diff --git a/.gitignore b/.gitignore index 6aa73f2..018fff4 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ templated/ kustomize/base/charts/ kustomize/overlays/**/charts/ +kustomize/overlays/**/output.yaml +kustomize/base/resources.yaml diff --git a/jobs/reindex/Chart.yaml b/jobs/reindex/Chart.yaml new file mode 100644 index 0000000..2e2bfd0 --- /dev/null +++ b/jobs/reindex/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 3.3.0 +description: A Helm chart for deploying Alfresco Elasticsearch reindexing job +name: delius-alfresco-search-enterprise-reindexing +type: application +version: 1.2.0 diff --git a/jobs/reindex/README.md b/jobs/reindex/README.md new file mode 100644 index 0000000..573005f --- /dev/null +++ b/jobs/reindex/README.md @@ -0,0 +1,93 @@ +# alfresco-search-enterprise + +![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.3.0](https://img.shields.io/badge/AppVersion-3.3.0-informational?style=flat-square) + +A Helm chart for deploying Alfresco Elasticsearch connector + +Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for information on the Helm charts and deployment instructions. + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.1.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.0.0 | +| https://helm.elastic.co | elasticsearch | 7.17.3 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| activemq.enabled | bool | `false` | Enable embedded broker - useful when testing this chart in standalone | +| affinity | object | `{}` | | +| contentMediaTypeCache.enabled | bool | `true` | | +| contentMediaTypeCache.refreshTime | string | `"0 0 * * * *"` | | +| elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | | +| elasticsearch.enabled | bool | `false` | Enable embedded elasticsearch - useful when using this chart in standalone | +| elasticsearch.replicas | int | `1` | | +| fullnameOverride | string | `""` | | +| global.alfrescoRegistryPullSecrets | string | `"quay-registry-secret"` | | +| global.elasticsearch | object | `{"existingSecretName":null,"host":null,"password":null,"port":null,"protocol":null,"user":null}` | Shared connections details for Elasticsearch/Opensearch cluster | +| global.elasticsearch.existingSecretName | string | `nil` | Alternatively, provide connection details via an existing secret that contains ELASTICSEARCH_USERNAME and ELASTICSEARCH_PASSWORD keys | +| global.elasticsearch.host | string | `nil` | The host where service is available | +| global.elasticsearch.password | string | `nil` | The password required to access the service, if any | +| global.elasticsearch.port | string | `nil` | The port where service is available | +| global.elasticsearch.protocol | string | `nil` | Valid values are http or https | +| global.elasticsearch.user | string | `nil` | The username required to access the service, if any | +| imagePullSecrets | list | `[]` | | +| indexName | string | `"alfresco"` | Name of the existing search index, usually created by repo | +| liveIndexing.content.image.pullPolicy | string | `"IfNotPresent"` | | +| liveIndexing.content.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-live-indexing-content"` | | +| liveIndexing.content.image.tag | string | `"3.3.0"` | | +| liveIndexing.content.replicaCount | int | `1` | | +| liveIndexing.mediation.image.pullPolicy | string | `"IfNotPresent"` | | +| liveIndexing.mediation.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-live-indexing-mediation"` | | +| liveIndexing.mediation.image.tag | string | `"3.3.0"` | | +| liveIndexing.metadata.image.pullPolicy | string | `"IfNotPresent"` | | +| liveIndexing.metadata.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-live-indexing-metadata"` | | +| liveIndexing.metadata.image.tag | string | `"3.3.0"` | | +| liveIndexing.metadata.replicaCount | int | `1` | | +| liveIndexing.path.image.pullPolicy | string | `"IfNotPresent"` | | +| liveIndexing.path.