A-Z])([0-9]{3})([0-9]{3}) + zaizi.noms.invalidCharacters=\\/:*\"\"<>|?!$#%^& + + spg.ndelius.users=N00 + spg.crc.users=C01,C02,C03,C04,C05,C06,C07,C08,C09,C10,C11,C12,C13,C14,C15,C16,C17,C18,C19,C20,C21,C22,C23 + + # The User to Schema Cache + cache.spgUserToSchemaVersionCache.tx.maxItems=100 + cache.spgUserToSchemaVersionCache.tx.statsEnabled=${caches.tx.statsEnabled} + cache.spgUserToSchemaVersionCache.maxItems=500 + cache.spgUserToSchemaVersionCache.timeToLiveSeconds=0 + cache.spgUserToSchemaVersionCache.maxIdleSeconds=0 + cache.spgUserToSchemaVersionCache.cluster.type=local + cache.spgUserToSchemaVersionCache.backup-count=1 + cache.spgUserToSchemaVersionCache.eviction-policy=LRU + cache.spgUserToSchemaVersionCache.eviction-percentage=25 + cache.spgUserToSchemaVersionCache.merge-policy=hz.ADD_NEW_ENTRY + cache.spgUserToSchemaVersionCache.readBackupData=false + cache.spgUserToSchemaVersionCache.cluster.type=invalidating + + # Notify when a messaging to be sent to MPX taking morethan specified time. Value is in milliseconds. + message.mpx.log.messageSendingTakenMorethan=1000 + + zaizi.noms.mpx.schema.version=0-9-9 + zaizi.noms.mpx.schema.date=2016-09-05 + messaging.events.nspg.schema=classpath:SPG-XML_Message_Root-V0-9-9.xsd + + zaizi.noms.mpx.schema2.version=0-9-10 + zaizi.noms.mpx.schema2.date=2017-03-30 + messaging.events.nspg2.schema=classpath:SPG-XML_Message_Root-V0-9-10-2.xsd + + zaizi.noms.mpx.schema.911.version=0-9-11 + zaizi.noms.mpx.schema.911.date=2017-09-04 + messaging.events.nspg.911.schema=classpath:SPG-XML_Message_Root-V0-9-11.xsd + + zaizi.noms.mpx.schema.912.version=0-9-12 + zaizi.noms.mpx.schema.912.date=2017-12-05 + messaging.events.nspg.912.schema=classpath:SPG-XML_Message_Root-V0-9-12.xsd + + zaizi.noms.mpx.schema.913.version=0-9-13 + zaizi.noms.mpx.schema.913.date=2018-02-08 + messaging.events.nspg.913.schema=classpath:SPG-XML_Message_Root-V0-9-13.xsd + + zaizi.noms.mpx.schema.914.version=0-9-14 + zaizi.noms.mpx.schema.914.date=2019-10-21 + messaging.events.nspg.914.schema=classpath:SPG-XML_Message_Root-V0-9-14.xsd + + # NSPG Administration Groups Patch + patch.nspg.administration.deferred=false + patch.nspg.administration.roles.cronExpression=0 0 0 ? 1 1 2030 + patch.nspg.administration.roles.startDelay=0 diff --git a/kustomize/preprod/kustomization.yaml b/kustomize/preprod/kustomization.yaml index 9625ecc..2630a5e 100644 --- a/kustomize/preprod/kustomization.yaml +++ b/kustomize/preprod/kustomization.yaml @@ -3,18 +3,10 @@ kind: Kustomization resources: - ../base + - alf-prop-config-map.yaml patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - # - path: patch-live-indexing-path.yaml - # - path: patch-live-indexing-content.yaml - # - path: patch-live-indexing-mediation.yaml - # - path: patch-live-indexing-metadata.yaml - - path: patch-router.yaml - - path: patch-tika.yaml - - path: patch-transform-misc.yaml - - path: patch-transform-libreoffice.yaml - - path: patch-transform-imagemagick.yaml - path: patch-infra-config-map.yaml diff --git a/kustomize/preprod/patch-infra-config-map.yaml b/kustomize/preprod/patch-infra-config-map.yaml index 3ec98b6..1deb375 100644 --- a/kustomize/preprod/patch-infra-config-map.yaml +++ b/kustomize/preprod/patch-infra-config-map.yaml @@ -3,4 +3,5 @@ kind: ConfigMap metadata: name: alfresco-infrastructure data: - SFS_URL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ + SFS_URL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/ + SFS_URL_API: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-ingress-repository.yaml b/kustomize/preprod/patch-ingress-repository.yaml index 34b3ff0..7ff5f4e 100644 --- a/kustomize/preprod/patch-ingress-repository.yaml +++ b/kustomize/preprod/patch-ingress-repository.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-repository annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" spec: rules: - host: hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/preprod/patch-ingress-share.yaml b/kustomize/preprod/patch-ingress-share.yaml index 2f22313..d896720 100644 --- a/kustomize/preprod/patch-ingress-share.yaml +++ b/kustomize/preprod/patch-ingress-share.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-share annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" spec: rules: - host: share.hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/preprod/patch-live-indexing-content.yaml b/kustomize/preprod/patch-live-indexing-content.yaml deleted file mode 100644 index 7c071b1..0000000 --- a/kustomize/preprod/patch-live-indexing-content.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-content -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-content - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-mediation.yaml b/kustomize/preprod/patch-live-indexing-mediation.yaml deleted file mode 100644 index 2696c33..0000000 --- a/kustomize/preprod/patch-live-indexing-mediation.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: alfresco-search-enterprise-mediation -spec: - serviceName: alfresco-search-enterprise-mediation - selector: - matchLabels: - app: alfresco-search-enterprise-mediation - template: - spec: - containers: - - name: alfresco-search-enterprise-mediation - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-metadata.yaml b/kustomize/preprod/patch-live-indexing-metadata.yaml deleted file mode 100644 index 107f989..0000000 --- a/kustomize/preprod/patch-live-indexing-metadata.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-metadata -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-metadata - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-router.yaml b/kustomize/preprod/patch-router.yaml deleted file mode 100644 index 5fccf66..0000000 --- a/kustomize/preprod/patch-router.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-transform-router -spec: - template: - spec: - containers: - - name: alfresco-transform-service - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/values.yaml b/kustomize/preprod/values.yaml index 2babfb0..087760a 100644 --- a/kustomize/preprod/values.yaml +++ b/kustomize/preprod/values.yaml @@ -29,16 +29,28 @@ share: replicaCount: 1 image: repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share - tag: release_7.3.2_elasticsearch-r5.0.2-share-latest + tag: release_7.3.2_elasticsearch-r5.0.2-chart-7.0.3-share-latest externalProtocol: https externalPort: 443 +alfresco-search-enterprise: + liveIndexing: + # set in value-versions yaml + content: + replicaCount: 4 + metadata: + replicaCount: 2 + mediation: + replicaCount: 2 alfresco-transform-service: tika: - replicaCount: 4 + replicaCount: 6 resources: + requests: + cpu: "0.5" + memory: "2048Mi" limits: - cpu: 2 - memory: 4Gi + cpu: "2" + memory: "4096Mi" transformrouter: replicaCount: 8 resources: diff --git a/tools/utils/Dockerfile b/tools/utils/Dockerfile index f6ae61f..e859b34 100644 --- a/tools/utils/Dockerfile +++ b/tools/utils/Dockerfile @@ -1,7 +1,7 @@ FROM debian:bookworm-slim # Install utils -RUN apt-get update && apt-get install -y curl jq +RUN apt-get update && apt-get install -y curl jq awscli # Create a non-root user and set the home directory RUN useradd -u 999 -ms /bin/bash job From 49830d0341f6b75362529ed992b38a6fc440d02f Mon Sep 17 00:00:00 2001 From: George Taylor Date: Tue, 7 Jan 2025 11:02:12 +0000 Subject: [PATCH 08/17] Update migrate-s3.yaml --- .github/workflows/migrate-s3.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/migrate-s3.yaml b/.github/workflows/migrate-s3.yaml index c5fb068..c5777ce 100644 --- a/.github/workflows/migrate-s3.yaml +++ b/.github/workflows/migrate-s3.yaml @@ -73,6 +73,11 @@ jobs: cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/contentstore.deleted,//')\ # remove `contentstore.deleted` from cleaned_prefixes if at the end of the list cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/contentstore.deleted//') + ## None occurs when a file is at the root of the bucket or level 1 directory + # remove None from cleaned_prefixes if at the end of the list + cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/None//') + # remove None from cleaned_prefixes with comma if in list + cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/None,//') DIRS="" IFS=',' From 290f200340f13b845d4159898153aef3994e7372 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Tue, 7 Jan 2025 11:03:50 +0000 Subject: [PATCH 09/17] Update migrate-s3.yaml --- .github/workflows/migrate-s3.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/migrate-s3.yaml b/.github/workflows/migrate-s3.yaml index c5777ce..8a9f96b 100644 --- a/.github/workflows/migrate-s3.yaml +++ b/.github/workflows/migrate-s3.yaml @@ -73,7 +73,7 @@ jobs: cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/contentstore.deleted,//')\ # remove `contentstore.deleted` from cleaned_prefixes if at the end of the list cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/contentstore.deleted//') - ## None occurs when a file is at the root of the bucket or level 1 directory + # None occurs when a file is at the root of the bucket or level 1 directory # remove None from cleaned_prefixes if at the end of the list cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/None//') # remove None from cleaned_prefixes with comma if in list From a8806db8ca4b6fc0806d90f2b86f1888c8d6bfe6 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Tue, 7 Jan 2025 11:06:35 +0000 Subject: [PATCH 10/17] Update migrate-s3.yaml --- .github/workflows/migrate-s3.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/migrate-s3.yaml b/.github/workflows/migrate-s3.yaml index 8a9f96b..79a1038 100644 --- a/.github/workflows/migrate-s3.yaml +++ b/.github/workflows/migrate-s3.yaml @@ -70,7 +70,7 @@ jobs: cleaned_prefixes=$(echo $prefixes | tr -s '[:space:]' ',' | sed 's/[,/]*$//') # remove `contentstore.deleted/` from cleaned_prefixes with comma if in list - cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/contentstore.deleted,//')\ + cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/contentstore.deleted,//') # remove `contentstore.deleted` from cleaned_prefixes if at the end of the list cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/contentstore.deleted//') # None occurs when a file is at the root of the bucket or level 1 directory From 5c25e331af4d84ce4fa2d1ed01544f136a556506 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Tue, 7 Jan 2025 11:09:58 +0000 Subject: [PATCH 11/17] Update migrate-s3.yaml --- .github/workflows/migrate-s3.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/migrate-s3.yaml b/.github/workflows/migrate-s3.yaml index 79a1038..ab30cc0 100644 --- a/.github/workflows/migrate-s3.yaml +++ b/.github/workflows/migrate-s3.yaml @@ -69,15 +69,12 @@ jobs: # remove all spaces and put one comma between prefixes cleaned_prefixes=$(echo $prefixes | tr -s '[:space:]' ',' | sed 's/[,/]*$//') - # remove `contentstore.deleted/` from cleaned_prefixes with comma if in list - cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/contentstore.deleted,//') - # remove `contentstore.deleted` from cleaned_prefixes if at the end of the list - cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/contentstore.deleted//') # None occurs when a file is at the root of the bucket or level 1 directory - # remove None from cleaned_prefixes if at the end of the list - cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/None//') # remove None from cleaned_prefixes with comma if in list cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/None,//') + # remove None from cleaned_prefixes if at the end of the list + cleaned_prefixes=$(echo $cleaned_prefixes | sed 's/None//') + DIRS="" IFS=',' From 174818d7002b88db9006f5c53e0344ead65bd7ed Mon Sep 17 00:00:00 2001 From: George Taylor Date: Tue, 7 Jan 2025 11:13:31 +0000 Subject: [PATCH 12/17] Update migrate-s3.yaml --- .github/workflows/migrate-s3.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/migrate-s3.yaml b/.github/workflows/migrate-s3.yaml index ab30cc0..ef1f7be 100644 --- a/.github/workflows/migrate-s3.yaml +++ b/.github/workflows/migrate-s3.yaml @@ -95,7 +95,4 @@ jobs: --set srcBucket=$SRC_BUCKET \ --set "directories={${DIRS}}" - kubectl wait jobs -l name-prefix=migrate-s3 --for=condition=complete --timeout 10h - - - name: Uninstall S3 Refresh chart - run: helm uninstall migrate-s3 --ignore-not-found + kubectl wait jobs -l name-prefix=migrate-s3 --for=condition=ready --timeout 10m From 1ea385a7d4a2f96a9f7da7dcd6d35ef36e5729fb Mon Sep 17 00:00:00 2001 From: George Taylor Date: Tue, 7 Jan 2025 11:26:43 +0000 Subject: [PATCH 13/17] add labels --- jobs/migrate-db/templates/job.yaml | 2 ++ jobs/migrate-s3/templates/job.yaml | 2 ++ jobs/refresh-db/templates/job.yaml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/jobs/migrate-db/templates/job.yaml b/jobs/migrate-db/templates/job.yaml index 02e685c..2a6f9e1 100644 --- a/jobs/migrate-db/templates/job.yaml +++ b/jobs/migrate-db/templates/job.yaml @@ -28,6 +28,8 @@ apiVersion: batch/v1 kind: Job metadata: name: migrate-db + labels: + name-prefix: migrate-db spec: template: spec: diff --git a/jobs/migrate-s3/templates/job.yaml b/jobs/migrate-s3/templates/job.yaml index 1e88b13..d4616bf 100644 --- a/jobs/migrate-s3/templates/job.yaml +++ b/jobs/migrate-s3/templates/job.yaml @@ -20,6 +20,8 @@ apiVersion: batch/v1 kind: Job metadata: name: migrate-s3-{{ . | toString | replace "/" "-" | replace "." "" | trimSuffix "-" }} + labels: + name-prefix: migrate-s3 spec: template: spec: diff --git a/jobs/refresh-db/templates/job.yaml b/jobs/refresh-db/templates/job.yaml index 1d3a837..d739544 100644 --- a/jobs/refresh-db/templates/job.yaml +++ b/jobs/refresh-db/templates/job.yaml @@ -43,6 +43,8 @@ apiVersion: batch/v1 kind: Job metadata: name: refresh-db + labels: + name-prefix: refresh-db spec: template: spec: From 8ea3ccac8185b02cea77fe4b155e99eb7275b38d Mon Sep 17 00:00:00 2001 From: George Taylor Date: Tue, 7 Jan 2025 17:02:58 +0000 Subject: [PATCH 14/17] chore: tidy the task file --- Taskfile.yml | 227 ++------------------ kustomize/base/values703.yaml | 4 +- kustomize/dev/patch-ingress-repository.yaml | 2 +- kustomize/dev/patch-ingress-share.yaml | 2 +- kustomize/dev/values.yaml | 9 +- 5 files changed, 29 insertions(+), 215 deletions(-) diff --git a/Taskfile.yml b/Taskfile.yml index 236af38..dcc5c09 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -2,6 +2,10 @@ version: "3" vars: ENV: "{{.ENV}}" + FROM_ID: "{{.FROM_ID}}" + TO_ID: "{{.TO_ID}}" + FROM_DATE: "{{.FROM_DATE}}" + TO_DATE: "{{.TO_DATE}}" NAMESPACE: sh: if [ "{{.ENV}}" = "poc" ]; then echo "hmpps-delius-alfrsco-{{.ENV}}"; else echo "hmpps-delius-alfresco-{{.ENV}}"; fi BUCKET_NAME: @@ -30,6 +34,7 @@ vars: CHART_VERSION: "7.0.3" tasks: + # Perform a helm upgrade on the alfresco-content-services chart helm_upgrade: cmds: - echo "NAMESPACE set to {{.NAMESPACE}}" @@ -110,221 +115,27 @@ tasks: - yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i patch-ingress-repository.yaml - yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i patch-ingress-share.yaml - simple_reindex: + # reindexes by id from the FROM_ID to the TO_ID + # ID FORMAT: alf-node id + reindex_by_id: cmds: - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=350000000" --set "toId=400000000" --namespace {{.NAMESPACE}} + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId={{.FROM_ID}}" --set "toId={{.TO_ID}}" --namespace {{.NAMESPACE}} - reindex_list: + # reindexes by date from the FROM_DATE to the TO_DATE + # DATE FORMAT: YYYYMMDDHHMM + reindex_by_date: cmds: - | - # Set your batch size (you can adjust this number as needed) - BATCH_SIZE=40 + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime={{.FROM_DATE}}" --set "toTime={{.TO_DATE}}" --namespace {{.NAMESPACE}} - # Path to your JSON file containing the list of IDs - JSON_FILE="ids.json" + # reindex_by_date_metadata-only: + # cmds: + # - | + # helm install "reindex-default-date-meta" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=202402010100" --set "toTime=202402100100" --set "content=false" --namespace {{.NAMESPACE}} - RANDOM_ID=$(openssl rand -hex 4) - - # Function to create Helm job for a given batch of IDs - create_helm_job() { - # Concatenate the batch of IDs into a comma-separated string - # $1, $2, ... represent individual IDs - local idList="" - for id in "$@"; do - if [ -z "$idList" ]; then - idList="$id" - else - idList="$idList,$id" - fi - done - - # Debugging: print the batch being passed - echo "Creating job for IDs: $idList" # This will show only the batch, not the whole list - - # Run Helm command to create the job with the current batch of IDs - helm upgrade --install "reindex-list-${RANDOM_ID}" \ - --set "idList={${idList}}" \ - --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" \ - --set "global.namespace={{.NAMESPACE}}" \ - ./jobs/reindex-list \ - --namespace "{{.NAMESPACE}}" - echo "Waiting for the jobs to complete..." - kubectl wait --for=condition=complete job --namespace {{.NAMESPACE}} -l "reindex-type=list" --timeout=10h || echo "Jobs completed!" - echo "Jobs completed!" - } - - # Parse the list of IDs from the JSON file using jq - # The IDs will be saved as a space-separated list into the 'ids' variable - ids=$(jq -r '.list[]' "$JSON_FILE") - - # Initialize the index for processing - index=0 - - # Loop over the IDs and create jobs in batches - for id in $ids; do - # Add the current ID to the current batch - batch[$index]="$id" - index=$((index + 1)) - - # If the batch reaches the specified batch size, process it - if [ "$index" -ge "$BATCH_SIZE" ]; then - # Create the Helm job for the current batch - create_helm_job "${batch[@]}" - - # Reset the batch for the next set of IDs - index=0 - unset batch - # kubectl wait --for=condition=complete job --namespace {{.NAMESPACE}} -l "reindex-type=list" --timeout=10h || echo "Jobs completed!" - helm uninstall "reindex-list-${RANDOM_ID}" --namespace {{.NAMESPACE}} - fi - done - - # If there are any remaining IDs (less than BATCH_SIZE), create the last job - if [ "$index" -gt 0 ]; then - create_helm_job "${batch[@]}" - fi - - echo "All jobs have been created!" - echo "Cleaning up..." - helm uninstall "reindex-list-${RANDOM_ID}" --namespace {{.NAMESPACE}} - echo "Cleanup complete!" - - simple_reindex_date: - cmds: - - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=201707030001" --set "toTime=201707121301" --namespace {{.NAMESPACE}} - - simple_reindex_date_metadata-only: - cmds: - - | - helm install "reindex-default-date-meta" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=202402010100" --set "toTime=202402100100" --set "content=false" --namespace {{.NAMESPACE}} - - batch_reindex: - vars: - START: "{{.START | default 0}}" - END: "{{.END | default 10050}}" - CHUNK: "{{.CHUNK | default 1000}}" - CONCURRENCY: "{{.CONCURRENCY | default 5}}" - ARRAY: - sh: | - arr=$( - for i in $(seq -f "%.0f" {{.START}} {{.CHUNK}} {{.END}}); do - new_start=$i - end=$((i + {{.CHUNK}} - 1)) - if [ $end -gt {{.END}} ]; then - end={{.END}} - fi - cat << EOF - ${new_start}-${end} - EOF - done - ) - echo "$arr" - cmds: - - echo "Starting batch reindex from {{.START}} to {{.END}} in chunks of {{.CHUNK}}" - - task: run_reindex_batches - vars: - OPENSEARCH_HOST: "{{.OPENSEARCH_HOST}}" - NAMESPACE: "{{.NAMESPACE}}" - ARRAY: "{{.ARRAY}}" - CONCURRENCY: "{{.CONCURRENCY}}" - - task: reindex_helm_cleanup - vars: - NAMESPACE: "{{.NAMESPACE}}" - - run_reindex_batches: - cmds: - - | - pending="{{.ARRAY}}" - # count the number of items - total_items=$(echo "$pending" | wc -l) - echo "Total items: $total_items" - - previous_completed=$(cat completed.txt) || true - if [ -z "$previous_completed" ]; then - echo "No previous completed items" - else - echo "Count of previous completed items: $(echo "$previous_completed" | wc -l)" - fi - - # remove the completed items from the pending list - for item in $previous_completed; do - pending=$(echo "$pending" | grep -v "$item") - done - - total_items=$(echo "$pending" | wc -l) - echo "Total items: $total_items" - - - started=() - completed=() - - # while pending is not empty - while [ -n "$pending" ]; do - # echo "Pending: $pending" - # Get the first item - item=$(echo "$pending" | head -n 1) - echo "Processing item: $item" - - # Get the start and end values - start=$(echo "$item" | cut -d '-' -f 1) - end=$(echo "$item" | cut -d '-' -f 2) - echo "Start: $start, End: $end" - - # check the number of jobs running - running_jobs=$(kubectl get jobs --namespace {{.NAMESPACE}} -l "reindex-job" -o json | jq '.items | length') - echo "Running jobs: $running_jobs" - if [ $running_jobs -ge {{.CONCURRENCY}} ]; then - echo "No available slots, waiting for 5 seconds" - sleep 5 - else - echo "Found at least 1 available slot!" - echo "Available slots left: $(({{.CONCURRENCY}} - $running_jobs))" - # run the job - echo "helm install reindex-${start}-${end} ./jobs/reindex --set global.elasticsearch.host={{.OPENSEARCH_HOST}} --set fromId=${start} --set toId=${end} --namespace {{.NAMESPACE}}" - helm install "reindex-${start}-${end}" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=${start}" --set "toId=${end}" --namespace {{.NAMESPACE}} - # Remove the item from the list - pending=$(echo "$pending" | tail -n +2) - fi - - # check for completed jobs - completed_jobs=$(kubectl get jobs --namespace {{.NAMESPACE}} -l "reindex-job" -o json | jq -r '.items[] | select(.status.succeeded == 1) | .metadata.labels["reindex-job"]') - if [ -z "$completed_jobs" ]; then - echo "No completed jobs" - else - echo "Completed jobs: $completed_jobs" - echo "$completed_jobs" | while IFS= read -r job; do - echo "Processing completed job: $job" - completed+=("$job") - echo "$job" >> completed.txt - echo "Job $job completed" - helm uninstall "reindex-$job" --namespace {{.NAMESPACE}} - done - fi - done - - reindex_helm_cleanup: - cmds: - - | - # wait for all jobs to complete - kubectl wait --for=condition=complete jobs --namespace {{.NAMESPACE}} -l "reindex-job" --timeout=4h - - completed_jobs=$(kubectl get jobs --namespace {{.NAMESPACE}} -l "reindex-job" -o json | jq -r '.items[] | select(.status.succeeded == 1) | .metadata.labels["reindex-job"]') - if [ -z "$completed_jobs" ]; then - echo "No completed jobs" - else - echo "Completed jobs: $completed_jobs" - echo "$completed_jobs" | while IFS= read -r job; do - echo "Processing completed job: $job" - completed+=("$job") - echo "$job" >> completed.txt - echo "Job $job completed" - helm uninstall "reindex-$job" --namespace {{.NAMESPACE}} - done - fi - - helm_bulk_uninstall: + # uninstalls all helm releases with the prefix + helm_uninstall_prefix: vars: PREFIX: "{{.PREFIX}}" cmds: diff --git a/kustomize/base/values703.yaml b/kustomize/base/values703.yaml index abb37a1..183126e 100644 --- a/kustomize/base/values703.yaml +++ b/kustomize/base/values703.yaml @@ -193,9 +193,9 @@ activemq: nodeSelector: {} adminUser: # -- Default username for the embedded broker admin user - user: admin + user: null # -- Default password for the embedded broker admin user - password: admin + password: null existingSecretName: amazon-mq-broker-secret existingSecretName: null alfresco-connector-ms365: diff --git a/kustomize/dev/patch-ingress-repository.yaml b/kustomize/dev/patch-ingress-repository.yaml index d950e3d..bacc9c7 100644 --- a/kustomize/dev/patch-ingress-repository.yaml +++ b/kustomize/dev/patch-ingress-repository.