├── .ruby-version ├── .github ├── ISSUE_TEMPLATE │ ├── config.yml │ └── bug_report.yml ├── dependabot.yml ├── kics.yml ├── workflows │ ├── pre-commit-compose.yml │ ├── docs.yml │ ├── helm-release.yml │ ├── docker-compose-community.yml │ ├── pre-commit-helm.yml │ ├── kics.yml │ ├── docker-compose-enterprise.yml │ ├── download-trials-release.yml │ ├── helm-static-checks.yml │ ├── bumpVersions.yml │ └── helm-community.yml └── actions │ └── charts-as-json │ └── action.yml ├── .markdownlint.yaml ├── docs ├── images │ ├── favicon.ico │ └── hyland-alfresco-logos.png ├── helm │ ├── images │ │ ├── eks-efs.png │ │ ├── k8s-lens.png │ │ ├── visualvm.png │ │ ├── dfd-resources.png │ │ ├── k8s-dashboard.png │ │ ├── dfd-k8s-enabled.png │ │ ├── eks-attach-policy.png │ │ ├── eks-s3-iam-policy.png │ │ ├── helm-eks-community.png │ │ ├── eks-db-inbound-rules.png │ │ ├── eks-db-security-group.png │ │ ├── eks-mq-inbound-rules.png │ │ ├── eks-nfs-inbound-rules.png │ │ ├── helm-eks-enterprise.png │ │ └── eks-vpc-security-group.png │ ├── examples │ │ ├── email-enabled.md │ │ ├── alf_license.md │ │ ├── custom-metadata-keystore.md │ │ ├── external-hazelcast_files │ │ │ ├── hazelcast.yaml │ │ │ └── acs-hazelcast.yaml │ │ ├── with-knowledge-retrieval.md │ │ ├── with-ms-teams.md │ │ ├── customisation-guidelines.md │ │ ├── with-elasticsearch-auth.md │ │ ├── with-keycloak.md │ │ ├── with-ooi.md │ │ ├── with-external-infrastructure.md │ │ ├── with-ai.md │ │ └── search-services.md │ ├── values │ │ ├── elasticsearch_auth_values.yaml │ │ ├── letsencrypt_values.yaml │ │ ├── hxi.yml │ │ └── local-dev_values.yaml │ ├── registry-authentication.md │ ├── security.md │ ├── ingress-nginx.md │ ├── kind-deployment.md │ └── storage.md ├── helm.md ├── compose.md ├── helm-charts.md ├── helm-guides.md ├── helm-examples.md ├── helm-deployment.md ├── docker-compose │ └── examples │ │ ├── with-jconsole.md │ │ └── config │ │ ├── telegraf-overrides.yaml │ │ └── telegraf.conf └── index.md ├── _includes └── head_custom.html ├── Gemfile ├── helm ├── alfresco-content-services │ ├── tests │ │ ├── values │ │ │ ├── test_values.yaml │ │ │ ├── externalBroker_values.yaml │ │ │ └── keda.yaml │ │ ├── mail_test.yaml │ │ ├── secret-database_test.yaml │ │ ├── activemq_test.yaml │ │ ├── config-repository_test.yaml │ │ └── keda_test.yaml │ ├── templates │ │ ├── test │ │ │ ├── configmap-dtas.yaml │ │ │ └── pod-dtas.yaml │ │ ├── secret-mail.yaml │ │ ├── secret-audit-elasticsearch.yaml │ │ ├── secret-database.yaml │ │ ├── _helpers-audit.tpl │ │ ├── secret-sync-database.yaml │ │ ├── _helpers-message-broker.tpl │ │ ├── keda │ │ │ ├── auth-trigger-activemq.yaml │ │ │ ├── scaler-prometheus-repo.yaml │ │ │ ├── scaler-activemq-ats-tika.yaml │ │ │ ├── scaler-activemq-ats-im.yaml │ │ │ ├── scaler-activemq-ats-lo.yaml │ │ │ ├── scaler-activemq-ats-misc.yaml │ │ │ ├── scaler-activemq-ats-pdf.yaml │ │ │ └── _helpers-keda.tpl │ │ ├── secret-message-broker.yaml │ │ ├── secret-search.yaml │ │ ├── _helpers-database.tpl │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── _helpers-ats.tpl │ │ ├── config-repository.yaml │ │ ├── _helpers-search.tpl │ │ └── config-infrastructure.yaml │ ├── linter_values.yaml │ ├── .helmignore │ ├── README.md.gotmpl │ ├── community_values.yaml │ ├── 23.N_values.yaml │ ├── Chart.lock │ ├── pre-release_values.yaml │ ├── 7.4.N_values.yaml │ └── Chart.yaml └── acs-sso-example │ ├── templates │ ├── configmap-idp.yaml │ ├── secret-mq.yaml │ ├── configmap-share.yaml │ ├── secret-idp.yaml │ ├── secret-db.yaml │ ├── secret-idp-realm.yaml │ ├── configmap-repo.yaml │ ├── configmap-mq.yaml │ ├── configmap-db.yaml │ ├── configmap-share-properties.yaml │ └── _helpers.tpl │ ├── .helmignore │ ├── README.md.gotmpl │ ├── updatecli-matrix-targets.yaml │ ├── Chart.lock │ └── Chart.yaml ├── docker-compose ├── README.md ├── solr6-overrides.yaml ├── hxi-overrides.yaml └── commons │ └── base.yaml ├── _sass └── color_schemes │ └── alfresco.scss ├── .checkov.yml ├── .editorconfig ├── .vscode └── tasks.json ├── .checkov └── helm_vars.yaml ├── .gitignore ├── updatecli.d └── helm-autodiscovery.yaml ├── _config.yml ├── .pre-commit-config.yaml ├── test ├── k6 │ └── acs-sso-example.js ├── community-integration-test-values.yaml └── enterprise-integration-test-values.yaml └── CONTRIBUTING.md /.ruby-version: -------------------------------------------------------------------------------- 1 | 3.2.3 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | -------------------------------------------------------------------------------- /.markdownlint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | default: true 3 | MD013: false 4 | MD025: false 5 | MD059: false 6 | -------------------------------------------------------------------------------- /docs/images/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/images/favicon.ico -------------------------------------------------------------------------------- /docs/helm/images/eks-efs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/eks-efs.png -------------------------------------------------------------------------------- /docs/helm/images/k8s-lens.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/k8s-lens.png -------------------------------------------------------------------------------- /docs/helm/images/visualvm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/visualvm.png -------------------------------------------------------------------------------- /docs/helm/images/dfd-resources.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/dfd-resources.png -------------------------------------------------------------------------------- /docs/helm/images/k8s-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/k8s-dashboard.png -------------------------------------------------------------------------------- /docs/helm/images/dfd-k8s-enabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/dfd-k8s-enabled.png -------------------------------------------------------------------------------- /docs/images/hyland-alfresco-logos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/images/hyland-alfresco-logos.png -------------------------------------------------------------------------------- /docs/helm.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Helm 3 | has_children: true 4 | --- 5 | 6 | This section contains available guides for helm deployment 7 | -------------------------------------------------------------------------------- /docs/helm/images/eks-attach-policy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/eks-attach-policy.png -------------------------------------------------------------------------------- /docs/helm/images/eks-s3-iam-policy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/eks-s3-iam-policy.png -------------------------------------------------------------------------------- /docs/helm/images/helm-eks-community.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/helm-eks-community.png -------------------------------------------------------------------------------- /docs/helm/images/eks-db-inbound-rules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/eks-db-inbound-rules.png -------------------------------------------------------------------------------- /docs/helm/images/eks-db-security-group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/eks-db-security-group.png -------------------------------------------------------------------------------- /docs/helm/images/eks-mq-inbound-rules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/eks-mq-inbound-rules.png -------------------------------------------------------------------------------- /docs/helm/images/eks-nfs-inbound-rules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/eks-nfs-inbound-rules.png -------------------------------------------------------------------------------- /docs/helm/images/helm-eks-enterprise.