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-live-indexing-path"` | | +| liveIndexing.path.image.tag | string | `"3.3.0"` | | +| liveIndexing.path.replicaCount | int | `1` | | +| messageBroker.existingSecretName | string | `nil` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys | +| messageBroker.password | string | `nil` | Broker password | +| messageBroker.url | string | `nil` | Broker URL formatted as per: https://activemq.apache.org/failover-transport-reference | +| messageBroker.user | string | `nil` | Broker username | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| pathIndexingComponent.enabled | bool | `true` | | +| podAnnotations | object | `{}` | | +| podSecurityContext | object | `{}` | | +| reindexing.enabled | bool | `true` | Create the one-shot job to trigger the reindexing of repo contents | +| reindexing.image.pullPolicy | string | `"IfNotPresent"` | | +| reindexing.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-reindexing"` | | +| reindexing.image.tag | string | `"3.3.0"` | | +| reindexing.initcontainers.waitForRepository.resources.limits.cpu | string | `"0.25"` | | +| reindexing.initcontainers.waitForRepository.resources.limits.memory | string | `"10Mi"` | | +| reindexing.pathIndexingEnabled | bool | `true` | | +| reindexing.postgresql.database | string | `"alfresco"` | The database name to use | +| reindexing.postgresql.existingSecretName | string | `nil` | Alternatively, provide connection details via an existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys | +| reindexing.postgresql.hostname | string | `"postgresql-acs"` | The host where database service is available | +| reindexing.postgresql.password | string | `nil` | The password required to access the service | +| reindexing.postgresql.port | int | `5432` | The port where service is available | +| reindexing.postgresql.url | string | `nil` | | +| reindexing.postgresql.user | string | `nil` | The username required to access the service | +| reindexing.resources.limits.cpu | string | `"2"` | | +| reindexing.resources.limits.memory | string | `"512Mi"` | | +| reindexing.resources.requests.cpu | string | `"0.5"` | | +| reindexing.resources.requests.memory | string | `"128Mi"` | | +| resources.limits.cpu | string | `"2"` | | +| resources.limits.memory | string | `"2048Mi"` | | +| resources.requests.cpu | string | `"0.5"` | | +| resources.requests.memory | string | `"256Mi"` | | +| searchIndex | object | `{"existingSecretName":null,"host":null,"password":null,"port":null,"protocol":null,"user":null}` | Overrides .Values.global.elasticsearch | +| searchIndex.existingSecretName | string | `nil` | Alternatively, provide connection details via an an existing secret that contains ELASTICSEARCH_USERNAME and ELASTICSEARCH_PASSWORD keys | +| searchIndex.host | string | `nil` | The host where service is available | +| searchIndex.password | string | `nil` | The password required to access the service, if any | +| searchIndex.port | string | `nil` | The port where service is available | +| searchIndex.protocol | string | `nil` | Valid values are http or https | +| searchIndex.user | string | `nil` | The username required to access the service, if any | +| securityContext | object | `{}` | | +| tolerations | list | `[]` | | diff --git a/jobs/reindex/templates/_helpers.tpl b/jobs/reindex/templates/_helpers.tpl new file mode 100644 index 0000000..41ba7f2 --- /dev/null +++ b/jobs/reindex/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{- define "content-services.shortname" -}} +{{- $name := (.Values.NameOverride | default "alfresco-cs") -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "spring.activemq.env" -}} +- name: SPRING_ACTIVEMQ_BROKERURL + value: $(BROKER_URL) +- name: SPRING_ACTIVEMQ_USER + value: $(BROKER_USERNAME) +- name: SPRING_ACTIVEMQ_PASSWORD + value: $(BROKER_PASSWORD) +{{- end -}} + +{{- define "alfresco-search-enterprise.searchIndexExistingSecretName" -}} +{{ .Values.global.elasticsearch.existingSecretName }} +{{- end -}} + +{{- define "alfresco-search-enterprise.config.spring" -}} +{{- if and (not .Values.global.elasticsearch.host) (not .Values.searchIndex.host) }} + {{ fail "Please provide external elasticsearch connection details as values under .global.elasticsearch or .searchIndex or enable the embedded elasticsearch via .elasticsearch.enabled" }} +{{- end }} + SPRING_ELASTICSEARCH_REST_URIS: "{{ .Values.global.elasticsearch.protocol }}://{{ .Values.global.elasticsearch.host }}:{{ .Values.global.elasticsearch.port }}" +{{- end -}} diff --git a/jobs/reindex/templates/reindexing-config.yaml b/jobs/reindex/templates/reindexing-config.yaml new file mode 100644 index 0000000..2f5f728 --- /dev/null +++ b/jobs/reindex/templates/reindexing-config.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: delius-alfresco-search-enterprise-reindexing-configmap +data: + ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" + {{ template "alfresco-search-enterprise.config.spring" . }} + ALFRESCO_SHAREDFILESTORE_BASEURL: http://delius-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://delius-alfresco-router/transform/config + ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} + SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} + {{- if .Values.environment }} + {{- range $key, $val := .Values.environment }} + {{ $key }}: {{ $val | quote }} + {{- end }} + {{- end }} diff --git a/jobs/reindex/templates/reindexing-job.yaml b/jobs/reindex/templates/reindexing-job.yaml new file mode 100644 index 0000000..bf2dbc5 --- /dev/null +++ b/jobs/reindex/templates/reindexing-job.yaml @@ -0,0 +1,89 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: delius-alfresco-search-enterprise-reindexing +spec: + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 33000 + seccompProfile: + type: RuntimeDefault + supplementalGroups: + - 1 + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + restartPolicy: Never + containers: + - name: delius-alfresco-search-enterprise-reindexing + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + resources: {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: delius-alfresco-reindexing-prefixes-file-volume + mountPath: /alf/reindex.prefixes-file.json + subPath: reindex.prefixes-file.json + envFrom: + - configMapRef: + name: delius-alfresco-search-enterprise-reindexing-configmap + - secretRef: + name: {{ .Values.messageBroker.existingSecretName }} # Ensure this value is set correctly + env: + - name: SPRING_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.existingSecretName }} # Ensure this value is set correctly + key: DATABASE_PASSWORD + - name: SPRING_DATASOURCE_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.existingSecretName }} # Ensure this value is set correctly + key: DATABASE_USERNAME + {{- include "spring.activemq.env" . | nindent 12 }} + - name: ALFRESCO_REINDEX_PREFIXES_FILE + value: file:///alf/reindex.prefixes-file.json + - name: SPRING_DATASOURCE_URL + valueFrom: + secretKeyRef: + name: rds-instance-output + key: RDS_JDBC_URL + ports: + - name: http + containerPort: 8080 + protocol: TCP + volumes: + - name: delius-alfresco-reindexing-prefixes-file-volume + configMap: + name: delius-alfresco-reindexing-prefixes-file-configmap + initContainers: + - name: wait-for-repository + image: curlimages/curl:7.79.1 + securityContext: + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 33000 + seccompProfile: + type: RuntimeDefault + resources: {{- toYaml .Values.initcontainers.waitForRepository.resources | nindent 12 }} + env: + - name: ALFRESCO_REPOSITORY_URL + value: http://delius-alfresco-cs-repository/alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- + command: [ "/bin/sh","-c" ] + # Delay running the reindexing to give Alfresco Repository a chance to fully initialise + args: [ "while [ $(curl -sw '%{http_code}' $ALFRESCO_REPOSITORY_URL -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for the Alfresco Repository...'; done; echo 'Alfresco is ready, delay reindexing to give a chance to fully initialise.'; sleep 30; echo 'Reindexing started!'" ] diff --git a/jobs/reindex/templates/reindexing-prefixes-config-map.yaml