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-cs-repository annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-dev-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + nginx.ingress.kubernetes.io/whitelist-source-range: "3.11.29.246,18.130.165.209,35.178.35.115,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32" spec: rules: - host: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/dev/patch-ingress-share.yaml b/kustomize/dev/patch-ingress-share.yaml index 7976e2d..7cf0e58 100644 --- a/kustomize/dev/patch-ingress-share.yaml +++ b/kustomize/dev/patch-ingress-share.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-cs-share annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-dev-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + nginx.ingress.kubernetes.io/whitelist-source-range: "3.11.29.246,18.130.165.209,35.178.35.115,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32" spec: rules: - host: share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/dev/values.yaml b/kustomize/dev/values.yaml index 8ba33fd..b777203 100644 --- a/kustomize/dev/values.yaml +++ b/kustomize/dev/values.yaml @@ -1,5 +1,5 @@ # this file overrides values defined in ./values.yaml -repository: +alfresco-repository: replicaCount: 2 image: tag: release_7.3.2_elasticsearch-r5.0.2-content-latest @@ -7,6 +7,9 @@ share: replicaCount: 1 image: tag: release_7.3.2_elasticsearch-r5.0.2-share-latest -externalHost: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk -externalProtocol: https externalPort: 443 +global: + known_urls: + - https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + - https://share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + - https://alf-sfs.dev.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk From eaf90694f18e50e00cab88cc665498a7498b7635 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Tue, 7 Jan 2025 20:35:37 +0000 Subject: [PATCH 15/17] chore: add dev --- Taskfile.yml | 10 +-- .../base/{values.yaml => values.yaml.old} | 0 kustomize/dev/alf-prop-config-map.yaml | 80 +++++++++++++++++++ kustomize/dev/kustomization.yaml | 2 + kustomize/dev/patch-infra-config-map.yaml | 7 ++ kustomize/dev/patch-ingress-repository.yaml | 10 +-- kustomize/dev/patch-ingress-share.yaml | 10 +-- kustomize/dev/values.yaml | 10 ++- kustomize/preprod/alf-prop-config-map.yaml | 16 ++-- 9 files changed, 117 insertions(+), 28 deletions(-) rename kustomize/base/{values.yaml => values.yaml.old} (100%) create mode 100644 kustomize/dev/alf-prop-config-map.yaml create mode 100644 kustomize/dev/patch-infra-config-map.yaml diff --git a/Taskfile.yml b/Taskfile.yml index dcc5c09..1821cd6 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -2,10 +2,8 @@ version: "3" vars: ENV: "{{.ENV}}" - FROM_ID: "{{.FROM_ID}}" - TO_ID: "{{.TO_ID}}" - FROM_DATE: "{{.FROM_DATE}}" - TO_DATE: "{{.TO_DATE}}" + FROM: "{{.FROM}}" + TO: "{{.TO}}" NAMESPACE: sh: if [ "{{.ENV}}" = "poc" ]; then echo "hmpps-delius-alfrsco-{{.ENV}}"; else echo "hmpps-delius-alfresco-{{.ENV}}"; fi BUCKET_NAME: @@ -120,14 +118,14 @@ tasks: reindex_by_id: cmds: - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId={{.FROM_ID}}" --set "toId={{.TO_ID}}" --namespace {{.NAMESPACE}} + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId={{.FROM}}" --set "toId={{.TO}}" --namespace {{.NAMESPACE}} # reindexes by date from the FROM_DATE to the TO_DATE # DATE FORMAT: YYYYMMDDHHMM reindex_by_date: cmds: - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime={{.FROM_DATE}}" --set "toTime={{.TO_DATE}}" --namespace {{.NAMESPACE}} + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime={{.FROM}}" --set "toTime={{.TO}}" --namespace {{.NAMESPACE}} # reindex_by_date_metadata-only: # cmds: diff --git a/kustomize/base/values.yaml b/kustomize/base/values.yaml.old similarity index 100% rename from kustomize/base/values.yaml rename to kustomize/base/values.yaml.old diff --git a/kustomize/dev/alf-prop-config-map.yaml b/kustomize/dev/alf-prop-config-map.yaml new file mode 100644 index 0000000..8e9a9e6 --- /dev/null +++ b/kustomize/dev/alf-prop-config-map.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alf-prop-config-map +data: + alfresco-global.properties: | + deployment.method=HELM_CHART + alfresco.cluster.enabled=true + alfresco.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + alfresco.protocol=https + alfresco.port=443 + aos.baseUrlOverwrite=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + csrf.filter.origin=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + csrf.filter.referer=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/.* + share.protocol=https + share.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + share.port=443 + local.transform.service.enabled=true + transform.service.enabled=false + localTransform.core-aio.url= + localTransform.pdfrenderer.url=http://alfresco-content-services-pdfrenderer + localTransform.imagemagick.url=http://alfresco-content-services-imagemagick + localTransform.libreoffice.url=http://alfresco-content-services-libreoffice + localTransform.tika.url=http://alfresco-content-services-tika + localTransform.misc.url=http://alfresco-content-services-transform-misc + events.subsystem.autoStart=false + + #Zaizi additions + zaizi.noms.root.folder=NOMS + zaizi.noms.crn.pattern=([A-Z])([0-9]{3})([0-9]{3}) + zaizi.noms.invalidCharacters=\\/:*\"\"<>|?!$#%^& + + spg.ndelius.users=N00 + spg.crc.users=C01,C02,C03,C04,C05,C06,C07,C08,C09,C10,C11,C12,C13,C14,C15,C16,C17,C18,C19,C20,C21,C22,C23 + + # The User to Schema Cache + cache.spgUserToSchemaVersionCache.tx.maxItems=100 + cache.spgUserToSchemaVersionCache.tx.statsEnabled=${caches.tx.statsEnabled} + cache.spgUserToSchemaVersionCache.maxItems=500 + cache.spgUserToSchemaVersionCache.timeToLiveSeconds=0 + cache.spgUserToSchemaVersionCache.maxIdleSeconds=0 + cache.spgUserToSchemaVersionCache.cluster.type=local + cache.spgUserToSchemaVersionCache.backup-count=1 + cache.spgUserToSchemaVersionCache.eviction-policy=LRU + cache.spgUserToSchemaVersionCache.eviction-percentage=25 + cache.spgUserToSchemaVersionCache.merge-policy=hz.ADD_NEW_ENTRY + cache.spgUserToSchemaVersionCache.readBackupData=false + cache.spgUserToSchemaVersionCache.cluster.type=invalidating + + # Notify when a messaging to be sent to MPX taking morethan specified time. Value is in milliseconds. + message.mpx.log.messageSendingTakenMorethan=1000 + + zaizi.noms.mpx.schema.version=0-9-9 + zaizi.noms.mpx.schema.date=2016-09-05 + messaging.events.nspg.schema=classpath:SPG-XML_Message_Root-V0-9-9.xsd + + zaizi.noms.mpx.schema2.version=0-9-10 + zaizi.noms.mpx.schema2.date=2017-03-30 + messaging.events.nspg2.schema=classpath:SPG-XML_Message_Root-V0-9-10-2.xsd + + zaizi.noms.mpx.schema.911.version=0-9-11 + zaizi.noms.mpx.schema.911.date=2017-09-04 + messaging.events.nspg.911.schema=classpath:SPG-XML_Message_Root-V0-9-11.xsd + + zaizi.noms.mpx.schema.912.version=0-9-12 + zaizi.noms.mpx.schema.912.date=2017-12-05 + messaging.events.nspg.912.schema=classpath:SPG-XML_Message_Root-V0-9-12.xsd + + zaizi.noms.mpx.schema.913.version=0-9-13 + zaizi.noms.mpx.schema.913.date=2018-02-08 + messaging.events.nspg.913.schema=classpath:SPG-XML_Message_Root-V0-9-13.xsd + + zaizi.noms.mpx.schema.914.version=0-9-14 + zaizi.noms.mpx.schema.914.date=2019-10-21 + messaging.events.nspg.914.schema=classpath:SPG-XML_Message_Root-V0-9-14.xsd + + # NSPG Administration Groups Patch + patch.nspg.administration.deferred=false + patch.nspg.administration.roles.cronExpression=0 0 0 ? 1 1 2030 + patch.nspg.administration.roles.startDelay=0 diff --git a/kustomize/dev/kustomization.yaml b/kustomize/dev/kustomization.yaml index eaf31f0..4ed2cda 100644 --- a/kustomize/dev/kustomization.yaml +++ b/kustomize/dev/kustomization.yaml @@ -3,7 +3,9 @@ kind: Kustomization resources: - ../base + - alf-prop-config-map.yaml patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml + - path: patch-infra-config-map.yaml diff --git a/kustomize/dev/patch-infra-config-map.yaml b/kustomize/dev/patch-infra-config-map.yaml new file mode 100644 index 0000000..1188ce2 --- /dev/null +++ b/kustomize/dev/patch-infra-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alfresco-infrastructure +data: + SFS_URL: https://alf-sfs.dev.delius-core.hmpps-development.modernisation-platform.service.justice.gov.uk/ + SFS_URL_API: https://alf-sfs.dev.delius-core.hmpps-development.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/dev/patch-ingress-repository.yaml b/kustomize/dev/patch-ingress-repository.yaml index bacc9c7..c27bd06 100644 --- a/kustomize/dev/patch-ingress-repository.yaml +++ b/kustomize/dev/patch-ingress-repository.yaml @@ -1,10 +1,10 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-dev-green - nginx.ingress.kubernetes.io/whitelist-source-range: "3.11.29.246,18.130.165.209,35.178.35.115,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-dev-green + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: - host: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: /api-explorer diff --git a/kustomize/dev/patch-ingress-share.yaml b/kustomize/dev/patch-ingress-share.yaml index 7cf0e58..c91c49e 100644 --- a/kustomize/dev/patch-ingress-share.yaml +++ b/kustomize/dev/patch-ingress-share.yaml @@ -1,10 +1,10 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-dev-green - nginx.ingress.kubernetes.io/whitelist-source-range: "3.11.29.246,18.130.165.209,35.178.35.115,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-dev-green + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: - host: share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-service-share port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share port: number: 80 path: /share/page/ diff --git a/kustomize/dev/values.yaml b/kustomize/dev/values.yaml index b777203..451a2ae 100644 --- a/kustomize/dev/values.yaml +++ b/kustomize/dev/values.yaml @@ -2,14 +2,16 @@ alfresco-repository: replicaCount: 2 image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository tag: release_7.3.2_elasticsearch-r5.0.2-content-latest share: replicaCount: 1 image: - tag: release_7.3.2_elasticsearch-r5.0.2-share-latest + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share + tag: release_7.3.2_elasticsearch-r5.0.2-chart-7.0.3-share-latest externalPort: 443 global: known_urls: - - https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk - - https://share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk - - https://alf-sfs.dev.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk + - https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + - https://share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + - https://alf-sfs.dev.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk diff --git a/kustomize/preprod/alf-prop-config-map.yaml b/kustomize/preprod/alf-prop-config-map.yaml index 8e9a9e6..c7a1c01 100644 --- a/kustomize/preprod/alf-prop-config-map.yaml +++ b/kustomize/preprod/alf-prop-config-map.yaml @@ -2,18 +2,18 @@ apiVersion: v1 kind: ConfigMap metadata: name: alf-prop-config-map -data: - alfresco-global.properties: | +data: + alfresco-global.properties: | deployment.method=HELM_CHART alfresco.cluster.enabled=true - alfresco.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + alfresco.host=hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk alfresco.protocol=https alfresco.port=443 - aos.baseUrlOverwrite=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos - csrf.filter.origin=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk - csrf.filter.referer=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/.* + aos.baseUrlOverwrite=https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + csrf.filter.origin=https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + csrf.filter.referer=https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk/.* share.protocol=https - share.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + share.host=hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk share.port=443 local.transform.service.enabled=true transform.service.enabled=false @@ -24,7 +24,7 @@ data: localTransform.tika.url=http://alfresco-content-services-tika localTransform.misc.url=http://alfresco-content-services-transform-misc events.subsystem.autoStart=false - + #Zaizi additions zaizi.noms.root.folder=NOMS zaizi.noms.crn.pattern=([A-Z])([0-9]{3})([0-9]{3}) From 6b1bb21225b037651beccd9b4b18e251df45b0b2 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Wed, 8 Jan 2025 17:08:54 +0000 Subject: [PATCH 16/17] update all envs for new chart --- .gitignore | 3 +- Taskfile.yml | 25 +- .../base/{values703.yaml => values.yaml} | 10 +- kustomize/dev/output.yaml | 2152 +++++++++++++++++ kustomize/dev/values.yaml | 17 +- kustomize/kustomizer.sh | 3 +- kustomize/poc/alf-prop-config-map.yaml | 80 + kustomize/poc/kustomization.yaml | 1 + kustomize/poc/output.yaml | 2110 ++++++++++++++++ kustomize/poc/patch-ingress-repository.yaml | 8 +- kustomize/poc/patch-ingress-share.yaml | 8 +- kustomize/poc/values.yaml | 25 +- kustomize/preprod/alf-prop-config-map.yaml | 10 +- .../preprod/patch-ingress-repository.yaml | 2 +- kustomize/preprod/patch-ingress-share.yaml | 2 +- kustomize/stage/alf-prop-config-map.yaml | 80 + kustomize/stage/kustomization.yaml | 3 +- kustomize/stage/output.yaml | 1920 +++++++++++++++ kustomize/stage/patch-infra-config-map.yaml | 7 + kustomize/stage/patch-ingress-repository.yaml | 8 +- kustomize/stage/patch-ingress-share.yaml | 8 +- kustomize/stage/values.yaml | 68 +- kustomize/test/alf-prop-config-map.yaml | 80 + kustomize/test/kustomization.yaml | 2 + kustomize/test/patch-infra-config-map.yaml | 7 + kustomize/test/patch-ingress-repository.yaml | 8 +- kustomize/test/patch-ingress-share.yaml | 8 +- kustomize/test/values.yaml | 52 +- rules.yaml | 219 ++ tools/scripts/amq-connect-single.sh | 65 + 30 files changed, 6883 insertions(+), 108 deletions(-) rename kustomize/base/{values703.yaml => values.yaml} (99%) create mode 100644 kustomize/dev/output.yaml create mode 100644 kustomize/poc/alf-prop-config-map.yaml create mode 100644 kustomize/poc/output.yaml create mode 100644 kustomize/stage/alf-prop-config-map.yaml create mode 100644 kustomize/stage/output.yaml create mode 100644 kustomize/stage/patch-infra-config-map.yaml create mode 100644 kustomize/test/alf-prop-config-map.yaml create mode 100644 kustomize/test/patch-infra-config-map.yaml create mode 100644 rules.yaml create mode 100755 tools/scripts/amq-connect-single.sh diff --git a/.gitignore b/.gitignore index d7349ee..7d28e25 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,8 @@ templated/ kustomize/base/charts/ kustomize/**/charts/ -kustomize/**/output.yaml +kustomize/**/helm_rendered_spec.yaml +kustomize/**/kustomized_helm_rendered_spec.yaml kustomize/base/resources.yaml jobs/reindex/values-reindex-*.yaml completed.txt diff --git a/Taskfile.yml b/Taskfile.yml index 1821cd6..a085a8a 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -4,8 +4,17 @@ vars: ENV: "{{.ENV}}" FROM: "{{.FROM}}" TO: "{{.TO}}" + FORCE: "{{.FORCE}}" NAMESPACE: - sh: if [ "{{.ENV}}" = "poc" ]; then echo "hmpps-delius-alfrsco-{{.ENV}}"; else echo "hmpps-delius-alfresco-{{.ENV}}"; fi + sh: | + if [ -z "{{.ENV}}" ]; then + echo "ERROR: ENV variable is not set" >&2 + exit 1 + elif [ "{{.ENV}}" = "poc" ]; then + echo "hmpps-delius-alfrsco-{{.ENV}}" + else + echo "hmpps-delius-alfresco-{{.ENV}}" + fi BUCKET_NAME: sh: kubectl get secret s3-bucket-output -n {{.NAMESPACE}} -o jsonpath='{.data.BUCKET_NAME}' | base64 --decode OPEN_SEARCH_PREFIX: @@ -90,7 +99,7 @@ tasks: cmds: - | helm upgrade --install alfresco-content-services alfresco/alfresco-content-services --version {{.CHART_VERSION}} --namespace {{.NAMESPACE}} \ - --values=../base/values703.yaml --values=../base/values-versions.yaml --values=values.yaml \ + --values=../base/values.yaml --values=../base/values-versions.yaml --values=values.yaml \ --set s3connector.config.bucketName={{.BUCKET_NAME}} \ --set database.url={{.RDS_JDBC_URL}} \ --set-string messageBroker.url="{{.MESSAGEBROKER_URL}}" \ @@ -142,3 +151,15 @@ tasks: echo "Uninstalling release: $release" helm uninstall "$release" -n "$NAMESPACE" done + + kubectl_remove_pods_prefix: + vars: + PREFIX: "{{.PREFIX}}" + FORCE_FLAG: + sh: if [ "{{.FORCE}}" = "true" ]; then echo "--force"; else echo ""; fi + cmds: + - | + kubectl get pods -n {{.NAMESPACE}} | grep "^{{.PREFIX}}" | awk '{print $1}' | while IFS= read -r pod; do + echo "Deleting pod: $pod" + kubectl delete pod "$pod" -n "$NAMESPACE" {{.FORCE_FLAG}} + done diff --git a/kustomize/base/values703.yaml b/kustomize/base/values.yaml similarity index 99% rename from kustomize/base/values703.yaml rename to kustomize/base/values.yaml index 183126e..bfe5010 100644 --- a/kustomize/base/values703.yaml +++ b/kustomize/base/values.yaml @@ -193,9 +193,9 @@ activemq: nodeSelector: {} adminUser: # -- Default username for the embedded broker admin user - user: null + user: admin # -- Default password for the embedded broker admin user - password: null + password: admin existingSecretName: amazon-mq-broker-secret existingSecretName: null alfresco-connector-ms365: @@ -262,7 +262,7 @@ alfresco-transform-service: # -- Declares the alfresco-shared-file-store used by the content repository # and transform service # due to platform constraints, the filestore is in MP - enabled: false + enabled: false replicaCount: 0 image: repository: quay.io/alfresco/alfresco-shared-file-store @@ -367,7 +367,7 @@ alfresco-search-enterprise: username: BROKER_USERNAME password: BROKER_PASSWORD liveIndexing: - # set in value-versions yaml + # set in value-versions yaml mediation: image: tag: 4.0.0.1 @@ -385,7 +385,7 @@ alfresco-search-enterprise: tag: 4.0.0.1 replicaCount: 1 reindexing: - enabled: false # leave as false - reindexing job is now standalone + enabled: false # leave as false - reindexing job is now standalone repository: existingConfigMap: name: *infrastructure_cmName diff --git a/kustomize/dev/output.yaml b/kustomize/dev/output.yaml new file mode 100644 index 0000000..a1649be --- /dev/null +++ b/kustomize/dev/output.yaml @@ -0,0 +1,2152 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-repository + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: alfresco-repository-0.1.2 + name: alfresco-repo-sa +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 4.0.0.1 + helm.sh/chart: alfresco-search-enterprise-3.0.3 + name: alfresco-search-enterprise-sa +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: share + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: share-0.2.1 + name: share-sa +--- +apiVersion: v1 +data: + alfresco-global.properties: | + deployment.method=HELM_CHART + alfresco.cluster.enabled=true + alfresco.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + alfresco.protocol=https + alfresco.port=443 + aos.baseUrlOverwrite=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + csrf.filter.origin=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + csrf.filter.referer=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/.* + share.protocol=https + share.