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/helm-eks-enterprise.png -------------------------------------------------------------------------------- /_includes/head_custom.html: -------------------------------------------------------------------------------- 1 | 4 | -------------------------------------------------------------------------------- /docs/helm/images/eks-vpc-security-group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Alfresco/acs-deployment/HEAD/docs/helm/images/eks-vpc-security-group.png -------------------------------------------------------------------------------- /docs/compose.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Docker Compose 3 | has_children: true 4 | --- 5 | 6 | This section contains available guides for Docker Compose deployment 7 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem "jekyll", "~> 4.3.3" 4 | gem "just-the-docs", "0.8.1" 5 | gem "jekyll-relative-links" 6 | gem "html-proofer" 7 | -------------------------------------------------------------------------------- /docs/helm-charts.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Charts 3 | parent: Helm 4 | has_children: true 5 | --- 6 | 7 | This section contains available documentation for charts. 8 | -------------------------------------------------------------------------------- /docs/helm-guides.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Guides 3 | parent: Helm 4 | has_children: true 5 | --- 6 | 7 | This section contains available documentation for charts guides. 8 | -------------------------------------------------------------------------------- /docs/helm-examples.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Examples 3 | parent: Helm 4 | has_children: true 5 | --- 6 | 7 | This section contains available documentation for charts examples. 8 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/tests/values/test_values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | global: 3 | search: 4 | sharedSecret: dummy 5 | alfrescoRegistryPullSecrets: secretsecret 6 | -------------------------------------------------------------------------------- /docs/helm-deployment.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Deployment 3 | parent: Helm 4 | has_children: true 5 | --- 6 | 7 | This section contains available documentation for charts deployment. 8 | -------------------------------------------------------------------------------- /docs/helm/examples/email-enabled.md: -------------------------------------------------------------------------------- 1 | # Documentation moved 2 | 3 | Please now refer to the [alfresco-repository chart 4 | documentation](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/email.md) 5 | -------------------------------------------------------------------------------- /docs/helm/examples/alf_license.md: -------------------------------------------------------------------------------- 1 | # Documentation moved 2 | 3 | Please now refer to the [alfresco-repository chart 4 | documentation](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/enterprise-license.md) 5 | -------------------------------------------------------------------------------- /docs/helm/examples/custom-metadata-keystore.md: -------------------------------------------------------------------------------- 1 | # Documentation moved 2 | 3 | Please now refer to the [alfresco-repository chart 4 | documentation](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/keystores.md) 5 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | schedule: 6 | interval: "weekly" 7 | groups: 8 | github-actions: 9 | patterns: 10 | - "*" 11 | -------------------------------------------------------------------------------- /docker-compose/README.md: -------------------------------------------------------------------------------- 1 | # Alfresco Content Services (ACS) Docker Compose 2 | 3 | Please refer to the [documentation](https://alfresco.github.io/acs-deployment/docs/docker-compose/README.html) for information on the Docker compose file and deployment instructions. 4 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/configmap-idp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: keycloak 5 | labels: {{- include "acs-sso-example.labels" . | nindent 4 }} 6 | data: 7 | KC_HOSTNAME: {{ template "alfresco-common.external.host" . }} 8 | -------------------------------------------------------------------------------- /_sass/color_schemes/alfresco.scss: -------------------------------------------------------------------------------- 1 | $link-color: #3273dc; 2 | $body-font-family: "Inter", sans-serif; 3 | 4 | $font-size-5: 0.88rem; 5 | 6 | .main-content { 7 | color: #212328; 8 | font-weight: 300; 9 | } 10 | 11 | td { 12 | word-wrap: anywhere; 13 | } 14 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/tests/values/externalBroker_values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | global: 3 | search: 4 | sharedSecret: dummy 5 | activemq: 6 | enabled: false 7 | messageBroker: 8 | url: failover:(nio://somebroker:61616) 9 | user: alfresco 10 | password: alfresco 11 | -------------------------------------------------------------------------------- /docs/helm/examples/external-hazelcast_files/hazelcast.yaml: -------------------------------------------------------------------------------- 1 | hazelcast: 2 | javaOpts: -Dhazelcast.config=/data/hazelcast/hazelcast.xml 3 | existingConfigMap: manual-hazelcast-configuration 4 | mancenter: 5 | enabled: true 6 | yaml: 7 | hazelcast-client: 8 | cluster-name: test 9 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/test/configmap-dtas.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dtas.enabled -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: dtas-config 6 | data: 7 | config.json: | 8 | {{- tpl (toYaml .Values.dtas.config) $ | fromYaml | toJson | nindent 4 -}} 9 | {{- end -}} 10 | -------------------------------------------------------------------------------- /.checkov.yml: -------------------------------------------------------------------------------- 1 | framework: 2 | - helm 3 | directory: 4 | - helm/alfresco-content-services 5 | skip-check: 6 | - CKV_K8S_21 7 | - CKV_K8S_20 8 | - CKV_K8S_43 9 | - CKV_K8S_35 10 | - CKV_K8S_31 11 | - CKV_K8S_22 12 | - CKV_K8S_38 13 | - CKV_K8S_15 14 | - CKV_K8S_153 15 | var-file: 16 | - .checkov/helm_vars.yaml 17 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | ## Editor configuration, see http://editorconfig.org 2 | root = true 3 | 4 | [*] 5 | end_of_line = lf 6 | charset = utf-8 7 | trim_trailing_whitespace = true 8 | insert_final_newline = true 9 | indent_style = space 10 | indent_size = 2 11 | 12 | [*.md] 13 | max_line_length = off 14 | trim_trailing_whitespace = false 15 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/secret-mq.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: repository-message-broker 5 | labels: {{- include "acs-sso-example.labels" . | nindent 4 }} 6 | data: 7 | {{- with .Values.activemq.adminUser }} 8 | BROKER_USERNAME: {{ .user | b64enc | quote }} 9 | BROKER_PASSWORD: {{ .password | b64enc | quote }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /docs/helm/examples/external-hazelcast_files/acs-hazelcast.yaml: -------------------------------------------------------------------------------- 1 | alfresco-repository: 2 | replicaCount: 3 3 | config: 4 | repository: 5 | additionalGlobalProperties: 6 | alfresco.hazelcast.embedded: false 7 | alfresco.hazelcast.client.address: hazelcast:5701 8 | alfresco.cluster.name: test 9 | alfresco.cluster.deadNodes.cleaner.inactivePeriodMilliseconds: 6000 10 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/linter_values.yaml: -------------------------------------------------------------------------------- 1 | alfresco-transform-service: 2 | messageBroker: 3 | url: "tcp://activemq:61616" 4 | user: alfresco 5 | password: alfresco 6 | alfresco-ai-transformer: 7 | enabled: true 8 | aws: 9 | accessKeyId: AAAAAAAAAAAAAAAAA 10 | secretAccessKey: ZZZZZZZZZZZZZZZZZ 11 | s3Bucket: somebucket 12 | region: us-east-1 13 | comprehendRoleARN: arn:aws:iam::000000000000:user/comprehend 14 | -------------------------------------------------------------------------------- /.