b/jobs/reindex/templates/reindexing-prefixes-config-map.yaml new file mode 100644 index 0000000..626e934 --- /dev/null +++ b/jobs/reindex/templates/reindexing-prefixes-config-map.yaml @@ -0,0 +1,78 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: delius-alfresco-reindexing-prefixes-file-configmap +data: + reindex.prefixes-file.json: | + { + "prefixUriMap":{ + "":"", + "http://www.alfresco.org/model/aos/1.0":"aos", + "http://www.alfresco.org/model/workflow/invite/nominated/1.0":"inwf", + "http://www.alfresco.org/model/solrfacetcustomproperty/1.0":"srftcustom", + "http://www.alfresco.org/model/datalist/1.0":"dl", + "http://www.alfresco.org/model/webdav/1.0":"webdav", + "http://www.alfresco.org/model/cmis/1.0/cs01ext":"cmisext", + "http://www.alfresco.org/model/distributionpolicies/1.0/model":"dp", + "http://www.alfresco.org/view/repository/1.0":"view", + "http://www.alfresco.org/model/download/1.0":"download", + "http://www.alfresco.org/model/publishing/twitter/1.0":"twitter", + "http://www.alfresco.org/model/action/1.0":"act", + "http://www.alfresco.org/system/registry/1.0":"reg", + "http://www.alfresco.org/model/user/1.0":"usr", + "http://www.alfresco.org/model/calendar":"ia", + "http://www.alfresco.org":"alf", + "http://www.alfresco.org/model/content/metadata/IPTCXMP/1.0":"iptcxmp", + "http://www.alfresco.org/model/application/1.0":"app", + "http://www.alfresco.org/model/surf/1.0":"surf", + "http://www.alfresco.org/model/versionstore/1.0":"ver", + "http://www.alfresco.org/system/modules/1.0":"module", + "http://www.alfresco.org/model/linksmodel/1.0":"lnk", + "http://iptc.org/std/Iptc4xmpExt/2008-02-29/":"Iptc4xmpExt", + "http://ns.adobe.com/photoshop/1.0/":"photoshop", + "http://www.alfresco.org/model/sync/1.0":"sync", + "http://ns.useplus.org/ldf/xmp/1.0/":"plus", + "http://www.alfresco.org/model/zaizi/gdpr/1.0":"gdpr", + "http://www.alfresco.org/model/remotecredentials/1.0":"rc", + "http://www.alfresco.org/model/emailserver/1.0":"emailserver", + "http://www.alfresco.org/model/hybridworkflow/1.0":"hwf", + "http://www.alfresco.org/model/sitecustomproperty/1.0":"stcp", + "http://www.alfresco.org/model/cmis/1.0/cs01":"cmis", + "http://www.alfresco.org/model/transfer/1.0":"trx", + "http://www.alfresco.org/model/rendition/1.0":"rn", + "http://www.alfresco.org/model/exif/1.0":"exif", + "http://www.alfresco.org/model/publishing/youtube/1.0":"youtube", + "http://ns.adobe.com/xap/1.0/rights/":"xmpRights", + "http://www.alfresco.org/model/custommodelmanagement/1.0":"cmm", + "http://www.alfresco.org/model/workflow/invite/moderated/1.0":"imwf", + "http://www.alfresco.org/model/forum/1.0":"fm", + "http://www.alfresco.org/model/rule/1.0":"rule", + "http://www.alfresco.org/model/publishing/linkedin/1.0":"linkedin", + "http://www.alfresco.org/model/publishing/slideshare/1.0":"slideshare", + "http://www.alfresco.org/model/system/1.0":"sys", + "http://www.alfresco.org/model/content/smartfolder/1.0":"smf", + "http://www.alfresco.org/model/zaizi/nomsspg/1.0":"nspg", + "http://www.alfresco.org/model/workflow/1.0":"wf", + "http://www.alfresco.org/model/qshare/1.0":"qshare", + "http://www.alfresco.org/model/versionstore/2.0":"ver2", + "http://www.alfresco.org/model/solrfacet/1.0":"srft", + "http://www.alfresco.org/model/audio/1.0":"audio", + "http://www.alfresco.org/model/blogintegration/1.0":"blg", + "http://www.alfresco.org/model/bpm/1.0":"bpm", + "http://www.alfresco.org/model/site/1.0":"st", + "http://www.alfresco.org/model/imap/1.0":"imap", + "http://www.alfresco.org/model/dictionary/1.0":"d", + "custom.model":"custom", + "http://www.alfresco.org/model/publishing/facebook/1.0":"facebook", + "http://www.alfresco.org/model/content/1.0":"cm", + "http://www.alfresco.org/model/cmis/custom":"cmiscustom", + "http://www.alfresco.org/model/devicesync/1.0":"devicesync", + "http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/":"Iptc4xmpCore", + "http://www.alfresco.org/model/googledocs/2.0":"gd2", + "http://www.alfresco.org/model/publishing/flickr/1.0":"flickr", + "http://www.alfresco.org/model/workflow/resetpassword/1.0":"resetpasswordwf", + "http://www.alfresco.org/model/cmis/1.0/alfcmis":"alfcmis", + "http://www.alfresco.org/model/publishing/1.0":"pub", + "http://purl.org/dc/elements/1.1/":"dc" + } + } diff --git a/jobs/reindex/values.yaml b/jobs/reindex/values.yaml new file mode 100644 index 0000000..f03d04c --- /dev/null +++ b/jobs/reindex/values.yaml @@ -0,0 +1,59 @@ +imagePullSecrets: quay-registry-secret +nameOverride: "" +fullnameOverride: "" +podAnnotations: {} +podSecurityContext: {} +securityContext: {} +nodeSelector: {} +tolerations: [] +affinity: {} +# -- Name of the existing search index, usually created by repo +indexName: alfresco +pathIndexingEnabled: true +postgresql: + url: null + hostname: + database: + existingSecretName: rds-instance-output +image: + tag: 4.0.1 + repository: quay.io/alfresco/alfresco-elasticsearch-reindexing +resources: + requests: + cpu: "0.5" + memory: "256Mi" + limits: + cpu: "2" + memory: "2048Mi" +initcontainers: + waitForRepository: + resources: + limits: + cpu: "0.25" + memory: "10Mi" +messageBroker: + # -- Broker URL formatted as per: + # https://activemq.apache.org/failover-transport-reference + url: null + # -- Broker username + user: null + # -- Broker password + password: null + # -- Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys + existingSecretName: acs-alfresco-cs-brokersecret +global: + alfrescoRegistryPullSecrets: quay-registry-secret + # -- Shared connections details for Elasticsearch/Opensearch cluster + elasticsearch: + # -- The host where service is available + host: null + # -- The port where service is available + port: 8080 + # -- Valid values are http or https + protocol: http + # -- The username required to access the service, if any + user: null + # -- The password required to access the service, if any + password: null + # -- Alternatively, provide connection details via an existing secret that contains ELASTICSEARCH_USERNAME and ELASTICSEARCH_PASSWORD keys + existingSecretName: diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index b53cccd..995a824 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -3,9 +3,8 @@ kind: Kustomization resources: - resources.yaml - - reindex-prefixes-config-map.yaml patches: - # - path: patch-job-reindexing.yaml - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml + - path: patch-delete-reindexing-config-map.yaml diff --git a/kustomize/base/patch-delete-reindexing-config-map.yaml b/kustomize/base/patch-delete-reindexing-config-map.yaml new file mode 100644 index 0000000..eff6c64 --- /dev/null +++ b/kustomize/base/patch-delete-reindexing-config-map.yaml @@ -0,0 +1,5 @@ +$patch: delete +apiVersion: v1 +kind: ConfigMap +metadata: + name: delius-alfresco-search-enterprise-reindexing-configmap diff --git a/kustomize/base/patch-ingress-repository.yaml b/kustomize/base/patch-ingress-repository.yaml index 5653f51..a883689 100644 --- a/kustomize/base/patch-ingress-repository.yaml +++ b/kustomize/base/patch-ingress-repository.yaml @@ -1,6 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + name: delius-alfresco-cs-repository name: alfresco-content-services-alfresco-cs-repository annotations: external-dns.alpha.kubernetes.io/aws-weight: "100" diff --git a/kustomize/base/patch-ingress-share.yaml b/kustomize/base/patch-ingress-share.yaml index 119fc74..6371de5 100644 --- a/kustomize/base/patch-ingress-share.yaml +++ b/kustomize/base/patch-ingress-share.