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + share.port=443 + local.transform.service.enabled=true + transform.service.enabled=false + localTransform.core-aio.url= + localTransform.pdfrenderer.url=http://alfresco-content-services-pdfrenderer + localTransform.imagemagick.url=http://alfresco-content-services-imagemagick + localTransform.libreoffice.url=http://alfresco-content-services-libreoffice + localTransform.tika.url=http://alfresco-content-services-tika + localTransform.misc.url=http://alfresco-content-services-transform-misc + events.subsystem.autoStart=false + + #Zaizi additions + zaizi.noms.root.folder=NOMS + zaizi.noms.crn.pattern=([A-Z])([0-9]{3})([0-9]{3}) + zaizi.noms.invalidCharacters=\\/:*\"\"<>|?!$#%^& + + spg.ndelius.users=N00 + spg.crc.users=C01,C02,C03,C04,C05,C06,C07,C08,C09,C10,C11,C12,C13,C14,C15,C16,C17,C18,C19,C20,C21,C22,C23 + + # The User to Schema Cache + cache.spgUserToSchemaVersionCache.tx.maxItems=100 + cache.spgUserToSchemaVersionCache.tx.statsEnabled=${caches.tx.statsEnabled} + cache.spgUserToSchemaVersionCache.maxItems=500 + cache.spgUserToSchemaVersionCache.timeToLiveSeconds=0 + cache.spgUserToSchemaVersionCache.maxIdleSeconds=0 + cache.spgUserToSchemaVersionCache.cluster.type=local + cache.spgUserToSchemaVersionCache.backup-count=1 + cache.spgUserToSchemaVersionCache.eviction-policy=LRU + cache.spgUserToSchemaVersionCache.eviction-percentage=25 + cache.spgUserToSchemaVersionCache.merge-policy=hz.ADD_NEW_ENTRY + cache.spgUserToSchemaVersionCache.readBackupData=false + cache.spgUserToSchemaVersionCache.cluster.type=invalidating + + # Notify when a messaging to be sent to MPX taking morethan specified time. Value is in milliseconds. + message.mpx.log.messageSendingTakenMorethan=1000 + + zaizi.noms.mpx.schema.version=0-9-9 + zaizi.noms.mpx.schema.date=2016-09-05 + messaging.events.nspg.schema=classpath:SPG-XML_Message_Root-V0-9-9.xsd + + zaizi.noms.mpx.schema2.version=0-9-10 + zaizi.noms.mpx.schema2.date=2017-03-30 + messaging.events.nspg2.schema=classpath:SPG-XML_Message_Root-V0-9-10-2.xsd + + zaizi.noms.mpx.schema.911.version=0-9-11 + zaizi.noms.mpx.schema.911.date=2017-09-04 + messaging.events.nspg.911.schema=classpath:SPG-XML_Message_Root-V0-9-11.xsd + + zaizi.noms.mpx.schema.912.version=0-9-12 + zaizi.noms.mpx.schema.912.date=2017-12-05 + messaging.events.nspg.912.schema=classpath:SPG-XML_Message_Root-V0-9-12.xsd + + zaizi.noms.mpx.schema.913.version=0-9-13 + zaizi.noms.mpx.schema.913.date=2018-02-08 + messaging.events.nspg.913.schema=classpath:SPG-XML_Message_Root-V0-9-13.xsd + + zaizi.noms.mpx.schema.914.version=0-9-14 + zaizi.noms.mpx.schema.914.date=2019-10-21 + messaging.events.nspg.914.schema=classpath:SPG-XML_Message_Root-V0-9-14.xsd + + # NSPG Administration Groups Patch + patch.nspg.administration.deferred=false + patch.nspg.administration.roles.cronExpression=0 0 0 ? 1 1 2030 + patch.nspg.administration.roles.startDelay=0 +kind: ConfigMap +metadata: + name: alf-prop-config-map +--- +apiVersion: v1 +data: + CATALINA_OPTS: -Ddeployment.method=HELM_CHART -Ddb.url="$DATABASE_URL" -Ddb.username=${DATABASE_USERNAME} + -Ddb.password=${DATABASE_PASSWORD} -Ddb.driver="${DATABASE_DRIVER}" -Dmessaging.broker.url="$BROKER_URL" + -Dmessaging.broker.username="$BROKER_USERNAME" -Dmessaging.broker.password="$BROKER_PASSWORD" + -Dindex.subsystem.name="$SEARCH_FLAVOR" -Dmetadata-keystore.password="$ENC_METADATA_STOREPASS" + -Dmetadata-keystore.metadata.password="$ENC_METADATA_KEYPASS" -Delasticsearch.host=$SEARCH_HOST + -Delasticsearch.port=$SEARCH_PORT -Delasticsearch.secureComms=$SEARCH_SECURECOMMS + -Delasticsearch.user=$ELASTICSEARCH_USERNAME -Delasticsearch.password=$ELASTICSEARCH_PASSWORD + -Delasticsearch.createIndexIfNotExists=true -Ds3.accessKey="$ACCESSKEY" -Ds3.secretKey="$SECRETKEY" + -Ds3.bucketName="$BUCKET_NAME" -Dsfs.url="$SFS_URL" -Dimap.server.enabled=false + -Dimap.server.port=1143 -Demail.server.enabled=false -Demail.inbound.enabled=false + -Demail.server.port=1025 -Ds3.bucketLocation=eu-west-2 + JAVA_OPTS: -Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.algorithm=DESede + -Dindex.subsystem.name=elasticsearch -Delasticsearch.indexName=alfresco -Delasticsearch.createIndexIfNotExists=true + -Dtransform.service.enabled=true -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + -Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.algorithm=DESede + -Dsystem.workflow.engine.activiti.enabled=false -Dsystem.prop_table_cleaner.algorithm=V2 + -Dsystem.delete_not_exists.read_only=false -Dsystem.delete_not_exists.timeout_seconds=3600 + -Dfilecontentstore.subsystem.name=S3 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-repository + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: alfresco-repository-0.1.2 + name: alfresco-content-services-alfresco-opts +--- +apiVersion: v1 +data: + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + initialDelaySeconds: "10" + livenessPercent: "150" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "900" + maxTransforms: "10000" + path: /live + periodSeconds: "20" + timeoutSeconds: "10" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: imagemagick + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-imagemagick-configmap +--- +apiVersion: v1 +data: + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + initialDelaySeconds: "10" + livenessPercent: "250" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "99999" + path: /live + periodSeconds: "20" + timeoutSeconds: "10" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: libreoffice + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-libreoffice-configmap +--- +apiVersion: v1 +data: + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + initialDelaySeconds: "10" + livenessPercent: "150" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1200" + maxTransforms: "10000" + path: /live + periodSeconds: "20" + timeoutSeconds: "10" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: pdfrenderer + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-pdfrenderer-configmap +--- +apiVersion: v1 +data: + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + initialDelaySeconds: "30" + livenessPercent: "400" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "10000" + path: /live + periodSeconds: "20" + timeoutSeconds: "10" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tika + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-tika-configmap +--- +apiVersion: v1 +data: + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + initialDelaySeconds: "10" + livenessPercent: "400" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "10000" + path: /live + periodSeconds: "20" + timeoutSeconds: "10" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: transform-misc + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-transform-misc-configmap +--- +apiVersion: v1 +data: + IMAGEMAGICK_URL: http://alfresco-content-services-imagemagick:80 + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + LIBREOFFICE_URL: http://alfresco-content-services-libreoffice:80 + MISC_URL: http://alfresco-content-services-transform-misc:80 + PDF_RENDERER_URL: http://alfresco-content-services-pdfrenderer:80 + TIKA_URL: http://alfresco-content-services-tika:80 + initialDelaySeconds: "20" + path: /actuator/health + periodSeconds: "30" + timeoutSeconds: "10" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: transform-router + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-transform-router-configmap +--- +apiVersion: v1 +data: + ATS_URL: http://alfresco-content-services-transform-router/transform/config + BROKER_URL: failover:(nio+ssl://b-5c25f40d-edd0-49e9-95a0-01ea61b5444f-1.mq.eu-west-2.amazonaws.com:61617)?initialReconnectDelay=1000&maxReconnectAttempts=-1&useExponentialBackOff=true&maxReconnectDelay=30000?reconnectSupported=true + DATABASE_DRIVER: org.postgresql.Driver + DATABASE_URL: jdbc:postgresql://cloud-platform-9a95f5dfd5d72b23.cdwm328dlye6.eu-west-2.rds.amazonaws.com:5432/alfresco + REPOSITORY_URL: http://alfresco-content-services-alfresco-repository:80/alfresco + SEARCH_FLAVOR: elasticsearch + SEARCH_HOST: opensearch-proxy-service-cloud-platform-e7170919.hmpps-delius-alfresco-dev.svc.cluster.local + SEARCH_PORT: "8080" + SEARCH_SECURECOMMS: none + SEARCH_URL: http://opensearch-proxy-service-cloud-platform-e7170919.hmpps-delius-alfresco-dev.svc.cluster.local:8080 + SFS_URL: https://alf-sfs.dev.delius-core.hmpps-development.modernisation-platform.service.justice.gov.uk/ + SFS_URL_API: https://alf-sfs.dev.delius-core.hmpps-development.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ + repo_svc_name: alfresco-content-services-alfresco-repository + repo_svc_port: "80" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-content-services + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: alfresco-content-services-7.0.3 + name: alfresco-infrastructure +--- +apiVersion: v1 +data: + alfresco-global.properties: "deployment.method=HELM_CHART\nalfresco.cluster.enabled=true\nalfresco.host=hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk\nalfresco.protocol=https\nalfresco.port=443\naos.baseUrlOverwrite=https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos\ncsrf.filter.origin=https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk\ncsrf.filter.referer=https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk/.*\nshare.protocol=https\nshare.host=hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk\nshare.port=443\nlocal.transform.service.enabled=true\ntransform.service.enabled=false + \ \nlocalTransform.core-aio.url=\nlocalTransform.pdfrenderer.url=http://alfresco-content-services-pdfrenderer\nlocalTransform.imagemagick.url=http://alfresco-content-services-imagemagick\nlocalTransform.libreoffice.url=http://alfresco-content-services-libreoffice\nlocalTransform.tika.url=http://alfresco-content-services-tika\nlocalTransform.misc.url=http://alfresco-content-services-transform-misc\nevents.subsystem.autoStart=false\n" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-content-services + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: alfresco-content-services-7.0.3 + name: repository +--- +apiVersion: v1 +data: + SEARCH_PASSWORD: "" + SEARCH_USERNAME: "" +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-content-services + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: alfresco-content-services-7.0.3 + name: alfresco-search-secret +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-repository + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: alfresco-repository-0.1.2 + name: alfresco-content-services-alfresco-repository +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-repository + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: imagemagick + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-imagemagick +spec: + ports: + - name: imagemagick + port: 80 + targetPort: 8090 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: imagemagick + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: libreoffice + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-libreoffice +spec: + ports: + - name: libreoffice + port: 80 + targetPort: 8090 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: libreoffice + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: pdfrenderer + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-pdfrenderer +spec: + ports: + - name: pdfrenderer + port: 80 + targetPort: 8090 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: pdfrenderer + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: share + name: alfresco-content-services-share +spec: + ports: + - name: share + port: 80 + targetPort: 8080 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: share + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tika + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-tika +spec: + ports: + - name: tika + port: 80 + targetPort: 8090 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: tika + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: transform-misc + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-transform-misc +spec: + ports: + - name: transformmisc + port: 80 + targetPort: 8090 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: transform-misc + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: transform-router + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-transform-router +spec: + ports: + - name: transform-router + port: 80 + protocol: TCP + targetPort: 8095 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: transform-router + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: indexing-mediation + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 4.0.0.1 + helm.sh/chart: alfresco-search-enterprise-3.0.3 + name: alfresco-search-enterprise-mediation-headless +spec: + clusterIP: None + ports: + - name: http + port: 8080 + selector: + app.kubernetes.io/component: indexing-mediation + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-repository + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: alfresco-repository-0.1.2 + name: alfresco-content-services-alfresco-repository +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-repository + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: null + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-repository + spec: + containers: + - env: + - name: ENC_METADATA_STOREPASS + value: mp6yc0UD9e + - name: ENC_METADATA_KEYPASS + value: oKIWzVdEdA + - name: DATABASE_URL + valueFrom: + configMapKeyRef: + key: DATABASE_URL + name: alfresco-infrastructure + - name: DATABASE_DRIVER + valueFrom: + configMapKeyRef: + key: DATABASE_DRIVER + name: alfresco-infrastructure + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: DATABASE_PASSWORD + name: rds-instance-output + - name: DATABASE_USERNAME + valueFrom: + secretKeyRef: + key: DATABASE_USERNAME + name: rds-instance-output + - name: ACCESSKEY + valueFrom: + secretKeyRef: + key: ACCESSKEY + name: s3-bucket-output + optional: true + - name: SECRETKEY + valueFrom: + secretKeyRef: + key: SECRETKEY + name: s3-bucket-output + optional: true + - name: BUCKET_NAME + valueFrom: + secretKeyRef: + key: BUCKET_NAME + name: s3-bucket-output + optional: true + - name: SFS_URL + valueFrom: + secretKeyRef: + key: SFS_URL + name: sfs-url + optional: true + - name: SEARCH_FLAVOR + valueFrom: + configMapKeyRef: + key: SEARCH_FLAVOR + name: alfresco-infrastructure + - name: SEARCH_HOST + valueFrom: + configMapKeyRef: + key: SEARCH_HOST + name: alfresco-infrastructure + - name: SEARCH_PORT + valueFrom: + configMapKeyRef: + key: SEARCH_PORT + name: alfresco-infrastructure + - name: SEARCH_SECURECOMMS + valueFrom: + configMapKeyRef: + key: SEARCH_SECURECOMMS + name: alfresco-infrastructure + - name: ELASTICSEARCH_USERNAME + valueFrom: + secretKeyRef: + key: SEARCH_USERNAME + name: alfresco-search-secret + optional: true + - name: ELASTICSEARCH_PASSWORD + valueFrom: + secretKeyRef: + key: SEARCH_PASSWORD + name: alfresco-search-secret + optional: true + - name: SOLR_SECRET + valueFrom: + secretKeyRef: + key: SOLR_SECRET + name: alfresco-search-secret + optional: true + - name: BROKER_URL + valueFrom: + configMapKeyRef: + key: BROKER_URL + name: alfresco-infrastructure + - name: BROKER_USERNAME + valueFrom: + secretKeyRef: + key: BROKER_USERNAME + name: amazon-mq-broker-secret + optional: true + - name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + key: BROKER_PASSWORD + name: amazon-mq-broker-secret + optional: true + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-opts + image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository:release_7.3.2_elasticsearch-r5.0.2-content-latest + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-live- + port: http + initialDelaySeconds: 130 + periodSeconds: 20 + timeoutSeconds: 15 + name: alfresco-repository + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 5701 + name: hazelcast + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- + port: http + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 8Gi + requests: + cpu: 250m + memory: 2Gi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + startupProbe: + failureThreshold: 10 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-live- + port: http + periodSeconds: 30 + timeoutSeconds: 3 + volumeMounts: + - mountPath: /usr/local/tomcat/alf_data + name: data + subPath: alfresco-content-services/repository-data + - mountPath: /usr/local/tomcat/shared/classes/alfresco-global.properties + name: global-properties + readOnly: true + subPath: alfresco-global.properties + - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/license + name: acs-license + readOnly: true + imagePullSecrets: + - name: quay-registry-secret + initContainers: + - command: + - sh + - -c + - | + NCTARGET=$(echo DATABASE_URL | awk -F ';|/' '{print $3}') + if [[ "$NCTARGET" == *":"* ]]; then + until nc -vw1 $NCTARGET; do + sleep 2 + done + else echo "No port in jdbc URL $DATABASE_URL. Can't guess it so skipping db status check" + fi + env: + - name: DATABASE_URL + valueFrom: + configMapKeyRef: + key: DATABASE_URL + name: alfresco-infrastructure + - name: DATABASE_DRIVER + valueFrom: + configMapKeyRef: + key: DATABASE_DRIVER + name: alfresco-infrastructure + image: busybox:1.35 + imagePullPolicy: IfNotPresent + name: wait-db-ready + resources: + limits: + cpu: "0.25" + memory: 10Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 33000 + serviceAccountName: alfresco-repo-sa + terminationGracePeriodSeconds: 60 + volumes: + - emptyDir: + sizeLimit: 100Gi + name: data + - configMap: + defaultMode: 256 + items: + - key: alfresco-global.properties + path: alfresco-global.properties + name: alf-prop-config-map + name: global-properties + - name: acs-license + secret: + defaultMode: 256 + items: + - key: Alfresco-ent73-NOMSNationalOffenderManagementService-Expires10.03.2025.lic + path: license.lic + optional: true + secretName: alfresco-license +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: content-indexing + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 4.0.0.1 + helm.sh/chart: alfresco-search-enterprise-3.0.3 + name: alfresco-content-services-alfresco-search-enterprise-content +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: content-indexing + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app.kubernetes.io/component: content-indexing + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "200" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + valueFrom: + configMapKeyRef: + key: SFS_URL_API + name: alfresco-infrastructure + - name: BROKER_USERNAME + valueFrom: + secretKeyRef: + key: BROKER_USERNAME + name: amazon-mq-broker-secret + - name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + key: BROKER_PASSWORD + name: amazon-mq-broker-secret + - name: BROKER_URL + valueFrom: + configMapKeyRef: + key: BROKER_URL + name: alfresco-infrastructure + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: SEARCH_USERNAME + name: alfresco-search-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: SEARCH_PASSWORD + name: alfresco-search-secret + - name: SPRING_ELASTICSEARCH_REST_URIS + valueFrom: + configMapKeyRef: + key: SEARCH_URL + name: alfresco-infrastructure + - name: ELASTICSEARCH_INDEXNAME + value: alfresco + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_REFRESHTIME + value: 0 0 * * * * + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_ENABLED + value: "true" + - name: ALFRESCO_PATHINDEXINGCOMPONENT_ENABLED + value: "true" + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL + valueFrom: + configMapKeyRef: + key: ATS_URL + name: alfresco-infrastructure + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-content:3.2.0.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-content + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 + serviceAccountName: alfresco-search-enterprise-sa +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: metadata-indexing + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 4.0.0.1 + helm.sh/chart: alfresco-search-enterprise-3.0.3 + name: alfresco-content-services-alfresco-search-enterprise-metadata +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: metadata-indexing + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app.kubernetes.io/component: metadata-indexing + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + valueFrom: + configMapKeyRef: + key: SFS_URL_API + name: alfresco-infrastructure + - name: BROKER_USERNAME + valueFrom: + secretKeyRef: + key: BROKER_USERNAME + name: amazon-mq-broker-secret + - name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + key: BROKER_PASSWORD + name: amazon-mq-broker-secret + - name: BROKER_URL + valueFrom: + configMapKeyRef: + key: BROKER_URL + name: alfresco-infrastructure + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: SEARCH_USERNAME + name: alfresco-search-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: SEARCH_PASSWORD + name: alfresco-search-secret + - name: SPRING_ELASTICSEARCH_REST_URIS + valueFrom: + configMapKeyRef: + key: SEARCH_URL + name: alfresco-infrastructure + - name: ELASTICSEARCH_INDEXNAME + value: alfresco + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_REFRESHTIME + value: 0 0 * * * * + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_ENABLED + value: "true" + - name: ALFRESCO_PATHINDEXINGCOMPONENT_ENABLED + value: "true" + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL + valueFrom: + configMapKeyRef: + key: ATS_URL + name: alfresco-infrastructure + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-metadata:3.2.0.