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "2.0.0", 3 | "tasks": [ 4 | { 5 | "label": "helm unittest", 6 | "type": "shell", 7 | "command": "helm unittest --color .", 8 | "problemMatcher": [], 9 | "group": { 10 | "kind": "test", 11 | "isDefault": true 12 | }, 13 | "options": { 14 | "cwd": "helm/alfresco-content-services" 15 | } 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/configmap-share.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: share-repository 5 | labels: {{- include "acs-sso-example.labels" . | nindent 4 }} 6 | data: 7 | {{- with (index .Values "alfresco-repository") }} 8 | {{- $repoCtx := dict "Values" . "Chart" $.Chart "Release" $.Release }} 9 | {{- $reposvc := .service | default dict }} 10 | REPO_HOST: {{ template "alfresco-repository.fullname" $repoCtx }} 11 | REPO_PORT: {{ $reposvc.port | default 80 | quote }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /.checkov/helm_vars.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # General rule here is to skip charts dependencies for checkov analysis 3 | alfresco-search: 4 | alfresco-insight-zeppelin: 5 | insightzeppelin: 6 | enabled: true 7 | alfresco-search-enterprise: 8 | enabled: true 9 | elasticsearch: 10 | enabled: false 11 | alfresco-digital-workspace: 12 | enabled: false 13 | alfresco-admin-app: 14 | enabled: false 15 | postgresql: 16 | enabled: false 17 | alfresco-sync-service: 18 | postgresql: 19 | enabled: false 20 | database: 21 | external: true 22 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.class 2 | 3 | # vim 4 | .*.swp 5 | 6 | # Eclipse 7 | .classpath 8 | .settings 9 | .project 10 | 11 | # Intellij 12 | .idea/ 13 | *.iml 14 | *.iws 15 | 16 | # Mac 17 | .DS_Store 18 | 19 | # Maven 20 | target 21 | *.log 22 | *.log.* 23 | 24 | # Package Files 25 | *.jar 26 | *.war 27 | *.ear 28 | 29 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 30 | hs_err_pid* 31 | 32 | # Helm packages 33 | *.tgz 34 | 35 | # updatecli workflow 36 | alfresco-updatecli 37 | *_merged.yaml 38 | 39 | _site 40 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/secret-mail.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.global.mail.host (or .Values.global.mail.smtp.auth .Values.global.mail.smtps.auth) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: outbound-email 6 | labels: 7 | {{- include "alfresco-content-services.labels" . | nindent 4 }} 8 | data: 9 | {{- $reqMsg := "You have selected authentication to your SMTP server but did not provide a password for it" }} 10 | MAIL_PASSWORD: {{ required $reqMsg .Values.global.mail.password | b64enc | quote }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /helm/acs-sso-example/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | # Do not include Updatecli target matrix 25 | updatecli-matrix-targets.yaml 26 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/secret-audit-elasticsearch.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.global.auditIndex.existingSecretName }} 2 | {{- with .Values.global.auditIndex }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ .secretName }} 7 | labels: 8 | {{- include "alfresco-content-services.labels" $ | nindent 4 }} 9 | type: Opaque 10 | data: 11 | AUDIT_ELASTICSEARCH_USERNAME: {{ .username | default "" | b64enc | quote }} 12 | AUDIT_ELASTICSEARCH_PASSWORD: {{ .password | default "" | b64enc | quote }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/secret-database.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.database.existingSecretName }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.database.secretName }} 6 | labels: 7 | {{- include "alfresco-content-services.labels" . | nindent 4 }} 8 | type: Opaque 9 | data: 10 | DATABASE_USERNAME: {{ .Values.database.user | default .Values.postgresql.auth.username | b64enc | quote }} 11 | DATABASE_PASSWORD: {{ .Values.database.password | default .Values.postgresql.auth.password | b64enc | quote }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /helm/acs-sso-example/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | --- 2 | title: {{ template "chart.name" . }} 3 | parent: Charts 4 | grand_parent: Helm 5 | --- 6 | 7 | {{ template "chart.header" . }} 8 | {{ template "chart.deprecationWarning" . }} 9 | 10 | {{ template "chart.badgesSection" . }} 11 | 12 | {{ template "chart.description" . }} 13 | 14 | {{ template "chart.homepageLine" . }} 15 | 16 | {{ template "chart.maintainersSection" . }} 17 | 18 | {{ template "chart.sourcesSection" . }} 19 | 20 | {{ template "chart.requirementsSection" . }} 21 | 22 | {{ template "chart.valuesSection" . }} 23 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/tests/values/keda.yaml: -------------------------------------------------------------------------------- 1 | keda: 2 | components: 3 | - alfresco-transform-service 4 | alfresco-transform-service: 5 | imagemagick: 6 | autoscaling: 7 | kedaIdleDisabled: true 8 | libreoffice: 9 | autoscaling: 10 | kedaInitialCooldownPeriod: 600 11 | transformmisc: 12 | autoscaling: 13 | kedaPollingInterval: 90 14 | kedaCooldownPeriod: 3600 15 | pdfrenderer: 16 | autoscaling: 17 | minReplicas: 3 18 | tika: 19 | autoscaling: 20 | kedaTargetValue: 50 21 | maxReplicas: 9 22 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/secret-idp.yaml: -------------------------------------------------------------------------------- 1 | {{- if empty (lookup "v1" "Secret" $.Release.Namespace "keycloak") }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: keycloak 6 | labels: {{- include "acs-sso-example.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/resource-policy": keep 9 | data: 10 | {{- with .Values.keycloakx }} 11 | KC_BOOTSTRAP_ADMIN_USERNAME: {{ .admin.username | default "admin" | b64enc | quote }} 12 | KC_BOOTSTRAP_ADMIN_PASSWORD: {{ (.admin.password | default (randAscii 16)) | b64enc | quote }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Helm unit tests 6 | tests 7 | # Common VCS dirs 8 | .git/ 9 | .gitignore 10 | .bzr/ 11 | .bzrignore 12 | .hg/ 13 | .hgignore 14 | .svn/ 15 | # Common backup files 16 | *.swp 17 | *.bak 18 | *.tmp 19 | *.orig 20 | *~ 21 | # Various IDEs 22 | .project 23 | .idea/ 24 | *.tmproj 25 | .vscode/ 26 | # Do not include Updatecli target matrix 27 | updatecli-matrix-targets.yaml 28 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/_helpers-audit.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Get Alfresco Audit Storage URL for testing 3 | */}} 4 | {{- define "alfresco-content-services.audit.serviceName" -}} 5 | {{- with (index .Values "alfresco-audit-storage") }} 6 | {{- if .enabled }} 7 | {{- $aasCtx := dict "Values" . "Chart" $.Chart "Release" $.Release }} 8 | {{- $aasServiceName := include "alfresco-audit-storage.fullname" $aasCtx }} 9 | {{- $aasServicePort := .service.port | toString }} 10 | {{- printf "http://%s:%s" $aasServiceName $aasServicePort }} 11 | {{- end }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/secret-db.