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: delius-alfresco-cs-share annotations: external-dns.alpha.kubernetes.io/aws-weight: "100" kubernetes.io/ingress.class: default diff --git a/kustomize/base/values.yaml b/kustomize/base/values.yaml index 40fa258..863773b 100644 --- a/kustomize/base/values.yaml +++ b/kustomize/base/values.yaml @@ -791,7 +791,7 @@ alfresco-search-enterprise: # -- The password required to access the service, if any password: null reindexing: - enabled: true + enabled: false # leave as false - reindexing job is now standalone postgresql: url: hostname: @@ -800,18 +800,18 @@ alfresco-search-enterprise: image: tag: 4.0.1 liveIndexing: - mediation: - image: - tag: 4.0.1 - content: - image: - tag: 4.0.1 - metadata: - image: - tag: 4.0.1 - path: - image: - tag: 4.0.1 + mediation: + image: + tag: 4.0.1 + content: + image: + tag: 4.0.1 + metadata: + image: + tag: 4.0.1 + path: + image: + tag: 4.0.1 alfresco-digital-workspace: nodeSelector: {} enabled: false diff --git a/kustomize/kustomizer.sh b/kustomize/kustomizer.sh index d47e8d1..d2b4825 100755 --- a/kustomize/kustomizer.sh +++ b/kustomize/kustomizer.sh @@ -5,13 +5,12 @@ do d) debug=${OPTARG};; esac done +debug=$(echo $debug | xargs) if [ "$debug" == "true" ]; then set -x cat > ../base/resources.yaml kubectl kustomize kubectl kustomize > output.yaml - echo "leaving helm template in resources.yaml" - echo "leaving kustomized helm template in output.yaml" else cat > ../base/resources.yaml kubectl kustomize diff --git a/kustomize/poc/patch-ingress-repository.yaml b/kustomize/poc/patch-ingress-repository.yaml index 6111c47..ca583ba 100644 --- a/kustomize/poc/patch-ingress-repository.yaml +++ b/kustomize/poc/patch-ingress-repository.yaml @@ -1,9 +1,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-repository + name: delius-alfresco-cs-repository annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfrsco-poc-green + external-dns.alpha.kubernetes.io/set-identifier: delius-alfresco-cs-repository-hmpps-delius-alfrsco-poc-green nginx.ingress.kubernetes.io/whitelist-source-range: placeholder spec: rules: @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: delius-alfresco-cs-repository port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: delius-alfresco-cs-repository port: number: 80 path: /api-explorer diff --git a/kustomize/poc/patch-ingress-share.yaml b/kustomize/poc/patch-ingress-share.yaml index 05e61d4..732b360 100644 --- a/kustomize/poc/patch-ingress-share.yaml +++ b/kustomize/poc/patch-ingress-share.yaml @@ -1,9 +1,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: delius-alfresco-cs-share annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfrsco-poc-green + external-dns.alpha.kubernetes.io/set-identifier: delius-alfresco-cs-share-hmpps-delius-alfrsco-poc-green nginx.ingress.kubernetes.io/whitelist-source-range: placeholder spec: rules: @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: delius-alfresco-cs-share port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: delius-alfresco-cs-share port: number: 80 path: /share/page/ diff --git a/makefile b/makefile index 7c7672a..face74b 100644 --- a/makefile +++ b/makefile @@ -1,18 +1,12 @@ # Define the Helm chart name and release name -CHART_NAME := alfresco-content-services +CHART_NAME := delius DEBUG := false ATOMIC := true # Helm upgrade/install command helm_upgrade: $(eval BUCKET_NAME := $(shell kubectl get secrets s3-bucket-output -o jsonpath='{.data.BUCKET_NAME}' | base64 -d)) - - @SECRET=$$(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d | awk '{print substr($$0, 19)}'); \ - if [ -z "$$SECRET" ]; then \ - echo "No secret found, generating a new one"; \ - SECRET=$$(openssl rand -base64 20); \ - fi; \ - if [ "$(ENV)" = "poc" ]; then \ + @if [ "$(ENV)" = "poc" ]; then \ NAMESPACE=hmpps-delius-alfrsco-$(ENV); \ else \ NAMESPACE=hmpps-delius-alfresco-$(ENV); \ @@ -41,7 +35,7 @@ helm_upgrade: helm upgrade --install $(CHART_NAME) alfresco/alfresco-content-services --version 6.0.2 --namespace $${NAMESPACE} \ --values=../base/values.yaml --values=./values.yaml \ --set s3connector.config.bucketName=$(BUCKET_NAME) \ - --set global.tracking.sharedsecret=$${SECRET} $${ATOMIC_FLAG} $${DEBUG_FLAG} --wait --timeout=20m \ + --wait --timeout=20m \ --post-renderer ../kustomizer.sh --post-renderer-args "$${HELM_POST_RENDERER_ARGS}"; \ yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i ./patch-ingress-repository.yaml; \ yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i ./patch-ingress-share.yaml