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-metadata + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 + serviceAccountName: alfresco-search-enterprise-sa +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: path-indexing + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 4.0.0.1 + helm.sh/chart: alfresco-search-enterprise-3.0.3 + name: alfresco-content-services-alfresco-search-enterprise-path +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: path-indexing + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app.kubernetes.io/component: path-indexing + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + valueFrom: + configMapKeyRef: + key: SFS_URL_API + name: alfresco-infrastructure + - name: BROKER_USERNAME + valueFrom: + secretKeyRef: + key: BROKER_USERNAME + name: amazon-mq-broker-secret + - name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + key: BROKER_PASSWORD + name: amazon-mq-broker-secret + - name: BROKER_URL + valueFrom: + configMapKeyRef: + key: BROKER_URL + name: alfresco-infrastructure + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: SEARCH_USERNAME + name: alfresco-search-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: SEARCH_PASSWORD + name: alfresco-search-secret + - name: SPRING_ELASTICSEARCH_REST_URIS + valueFrom: + configMapKeyRef: + key: SEARCH_URL + name: alfresco-infrastructure + - name: ELASTICSEARCH_INDEXNAME + value: alfresco + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_REFRESHTIME + value: 0 0 * * * * + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_ENABLED + value: "true" + - name: ALFRESCO_PATHINDEXINGCOMPONENT_ENABLED + value: "true" + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL + valueFrom: + configMapKeyRef: + key: ATS_URL + name: alfresco-infrastructure + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-path:3.2.0.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-path + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 + serviceAccountName: alfresco-search-enterprise-sa +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: imagemagick + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-imagemagick +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: imagemagick + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum.alfresco.org/config-imagemagick: 566aba8e50a56d4e04236474beef22ea5abced2c1d2362005bf62385e4e3dee4 + checksum.alfresco.org/secret-messagebroker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: imagemagick + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-imagemagick + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-imagemagick + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: FILE_STORE_URL + valueFrom: + configMapKeyRef: + key: SFS_URL_API + name: alfresco-infrastructure + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-imagemagick-configmap + - secretRef: + name: amazon-mq-broker-secret + image: alfresco/alfresco-imagemagick:3.1.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-transform-service + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: 250m + memory: 250Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33002 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: libreoffice + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-libreoffice +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: libreoffice + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum.alfresco.org/config-libreoffice: ba3050ad9def6f86804f8a2519245fe11c64069bc4887aa649189cddeaea96f8 + checksum.alfresco.org/secret-messagebroker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: libreoffice + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-libreoffice + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-libreoffice + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: FILE_STORE_URL + valueFrom: + configMapKeyRef: + key: SFS_URL_API + name: alfresco-infrastructure + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-libreoffice-configmap + - secretRef: + name: amazon-mq-broker-secret + image: alfresco/alfresco-libreoffice:3.1.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-transform-service + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: 250m + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33003 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: pdfrenderer + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-pdfrenderer +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: pdfrenderer + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum.alfresco.org/config-pdfrenderer: 840c990299f6a97eac592f0391f94c6411b3830f0c32279bb6b61ee8164347cd + checksum.alfresco.org/secret-messagebroker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: pdfrenderer + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-pdfrenderer + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-pdfrenderer + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-pdfrenderer-configmap + - secretRef: + name: amazon-mq-broker-secret + image: alfresco/alfresco-pdf-renderer:3.1.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-transform-service + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: 100m + memory: 250Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33001 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + checkov.io/skip1: CKV_K8S_20=Requires APPS-1832 + checkov.io/skip2: CKV_K8S_23=Requires APPS-1832 + checkov.io/skip3: CKV_K8S_40=Requires APPS-1832 + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: share + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: share-0.2.1 + name: alfresco-content-services-share +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: share + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: null + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: share + spec: + containers: + - env: + - name: CSRF_FILTER_REFERER + value: https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk/.*\|https://share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk/.*\|https://alf-sfs.dev.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/.* + - name: CSRF_FILTER_ORIGIN + value: https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk,https://share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk,https://alf-sfs.dev.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk + - name: BASEURL + value: https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + - name: JAVA_OPTS + value: -Dalfresco.proxy=$BASEURL + - name: REPO_HOST + valueFrom: + configMapKeyRef: + key: repo_svc_name + name: alfresco-infrastructure + - name: REPO_PORT + valueFrom: + configMapKeyRef: + key: repo_svc_port + name: alfresco-infrastructure + - name: CATALINA_OPTS + value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share:release_7.3.2_elasticsearch-r5.0.2-chart-7.0.3-share-latest + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /share + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 + timeoutSeconds: 5 + name: alfresco-share + ports: + - containerPort: 8005 + name: tomcat-shutdown + protocol: TCP + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /share + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 30 + timeoutSeconds: 5 + resources: + limits: + cpu: "4" + memory: 2000Mi + requests: + cpu: "1" + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + imagePullSecrets: + - name: quay-registry-secret + initContainers: [] + nodeSelector: {} + securityContext: + runAsNonRoot: true + runAsUser: 65534 + serviceAccountName: share-sa + volumes: [] +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: tika + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-tika +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: tika + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum.alfresco.org/config-tika: 564e1cd2db773fdf247d8186115851e4b9ebb11ba072d2e7f410affd3da74287 + checksum.alfresco.org/secret-messagebroker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: tika + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-tika + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-tika + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: FILE_STORE_URL + valueFrom: + configMapKeyRef: + key: SFS_URL_API + name: alfresco-infrastructure + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-tika-configmap + - secretRef: + name: amazon-mq-broker-secret + image: alfresco/alfresco-tika:3.1.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-transform-service + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: 250m + memory: 600Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33004 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: transform-misc + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-transform-misc +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: transform-misc + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum.alfresco.org/config-transform-misc: f44290e592e0ee47adbb610e8a5cab7c8dcc84383fb2e3fad80e917c71b245d2 + checksum.alfresco.org/secret-messagebroker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: transform-misc + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-transform-misc + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-transform-misc + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: FILE_STORE_URL + valueFrom: + configMapKeyRef: + key: SFS_URL_API + name: alfresco-infrastructure + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-transform-misc-configmap + - secretRef: + name: amazon-mq-broker-secret + image: alfresco/alfresco-transform-misc:3.1.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-transform-service + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: 100m + memory: 250Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33006 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: transform-router + app.kubernetes.io/version: 4.0.1 + helm.sh/chart: alfresco-transform-service-0.3.2 + name: alfresco-content-services-transform-router +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: transform-router + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum.alfresco.org/config-transform-router: cf7203bc6f70a192f5c3f60c603ba28aef71c9f8d3463e909bb88d47b13e0dd6 + checksum.alfresco.org/secret-messagebroker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: transform-router + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-transform-router + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-transform-router + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: FILE_STORE_URL + valueFrom: + configMapKeyRef: + key: SFS_URL_API + name: alfresco-infrastructure + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-transform-router-configmap + - secretRef: + name: amazon-mq-broker-secret + image: quay.io/alfresco/alfresco-transform-router:2.1.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /actuator/health + port: 8095 + initialDelaySeconds: 20 + periodSeconds: 30 + timeoutSeconds: 10 + name: alfresco-transform-service + ports: + - containerPort: 8095 + readinessProbe: + httpGet: + path: /actuator/health + port: 8095 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: 100m + memory: 250Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33016 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: alfresco-search-enterprise-mediation +spec: + selector: + matchLabels: + app.kubernetes.io/component: indexing-mediation + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + serviceName: alfresco-search-enterprise-mediation + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/component: indexing-mediation + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 4.0.0.1 + helm.sh/chart: alfresco-search-enterprise-3.0.3 + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAX_CONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + valueFrom: + configMapKeyRef: + key: SFS_URL_API + name: alfresco-infrastructure + - name: BROKER_USERNAME + valueFrom: + secretKeyRef: + key: BROKER_USERNAME + name: amazon-mq-broker-secret + - name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + key: BROKER_PASSWORD + name: amazon-mq-broker-secret + - name: BROKER_URL + valueFrom: + configMapKeyRef: + key: BROKER_URL + name: alfresco-infrastructure + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: ELASTICSEARCH_INDEXNAME + value: alfresco + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_REFRESHTIME + value: 0 0 * * * * + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_ENABLED + value: "true" + - name: ALFRESCO_PATHINDEXINGCOMPONENT_ENABLED + value: "true" + - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL + valueFrom: + configMapKeyRef: + key: ATS_URL + name: alfresco-infrastructure + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-mediation:3.2.0.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-mediation + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + checkov.io/skip1: CKV_K8S_153=We're filtering out snippet in named template + external-dns.alpha.kubernetes.io/aws-weight: "100" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-dev-green + kubernetes.io/ingress.class: default + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: 5g + nginx.ingress.kubernetes.io/proxy-read-timeout: "200" + nginx.ingress.kubernetes.io/proxy-send-timeout: "200" + nginx.ingress.kubernetes.io/server-snippet: | + location ~ ^/.*/(wc)?s(ervice)?/api/solr/.*$ {return 403;} + location ~ ^/.*/proxy/.*/api/solr/.*$ {return 403;} + location ~ ^/.*/-default-/proxy/.*/api/.*$ {return 403;} + location ~ ^/.*/s/prometheus$ {return 403;} + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-name: alfrescoRepo + nginx.ingress.kubernetes.io/whitelist-source-range: 3.11.29.246,18.130.165.209,35.178.35.115,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32 + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-repository + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: alfresco-repository-0.1.2 + name: alfresco-content-services-alfresco-repository +spec: + ingressClassName: default + rules: + - host: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-repository + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-repository + port: + number: 80 + path: /api-explorer + pathType: Prefix + tls: + - hosts: + - hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + checkov.io/skip1: CKV_K8S_153=We're filtering out snippet in named template + external-dns.alpha.kubernetes.io/aws-weight: "100" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-dev-green + kubernetes.io/ingress.class: default + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri = "/") { + return 301 /share/page/; + } + nginx.ingress.kubernetes.io/proxy-body-size: 5g + nginx.ingress.kubernetes.io/server-snippet: | + location ~ ^/.*/(wc)?s(ervice)?/api/solr/.*$ {return 403;} + location ~ ^/.*/proxy/.*/api/solr/.*$ {return 403;} + location ~ ^/.*/-default-/proxy/.*/api/.*$ {return 403;} + location ~ ^/.*/s/prometheus$ {return 403;} + nginx.ingress.kubernetes.io/session-cookie-expires: "604800" + nginx.ingress.kubernetes.io/session-cookie-max-age: "604800" + nginx.ingress.kubernetes.io/session-cookie-name: alfrescoShare + nginx.ingress.kubernetes.io/session-cookie-path: /share + nginx.ingress.kubernetes.io/whitelist-source-range: 3.11.29.246,18.130.165.209,35.178.35.115,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32 + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: share + app.kubernetes.io/version: 23.1.1 + helm.sh/chart: share-0.2.1 + name: alfresco-content-services-share +spec: + ingressClassName: default + rules: + - host: share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-service-share + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-share + port: + number: 80 + path: /share/page/ + pathType: Prefix + tls: + - hosts: + - share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + secretName: share-ingress-cert diff --git a/kustomize/dev/values.yaml b/kustomize/dev/values.yaml index 451a2ae..5c51d3f 100644 --- a/kustomize/dev/values.yaml +++ b/kustomize/dev/values.yaml @@ -4,14 +4,25 @@ alfresco-repository: image: repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository tag: release_7.3.2_elasticsearch-r5.0.2-content-latest + persistence: + # -- Persist repository data + enabled: false + baseSize: 100Gi + # -- Specify a storageClass for dynamic provisioning + accessModes: + - ReadWriteOnce share: replicaCount: 1 image: repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share tag: release_7.3.2_elasticsearch-r5.0.2-chart-7.0.3-share-latest +alfresco-transform-service: + filestore: + enabled: true + replicaCount: 1 + externalPort: 443 global: known_urls: - - https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk - - https://share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk - - https://alf-sfs.dev.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk + - https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + - https://share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/kustomizer.sh b/kustomize/kustomizer.sh index d2b4825..a4c1b41 100755 --- a/kustomize/kustomizer.sh +++ b/kustomize/kustomizer.sh @@ -9,8 +9,9 @@ debug=$(echo $debug | xargs) if [ "$debug" == "true" ]; then set -x cat > ../base/resources.yaml + cp ../base/resources.yaml helm_rendered_spec.yaml kubectl kustomize - kubectl kustomize > output.yaml + kubectl kustomize > kustomized_helm_rendered_spec.yaml else cat > ../base/resources.yaml kubectl kustomize diff --git a/kustomize/poc/alf-prop-config-map.yaml b/kustomize/poc/alf-prop-config-map.yaml new file mode 100644 index 0000000..87cf4a8 --- /dev/null +++ b/kustomize/poc/alf-prop-config-map.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alf-prop-config-map +data: + alfresco-global.properties: | + deployment.method=HELM_CHART + alfresco.cluster.enabled=true + alfresco.host=hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + alfresco.protocol=https + alfresco.port=443 + aos.baseUrlOverwrite=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + csrf.filter.origin=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + csrf.filter.referer=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk/.* + share.protocol=https + share.host=hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + share.port=443 + local.transform.service.enabled=true + transform.service.enabled=false + localTransform.core-aio.url= + localTransform.pdfrenderer.url=http://alfresco-content-services-pdfrenderer + localTransform.imagemagick.url=http://alfresco-content-services-imagemagick + localTransform.libreoffice.url=http://alfresco-content-services-libreoffice + localTransform.tika.url=http://alfresco-content-services-tika + localTransform.misc.url=http://alfresco-content-services-transform-misc + events.subsystem.autoStart=false + + #Zaizi additions + zaizi.noms.root.folder=NOMS + zaizi.noms.crn.pattern=([A-Z])([0-9]{3})([0-9]{3}) + zaizi.noms.invalidCharacters=\\/:*\"\"<>|?!$#%^& + + spg.ndelius.users=N00 + spg.crc.users=C01,C02,C03,C04,C05,C06,C07,C08,C09,C10,C11,C12,C13,C14,C15,C16,C17,C18,C19,C20,C21,C22,C23 + + # The User to Schema Cache + cache.spgUserToSchemaVersionCache.tx.maxItems=100 + cache.spgUserToSchemaVersionCache.tx.statsEnabled=${caches.tx.statsEnabled} + cache.spgUserToSchemaVersionCache.maxItems=500 + cache.spgUserToSchemaVersionCache.timeToLiveSeconds=0 + cache.spgUserToSchemaVersionCache.maxIdleSeconds=0 + cache.spgUserToSchemaVersionCache.cluster.type=local + cache.spgUserToSchemaVersionCache.backup-count=1 + cache.spgUserToSchemaVersionCache.eviction-policy=LRU + cache.spgUserToSchemaVersionCache.eviction-percentage=25 + cache.spgUserToSchemaVersionCache.merge-policy=hz.ADD_NEW_ENTRY + cache.spgUserToSchemaVersionCache.readBackupData=false + cache.spgUserToSchemaVersionCache.cluster.type=invalidating + + # Notify when a messaging to be sent to MPX taking morethan specified time. Value is in milliseconds. + message.mpx.log.messageSendingTakenMorethan=1000 + + zaizi.noms.mpx.schema.version=0-9-9 + zaizi.noms.mpx.schema.date=2016-09-05 + messaging.events.nspg.schema=classpath:SPG-XML_Message_Root-V0-9-9.xsd + + zaizi.noms.mpx.schema2.version=0-9-10 + zaizi.noms.mpx.schema2.date=2017-03-30 + messaging.events.nspg2.schema=classpath:SPG-XML_Message_Root-V0-9-10-2.xsd + + zaizi.noms.mpx.schema.911.version=0-9-11 + zaizi.noms.mpx.schema.911.date=2017-09-04 + messaging.events.nspg.911.schema=classpath:SPG-XML_Message_Root-V0-9-11.xsd + + zaizi.noms.mpx.schema.912.version=0-9-12 + zaizi.noms.mpx.schema.912.date=2017-12-05 + messaging.events.nspg.912.schema=classpath:SPG-XML_Message_Root-V0-9-12.xsd + + zaizi.noms.mpx.schema.913.version=0-9-13 + zaizi.noms.mpx.schema.913.date=2018-02-08 + messaging.events.nspg.913.schema=classpath:SPG-XML_Message_Root-V0-9-13.xsd + + zaizi.noms.mpx.schema.914.version=0-9-14 + zaizi.noms.mpx.schema.914.date=2019-10-21 + messaging.events.nspg.914.schema=classpath:SPG-XML_Message_Root-V0-9-14.xsd + + # NSPG Administration Groups Patch + patch.nspg.administration.deferred=false + patch.nspg.administration.roles.cronExpression=0 0 0 ? 