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: repository-database 5 | labels: {{- include "acs-sso-example.labels" . | nindent 4 }} 6 | data: 7 | {{- with (index .Values "repository-database") }} 8 | {{- $pgPort := $.Values.global | default dict }} 9 | {{- $pgPort = $pgPort.postgresql | default dict }} 10 | {{- $pgPort = $pgPort.auth | default dict }} 11 | DATABASE_USERNAME: {{ coalesce $pgPort.username .auth.username | b64enc | quote }} 12 | DATABASE_PASSWORD: {{ coalesce $pgPort.password .auth.password | b64enc | quote }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/secret-idp-realm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: keycloak-realm 5 | labels: {{- include "acs-sso-example.labels" . | nindent 4 }} 6 | data: 7 | {{- with .Values.keycloakx.admin.realm }} 8 | {{- range . }} 9 | {{- range .clients }} 10 | {{- $_ := set . "redirectUris" (tpl .redirectUris $ | fromYamlArray) }} 11 | {{- $_ := set . "webOrigins" (tpl .webOrigins $ | fromYamlArray) }} 12 | {{- end }} 13 | {{- printf "%s.json" .id | nindent 2 }}: {{ mustToJson . | b64enc | quote }} 14 | {{- end }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /.github/kics.yml: -------------------------------------------------------------------------------- 1 | exclude-queries: 2 | - 610e266e-6c12-4bca-9925-1ed0cd29742b # Security Opt Not Set 3 | - 27fcc7d6-c49b-46e0-98f1-6c082a6a2750 # No New Privileges Not Set 4 | - d6355c88-1e8d-49e9-b2f2-f8a1ca12c75b # Docker Socket Mounted In Container 5 | - 1c1325ff-831d-43a1-973e-839ae57dfcc0 # Volume Has Sensitive Host Directory 6 | - ce76b7d0-9e77-464d-b86f-c5c48e03e22d # Container Capabilities Unrestricted 7 | - 451d79dc-0588-476a-ad03-3c7f0320abb3 # Container Traffic Not Bound To Host Interface 8 | - 698ed579-b239-4f8f-a388-baa4bcb13ef8 # Healthcheck Not Set 9 | - 8c978947-0ff6-485c-b0c2-0bfca6026466 # Shared Volumes Between Containers 10 | -------------------------------------------------------------------------------- /.github/workflows/pre-commit-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Pre-commit (Docker Compose) 3 | 4 | on: 5 | pull_request: 6 | branches: 7 | - master 8 | - release/** 9 | - next/** 10 | paths: 11 | - docker-compose/** 12 | - .pre-commit-config.yaml 13 | push: 14 | branches: 15 | - master 16 | - release/** 17 | 18 | env: 19 | # https://pre-commit.com/#temporarily-disabling-hooks 20 | SKIP: helm-docs,helm-deps-build,helmlint,checkov 21 | 22 | jobs: 23 | pre_commit: 24 | name: Run pre-commit 25 | runs-on: ubuntu-latest 26 | steps: 27 | - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v12.0.0 28 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/tests/mail_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | suite: test mail features 3 | templates: 4 | - secret-mail.yaml 5 | tests: 6 | - it: should not render a secret by default 7 | values: &testvalues 8 | - values/test_values.yaml 9 | asserts: 10 | - hasDocuments: 11 | count: 0 12 | - it: should not have a secret manifest at all when existingSecretName is set 13 | values: *testvalues 14 | set: 15 | global: 16 | mail: 17 | host: smtp.domain.tld 18 | username: someone 19 | password: somepass 20 | asserts: 21 | - equal: 22 | path: data.MAIL_PASSWORD 23 | value: c29tZXBhc3M= 24 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/secret-sync-database.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (index . "Values" "alfresco-sync-service" "enabled") (not .Values.database.sync.existingSecretName) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.database.sync.secretName }} 6 | labels: 7 | {{- include "alfresco-content-services.labels" . | nindent 4 }} 8 | type: Opaque 9 | data: 10 | {{- with .Values }} 11 | DATABASE_USERNAME: {{ .database.sync.user | default (index . "postgresql-sync" "auth" "username") | b64enc | quote }} 12 | DATABASE_PASSWORD: {{ .database.sync.password | default (index . "postgresql-sync" "auth" "password") | b64enc | quote }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/configmap-repo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: repository-properties 5 | labels: {{- include "acs-sso-example.labels" . | nindent 4 }} 6 | data: 7 | alfresco-global.properties: | 8 | authentication.chain = identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm 9 | identity-service.authentication.enabled = true 10 | identity-service.realm = alfresco 11 | {{- $kCtx := dict "Values" .Values.keycloakx "Chart" .Chart "Release" .Release }} 12 | identity-service.auth-server-url = http://{{ include "keycloak.fullname" $kCtx }}-http{{ .Values.keycloakx.http.relativePath }} 13 | identity-service.enable-basic-auth = true 14 | -------------------------------------------------------------------------------- /helm/acs-sso-example/updatecli-matrix-targets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # This file is meant to be used with updatecli uber-manifest pipeline 3 | # https://github.com/Alfresco/alfresco-updatecli/tree/master/deployments 4 | name: Alfresco SSO example Chart - Updatecli manifest 5 | matrix: 6 | community: 7 | id: ssoExample 8 | acs: 9 | helm_target: &helmvaluesSso >- 10 | helm/acs-sso-example/values.yaml 11 | helm_key: $.alfresco-repository.image.tag 12 | helm_update_appVersion: true 13 | share: 14 | helm_target: *helmvaluesSso 15 | helm_key: $.alfresco-share.image.tag 16 | aca: 17 | helm_target: *helmvaluesSso 18 | helm_key: $.alfresco-content-app.image.tag 19 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/_helpers-message-broker.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Compute the Message broker URL 3 | 4 | Usage: include "alfresco-content-services.mq.url" $ 5 | 6 | */}} 7 | {{- define "alfresco-content-services.mq.url" -}} 8 | {{- if .Values.messageBroker.url }} 9 | {{- .Values.messageBroker.url }} 10 | {{- else if .Values.activemq.enabled }} 11 | {{- $mqCtx := dict "Values" .Values.activemq "Chart" .Chart "Release" .Release }} 12 | {{- printf "failover:(nio://%s-broker:61616)?timeout=3000&jms.useCompression=true" (include "activemq.fullname" $mqCtx) }} 13 | {{- else }} 14 | {{- fail "Disabling in-cluster ActiveMQ requires passing (at least) messageBroker.url" }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/keda/auth-trigger-activemq.yaml: -------------------------------------------------------------------------------- 1 | {{- if has "alfresco-transform-service" .Values.keda.components -}} 2 | --- 3 | apiVersion: keda.sh/v1alpha1 4 | kind: TriggerAuthentication 5 | metadata: 6 | name: {{ printf "%s-activemq-auth-trigger" (include "alfresco-content-services.fullname" .) | trunc 63 | trimSuffix "-" }} 7 | spec: 8 | secretTargetRef: 9 | - parameter: username 10 | name: {{ .Values.messageBroker.existingSecretName | default .Values.messageBroker.secretName }} 11 | key: BROKER_USERNAME 12 | - parameter: password 13 | name: {{ .Values.messageBroker.existingSecretName | default .Values.messageBroker.secretName }} 14 | key: BROKER_PASSWORD 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/configmap-mq.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: repository-message-broker 5 | labels: {{- include "acs-sso-example.labels" . | nindent 4 }} 6 | data: 7 | {{- with .Values.activemq }} 8 | {{- $mqPort := .services | default dict }} 9 | {{- $mqPort = $mqPort.broker | default dict }} 10 | {{- $mqPort = $mqPort.ports| default dict }} 11 | {{- $mqPort = $mqPort.external | default dict }} 12 | {{- $mqPort = $mqPort.openwire | default 61616 }} 13 | {{- $mqCtx := dict "Values" . "Chart" $.Chart "Release" $.Release }} 14 | BROKER_URL: {{ include "alfresco-common.activemq.url.withFailover" (printf "nio://%s-broker:%v" (include "activemq.fullname" $mqCtx) $mqPort) | quote }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /.github/workflows/docs.yml: -------------------------------------------------------------------------------- 1 | name: Publish docs 2 | 3 | permissions: 4 | contents: write 5 | pages: write 6 | id-token: write 7 | 8 | on: 9 | release: 10 | types: 11 | - released 12 | push: 13 | branches: 14 | - master 15 | paths: 16 | - "docs/**" 17 | - ".github/workflows/docs.yml" 18 | pull_request: 19 | branches: 20 | - master 21 | paths: 22 | - "docs/**" 23 | - ".github/workflows/docs.yml" 24 | 25 | jobs: 26 | publish: 27 | uses: Alfresco/jekyll-build-tools/.github/workflows/jekyll-publish.yml@main 28 | with: 29 | working-directory: . 30 | publish: ${{ github.event_name != 'pull_request' }} 31 | validate-html: true 32 | validate-html-args: "--ignore-status-codes 429" 33 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/secret-message-broker.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.messageBroker.existingSecretName }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.messageBroker.secretName }} 6 | labels: 7 | {{- include "alfresco-content-services.labels" . | nindent 4 }} 8 | type: Opaque 9 | data: 10 | {{- if .Values.activemq.enabled }} 11 | {{- with .Values.activemq }} 12 | BROKER_USERNAME: {{ .adminUser.user | b64enc | quote }} 13 | BROKER_PASSWORD: {{ .adminUser.password | b64enc | quote }} 14 | {{- end }} 15 | {{- else }} 16 | {{- with .Values.messageBroker}} 17 | BROKER_USERNAME: {{ .user | default "" | b64enc | quote }} 18 | BROKER_PASSWORD: {{ .password | default "" | b64enc | quote }} 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/configmap-db.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: repository-database 5 | labels: {{- include "acs-sso-example.labels" . | nindent 4 }} 6 | data: 7 | DATABASE_DRIVER: org.postgresql.Driver 8 | {{- with (index .Values "repository-database") }} 9 | {{- $pgPort := $.Values.global | default dict }} 10 | {{- $pgPort = $pgPort | default dict }} 11 | {{- $pgPort = $pgPort.service | default dict }} 12 | {{- $pgPort = $pgPort.ports | default dict }} 13 | {{- $pgPort = coalesce $pgPort.postgresql .primary.service.ports.postgresql 5432 }} 14 | {{- $dbCtx := dict "Values" . "Chart" $.Chart "Release" $.Release }} 15 | DATABASE_URL: {{ printf "jdbc:postgresql://%s:%v/%s" (include "postgresql.v1.primary.fullname" $dbCtx) $pgPort .auth.database | quote }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /helm/acs-sso-example/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: postgresql 3 | repository: oci://registry-1.docker.io/bitnamicharts 4 | version: 13.4.0 5 | - name: keycloakx 6 | repository: https://codecentric.github.io/helm-charts 7 | version: 6.0.0 8 | - name: alfresco-repository 9 | repository: https://alfresco.github.io/alfresco-helm-charts/ 10 | version: 0.12.0 11 | - name: activemq 12 | repository: https://alfresco.github.io/alfresco-helm-charts/ 13 | version: 3.7.0 14 | - name: alfresco-share 15 | repository: https://alfresco.github.io/alfresco-helm-charts/ 16 | version: 1.6.0 17 | - name: alfresco-adf-app 18 | repository: https://alfresco.github.io/alfresco-helm-charts/ 19 | version: 0.3.0 20 | digest: sha256:d846e21c6851740d6b2c644b95d746cca96901c7088b97c18a42aa3f9ed8ae15 21 | generated: "2025-12-16T09:49:00.194015152Z" 22 | -------------------------------------------------------------------------------- /updatecli.d/helm-autodiscovery.yaml: -------------------------------------------------------------------------------- 1 | name: "Helm autodiscovery for charts dependencies" 2 | 3 | autodiscovery: 4 | crawlers: 5 | helm: 6 | # Increment manually because we have custom rules 7 | versionincrement: none 8 | # Tags in values are handled separately via uber-manifest.tpl 9 | ignorecontainer: true 10 | versionfilter: 11 | kind: semver 12 | pattern: '>= 0.0.0-0' 13 | 14 | ignore: 15 | # Skip dependencies we are not interested to bump automatically (testing dependencies) 16 | - path: helm/alfresco-content-services 17 | dependencies: 18 | postgresql: ">=0.0.1" 19 | elasticsearch: ">=0.0.1" 20 | kibana: ">=0.0.1" 21 | - path: helm/acs-sso-example 22 | dependencies: 23 | postgresql: ">=0.0.1" 24 | keycloakx: ">=0.0.1" 25 | -------------------------------------------------------------------------------- /.github/workflows/helm-release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Helm release 3 | 4 | on: 5 | push: 6 | tags: 7 | - v** 8 | 9 | jobs: 10 | publish: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 14 | with: 15 | fetch-depth: 0 16 | 17 | - name: Ensure no dependencies are pre-release versions 18 | run: | 19 | ! grep -e "-alpha" -e "-SNAPSHOT" helm/alfresco-content-services/Chart.yaml 20 | 21 | - name: Publish chart 22 | uses: >- 23 | Alfresco/alfresco-build-tools/.github/actions/dbp-charts/publish-chart@v12.0.0 24 | with: 25 | chart_name: alfresco-content-services 26 | github_token: ${{ secrets.BOT_GITHUB_TOKEN }} 27 | github_username: ${{ secrets.BOT_GITHUB_USERNAME }} 28 | github_email: ${{ secrets.BOT_GITHUB_EMAIL }} 29 | -------------------------------------------------------------------------------- /docs/helm/values/elasticsearch_auth_values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | kibanaEnabled: true 3 | alfresco-repository: 4 | configuration: 5 | search: 6 | existingSecret: 7 | name: &secretName elastic-search-secret 8 | alfresco-audit-storage: 9 | index: 10 | existingSecret: 11 | name: *secretName 12 | alfresco-search-enterprise: 13 | search: 14 | existingSecret: 15 | name: *secretName 16 | elasticsearch: 17 | security: 18 | enabled: true 19 | existingSecret: *secretName 20 | tls: 21 | restEncryption: false 22 | autoGenerated: true 23 | verificationMode: "none" 24 | kibana: 25 | elasticsearch: 26 | security: 27 | auth: 28 | enabled: true 29 | createSystemUser: true 30 | elasticsearchPasswordSecret: *secretName 31 | existingSecret: *secretName 32 | tls: 33 | enabled: false 34 | verificationMode: "none" 35 | -------------------------------------------------------------------------------- /.github/workflows/docker-compose-community.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Docker Compose (Community) 3 | 4 | on: 5 | pull_request: 6 | branches: 7 | - master 8 | - release/** 9 | - next/** 10 | paths: 11 | - docker-compose/community-compose.yaml 12 | - docker-compose/commons/** 13 | - test/postman/docker-compose/** 14 | - .github/workflows/docker-compose-community.yml 15 | push: 16 | branches: 17 | - master 18 | - release/** 19 | 20 | jobs: 21 | compose_community: 22 | name: Docker Compose community 23 | runs-on: ubuntu-latest 24 | steps: 25 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 26 | - uses: >- 27 | Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose@v12.0.0 28 | with: 29 | compose_file_path: docker-compose/community-compose.yaml 30 | postman_path: test/postman/docker-compose 31 | postman_json: acs-test-docker-compose-collection.json 32 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/test/pod-dtas.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dtas.enabled -}} 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: dtas-{{ randAlpha 5 | lower }} 6 | annotations: 7 | "helm.sh/hook": test 8 | labels: 9 | {{- include "alfresco-content-services.labels" . | nindent 4 }} 10 | app.kubernetes.io/component: dtas 11 | spec: 12 | containers: 13 | - name: dtas 14 | image: {{ .Values.dtas.image.repository }}:{{ .Values.dtas.image.tag }} 15 | imagePullPolicy: {{ .Values.dtas.image.pullPolicy }} 16 | args: 17 | - --configuration=/usr/src/dtas/config/config.json 18 | {{- range .Values.dtas.additionalArgs }} 19 | - {{ . }} 20 | {{- end }} 21 | volumeMounts: 22 | - name: config-volume 23 | mountPath: /usr/src/dtas/config 24 | volumes: 25 | - name: config-volume 26 | configMap: 27 | name: dtas-config 28 | restartPolicy: Never 29 | imagePullSecrets: 30 | - name: {{ .Values.global.alfrescoRegistryPullSecrets}} 31 | {{- end -}} 32 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/keda/scaler-prometheus-repo.yaml: -------------------------------------------------------------------------------- 1 | {{- $repoCtx := (dict "Values" (index .Values "alfresco-repository") "Chart" .Chart "Release" .Release) }} 2 | {{- if has (include "alfresco-repository.name" $repoCtx) .Values.keda.components }} 3 | {{- $reqMsg := "KEDA autsocaling for repository is enabled but no prometheus.url is set" }} 4 | --- 5 | apiVersion: keda.sh/v1alpha1 6 | kind: ScaledObject 7 | metadata: 8 | labels: {{- include "alfresco-content-services.labels" $repoCtx | nindent 4 }} 9 | name: {{ template "alfresco-content-services.fullname" $repoCtx }} 10 | spec: 11 | scaleTargetRef: 12 | name: {{ template "alfresco-repository.fullname" $repoCtx }} 13 | triggers: 14 | - type: prometheus 15 | name: alfresco-http-threads 16 | metadata: 17 | serverAddress: {{ required $reqMsg .Values.prometheus.url }} 18 | threshold: {{ $repoCtx.Values.autoscaling.kedaTargetValue | default 170 | quote }} 19 | query: avg(jvm_threads_live_threads-jvm_threads_daemon_threads) 20 | {{- include "alfresco-content-services.keda.scaler.options" $repoCtx.Values | nindent 2 }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/tests/secret-database_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | suite: test database secret manifest 3 | templates: 4 | - secret-database.yaml 5 | tests: 6 | - it: should have secrets set with default values 7 | values: &testvalues 8 | - values/test_values.yaml 9 | asserts: 10 | - equal: 11 | path: data.DATABASE_USERNAME 12 | value: YWxmcmVzY28= 13 | - equal: 14 | path: data.DATABASE_PASSWORD 15 | value: YWxmcmVzY28= 16 | 17 | - it: should not have a secret manifest at all when existingSecretName is set 18 | values: *testvalues 19 | set: 20 | database.existingSecretName: whatever 21 | asserts: 22 | - hasDocuments: 23 | count: 0 24 | 25 | - it: should override credentials when `database.