1 1 2030 + patch.nspg.administration.roles.startDelay=0 diff --git a/kustomize/poc/kustomization.yaml b/kustomize/poc/kustomization.yaml index eaf31f0..0603125 100644 --- a/kustomize/poc/kustomization.yaml +++ b/kustomize/poc/kustomization.yaml @@ -3,6 +3,7 @@ kind: Kustomization resources: - ../base + - alf-prop-config-map.yaml patches: - path: patch-ingress-repository.yaml diff --git a/kustomize/poc/output.yaml b/kustomize/poc/output.yaml new file mode 100644 index 0000000..3ee7106 --- /dev/null +++ b/kustomize/poc/output.yaml @@ -0,0 +1,2110 @@ +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "150" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "900" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-imagemagick-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "250" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "99999" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-libreoffice-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "150" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1200" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-pdfrenderer-configmap +--- +apiVersion: v1 +data: + ALFRESCO_OPTS: -Ddeployment.method=HELM_CHART -Dalfresco.cluster.enabled=false -Ddir.license.external=/usr/local/tomcat/shared/classes/alfresco/extension/license/ + -Dalfresco.host=hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + -Dalfresco.protocol=https -Dalfresco.port=443 -Daos.baseUrlOverwrite=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + -Dcsrf.filter.origin=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + -Dcsrf.filter.referer=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk/.* + -Dshare.protocol=https -Dshare.host=hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + -Dshare.port=443 -Delasticsearch.host=opensearch-proxy-service-cloud-platform-62a206e0.hmpps-delius-alfrsco-poc.svc.cluster.local + -Delasticsearch.port=8080 -Delasticsearch.user= -Delasticsearch.password= -Delasticsearch.createIndexIfNotExists=true + -Delasticsearch.indexName=alfresco -Dindex.subsystem.name=elasticsearch -Dtransform.service.url=http://alfresco-content-services-alfresco-router + -Dsfs.url=http://alfresco-content-services-alfresco-filestore:80 -DlocalTransform.core-aio.url= + -DlocalTransform.pdfrenderer.url=http://alfresco-content-services-alfresco-cs-pdfrenderer + -DlocalTransform.imagemagick.url=http://alfresco-content-services-alfresco-cs-imagemagick + -DlocalTransform.libreoffice.url=http://alfresco-content-services-alfresco-cs-libreoffice + -DlocalTransform.tika.url=http://alfresco-content-services-alfresco-cs-tika -DlocalTransform.misc.url=http://alfresco-content-services-alfresco-cs-transform-misc + -Dalfresco-pdf-renderer.url=http://alfresco-content-services-alfresco-cs-pdfrenderer + -Dimg.url=http://alfresco-content-services-alfresco-cs-imagemagick -Djodconverter.url=http://alfresco-content-services-alfresco-cs-libreoffice + -Dtika.url=http://alfresco-content-services-alfresco-cs-tika -Dtransform.misc.url=http://alfresco-content-services-alfresco-cs-transform-misc + -Ds3.bucketLocation=eu-west-2 -Ds3.bucketName=cloud-platform-5ce784402d8052fe1cd006f1e7329f70 + -Devents.subsystem.autoStart=false + CATALINA_OPTS: $ALFRESCO_OPTS -Ddb.driver=org.postgresql.Driver -Ddb.url=jdbc:postgresql://cloud-platform-f05612b0b7cdbf33.cdwm328dlye6.eu-west-2.rds.amazonaws.com:5432/alfresco + -Ddb.username=$DATABASE_USERNAME -Ddb.password=$DATABASE_PASSWORD -Ds3.accessKey=$ACCESSKEY + -Ds3.secretKey=$SECRETKEY -Dmetadata-keystore.password=$METADATA_KEYSTORE_PASSWORD + -Dmetadata-keystore.metadata.password=$METADATA_KEY_PASSWORD -Dmessaging.broker.url=$BROKER_URL + -Dmessaging.broker.username=$BROKER_USERNAME -Dmessaging.broker.password=$BROKER_PASSWORD + -Dencryption.ssl.truststore.location=$JAVA_HOME/lib/security/cacerts -Dalfresco_user_store.adminpassword=$REPO_ADMIN_PASSWORD + JAVA_OPTS: -Dindex.subsystem.name=elasticsearch -Delasticsearch.indexName=alfresco + -Delasticsearch.createIndexIfNotExists=true -Dtransform.service.enabled=true -XX:MinRAMPercentage=50 + -XX:MaxRAMPercentage=80 -Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.algorithm=DESede + -Dsystem.workflow.engine.activiti.enabled=false -Dsystem.prop_table_cleaner.algorithm=V2 + -Dsystem.delete_not_exists.read_only=false -Dsystem.delete_not_exists.timeout_seconds=3600 + -Dfilecontentstore.subsystem.name=S3 -Ds3.flatRoot=false + RELEASE_NAME: alfresco-content-services +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository-configmap +--- +apiVersion: v1 +data: + CATALINA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + CSRF_FILTER_ORIGIN: https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + CSRF_FILTER_REFERER: https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk/.* + JAVA_OPTS: -Dalfresco.proxy=https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + REPO_HOST: alfresco-content-services-alfresco-cs-repository + REPO_PORT: "80" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -Xms1024M -Xmx1638M + livenessPercent: "400" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-tika + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-tika-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "400" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-transform-misc-configmap +--- +apiVersion: v1 +data: + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "150" + livenessSavePeriodSeconds: "600" + scheduler.cleanup.interval: "86400000" + scheduler.content.age.millis: "86400000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-filestore + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-filestore-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + IMAGEMAGICK_URL: http://alfresco-content-services-alfresco-cs-imagemagick:80 + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + LIBREOFFICE_URL: http://alfresco-content-services-alfresco-cs-libreoffice:80 + MISC_URL: http://alfresco-content-services-alfresco-cs-transform-misc:80 + PDF_RENDERER_URL: http://alfresco-content-services-alfresco-cs-pdfrenderer:80 + TIKA_URL: http://alfresco-content-services-alfresco-cs-tika:80 +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-router + chart: alfresco-content-services-6.0.2 + component: transformrouter + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-router-configmap +--- +apiVersion: v1 +data: + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_ENABLED: "true" + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_REFRESHTIME: 0 0 * * * * + ALFRESCO_PATHINDEXINGCOMPONENT_ENABLED: "true" + ALFRESCO_SHAREDFILESTORE_BASEURL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ELASTICSEARCH_INDEXNAME: alfresco + SPRING_ELASTICSEARCH_REST_URIS: http://opensearch-proxy-service-cloud-platform-62a206e0.hmpps-delius-alfrsco-poc.svc.cluster.local:8080 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-configmap +--- +apiVersion: v1 +data: + BROKER_PASSWORD: YWRtaW4= + BROKER_URL: ZmFpbG92ZXI6KG5pbzovL2FsZnJlc2NvLWNvbnRlbnQtc2VydmljZXMtYWN0aXZlbXEtYnJva2VyOjYxNjE2KT90aW1lb3V0PTMwMDAmam1zLnVzZUNvbXByZXNzaW9uPXRydWU= + BROKER_USERNAME: YWRtaW4= +kind: Secret +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: acs-alfresco-cs-brokersecret +type: Opaque +--- +apiVersion: v1 +data: + BROKER_PASSWORD: YWRtaW4= + BROKER_USERNAME: YWRtaW4= +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: activemq + app.kubernetes.io/version: 5.17.4 + helm.sh/chart: activemq-3.1.0 + name: alfresco-content-services-activemq-brokersecret +type: Opaque +--- +apiVersion: v1 +data: + METADATA_KEY_PASSWORD: b0tJV3pWZEVkQQ== + METADATA_KEYSTORE_PASSWORD: bXA2eWMwVUQ5ZQ== +kind: Secret +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-metadata-keystore-secret +type: Opaque +--- +apiVersion: v1 +data: + REPO_ADMIN_PASSWORD: MjA5YzYxNzRkYTQ5MGNhZWI0MjJmM2ZhNWE3YWU2MzQ= +kind: Secret +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository-secret +type: Opaque +--- +apiVersion: v1 +data: + ELASTICSEARCH_PASSWORD: "" + ELASTICSEARCH_USERNAME: "" +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: activemq + app.kubernetes.io/version: 5.17.4 + helm.sh/chart: activemq-3.1.0 + name: alfresco-content-services-activemq-broker +spec: + ports: + - name: stomp + port: 61613 + protocol: TCP + targetPort: 61613 + - name: openwire + port: 61616 + protocol: TCP + targetPort: 61616 + - name: amqp + port: 5672 + protocol: TCP + targetPort: 5672 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: activemq + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: activemq + app.kubernetes.io/version: 5.17.4 + helm.sh/chart: activemq-3.1.0 + name: alfresco-content-services-activemq-web-console +spec: + ports: + - name: web-console + port: 8161 + protocol: TCP + targetPort: 8161 + selector: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: activemq + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-imagemagick +spec: + ports: + - name: imagemagick + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-imagemagick + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-libreoffice +spec: + ports: + - name: libreoffice + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-libreoffice + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-pdfrenderer +spec: + ports: + - name: pdfrenderer + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-pdfrenderer + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository +spec: + ports: + - name: alfresco + port: 80 + targetPort: 8080 + selector: + app: alfresco-content-services-alfresco-cs-repository + component: repository + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share +spec: + ports: + - name: share + port: 80 + targetPort: 8080 + selector: + app: alfresco-content-services-alfresco-cs-share + component: share + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-tika + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-tika +spec: + ports: + - name: tika + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-tika + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-transform-misc +spec: + ports: + - name: transformmisc + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-transform-misc + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-filestore + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-filestore +spec: + ports: + - name: filestore + port: 80 + targetPort: 8099 + selector: + app: alfresco-content-services-alfresco-filestore + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-router + chart: alfresco-content-services-6.0.2 + component: transformrouter + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-router +spec: + ports: + - name: transform-router + port: 80 + protocol: TCP + targetPort: 8095 + selector: + app: alfresco-content-services-alfresco-router + component: transformrouter + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: activemq-default-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + volumeMode: Filesystem +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: filestore-default-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + volumeMode: Filesystem +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: activemq + app.kubernetes.io/version: 5.17.4 + helm.sh/chart: activemq-3.1.0 + name: alfresco-content-services-activemq +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: activemq + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: activemq + spec: + containers: + - env: + - name: ACTIVEMQ_CONFIG_MINMEMORY + value: "512" + - name: ACTIVEMQ_CONFIG_MAXMEMORY + value: "2048" + - name: ACTIVEMQ_BROKER_NAME + value: alfresco-content-services-activemq + - name: ACTIVEMQ_ADMIN_LOGIN + valueFrom: + secretKeyRef: + key: BROKER_USERNAME + name: alfresco-content-services-activemq-brokersecret + - name: ACTIVEMQ_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: BROKER_PASSWORD + name: alfresco-content-services-activemq-brokersecret + image: alfresco/alfresco-activemq:5.17.4-jre17-rockylinux8 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + tcpSocket: + port: 61616 + timeoutSeconds: 1 + name: activemq + ports: + - containerPort: 61613 + name: stomp + - containerPort: 61616 + name: openwire + - containerPort: 5672 + name: amqp + - containerPort: 8161 + name: web-console + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + tcpSocket: + port: 61616 + timeoutSeconds: 1 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.25" + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/activemq/data + name: data + subPath: alfresco-infrastructure/activemq-data + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 33031 + terminationGracePeriodSeconds: 1 + volumes: + - name: data + persistentVolumeClaim: + claimName: activemq-default-pvc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-imagemagick +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-imagemagick + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 77504232107df28e3fae1cd91fdc37518dfa5229d21f73e2058e526d7ad89c6b + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-imagemagick + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-imagemagick + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-imagemagick-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: alfresco/alfresco-imagemagick:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 1000Mi + requests: + cpu: "0.5" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33002 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-libreoffice +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-libreoffice + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: c29b71fae340444799e63ddc2280c00de4c990a3dad047c0ebe70685ef7ab89c + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-libreoffice + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-libreoffice + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-libreoffice-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: alfresco/alfresco-libreoffice:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 1000Mi + requests: + cpu: "0.5" + memory: 400Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33003 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-pdfrenderer +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: e61eca295784c0d562e9f9e3fa9e70f707291420af8c0ac90b668d14b76b628f + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-pdfrenderer + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-pdfrenderer + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-pdfrenderer-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: alfresco/alfresco-pdf-renderer:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 1000Mi + requests: + cpu: "0.25" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33001 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-repository + component: repository + release: alfresco-content-services + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/config: d955f674815090f6eeb81d81622cc02d896f030bdbf1bc89f53335ff61aae588 + checksum/secretDatabase: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secretS3: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app: alfresco-content-services-alfresco-cs-repository + component: repository + release: alfresco-content-services + spec: + containers: + - envFrom: + - secretRef: + name: rds-instance-output + - secretRef: + name: s3-bucket-output + - secretRef: + name: alfresco-content-services-alfresco-cs-metadata-keystore-secret + - secretRef: + name: acs-alfresco-cs-brokersecret + - secretRef: + name: alfresco-content-services-alfresco-cs-repository-secret + - configMapRef: + name: alfresco-content-services-alfresco-cs-repository-configmap + image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository:release_7.3.2_elasticsearch-r5.0.2-content-latest + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - sleep 20 + livenessProbe: + failureThreshold: 1 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-live- + port: 8080 + initialDelaySeconds: 130 + periodSeconds: 20 + timeoutSeconds: 15 + name: alfresco-content-services + ports: + - containerPort: 8080 + - containerPort: 5701 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 3000Mi + requests: + cpu: "1" + memory: 1500Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + startupProbe: + failureThreshold: 10 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- + port: 8080 + periodSeconds: 30 + volumeMounts: + - mountPath: /usr/local/tomcat/alf_data + name: data + subPath: alfresco-content-services/repository-data + - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/license/ + name: acs-license + imagePullSecrets: + - name: quay-registry-secret + initContainers: null + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 33000 + volumes: + - emptyDir: + sizeLimit: 20Gi + name: data + - name: acs-license + secret: + defaultMode: 256 + secretName: alfresco-license + - configMap: + name: custom-pipeline-config + optional: true + name: custom-pipeline-config-volume + - configMap: + name: custom-rendition-config + optional: true + name: custom-rendition-config-volume + - configMap: + name: custom-mimetype-config + optional: true + name: custom-mimetype-config-volume + - configMap: + name: custom-queryset-config + optional: true + name: custom-queryset-config-volume +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + checkov.io/skip1: CKV_K8S_23=Requires APPS-1832 first + checkov.io/skip2: CKV_K8S_40=Requires APPS-1832 first + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-share + component: share + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 428c2ba2026a88cc7763ac0c1772943157c8a4822def1efc76743b72b74a19f8 + labels: + app: alfresco-content-services-alfresco-cs-share + component: share + release: alfresco-content-services + spec: + containers: + - envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-share-configmap + image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share:release_7.3.2_elasticsearch-r5.0.2-share-latest + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - sleep 20 + livenessProbe: + failureThreshold: 1 + httpGet: + path: /share + port: 8080 + initialDelaySeconds: 200 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: /share + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 15 + resources: + limits: + cpu: "4" + memory: 2000Mi + requests: + cpu: "1" + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 65534 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-tika + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-tika +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-tika + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 4ce771746eed38f9cac09952793879c40330a2f75a60d4008c84810fe870eb58 + labels: + app: alfresco-content-services-alfresco-cs-tika + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-tika + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-tika + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-tika-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: alfresco/alfresco-tika:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 60 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: "0.25" + memory: 600Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33004 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-transform-misc +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-transform-misc + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: c44dc1b790fba68833f95ffeecc6878f057f3dd629b3a44a44b2a8ad1a517119 + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-transform-misc + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-transform-misc + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-transform-misc-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: alfresco/alfresco-transform-misc:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 1000Mi + requests: + cpu: "0.25" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33006 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-filestore + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-filestore +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-filestore + component: transformers + release: alfresco-content-services + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/config: 934e365b21db873604fd6ac49595dfd1b1f60f86622c70ed3203cc9c3b4ee0bd + labels: + app: alfresco-content-services-alfresco-filestore + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-filestore + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-filestore + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: scheduler.content.age.millis + value: "518400000" + - name: scheduler.cleanup.interval + value: "259200000" + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-filestore-configmap + image: ghcr.io/ministryofjustice/hmpps-delius-alfresco-shared-file-store:2.1.2-4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8099 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8099 + readinessProbe: + httpGet: + path: /ready + port: 8099 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 2000Mi + requests: + cpu: "0.25" + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp/Alfresco + name: data + subPath: alfresco-content-services/filestore-data + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 33030 + volumes: + - name: data + persistentVolumeClaim: + claimName: filestore-default-pvc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-router + chart: alfresco-content-services-6.0.2 + component: transformrouter + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-router +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-router + component: transformrouter + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: fb79f6128a708bde1b33453f31a1256968707e33ada087e455905c133a62c1f1 + checksum/config-routes: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app: alfresco-content-services-alfresco-router + component: transformrouter + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-router + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-router + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-router-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: quay.io/alfresco/alfresco-transform-router:2.