*` are set 26 | values: *testvalues 27 | set: 28 | database: 29 | user: mycustomadmin 30 | password: mycustompassword 31 | asserts: 32 | - equal: 33 | path: data.DATABASE_USERNAME 34 | value: bXljdXN0b21hZG1pbg== 35 | - equal: 36 | path: data.DATABASE_PASSWORD 37 | value: bXljdXN0b21wYXNzd29yZA== 38 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/secret-search.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.global.search.existingSecretName }} 2 | {{- $search_flavor := (include "alfresco-content-services.search.flavor" .) }} 3 | {{- if ne "noindex" $search_flavor }} 4 | {{- with .Values.global.search }} 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: {{ .secretName }} 9 | labels: 10 | {{- include "alfresco-content-services.labels" $ | nindent 4 }} 11 | type: Opaque 12 | data: 13 | {{- if and (eq "solr6" $search_flavor) (eq "secret" .securecomms) }} 14 | {{- $reqMsg := "You have selected 'secret' mode of communication for global.search.securecomms, but did not provide a secret value for global.search.sharedSecret - see https://alfresco.github.io/acs-deployment/docs/helm/desktop-deployment.html" }} 15 | SOLR_SECRET: {{ required $reqMsg .sharedSecret | b64enc | quote }} 16 | {{- else if and (eq "solr6" $search_flavor) (ne "secret" .securecomms) }} 17 | SOLR_SECRET: {{ "" | b64enc | quote }} 18 | {{- else if eq "elasticsearch" $search_flavor }} 19 | SEARCH_USERNAME: {{ .username | default "" | b64enc | quote }} 20 | SEARCH_PASSWORD: {{ .password | default "" | b64enc | quote }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | title: ACS Deployment Documentation 2 | description: User documentation for deploying Alfresco Content Services 3 | theme: just-the-docs 4 | color_scheme: alfresco 5 | 6 | url: https://alfresco.github.io 7 | 8 | aux_links: 9 | Hyland Support: https://support.hyland.com/p/alfresco 10 | Docs: https://docs.alfresco.com/ 11 | GitHub Repository: https://github.com/Alfresco/acs-deployment 12 | 13 | aux_links_new_tab: true 14 | 15 | gh_edit_link: true 16 | gh_edit_link_text: "Improve this page on GitHub" 17 | gh_edit_repository: https://github.com/Alfresco/acs-deployment 18 | gh_edit_branch: master 19 | gh_edit_source: . 20 | gh_edit_view_mode: edit 21 | 22 | logo: "/docs/images/hyland-alfresco-logos.png" 23 | favicon_ico: "/docs/images/favicon.ico" 24 | 25 | defaults: 26 | # apply the default layout to all markdown pages 27 | - scope: 28 | path: "*" 29 | values: 30 | layout: default 31 | render_with_liquid: false 32 | 33 | exclude: 34 | - Brewfile 35 | - '*/ci/*' 36 | - Gemfile 37 | - Gemfile.lock 38 | - '*.yaml' 39 | - '*/Chart.lock' 40 | - '*.tgz' 41 | - '*/NOTES.txt' 42 | - README.md 43 | - LICENSE 44 | 45 | plugins: 46 | - jekyll-relative-links 47 | 48 | mermaid: 49 | version: "10.9.0" 50 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/configmap-share-properties.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: share-properties 5 | labels: {{- include "acs-sso-example.labels" . | nindent 4 }} 6 | data: 7 | share.properties: | 8 | aims.enabled = true 9 | {{- with .Values.keycloakx }} 10 | {{- $kCtx := dict "Values" . "Chart" $.Chart "Release" $.Release }} 11 | aims.realm = {{ index .admin.realm 0 "realm" }} 12 | aims.resource = {{ index .admin.realm 0 "clients" 0 "clientId" }} 13 | aims.publicClient=true 14 | aims.scopes=openid,profile,email 15 | aims.atIssuerAttribute=issuer 16 | aims.authServerUrl = {{ printf "http://%s-http%s" (include "keycloak.fullname" $kCtx) .http.relativePath }} 17 | aims.alwaysRefreshToken=false 18 | aims.enableBasicAuth=true 19 | aims.sslRequired=external 20 | aims.secret= 21 | aims.logoutUri= 22 | aims.postLogoutUrl= 23 | aims.audience= 24 | aims.redirectURI= 25 | aims.logout.post_logout_redirect_uri_label= 26 | aims.logout.post_logout_redirect_uri_value= 27 | aims.logout.client_id_label= 28 | aims.logout.client_id_value= 29 | aims.logout.useIdTokenHint= 30 | aims.shareContext.value= 31 | aims.principalAttribute= 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /.github/workflows/pre-commit-helm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Pre-commit (Helm) 3 | 4 | on: 5 | pull_request: 6 | branches: 7 | - master 8 | - release/** 9 | - next/** 10 | paths: 11 | - helm/** 12 | - test/postman/helm/** 13 | - .github/workflows/pre-commit-helm.yml 14 | - "**.md" 15 | - .pre-commit-config.yaml 16 | push: 17 | branches: 18 | - master 19 | - release/** 20 | 21 | env: 22 | # https://pre-commit.com/#temporarily-disabling-hooks 23 | SKIP: docker-compose-check 24 | 25 | jobs: 26 | pre_commit: 27 | name: Run pre-commit 28 | runs-on: ubuntu-latest 29 | steps: 30 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1 31 | - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v12.0.0 32 | - name: Add dependency chart repos 33 | run: | 34 | for repo in $(yq eval-all \ 35 | '. as $item ireduce ({}; . *+ $item ) | [.dependencies[].repository | select(. == "http*")] | unique | .[]' \ 36 | ./helm/*/Chart.yaml); do repo_name=$(echo "$repo" | awk -F/ '{print $3}') 37 | helm repo add "$repo_name" "$repo" 38 | done 39 | 40 | - name: Run Pre-commit hooks 41 | uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 42 | -------------------------------------------------------------------------------- /.github/workflows/kics.yml: -------------------------------------------------------------------------------- 1 | name: kics 2 | 3 | on: 4 | pull_request: 5 | branches: [master] 6 | paths: 7 | - 'docker-compose/**' 8 | - 'helm/**' 9 | - '.github/workflows/kics.yml' 10 | push: 11 | branches: [master] 12 | paths: 13 | - 'docker-compose/**' 14 | - 'helm/**' 15 | - '.github/workflows/kics.yml' 16 | 17 | permissions: 18 | security-events: write 19 | 20 | jobs: 21 | kics: 22 | runs-on: ubuntu-latest 23 | steps: 24 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 25 | - name: run kics Scan 26 | uses: checkmarx/kics-github-action@63fca4ca72e56edbb5a599ee756e6af1fdb1e785 # v2.1.18 27 | with: 28 | path: 'docker-compose,helm' 29 | ignore_on_exit: results 30 | output_path: report-dir/ 31 | output_formats: 'sarif' 32 | token: ${{ secrets.GITHUB_TOKEN }} 33 | enable_jobs_summary: true 34 | platform_type: 'dockercompose,kubernetes' 35 | disable_secrets: true 36 | config_path: .github/kics.yml 37 | - name: Upload SARIF file 38 | if: github.actor != 'dependabot[bot]' 39 | uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 40 | with: 41 | sarif_file: report-dir/results.sarif 42 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/tests/activemq_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | suite: test ActiveMQ config 3 | templates: 4 | - config-infrastructure.yaml 5 | - secret-message-broker.yaml 6 | tests: 7 | - it: should render default ActiveMQ 8 | values: 9 | - values/test_values.yaml 10 | asserts: 11 | - equal: 12 | path: data.BROKER_URL 13 | value: failover:(nio://RELEASE-NAME-activemq-broker:61616)?timeout=3000&jms.useCompression=true 14 | template: config-infrastructure.yaml 15 | - equal: 16 | path: data.BROKER_USERNAME 17 | value: YWRtaW4= 18 | template: secret-message-broker.yaml 19 | - equal: 20 | path: data.BROKER_PASSWORD 21 | value: YWRtaW4= 22 | template: secret-message-broker.yaml 23 | - it: should render ActiveMQ URL from values 24 | values: 25 | - values/externalBroker_values.yaml 26 | asserts: 27 | - equal: 28 | path: data.BROKER_URL 29 | value: failover:(nio://somebroker:61616) 30 | template: config-infrastructure.yaml 31 | - equal: 32 | path: data.BROKER_USERNAME 33 | value: YWxmcmVzY28= 34 | template: secret-message-broker.yaml 35 | - equal: 36 | path: data.BROKER_PASSWORD 37 | value: YWxmcmVzY28= 38 | template: secret-message-broker.yaml 39 | -------------------------------------------------------------------------------- /docs/docker-compose/examples/with-jconsole.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Accessing JMX metrics with Jconsole 3 | parent: Docker Compose 4 | --- 5 | 6 | # Accessing JMX metrics with Jconsole 7 | 8 | This guide aims to demonstrate how to set up Jconsole to access JMX metrics from 9 | an Alfresco Content Services instance. 10 | 11 | ## Running the Example 12 | 13 | Edit `compose.yaml` and locate the `alfresco` service. Merge the following 14 | snippet into its `environment` and `ports` sections: 15 | 16 | ```yaml 17 | services: 18 | alfresco: 19 | environment: 20 | JAVA_OPTS: >- 21 | -Dcom.sun.management.jmxremote 22 | -Dcom.sun.management.jmxremote.ssl=false 23 | -Dcom.sun.management.jmxremote.authenticate=false 24 | -Dcom.sun.management.jmxremote.port=50500 25 | -Dcom.sun.management.jmxremote.rmi.port=50500 26 | -Dcom.sun.management.jmxremote.local.only=false 27 | -Dalfresco.jmx.connector.enabled=true 28 | -Dalfresco.rmi.services.port=50500 29 | -Djava.rmi.server.hostname=127.0.0.1 30 | ports: 31 | - "50500:50500" 32 | ``` 33 | 34 | Then start the stack: 35 | 36 | ```bash 37 | docker-compose up -d 38 | ``` 39 | 40 | ## Accessing JMX with Jconsole 41 | 42 | When the ACS instance is up and running, you can connect to it using Jconsole 43 | with `localhost:50500` or 44 | `service:jmx:rmi://localhost:50500/jndi/rmi://localhost:50500/jmxrmi` as the 45 | connection string. 46 | -------------------------------------------------------------------------------- /docs/helm/registry-authentication.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Registry authentication 3 | parent: Guides 4 | grand_parent: Helm 5 | --- 6 | 7 | # Private registry authentication 8 | 9 | For pulling images served by a registry that requires authentication, you have 10 | to create a secret which contains the credentials and provide its name in the 11 | `global.alfrescoRegistryPullSecrets` value. 12 | 13 | > Secret should be created in the same namespace where you are going to install ACS 14 | 15 | Create the secret of type `docker-registry` with following command, replacing 16 | `YOUR-USERNAME` and `YOUR-PASSWORD` with your credentials and `YOUR-REGISTRY` 17 | with your private registry hostname: 18 | 19 | ```bash 20 | kubectl -n alfresco create secret docker-registry my-registry-secret --docker-server=YOUR-REGISTRY --docker-username=YOUR-USERNAME --docker-password=YOUR-PASSWORD 21 | ``` 22 | 23 | For the Alfresco Enterprise docker images, you need to have credentials for `quay.io`: 24 | 25 | ```bash 26 | kubectl -n alfresco create secret docker-registry quay-registry-secret --docker-server=quay.io --docker-username=YOUR-USERNAME --docker-password=YOUR-PASSWORD 27 | ``` 28 | 29 | Alternatively, you can also leverage an already configured docker client using the `--from-file` option (this will create a secret containing ALL the credentials you have currently configured): 30 | 31 | ```bash 32 | kubectl -n alfresco create secret generic docker-registry-secrets --from-file=.dockerconfigjson=/your-home/.docker/config.json --type=kubernetes.io/dockerconfigjson 33 | ``` 34 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/_helpers-database.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Compute the repository database URL 3 | 4 | Usage: include "alfresco-content-services.database.repo" $ 5 | 6 | */}} 7 | {{- define "alfresco-content-services.database.repo" -}} 8 | {{- with .Values }} 9 | {{- if and (not .database.url) (not .postgresql.enabled) }} 10 | {{- fail "You must either set database.url or postgresql.enabled" }} 11 | {{- end }} 12 | {{- if .database.url }} 13 | {{- .database.url }} 14 | {{- else }} 15 | {{- $pg_port := .postgresql.primary.service.ports.postgresql | toString }} 16 | {{- printf "postgresql://%s-%s:%s/%s" $.Release.Name .postgresql.nameOverride $pg_port .postgresql.auth.database }} 17 | {{- end }} 18 | {{- end }} 19 | {{- end -}} 20 | 21 | {{/* 22 | Compute the sync-service database URL 23 | 24 | Usage: include "alfresco-content-services.database.sync" $ 25 | 26 | */}} 27 | {{- define "alfresco-content-services.database.sync" -}} 28 | {{- with .Values }} 29 | {{- if and (not .database.sync.url) (not (index . "postgresql-sync" "enabled")) }} 30 | {{- fail "You must either set database.sync.url or postgresql-sync.enabled values" }} 31 | {{- end }} 32 | {{- if .database.sync.url }} 33 | {{- .database.sync.url }} 34 | {{- else }} 35 | {{- $pg_port := index . "postgresql-sync" "primary" "service" "ports" "postgresql" | toString }} 36 | {{- printf "postgresql://%s-%s:%s/%s" $.Release.Name (index . "postgresql-sync" "nameOverride") $pg_port (index . "postgresql-sync" "auth" "database") }} 37 | {{- end }} 38 | {{- end }} 39 | {{- end -}} 40 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | {{ $alfurl := include "alfresco-common.external.url" . }} 3 | 4 | _,,,,_ 5 | .@B@@@@@@EW_ 6 | _;@BBB@m,`T@@@@@@@@W UUh-_ 7 | _0@@@@@@BBBBm`0@@@BBBB ]LLLLU 8 | B@@@@@@@BBBBBW @0BBBBB ]LLLLLL 9 | !R""""P0N0BBBBB @BBBBB",LLLLLLL 10 | _;@BBBBBWw`TBBBB @BBBM_+L"`^^^`` _ 11 | #@@@0BBBBBBBW_TB0 @B^_=^^``````- {@b 12 | [@@@@@@B0BBBBBBW_T " ="=====-``_;B@@@b 13 | 0@@@@@BM"",,,,,,,_ +pppppp@@N@@@@@@E 14 | '@@@P_mBNNNNNNBN",@ Ew`TNNNNNNB@@@@@@" 15 | `0"/BNNNNNNBP`,0N@ 0B@p_TBNNNNNN@@R` 16 | BBBBBBBE`,BNNN@ 0NNB@b,`"MMM^" 17 | !@@@@@@@ ANNNNB@ 0NNNNN@@@BBBN@L 18 | T@@@@@E NNNNNN@L'BNNNNb@@@@@@P 19 | '0@@@@ 0NNBN@@@p_TBNBN@@@@B" 20 | `"" 0@@@@@@@@b,_`"""` 21 | `T0@@@@BP` 22 | 23 | You can access all components of Alfresco Content Services using the same root address, but different paths as follows: 24 | 25 | Content: {{ $alfurl }}/alfresco 26 | Share: {{ $alfurl }}/share 27 | API-Explorer: {{ $alfurl }}/api-explorer 28 | {{- if index .Values "alfresco-digital-workspace" "enabled" }} 29 | Alfresco Digital Workspace: {{ $alfurl }}/workspace/ 30 | {{- end }} 31 | {{- if index .Values "alfresco-search" "ingress" "enabled" }} 32 | Solr: {{ $alfurl }}/solr 33 | {{- end }} 34 | {{- if (index .Values "alfresco-search" "alfresco-insight-zeppelin" "enabled") }} 35 | Zeppelin: {{ $alfurl }}/zeppelin 36 | {{- end }} 37 | {{- if index .Values "alfresco-sync-service" "enabled" }} 38 | Sync service: {{ $alfurl }}/syncservice/healthcheck 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/keda/scaler-activemq-ats-tika.yaml: -------------------------------------------------------------------------------- 1 | {{- if (index .Values "alfresco-transform-service" "enabled") -}} 2 | {{- $atsCtx := (dict "Values" (index .Values "alfresco-transform-service") "Chart" .Chart "Release" .Release) }} 3 | {{- if and $atsCtx.Values.imagemagick.enabled (has (include "alfresco-transform-service.name" $atsCtx) .Values.keda.components) }} 4 | {{- $mqCtx := dict "Values" .Values.activemq "Chart" .Chart "Release" .Release }} 5 | {{- $mqAdminPort := default "8161" (.Values.activemq.services.webConsole.ports).external.webConsole }} 6 | --- 7 | apiVersion: keda.sh/v1alpha1 8 | kind: ScaledObject 9 | metadata: 10 | labels: {{- include "alfresco-content-services.labels" $atsCtx | nindent 4 }} 11 | name: {{ printf "%s-tengine-tika" (include "alfresco-content-services.fullname" $atsCtx) | trunc 