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /actuator/health + port: 8095 + initialDelaySeconds: 140 + periodSeconds: 120 + timeoutSeconds: 60 + name: alfresco-content-services + ports: + - containerPort: 8095 + readinessProbe: + httpGet: + path: /actuator/health + port: 8095 + initialDelaySeconds: 140 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "1" + memory: 512Mi + requests: + cpu: "0.25" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33016 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-content +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "200" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-content:3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-content + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-mediation +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-mediation:3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-mediation + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-metadata +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-metadata:3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-metadata + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-path +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: acs-alfresco-cs-brokersecret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-path:3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-path + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + external-dns.alpha.kubernetes.io/aws-weight: "100" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfrsco-poc-green + kubernetes.io/ingress.class: default + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: 5g + nginx.ingress.kubernetes.io/proxy-read-timeout: "200" + nginx.ingress.kubernetes.io/proxy-send-timeout: "200" + nginx.ingress.kubernetes.io/server-snippet: | + location ~ ^/.*/(wc)?s(ervice)?/api/solr/.*$ {return 403;} + location ~ ^/.*/proxy/.*/api/solr/.*$ {return 403;} + location ~ ^/.*/-default-/proxy/.*/api/.*$ {return 403;} + location ~ ^/.*/s/prometheus$ {return 403;} + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-name: alf_affinity_route + nginx.ingress.kubernetes.io/whitelist-source-range: 35.176.126.163,35.178.162.73,52.56.195.113,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32 + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository +spec: + ingressClassName: default + rules: + - host: hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-cs-repository + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-cs-repository + port: + number: 80 + path: /api-explorer + pathType: Prefix + tls: + - hosts: + - hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + external-dns.alpha.kubernetes.io/aws-weight: "100" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfrsco-poc-green + kubernetes.io/ingress.class: default + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri = "/") { + return 301 /share/page/; + } + nginx.ingress.kubernetes.io/proxy-body-size: 5g + nginx.ingress.kubernetes.io/server-snippet: | + location ~ ^/.*/(wc)?s(ervice)?/api/solr/.*$ {return 403;} + location ~ ^/.*/proxy/.*/api/solr/.*$ {return 403;} + location ~ ^/.*/-default-/proxy/.*/api/.*$ {return 403;} + location ~ ^/.*/s/prometheus$ {return 403;} + nginx.ingress.kubernetes.io/session-cookie-expires: "604800" + nginx.ingress.kubernetes.io/session-cookie-max-age: "604800" + nginx.ingress.kubernetes.io/session-cookie-name: alfrescoShare + nginx.ingress.kubernetes.io/session-cookie-path: /share + nginx.ingress.kubernetes.io/whitelist-source-range: 35.176.126.163,35.178.162.73,52.56.195.113,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32,34.241.149.106/32,52.210.79.20/32,54.228.134.38/32 + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share +spec: + ingressClassName: default + rules: + - host: share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-cs-share + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-cs-share + port: + number: 80 + path: /share/page/ + pathType: Prefix + tls: + - hosts: + - share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + secretName: share-ingress-cert diff --git a/kustomize/poc/patch-ingress-repository.yaml b/kustomize/poc/patch-ingress-repository.yaml index 5c5ca2a..42e71e5 100644 --- a/kustomize/poc/patch-ingress-repository.yaml +++ b/kustomize/poc/patch-ingress-repository.yaml @@ -1,9 +1,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfrsco-poc-green + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfrsco-poc-green nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: /api-explorer diff --git a/kustomize/poc/patch-ingress-share.yaml b/kustomize/poc/patch-ingress-share.yaml index 653684b..234f667 100644 --- a/kustomize/poc/patch-ingress-share.yaml +++ b/kustomize/poc/patch-ingress-share.yaml @@ -1,9 +1,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfrsco-poc-green + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfrsco-poc-green nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share port: number: 80 path: /share/page/ diff --git a/kustomize/poc/values.yaml b/kustomize/poc/values.yaml index 81561c7..451a2ae 100644 --- a/kustomize/poc/values.yaml +++ b/kustomize/poc/values.yaml @@ -1,22 +1,17 @@ # this file overrides values defined in ./values.yaml -repository: - replicaCount: 1 +alfresco-repository: + replicaCount: 2 image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository tag: release_7.3.2_elasticsearch-r5.0.2-content-latest share: replicaCount: 1 image: - tag: release_7.3.2_elasticsearch-r5.0.2-share-latest -filestore: - replicaCount: 1 -externalHost: hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk -externalProtocol: https + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share + tag: release_7.3.2_elasticsearch-r5.0.2-chart-7.0.3-share-latest externalPort: 443 -activemq: - enabled: true -messageBroker: - existingSecretName: null - secretName: acs-alfresco-cs-brokersecret -alfresco-search-enterprise: - messageBroker: - existingSecretName: acs-alfresco-cs-brokersecret +global: + known_urls: + - https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + - https://share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + - https://alf-sfs.dev.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk diff --git a/kustomize/preprod/alf-prop-config-map.yaml b/kustomize/preprod/alf-prop-config-map.yaml index c7a1c01..4f19c13 100644 --- a/kustomize/preprod/alf-prop-config-map.yaml +++ b/kustomize/preprod/alf-prop-config-map.yaml @@ -6,14 +6,14 @@ data: alfresco-global.properties: | deployment.method=HELM_CHART alfresco.cluster.enabled=true - alfresco.host=hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + alfresco.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk alfresco.protocol=https alfresco.port=443 - aos.baseUrlOverwrite=https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos - csrf.filter.origin=https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk - csrf.filter.referer=https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk/.* + aos.baseUrlOverwrite=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + csrf.filter.origin=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + csrf.filter.referer=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/.* share.protocol=https - share.host=hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + share.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk share.port=443 local.transform.service.enabled=true transform.service.enabled=false diff --git a/kustomize/preprod/patch-ingress-repository.yaml b/kustomize/preprod/patch-ingress-repository.yaml index 7ff5f4e..34b3ff0 100644 --- a/kustomize/preprod/patch-ingress-repository.yaml +++ b/kustomize/preprod/patch-ingress-repository.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-repository annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: - host: hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/preprod/patch-ingress-share.yaml b/kustomize/preprod/patch-ingress-share.yaml index d896720..2f22313 100644 --- a/kustomize/preprod/patch-ingress-share.yaml +++ b/kustomize/preprod/patch-ingress-share.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-share annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: - host: share.hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/stage/alf-prop-config-map.yaml b/kustomize/stage/alf-prop-config-map.yaml new file mode 100644 index 0000000..d622319 --- /dev/null +++ b/kustomize/stage/alf-prop-config-map.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alf-prop-config-map +data: + alfresco-global.properties: | + deployment.method=HELM_CHART + alfresco.cluster.enabled=true + alfresco.host=hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + alfresco.protocol=https + alfresco.port=443 + aos.baseUrlOverwrite=https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + csrf.filter.origin=https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + csrf.filter.referer=https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk/.* + share.protocol=https + share.host=hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + share.port=443 + local.transform.service.enabled=true + transform.service.enabled=false + localTransform.core-aio.url= + localTransform.pdfrenderer.url=http://alfresco-content-services-pdfrenderer + localTransform.imagemagick.url=http://alfresco-content-services-imagemagick + localTransform.libreoffice.url=http://alfresco-content-services-libreoffice + localTransform.tika.url=http://alfresco-content-services-tika + localTransform.misc.url=http://alfresco-content-services-transform-misc + events.subsystem.autoStart=false + + #Zaizi additions + zaizi.noms.root.folder=NOMS + zaizi.noms.crn.pattern=([A-Z])([0-9]{3})([0-9]{3}) + zaizi.noms.invalidCharacters=\\/:*\"\"<>|?!$#%^& + + spg.ndelius.users=N00 + spg.crc.users=C01,C02,C03,C04,C05,C06,C07,C08,C09,C10,C11,C12,C13,C14,C15,C16,C17,C18,C19,C20,C21,C22,C23 + + # The User to Schema Cache + cache.spgUserToSchemaVersionCache.tx.maxItems=100 + cache.spgUserToSchemaVersionCache.tx.statsEnabled=${caches.tx.statsEnabled} + cache.spgUserToSchemaVersionCache.maxItems=500 + cache.spgUserToSchemaVersionCache.timeToLiveSeconds=0 + cache.spgUserToSchemaVersionCache.maxIdleSeconds=0 + cache.spgUserToSchemaVersionCache.cluster.type=local + cache.spgUserToSchemaVersionCache.backup-count=1 + cache.spgUserToSchemaVersionCache.eviction-policy=LRU + cache.spgUserToSchemaVersionCache.eviction-percentage=25 + cache.spgUserToSchemaVersionCache.merge-policy=hz.ADD_NEW_ENTRY + cache.spgUserToSchemaVersionCache.readBackupData=false + cache.spgUserToSchemaVersionCache.cluster.type=invalidating + + # Notify when a messaging to be sent to MPX taking morethan specified time. Value is in milliseconds. + message.mpx.log.messageSendingTakenMorethan=1000 + + zaizi.noms.mpx.schema.version=0-9-9 + zaizi.noms.mpx.schema.date=2016-09-05 + messaging.events.nspg.schema=classpath:SPG-XML_Message_Root-V0-9-9.xsd + + zaizi.noms.mpx.schema2.version=0-9-10 + zaizi.noms.mpx.schema2.date=2017-03-30 + messaging.events.nspg2.schema=classpath:SPG-XML_Message_Root-V0-9-10-2.xsd + + zaizi.noms.mpx.schema.911.version=0-9-11 + zaizi.noms.mpx.schema.911.date=2017-09-04 + messaging.events.nspg.911.schema=classpath:SPG-XML_Message_Root-V0-9-11.xsd + + zaizi.noms.mpx.schema.912.version=0-9-12 + zaizi.noms.mpx.schema.912.date=2017-12-05 + messaging.events.nspg.912.schema=classpath:SPG-XML_Message_Root-V0-9-12.xsd + + zaizi.noms.mpx.schema.913.version=0-9-13 + zaizi.noms.mpx.schema.913.date=2018-02-08 + messaging.events.nspg.913.schema=classpath:SPG-XML_Message_Root-V0-9-13.xsd + + zaizi.noms.mpx.schema.914.version=0-9-14 + zaizi.noms.mpx.schema.914.date=2019-10-21 + messaging.events.nspg.914.schema=classpath:SPG-XML_Message_Root-V0-9-14.xsd + + # NSPG Administration Groups Patch + patch.nspg.administration.deferred=false + patch.nspg.administration.roles.cronExpression=0 0 0 ? 1 1 2030 + patch.nspg.administration.roles.startDelay=0 diff --git a/kustomize/stage/kustomization.yaml b/kustomize/stage/kustomization.yaml index 757ef78..4ed2cda 100644 --- a/kustomize/stage/kustomization.yaml +++ b/kustomize/stage/kustomization.yaml @@ -3,8 +3,9 @@ kind: Kustomization resources: - ../base + - alf-prop-config-map.yaml patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - - path: patch-filestore-pvc.yaml + - path: patch-infra-config-map.yaml diff --git a/kustomize/stage/output.yaml b/kustomize/stage/output.yaml new file mode 100644 index 0000000..8efe1b0 --- /dev/null +++ b/kustomize/stage/output.yaml @@ -0,0 +1,1920 @@ +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "150" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "900" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-imagemagick-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "250" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "99999" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-libreoffice-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "150" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1200" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-pdfrenderer-configmap +--- +apiVersion: v1 +data: + ALFRESCO_OPTS: -Ddeployment.method=HELM_CHART -Dalfresco.cluster.enabled=true -Ddir.license.external=/usr/local/tomcat/shared/classes/alfresco/extension/license/ + -Dalfresco.host=hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + -Dalfresco.protocol=https -Dalfresco.port=443 -Daos.baseUrlOverwrite=https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + -Dcsrf.filter.origin=https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + -Dcsrf.filter.referer=https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk/.* + -Dshare.protocol=https -Dshare.host=hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + -Dshare.port=443 -Delasticsearch.host=opensearch-proxy-service-cloud-platform-e1d78cac.hmpps-delius-alfresco-stage.svc.cluster.local + -Delasticsearch.port=8080 -Delasticsearch.user= -Delasticsearch.password= -Delasticsearch.createIndexIfNotExists=true + -Delasticsearch.indexName=alfresco -Dindex.subsystem.name=elasticsearch -Dtransform.service.url=http://alfresco-content-services-alfresco-router + -Dsfs.url=http://alfresco-content-services-alfresco-filestore:80 -DlocalTransform.core-aio.url= + -DlocalTransform.pdfrenderer.url=http://alfresco-content-services-alfresco-cs-pdfrenderer + -DlocalTransform.imagemagick.url=http://alfresco-content-services-alfresco-cs-imagemagick + -DlocalTransform.libreoffice.url=http://alfresco-content-services-alfresco-cs-libreoffice + -DlocalTransform.tika.url=http://alfresco-content-services-alfresco-cs-tika -DlocalTransform.misc.url=http://alfresco-content-services-alfresco-cs-transform-misc + -Dalfresco-pdf-renderer.url=http://alfresco-content-services-alfresco-cs-pdfrenderer + -Dimg.url=http://alfresco-content-services-alfresco-cs-imagemagick -Djodconverter.url=http://alfresco-content-services-alfresco-cs-libreoffice + -Dtika.url=http://alfresco-content-services-alfresco-cs-tika -Dtransform.misc.url=http://alfresco-content-services-alfresco-cs-transform-misc + -Ds3.bucketLocation=eu-west-2 -Ds3.bucketName=cloud-platform-ec9b74a5eca301ab5dc8b8461b99d5c2 + -Devents.subsystem.autoStart=false + CATALINA_OPTS: $ALFRESCO_OPTS -Ddb.driver=org.postgresql.Driver -Ddb.url=jdbc:postgresql://cloud-platform-43f547bdfa94ce12.cdwm328dlye6.eu-west-2.rds.amazonaws.com:5432/alfresco + -Ddb.username=$DATABASE_USERNAME -Ddb.password=$DATABASE_PASSWORD -Ds3.accessKey=$ACCESSKEY + -Ds3.secretKey=$SECRETKEY -Dmetadata-keystore.password=$METADATA_KEYSTORE_PASSWORD + -Dmetadata-keystore.metadata.password=$METADATA_KEY_PASSWORD -Dmessaging.broker.url=$BROKER_URL + -Dmessaging.broker.username=$BROKER_USERNAME -Dmessaging.broker.password=$BROKER_PASSWORD + -Dencryption.ssl.truststore.location=$JAVA_HOME/lib/security/cacerts -Dalfresco_user_store.adminpassword=$REPO_ADMIN_PASSWORD + JAVA_OPTS: -Dindex.subsystem.name=elasticsearch -Delasticsearch.indexName=alfresco + -Delasticsearch.createIndexIfNotExists=true -Dtransform.service.enabled=true -XX:MinRAMPercentage=50 + -XX:MaxRAMPercentage=80 -Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.algorithm=DESede + -Dsystem.workflow.engine.activiti.enabled=false -Dsystem.prop_table_cleaner.algorithm=V2 + -Dsystem.delete_not_exists.read_only=false -Dsystem.delete_not_exists.timeout_seconds=3600 + -Dfilecontentstore.subsystem.name=S3 -Ds3.flatRoot=false + RELEASE_NAME: alfresco-content-services +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository-configmap +--- +apiVersion: v1 +data: + CATALINA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + CSRF_FILTER_ORIGIN: https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + CSRF_FILTER_REFERER: https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk/.* + JAVA_OPTS: -Dalfresco.proxy=https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + REPO_HOST: alfresco-content-services-alfresco-cs-repository + REPO_PORT: "80" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -Xms1024M -Xmx1638M + livenessPercent: "400" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-tika + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-tika-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "400" + livenessTransformPeriodSeconds: "600" + maxTransformSeconds: "1800" + maxTransforms: "10000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-transform-misc-configmap +--- +apiVersion: v1 +data: + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + livenessPercent: "150" + livenessSavePeriodSeconds: "600" + scheduler.cleanup.interval: "86400000" + scheduler.content.age.millis: "86400000" +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-filestore + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-filestore-configmap +--- +apiVersion: v1 +data: + FILE_STORE_URL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file + IMAGEMAGICK_URL: http://alfresco-content-services-alfresco-cs-imagemagick:80 + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + LIBREOFFICE_URL: http://alfresco-content-services-alfresco-cs-libreoffice:80 + MISC_URL: http://alfresco-content-services-alfresco-cs-transform-misc:80 + PDF_RENDERER_URL: http://alfresco-content-services-alfresco-cs-pdfrenderer:80 + TIKA_URL: http://alfresco-content-services-alfresco-cs-tika:80 +kind: ConfigMap +metadata: + labels: + app: alfresco-content-services-alfresco-router + chart: alfresco-content-services-6.0.2 + component: transformrouter + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-router-configmap +--- +apiVersion: v1 +data: + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_ENABLED: "true" + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_REFRESHTIME: 0 0 * * * * + ALFRESCO_PATHINDEXINGCOMPONENT_ENABLED: "true" + ALFRESCO_SHAREDFILESTORE_BASEURL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ELASTICSEARCH_INDEXNAME: alfresco + SPRING_ELASTICSEARCH_REST_URIS: http://opensearch-proxy-service-cloud-platform-e1d78cac.hmpps-delius-alfresco-stage.svc.cluster.local:8080 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-configmap +--- +apiVersion: v1 +data: + METADATA_KEY_PASSWORD: b0tJV3pWZEVkQQ== + METADATA_KEYSTORE_PASSWORD: bXA2eWMwVUQ5ZQ== +kind: Secret +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-metadata-keystore-secret +type: Opaque +--- +apiVersion: v1 +data: + REPO_ADMIN_PASSWORD: MjA5YzYxNzRkYTQ5MGNhZWI0MjJmM2ZhNWE3YWU2MzQ= +kind: Secret +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository-secret +type: Opaque +--- +apiVersion: v1 +data: + ELASTICSEARCH_PASSWORD: "" + ELASTICSEARCH_USERNAME: "" +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-imagemagick +spec: + ports: + - name: imagemagick + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-imagemagick + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-libreoffice +spec: + ports: + - name: libreoffice + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-libreoffice + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-pdfrenderer +spec: + ports: + - name: pdfrenderer + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-pdfrenderer + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository +spec: + ports: + - name: alfresco + port: 80 + targetPort: 8080 + selector: + app: alfresco-content-services-alfresco-cs-repository + component: repository + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share +spec: + ports: + - name: share + port: 80 + targetPort: 8080 + selector: + app: alfresco-content-services-alfresco-cs-share + component: share + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-tika + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-tika +spec: + ports: + - name: tika + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-tika + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-transform-misc +spec: + ports: + - name: transformmisc + port: 80 + targetPort: 8090 + selector: + app: alfresco-content-services-alfresco-cs-transform-misc + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-filestore + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-filestore +spec: + ports: + - name: filestore + port: 80 + targetPort: 8099 + selector: + app: alfresco-content-services-alfresco-filestore + component: transformers + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alfresco-content-services-alfresco-router + chart: alfresco-content-services-6.0.2 + component: transformrouter + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-router +spec: + ports: + - name: transform-router + port: 80 + protocol: TCP + targetPort: 8095 + selector: + app: alfresco-content-services-alfresco-router + component: transformrouter + release: alfresco-content-services + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: filestore-default-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 4000Gi + volumeMode: Filesystem +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-imagemagick +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-imagemagick + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 77504232107df28e3fae1cd91fdc37518dfa5229d21f73e2058e526d7ad89c6b + labels: + app: alfresco-content-services-alfresco-cs-imagemagick + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-imagemagick + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-imagemagick + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-imagemagick-configmap + - secretRef: + name: amazon-mq-broker-secret + image: alfresco/alfresco-imagemagick:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 1000Mi + requests: + cpu: "0.5" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33002 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-libreoffice +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-libreoffice + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: c29b71fae340444799e63ddc2280c00de4c990a3dad047c0ebe70685ef7ab89c + labels: + app: alfresco-content-services-alfresco-cs-libreoffice + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-libreoffice + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-libreoffice + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-libreoffice-configmap + - secretRef: + name: amazon-mq-broker-secret + image: alfresco/alfresco-libreoffice:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "4" + memory: 1000Mi + requests: + cpu: "0.5" + memory: 400Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33003 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-pdfrenderer +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: e61eca295784c0d562e9f9e3fa9e70f707291420af8c0ac90b668d14b76b628f + labels: + app: alfresco-content-services-alfresco-cs-pdfrenderer + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-pdfrenderer + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-pdfrenderer + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-pdfrenderer-configmap + - secretRef: + name: amazon-mq-broker-secret + image: alfresco/alfresco-pdf-renderer:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 1000Mi + requests: + cpu: "0.25" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33001 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository +spec: + replicas: 10 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-repository + component: repository + release: alfresco-content-services + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/config: 280f0005a6663065acc24fb8c05a72733405572f05069cda8a6e2f19abb978d3 + checksum/secretDatabase: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secretS3: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app: alfresco-content-services-alfresco-cs-repository + component: repository + release: alfresco-content-services + spec: + containers: + - envFrom: + - secretRef: + name: rds-instance-output + - secretRef: + name: s3-bucket-output + - secretRef: + name: alfresco-content-services-alfresco-cs-metadata-keystore-secret + - secretRef: + name: amazon-mq-broker-secret + - secretRef: + name: alfresco-content-services-alfresco-cs-repository-secret + - configMapRef: + name: alfresco-content-services-alfresco-cs-repository-configmap + image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository:release_7.3.2_elasticsearch-r5.0.2-content-latest + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - sleep 20 + livenessProbe: + failureThreshold: 1 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-live- + port: 8080 + initialDelaySeconds: 130 + periodSeconds: 20 + timeoutSeconds: 15 + name: alfresco-content-services + ports: + - containerPort: 8080 + - containerPort: 5701 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + resources: + limits: + cpu: 4 + memory: 10Gi + requests: + cpu: 1 + memory: 6Gi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + startupProbe: + failureThreshold: 10 + httpGet: + path: /alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- + port: 8080 + periodSeconds: 30 + volumeMounts: + - mountPath: /usr/local/tomcat/alf_data + name: data + subPath: alfresco-content-services/repository-data + - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/license/ + name: acs-license + imagePullSecrets: + - name: quay-registry-secret + initContainers: null + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 33000 + volumes: + - emptyDir: + sizeLimit: 100Gi + name: data + - name: acs-license + secret: + defaultMode: 256 + secretName: alfresco-license + - configMap: + name: custom-pipeline-config + optional: true + name: custom-pipeline-config-volume + - configMap: + name: custom-rendition-config + optional: true + name: custom-rendition-config-volume + - configMap: + name: custom-mimetype-config + optional: true + name: custom-mimetype-config-volume + - configMap: + name: custom-queryset-config + optional: true + name: custom-queryset-config-volume +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + checkov.io/skip1: CKV_K8S_23=Requires APPS-1832 first + checkov.io/skip2: CKV_K8S_40=Requires APPS-1832 first + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-share + component: share + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 0209ab90e57cd3c2bff5d6dcc5c5268829ebebf38b0bbcea6bdc940002e4f00d + labels: + app: alfresco-content-services-alfresco-cs-share + component: share + release: alfresco-content-services + spec: + containers: + - envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-share-configmap + image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share:release_7.3.2_elasticsearch-r5.0.2-share-latest + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - sleep 20 + livenessProbe: + failureThreshold: 1 + httpGet: + path: /share + port: 8080 + initialDelaySeconds: 200 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: /share + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 15 + resources: + limits: + cpu: "4" + memory: 2000Mi + requests: + cpu: "1" + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 65534 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-tika + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-tika +spec: + replicas: 8 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-tika + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 4ce771746eed38f9cac09952793879c40330a2f75a60d4008c84810fe870eb58 + labels: + app: alfresco-content-services-alfresco-cs-tika + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-tika + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-tika + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-tika-configmap + - secretRef: + name: amazon-mq-broker-secret + image: alfresco/alfresco-tika:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 60 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: "0.25" + memory: 600Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33004 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-transform-misc +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-cs-transform-misc + component: transformers + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: c44dc1b790fba68833f95ffeecc6878f057f3dd629b3a44a44b2a8ad1a517119 + labels: + app: alfresco-content-services-alfresco-cs-transform-misc + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-transform-misc + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-cs-transform-misc + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-cs-transform-misc-configmap + - secretRef: + name: amazon-mq-broker-secret + image: alfresco/alfresco-transform-misc:3.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8090 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /ready + port: 8090 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 1000Mi + requests: + cpu: "0.25" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33006 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-filestore + chart: alfresco-content-services-6.0.2 + component: transformers + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-filestore +spec: + replicas: 1 + selector: + matchLabels: + app: alfresco-content-services-alfresco-filestore + component: transformers + release: alfresco-content-services + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/config: 934e365b21db873604fd6ac49595dfd1b1f60f86622c70ed3203cc9c3b4ee0bd + labels: + app: alfresco-content-services-alfresco-filestore + component: transformers + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-filestore + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-filestore + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: scheduler.content.age.millis + value: "518400000" + - name: scheduler.cleanup.interval + value: "259200000" + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-filestore-configmap + image: ghcr.io/ministryofjustice/hmpps-delius-alfresco-shared-file-store:2.1.2-4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /live + port: 8099 + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: alfresco-content-services + ports: + - containerPort: 8099 + readinessProbe: + httpGet: + path: /ready + port: 8099 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 2000Mi + requests: + cpu: "0.25" + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp/Alfresco + name: data + subPath: alfresco-content-services/filestore-data + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 33030 + volumes: + - name: data + persistentVolumeClaim: + claimName: filestore-default-pvc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: alfresco-content-services-alfresco-router + chart: alfresco-content-services-6.0.2 + component: transformrouter + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-router +spec: + replicas: 12 + selector: + matchLabels: + app: alfresco-content-services-alfresco-router + component: transformrouter + release: alfresco-content-services + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: fb79f6128a708bde1b33453f31a1256968707e33ada087e455905c133a62c1f1 + checksum/config-routes: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app: alfresco-content-services-alfresco-router + component: transformrouter + release: alfresco-content-services + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-router + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 10 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alfresco-content-services-alfresco-router + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: ACTIVEMQ_URL + value: $(BROKER_URL) + - name: ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-router-configmap + - secretRef: + name: amazon-mq-broker-secret + image: quay.io/alfresco/alfresco-transform-router:2.0.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 1 + httpGet: + path: /actuator/health + port: 8095 + initialDelaySeconds: 140 + periodSeconds: 120 + timeoutSeconds: 60 + name: alfresco-content-services + ports: + - containerPort: 8095 + readinessProbe: + httpGet: + path: /actuator/health + port: 8095 + initialDelaySeconds: 140 + periodSeconds: 60 + timeoutSeconds: 10 + resources: + limits: + cpu: "2" + memory: 756Mi + requests: + cpu: "0.75" + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + imagePullSecrets: + - name: quay-registry-secret + securityContext: + runAsNonRoot: true + runAsUser: 33016 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-content +spec: + replicas: 8 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "200" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: amazon-mq-broker-secret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-content:3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-content + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-mediation +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: amazon-mq-broker-secret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-mediation:3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-mediation + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-metadata +spec: + replicas: 4 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: amazon-mq-broker-secret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-metadata:3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-metadata + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: alfresco-search-enterprise + app.kubernetes.io/version: 3.3.0 + helm.sh/chart: alfresco-search-enterprise-1.2.0 + name: alfresco-content-services-alfresco-search-enterprise-path +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + template: + metadata: + annotations: + checksum/secret-broker: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-database: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/secret-elasticsearch: 33982b5f025a1ffd247c4b02293a24e8211a8efdf19d96514ead79c07c330c8d + labels: + app.kubernetes.io/instance: alfresco-content-services + app.kubernetes.io/name: alfresco-search-enterprise + spec: + containers: + - env: + - name: JAVA_OPTS + value: -Dspring.activemq.packages.trustAll=true + - name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) + - name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) + - name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) + - name: SPRING_ELASTICSEARCH_REST_USERNAME + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_USERNAME + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + - name: SPRING_ELASTICSEARCH_REST_PASSWORD + valueFrom: + secretKeyRef: + key: ELASTICSEARCH_PASSWORD + name: alfresco-content-services-alfresco-search-enterprise-elasticsearch-secret + envFrom: + - configMapRef: + name: alfresco-content-services-alfresco-search-enterprise-configmap + - secretRef: + name: amazon-mq-broker-secret + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing-path:3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 300 + timeoutSeconds: 60 + name: alfresco-search-enterprise-path + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 60 + timeoutSeconds: 60 + resources: + limits: + cpu: "2" + memory: 2048Mi + requests: + cpu: "0.5" + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + - ALL + runAsNonRoot: true + imagePullSecrets: + - name: quay-registry-secret + securityContext: + fsGroupChangePolicy: OnRootMismatch + runAsNonRoot: true + runAsUser: 33099 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + external-dns.alpha.kubernetes.io/aws-weight: "100" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-stage-green + kubernetes.io/ingress.class: default + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: 5g + nginx.ingress.kubernetes.io/proxy-read-timeout: "200" + nginx.ingress.kubernetes.io/proxy-send-timeout: "200" + nginx.ingress.kubernetes.io/server-snippet: | + location ~ ^/.*/(wc)?s(ervice)?/api/solr/.*$ {return 403;} + location ~ ^/.*/proxy/.*/api/solr/.*$ {return 403;} + location ~ ^/.*/-default-/proxy/.*/api/.*$ {return 403;} + location ~ ^/.*/s/prometheus$ {return 403;} + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-name: alf_affinity_route + nginx.ingress.kubernetes.io/whitelist-source-range: 3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32 + labels: + app: alfresco-content-services-alfresco-cs-repository + chart: alfresco-content-services-6.0.2 + component: repository + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-repository +spec: + ingressClassName: default + rules: + - host: hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-cs-repository + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-cs-repository + port: + number: 80 + path: /api-explorer + pathType: Prefix + tls: + - hosts: + - hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + external-dns.alpha.kubernetes.io/aws-weight: "100" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-stage-green + kubernetes.io/ingress.class: default + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri = "/") { + return 301 /share/page/; + } + nginx.ingress.kubernetes.io/proxy-body-size: 5g + nginx.ingress.kubernetes.io/server-snippet: | + location ~ ^/.*/(wc)?s(ervice)?/api/solr/.*$ {return 403;} + location ~ ^/.*/proxy/.*/api/solr/.*$ {return 403;} + location ~ ^/.*/-default-/proxy/.*/api/.*$ {return 403;} + location ~ ^/.*/s/prometheus$ {return 403;} + nginx.ingress.kubernetes.io/session-cookie-expires: "604800" + nginx.ingress.kubernetes.io/session-cookie-max-age: "604800" + nginx.ingress.kubernetes.io/session-cookie-name: alfrescoShare + nginx.ingress.kubernetes.io/session-cookie-path: /share + nginx.ingress.kubernetes.io/whitelist-source-range: 3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32 + labels: + app: alfresco-content-services-alfresco-cs-share + chart: alfresco-content-services-6.0.2 + component: share + heritage: Helm + release: alfresco-content-services + name: alfresco-content-services-alfresco-cs-share +spec: + ingressClassName: default + rules: + - host: share.hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - backend: + service: + name: alfresco-content-services-alfresco-cs-share + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: alfresco-content-services-alfresco-cs-share + port: + number: 80 + path: /share/page/ + pathType: Prefix + tls: + - hosts: + - share.hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + secretName: share-ingress-cert diff --git a/kustomize/stage/patch-infra-config-map.yaml b/kustomize/stage/patch-infra-config-map.yaml new file mode 100644 index 0000000..2be0442 --- /dev/null +++ b/kustomize/stage/patch-infra-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alfresco-infrastructure +data: + SFS_URL: https://alf-sfs.stage.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/ + SFS_URL_API: https://alf-sfs.stage.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/stage/patch-ingress-repository.yaml b/kustomize/stage/patch-ingress-repository.yaml index 72bf8fd..bae48d0 100644 --- a/kustomize/stage/patch-ingress-repository.yaml +++ b/kustomize/stage/patch-ingress-repository.yaml @@ -1,9 +1,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-stage-green + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-stage-green nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: /api-explorer diff --git a/kustomize/stage/patch-ingress-share.yaml b/kustomize/stage/patch-ingress-share.yaml index 052ebae..7a555e3 100644 --- a/kustomize/stage/patch-ingress-share.yaml +++ b/kustomize/stage/patch-ingress-share.yaml @@ -1,9 +1,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-stage-green + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-stage-green nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-service-share port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share port: number: 80 path: /share/page/ diff --git a/kustomize/stage/values.yaml b/kustomize/stage/values.yaml index 1e2f7cd..9938eef 100644 --- a/kustomize/stage/values.yaml +++ b/kustomize/stage/values.yaml @@ -1,21 +1,7 @@ -# this file overrides values defined in ./values.yaml -repository: - # -- The startup probe to cover the worse case startup time for slow clusters - # startupProbe: - # periodSeconds: 30 - # failureThreshold: 40 - # readinessProbe: - # initialDelaySeconds: 60 - # periodSeconds: 30 - # timeoutSeconds: 15 - # failureThreshold: 40 # Increased from 6 to 12 - # livenessProbe: - # initialDelaySeconds: 260 # Increased from 130 to 260 - # periodSeconds: 20 - # timeoutSeconds: 15 - # failureThreshold: 40 +alfresco-repository: replicaCount: 10 image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository tag: release_7.3.2_elasticsearch-r5.0.2-content-latest resources: # requests and limits set closer together to ensure CP stability requests: @@ -27,30 +13,40 @@ repository: share: replicaCount: 1 image: - tag: release_7.3.2_elasticsearch-r5.0.2-share-latest -externalHost: hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share + tag: release_7.3.2_elasticsearch-r5.0.2-chart-7.0.3-share-latest externalProtocol: https externalPort: 443 -tika: - replicaCount: 8 - resources: - limits: - cpu: 2 - memory: 4Gi -transformrouter: - replicaCount: 12 - resources: - requests: - cpu: "0.75" - memory: "300Mi" - limits: - cpu: "2" - memory: "756Mi" alfresco-search-enterprise: liveIndexing: + # set in value-versions yaml content: - replicaCount: 8 - mediation: replicaCount: 4 metadata: - replicaCount: 4 + replicaCount: 2 + mediation: + replicaCount: 2 +alfresco-transform-service: + tika: + replicaCount: 8 + resources: + requests: + cpu: "0.5" + memory: "2048Mi" + limits: + cpu: "2" + memory: 6Gi + transformrouter: + replicaCount: 8 + resources: + requests: + cpu: "0.75" + memory: "512Mi" + limits: + cpu: "2" + memory: 2Gi +global: + known_urls: + - https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + - https://share.hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + - https://alf-sfs.stage.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk diff --git a/kustomize/test/alf-prop-config-map.yaml b/kustomize/test/alf-prop-config-map.yaml new file mode 100644 index 0000000..d622319 --- /dev/null +++ b/kustomize/test/alf-prop-config-map.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alf-prop-config-map +data: + alfresco-global.properties: | + deployment.method=HELM_CHART + alfresco.cluster.enabled=true + alfresco.host=hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + alfresco.protocol=https + alfresco.port=443 + aos.baseUrlOverwrite=https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + csrf.filter.origin=https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + csrf.filter.referer=https://hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk/.* + share.protocol=https + share.host=hmpps-delius-alfresco-stage.apps.live.cloud-platform.service.justice.gov.uk + share.port=443 + local.transform.service.enabled=true + transform.service.enabled=false + localTransform.core-aio.url= + localTransform.pdfrenderer.url=http://alfresco-content-services-pdfrenderer + localTransform.imagemagick.url=http://alfresco-content-services-imagemagick + localTransform.libreoffice.url=http://alfresco-content-services-libreoffice + localTransform.tika.url=http://alfresco-content-services-tika + localTransform.misc.url=http://alfresco-content-services-transform-misc + events.subsystem.autoStart=false + + #Zaizi additions + zaizi.noms.root.folder=NOMS + zaizi.noms.crn.pattern=([A-Z])([0-9]{3})([0-9]{3}) + zaizi.noms.invalidCharacters=\\/:*\"\"<>|?!$#%^& + + spg.ndelius.users=N00 + spg.crc.users=C01,C02,C03,C04,C05,C06,C07,C08,C09,C10,C11,C12,C13,C14,C15,C16,C17,C18,C19,C20,C21,C22,C23 + + # The User to Schema Cache + cache.spgUserToSchemaVersionCache.tx.maxItems=100 + cache.spgUserToSchemaVersionCache.tx.statsEnabled=${caches.tx.statsEnabled} + cache.spgUserToSchemaVersionCache.maxItems=500 + cache.spgUserToSchemaVersionCache.timeToLiveSeconds=0 + cache.spgUserToSchemaVersionCache.maxIdleSeconds=0 + cache.spgUserToSchemaVersionCache.cluster.type=local + cache.spgUserToSchemaVersionCache.backup-count=1 + cache.spgUserToSchemaVersionCache.eviction-policy=LRU + cache.spgUserToSchemaVersionCache.eviction-percentage=25 + cache.spgUserToSchemaVersionCache.merge-policy=hz.ADD_NEW_ENTRY + cache.spgUserToSchemaVersionCache.readBackupData=false + cache.spgUserToSchemaVersionCache.cluster.type=invalidating + + # Notify when a messaging to be sent to MPX taking morethan specified time. Value is in milliseconds. + message.mpx.log.messageSendingTakenMorethan=1000 + + zaizi.noms.mpx.schema.version=0-9-9 + zaizi.noms.mpx.schema.date=2016-09-05 + messaging.events.nspg.schema=classpath:SPG-XML_Message_Root-V0-9-9.xsd + + zaizi.noms.mpx.schema2.version=0-9-10 + zaizi.noms.mpx.schema2.date=2017-03-30 + messaging.events.nspg2.schema=classpath:SPG-XML_Message_Root-V0-9-10-2.xsd + + zaizi.noms.mpx.schema.911.version=0-9-11 + zaizi.noms.mpx.schema.911.date=2017-09-04 + messaging.events.nspg.911.schema=classpath:SPG-XML_Message_Root-V0-9-11.xsd + + zaizi.noms.mpx.schema.912.version=0-9-12 + zaizi.noms.mpx.schema.912.date=2017-12-05 + messaging.events.nspg.912.schema=classpath:SPG-XML_Message_Root-V0-9-12.xsd + + zaizi.noms.mpx.schema.913.version=0-9-13 + zaizi.noms.mpx.schema.913.date=2018-02-08 + messaging.events.nspg.913.schema=classpath:SPG-XML_Message_Root-V0-9-13.xsd + + zaizi.noms.mpx.schema.914.version=0-9-14 + zaizi.noms.mpx.schema.914.date=2019-10-21 + messaging.events.nspg.914.schema=classpath:SPG-XML_Message_Root-V0-9-14.xsd + + # NSPG Administration Groups Patch + patch.nspg.administration.deferred=false + patch.nspg.administration.roles.cronExpression=0 0 0 ? 1 1 2030 + patch.nspg.administration.roles.startDelay=0 diff --git a/kustomize/test/kustomization.yaml b/kustomize/test/kustomization.yaml index eaf31f0..4ed2cda 100644 --- a/kustomize/test/kustomization.yaml +++ b/kustomize/test/kustomization.yaml @@ -3,7 +3,9 @@ kind: Kustomization resources: - ../base + - alf-prop-config-map.yaml patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml + - path: patch-infra-config-map.yaml diff --git a/kustomize/test/patch-infra-config-map.yaml b/kustomize/test/patch-infra-config-map.yaml new file mode 100644 index 0000000..efa622e --- /dev/null +++ b/kustomize/test/patch-infra-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alfresco-infrastructure +data: + SFS_URL: https://alf-sfs.test.delius-core.hmpps-test.modernisation-platform.service.justice.gov.uk/ + SFS_URL_API: https://alf-sfs.test.delius-core.hmpps-test.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/test/patch-ingress-repository.yaml b/kustomize/test/patch-ingress-repository.yaml index 8af3ed6..f3aceb7 100644 --- a/kustomize/test/patch-ingress-repository.yaml +++ b/kustomize/test/patch-ingress-repository.yaml @@ -1,9 +1,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-test-green + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-test-green nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: /api-explorer diff --git a/kustomize/test/patch-ingress-share.yaml b/kustomize/test/patch-ingress-share.yaml index 7d36bd7..226170e 100644 --- a/kustomize/test/patch-ingress-share.yaml +++ b/kustomize/test/patch-ingress-share.yaml @@ -1,9 +1,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-test-green + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-test-green nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-service-share port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share port: number: 80 path: /share/page/ diff --git a/kustomize/test/values.yaml b/kustomize/test/values.yaml index fe51b9c..5ffcddc 100644 --- a/kustomize/test/values.yaml +++ b/kustomize/test/values.yaml @@ -1,27 +1,53 @@ # this file overrides values defined in ./values.yaml -repository: +alfresco-repository: + # -- The startup probe to cover the worse case startup time for slow clusters + # startupProbe: + # periodSeconds: 30 + # failureThreshold: 40 + # readinessProbe: + # initialDelaySeconds: 60 + # periodSeconds: 30 + # timeoutSeconds: 15 + # failureThreshold: 40 # Increased from 6 to 12 + # livenessProbe: + # initialDelaySeconds: 260 # Increased from 130 to 260 + # periodSeconds: 20 + # timeoutSeconds: 15 + # failureThreshold: 40 replicaCount: 2 image: - tag: release_7.3.2_elasticsearch-r5.0.1-content-latest + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository + tag: release_7.3.2_elasticsearch-r5.0.2-content-latest resources: # requests and limits set closer together to ensure CP stability requests: cpu: 1 memory: 2Gi limits: - cpu: 3 + cpu: 2 memory: 4Gi - persistence: - baseSize: 100Gi share: replicaCount: 1 image: - tag: release_7.3.2_elasticsearch-r5.0.1-share-latest -externalHost: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share + tag: release_7.3.2_elasticsearch-r5.0.2-chart-7.0.3-share-latest externalProtocol: https externalPort: 443 -tika: - replicaCount: 2 - resources: - limits: - cpu: 2 - memory: 2Gi +alfresco-search-enterprise: + liveIndexing: + # set in value-versions yaml + content: + replicaCount: 4 + metadata: + replicaCount: 2 + mediation: + replicaCount: 2 +alfresco-transform-service: + tika: + replicaCount: 2 + transformrouter: + replicaCount: 2 +global: + known_urls: + - https://hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk + - https://share.hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk + - https://alf-sfs.test.delius-core.hmpps-testuction.modernisation-platform.service.justice.gov.uk diff --git a/rules.yaml b/rules.yaml new file mode 100644 index 0000000..4214da9 --- /dev/null +++ b/rules.yaml @@ -0,0 +1,219 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + creationTimestamp: "2025-01-07T20:24:38Z" + generation: 1 + labels: + role: alert-rules + name: prometheus-custom-rules-alfresco + namespace: hmpps-delius-alfresco-stage + resourceVersion: "2806395382" + uid: ab91b16a-80f3-4ccb-932c-f8e0346e83a2 +spec: + groups: + - name: application-rules + rules: + - alert: repositoryDeploymentOver75PctCpuUsage + annotations: + message: repository Deployment CPU usage is over 75% + expr: + sum(rate(container_cpu_usage_seconds_total{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-cs-repository.*"}[5m])) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-cs-repository.*"}) > 0.75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: repositoryDeploymentOver75PctMemUsage + annotations: + message: repository Deployment Memory usage is over 75% + expr: + sum(rate(container_memory_working_set_bytes{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-cs-repository.*"}[5m])) / sum(cluster:namespace:pod_mem:active:kube_pod_container_resource_limits{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-cs-repository.*"}) > 0.75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: repositoryDeploymentAvailableReplicasLessThan5 + annotations: + message: repository Deployment available replicas is less than 5 + expr: + kube_deployment_status_replicas_available{namespace="hmpps-delius-alfresco-stage", + deployment=~"alfresco-content-services-alfresco-cs-repository"} < 5 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: tikaDeploymentOver75PctCpuUsage + annotations: + message: tika Deployment CPU usage is over 75% + expr: + sum(rate(container_cpu_usage_seconds_total{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-cs-tika.*"}[5m])) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-cs-tika.*"}) > 0.75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: tikaDeploymentOver75PctMemUsage + annotations: + message: tika Deployment Memory usage is over 75% + expr: + sum(rate(container_memory_working_set_bytes{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-cs-tika.*"}[5m])) / sum(cluster:namespace:pod_mem:active:kube_pod_container_resource_limits{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-cs-tika.*"}) > 0.75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: tikaDeploymentAvailableReplicasLessThan2 + annotations: + message: tika Deployment available replicas is less than 2 + expr: + kube_deployment_status_replicas_available{namespace="hmpps-delius-alfresco-stage", + deployment=~"alfresco-content-services-alfresco-cs-tika"} < 2 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: filestoreDeploymentOver75PctCpuUsage + annotations: + message: filestore Deployment CPU usage is over 75% + expr: + sum(rate(container_cpu_usage_seconds_total{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-filestore.*"}[5m])) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-filestore.*"}) > 0.75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: filestoreDeploymentOver75PctMemUsage + annotations: + message: filestore Deployment Memory usage is over 75% + expr: + sum(rate(container_memory_working_set_bytes{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-filestore.*"}[5m])) / sum(cluster:namespace:pod_mem:active:kube_pod_container_resource_limits{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-filestore.*"}) > 0.75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: filestoreDeploymentAvailableReplicasLessThan1 + annotations: + message: filestore Deployment available replicas is less than 1 + expr: + kube_deployment_status_replicas_available{namespace="hmpps-delius-alfresco-stage", + deployment=~"alfresco-content-services-alfresco-filestore"} < 1 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: routerDeploymentOver75PctCpuUsage + annotations: + message: router Deployment CPU usage is over 75% + expr: + sum(rate(container_cpu_usage_seconds_total{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-router.*"}[5m])) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-router.*"}) > 0.75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: routerDeploymentOver75PctMemUsage + annotations: + message: router Deployment Memory usage is over 75% + expr: + sum(rate(container_memory_working_set_bytes{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-router.*"}[5m])) / sum(cluster:namespace:pod_mem:active:kube_pod_container_resource_limits{namespace="hmpps-delius-alfresco-stage", + pod=~"alfresco-content-services-alfresco-router.*"}) > 0.75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: routerDeploymentAvailableReplicasLessThan5 + annotations: + message: router Deployment available replicas is less than 5 + expr: + kube_deployment_status_replicas_available{namespace="hmpps-delius-alfresco-stage", + deployment=~"alfresco-content-services-alfresco-router"} < 5 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: RDSLowStorage + annotations: + message: "[{{ environment|upper }}] RDS free storage space is less than 10GB" + expr: + aws_rds_free_storage_space_average{dbinstance_identifier="cloud-platform-43f547bdfa94ce12"} + offset 10m < 10000000000 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: RDSHighCPUUtilization + annotations: + message: + "[{{ environment|upper }}] RDS CPU Utilization is over 75% for more + than 5 minutes" + expr: aws_rds_cpuutilization_average{dbinstance_identifier="cloud-platform-43f547bdfa94ce12"} > 75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: RDSHighMemoryUtilization + annotations: + message: + "[{{ environment|upper }}] RDS freeable memory is less than 5GB for + more than 5 minutes" + expr: + aws_rds_freeable_memory_average{dbinstance_identifier="cloud-platform-43f547bdfa94ce12"} + < 5000000000 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: RDSHighConnections + annotations: + message: + "[{{ environment|upper }}] RDS database connections are over 100 + for more than 5 minutes" + expr: + aws_rds_database_connections_average{dbinstance_identifier="cloud-platform-43f547bdfa94ce12"} + > 100 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: RDSHighReadLatency + annotations: + message: + "[{{ environment|upper }}] RDS read latency is over 0.1s for more + than 5 minutes" + expr: + aws_rds_read_latency_average{dbinstance_identifier="cloud-platform-43f547bdfa94ce12"} + > 0.05 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: IngressLongRequestTime95thPercentile + annotations: + message: + "[{{ environment|upper }}] 95th percentile of request duration for + Ingress is over 0.5s for more than 5 minutes" + expr: + histogram_quantile(0.95, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{namespace="hmpps-delius-alfresco-stage", + ingress="alfresco-content-services-alfresco-cs-repository"}[5m])) by (le)) + > 0.75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: IngressLongResponseTime95thPercentile + annotations: + message: + "[{{ environment|upper }}] 95th percentile of response duration for + Ingress is over 0.5s for more than 5 minutes" + expr: + histogram_quantile(0.95, sum(rate(nginx_ingress_controller_response_duration_seconds_bucket{exported_namespace="hmpps-delius-alfresco-stage", + ingress="alfresco-content-services-alfresco-cs-repository"}[5m])) by (le, exported_namespace, ingress)) + > 0.75 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage + - alert: IngressHighErrorRate + annotations: + message: + "[{{ environment|upper }}] Error rate for Ingress is over 1% for + more than 5 minutes" + expr: + sum(rate(nginx_ingress_controller_requests{exported_namespace="hmpps-delius-alfresco-stage", + ingress="alfresco-content-services-alfresco-cs-repository",status=~"5.*"}[5m])) + / sum(rate(nginx_ingress_controller_requests{exported_namespace="hmpps-delius-alfresco-stage", + ingress="alfresco-content-services-alfresco-cs-repository"}[5m])) > 0.01 + for: 5m + labels: + severity: hmpps-delius-alfresco-stage diff --git a/tools/scripts/amq-connect-single.sh b/tools/scripts/amq-connect-single.sh new file mode 100755 index 0000000..7570ccf --- /dev/null +++ b/tools/scripts/amq-connect-single.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash + +# trap ctrl-c and call ctrl_c() +trap ctrl_c INT +# trap fail and call fail() +trap fail ERR + +main() { + env=$1 + if [ "$env" == "poc" ]; then + namespace="hmpps-delius-alfrsco-${env}" + else + namespace="hmpps-delius-alfresco-${env}" + fi + echo "Connecting to AMQ Console in namespace $namespace" + + # get amq connection url + URL=$(kubectl get secrets amazon-mq-broker-secret --namespace ${namespace} -o json | jq -r ".data.BROKER_CONSOLE_URL | @base64d") + LOCAL_PORT=8161 + + # extract host and port + HOST=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 1) + # extract protocol + PROTOCOL=$(echo $URL | awk -F'://' '{print $1}') + # extract remote port + REMOTE_PORT=$(echo $URL | cut -d '/' -f 3 | cut -d ':' -f 2) + + # generate random hex string + RANDOM_HEX=$(openssl rand -hex 4) + # start port forwarding + kubectl run port-forward-pod-${RANDOM_HEX} --image=ghcr.io/ministryofjustice/hmpps-delius-alfresco-port-forward-pod:latest --port ${LOCAL_PORT} --env="REMOTE_HOST=$HOST" --env="LOCAL_PORT=$LOCAL_PORT" --env="REMOTE_PORT=$REMOTE_PORT" --namespace ${namespace}; + # wait for pod to start + kubectl wait --for=condition=ready pod/port-forward-pod-${RANDOM_HEX} --timeout=60s --namespace ${namespace} + + printf "\nPort forwarding started, connecting to $HOST:$REMOTE_PORT \n" + printf "\n****************************************************\n" + printf "Connect to ${PROTOCOL}://localhost:$LOCAL_PORT locally\n" + printf "Press Ctrl+C to stop port forwarding \n" + printf "****************************************************\n\n" + # start the local port forwarding session + kubectl port-forward --namespace ${namespace} port-forward-pod-${RANDOM_HEX} $LOCAL_PORT:$LOCAL_PORT & + PORT_FORWARD_PID=$! +} + +fail() { + printf "\n\nPort forwarding failed" + kill $PORT_FORWARD_PID || true + kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace} + exit 1 +} +ctrl_c() { + printf "\n\nStopping port forwarding" + kill $PORT_FORWARD_PID_0 || true + kill $PORT_FORWARD_PID_1 || true + kill $PORT_FORWARD_PID_2 || true + kubectl delete pod port-forward-pod-${RANDOM_HEX} --force --grace-period=0 --namespace ${namespace} + exit 0 +} + +if [ -z "$1" ]; then + echo "env not provided" + echo "Usage: amq-connect.sh " + exit 1 +fi +main $1 $2 From 3174104d6af4abf4e3e9595d93b1f8881174120f Mon Sep 17 00:00:00 2001 From: George Taylor Date: Wed, 8 Jan 2025 17:29:52 +0000 Subject: [PATCH 17/17] attempt poc --- kustomize/dev/values.yaml | 10 +++------- kustomize/poc/values.yaml | 24 +++++++++++++++++++++--- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/kustomize/dev/values.yaml b/kustomize/dev/values.yaml index 5c51d3f..d8b6b45 100644 --- a/kustomize/dev/values.yaml +++ b/kustomize/dev/values.yaml @@ -16,13 +16,9 @@ share: image: repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share tag: release_7.3.2_elasticsearch-r5.0.2-chart-7.0.3-share-latest -alfresco-transform-service: - filestore: - enabled: true - replicaCount: 1 - externalPort: 443 global: known_urls: - - https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk - - https://share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + - https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + - https://share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk + - https://alf-sfs.dev.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk diff --git a/kustomize/poc/values.yaml b/kustomize/poc/values.yaml index 451a2ae..8209f3f 100644 --- a/kustomize/poc/values.yaml +++ b/kustomize/poc/values.yaml @@ -4,14 +4,32 @@ alfresco-repository: image: repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository tag: release_7.3.2_elasticsearch-r5.0.2-content-latest + persistence: + # -- Persist repository data + enabled: true + baseSize: 100Gi + # -- Specify a storageClass for dynamic provisioning + accessModes: + - ReadWriteOnce share: replicaCount: 1 image: repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share tag: release_7.3.2_elasticsearch-r5.0.2-chart-7.0.3-share-latest +activemq: + nameOverride: activemq + enabled: true +alfresco-transform-service: + filestore: + enabled: true + replicaCount: 1 +alfresco-search-enterprise: + messageBroker: + existingSecret: + name: null + liveIndexing: externalPort: 443 global: known_urls: - - https://hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk - - https://share.hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk - - https://alf-sfs.dev.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk + - https://hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk + - https://share.hmpps-delius-alfrsco-poc.apps.live.cloud-platform.service.justice.gov.uk