63 | trimSuffix "-" }} 12 | spec: 13 | scaleTargetRef: 14 | name: {{ template "alfresco-transform-service.tika.fullname" $atsCtx }} 15 | triggers: 16 | {{- $destQ := "org.alfresco.transform.engine.tika.acs" }} 17 | {{- $targetQSize := $atsCtx.Values.tika.autoscaling.kedaTargetValue | default 10 | toString }} 18 | {{- $triggerOpts:= dict "metadata" (dict "targetQueueSize" $targetQSize "destinationName" $destQ ) }} 19 | {{- range (include "alfresco-content-services.mq.keda.scaler.trigger" . | fromYamlArray) }} 20 | {{- . | mustMerge $triggerOpts | list | toYaml | nindent 4 }} 21 | {{- end }} 22 | {{- include "alfresco-content-services.keda.scaler.options" (index .Values "alfresco-transform-service" "tika") | nindent 2 }} 23 | {{- end }} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /docs/helm/values/letsencrypt_values.yaml: -------------------------------------------------------------------------------- 1 | # Configure all ingresses with the annotation that enables LetsEncrypt 2 | # certificate generation 3 | # see eks-deployment.md#https 4 | alfresco-control-center: 5 | ingress: 6 | annotations: 7 | cert-manager.io/cluster-issuer: letsencrypt-prod 8 | hosts: 9 | - host: ${ACS_HOSTNAME} 10 | paths: 11 | - path: /control-center 12 | pathType: Prefix 13 | tls: 14 | - hosts: 15 | - ${ACS_HOSTNAME} 16 | secretName: letsencrypt-key 17 | alfresco-digital-workspace: 18 | ingress: 19 | annotations: 20 | cert-manager.io/cluster-issuer: letsencrypt-prod 21 | hosts: 22 | - host: ${ACS_HOSTNAME} 23 | paths: 24 | - path: /workspace 25 | pathType: Prefix 26 | tls: 27 | - hosts: 28 | - ${ACS_HOSTNAME} 29 | secretName: letsencrypt-key 30 | alfresco-repository: 31 | ingress: 32 | annotations: 33 | cert-manager.io/cluster-issuer: letsencrypt-prod 34 | hosts: 35 | - host: ${ACS_HOSTNAME} 36 | paths: 37 | - path: / 38 | pathType: Prefix 39 | tls: 40 | - hosts: 41 | - ${ACS_HOSTNAME} 42 | secretName: letsencrypt-key 43 | share: 44 | ingress: 45 | annotations: 46 | cert-manager.io/cluster-issuer: letsencrypt-prod 47 | hosts: 48 | - host: ${ACS_HOSTNAME} 49 | paths: 50 | - path: /share 51 | pathType: ImplementationSpecific 52 | tls: 53 | - hosts: 54 | - ${ACS_HOSTNAME} 55 | secretName: letsencrypt-key 56 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/keda/scaler-activemq-ats-im.yaml: -------------------------------------------------------------------------------- 1 | {{- if (index .Values "alfresco-transform-service" "enabled") -}} 2 | {{- $atsCtx := (dict "Values" (index .Values "alfresco-transform-service") "Chart" .Chart "Release" .Release) }} 3 | {{- if and $atsCtx.Values.imagemagick.enabled (has (include "alfresco-transform-service.name" $atsCtx) .Values.keda.components) }} 4 | {{- $mqCtx := dict "Values" .Values.activemq "Chart" .Chart "Release" .Release }} 5 | {{- $mqAdminPort := default "8161" (.Values.activemq.services.webConsole.ports).external.webConsole }} 6 | --- 7 | apiVersion: keda.sh/v1alpha1 8 | kind: ScaledObject 9 | metadata: 10 | labels: {{- include "alfresco-content-services.labels" $atsCtx | nindent 4 }} 11 | name: {{ printf "%s-tengine-im" (include "alfresco-content-services.fullname" $atsCtx) | trunc 63 | trimSuffix "-" }} 12 | spec: 13 | scaleTargetRef: 14 | name: {{ template "alfresco-transform-service.imagemagick.fullname" $atsCtx }} 15 | triggers: 16 | {{- $destQ := "org.alfresco.transform.engine.imagemagick.acs" }} 17 | {{- $targetQSize := $atsCtx.Values.imagemagick.autoscaling.kedaTargetValue | default 10 | toString }} 18 | {{- $triggerOpts:= dict "metadata" (dict "targetQueueSize" $targetQSize "destinationName" $destQ ) }} 19 | {{- range (include "alfresco-content-services.mq.keda.scaler.trigger" . | fromYamlArray) }} 20 | {{- . | mustMerge $triggerOpts | list | toYaml | nindent 4 }} 21 | {{- end }} 22 | {{- include "alfresco-content-services.keda.scaler.options" (index .Values "alfresco-transform-service" "imagemagick") | nindent 2 }} 23 | {{- end }} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/keda/scaler-activemq-ats-lo.yaml: -------------------------------------------------------------------------------- 1 | {{- if (index .Values "alfresco-transform-service" "enabled") -}} 2 | {{- $atsCtx := (dict "Values" (index .Values "alfresco-transform-service") "Chart" .Chart "Release" .Release) }} 3 | {{- if and $atsCtx.Values.imagemagick.enabled (has (include "alfresco-transform-service.name" $atsCtx) .Values.keda.components) }} 4 | {{- $mqCtx := dict "Values" .Values.activemq "Chart" .Chart "Release" .Release }} 5 | {{- $mqAdminPort := default "8161" (.Values.activemq.services.webConsole.ports).external.webConsole }} 6 | --- 7 | apiVersion: keda.sh/v1alpha1 8 | kind: ScaledObject 9 | metadata: 10 | labels: {{- include "alfresco-content-services.labels" $atsCtx | nindent 4 }} 11 | name: {{ printf "%s-tengine-lo" (include "alfresco-content-services.fullname" $atsCtx) | trunc 63 | trimSuffix "-" }} 12 | spec: 13 | scaleTargetRef: 14 | name: {{ template "alfresco-transform-service.libreoffice.fullname" $atsCtx }} 15 | triggers: 16 | {{- $destQ := "org.alfresco.transform.engine.libreoffice.acs" }} 17 | {{- $targetQSize := $atsCtx.Values.libreoffice.autoscaling.kedaTargetValue | default 10 | toString }} 18 | {{- $triggerOpts:= dict "metadata" (dict "targetQueueSize" $targetQSize "destinationName" $destQ ) }} 19 | {{- range (include "alfresco-content-services.mq.keda.scaler.trigger" . | fromYamlArray) }} 20 | {{- . | mustMerge $triggerOpts | list | toYaml | nindent 4 }} 21 | {{- end }} 22 | {{- include "alfresco-content-services.keda.scaler.options" (index .Values "alfresco-transform-service" "libreoffice") | nindent 2 }} 23 | {{- end }} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/keda/scaler-activemq-ats-misc.yaml: -------------------------------------------------------------------------------- 1 | {{- if (index .Values "alfresco-transform-service" "enabled") -}} 2 | {{- $atsCtx := (dict "Values" (index .Values "alfresco-transform-service") "Chart" .Chart "Release" .Release) }} 3 | {{- if and $atsCtx.Values.imagemagick.enabled (has (include "alfresco-transform-service.name" $atsCtx) .Values.keda.components) }} 4 | {{- $mqCtx := dict "Values" .Values.activemq "Chart" .Chart "Release" .Release }} 5 | {{- $mqAdminPort := default "8161" (.Values.activemq.services.webConsole.ports).external.webConsole }} 6 | --- 7 | apiVersion: keda.sh/v1alpha1 8 | kind: ScaledObject 9 | metadata: 10 | labels: {{- include "alfresco-content-services.labels" $atsCtx | nindent 4 }} 11 | name: {{ printf "%s-tengine-misc" (include "alfresco-content-services.fullname" $atsCtx) | trunc 63 | trimSuffix "-" }} 12 | spec: 13 | scaleTargetRef: 14 | name: {{ template "alfresco-transform-service.transform-misc.fullname" $atsCtx }} 15 | triggers: 16 | {{- $destQ := "org.alfresco.transform.engine.misc.acs" }} 17 | {{- $targetQSize := $atsCtx.Values.transformmisc.autoscaling.kedaTargetValue | default 10 | toString }} 18 | {{- $triggerOpts:= dict "metadata" (dict "targetQueueSize" $targetQSize "destinationName" $destQ ) }} 19 | {{- range (include "alfresco-content-services.mq.keda.scaler.trigger" . | fromYamlArray) }} 20 | {{- . | mustMerge $triggerOpts | list | toYaml | nindent 4 }} 21 | {{- end }} 22 | {{- include "alfresco-content-services.keda.scaler.options" (index .Values "alfresco-transform-service" "transformmisc") | nindent 2 }} 23 | {{- end }} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/keda/scaler-activemq-ats-pdf.yaml: -------------------------------------------------------------------------------- 1 | {{- if (index .Values "alfresco-transform-service" "enabled") -}} 2 | {{- $atsCtx := (dict "Values" (index .Values "alfresco-transform-service") "Chart" .Chart "Release" .Release) }} 3 | {{- if and $atsCtx.Values.imagemagick.enabled (has (include "alfresco-transform-service.name" $atsCtx) .Values.keda.components) }} 4 | {{- $mqCtx := dict "Values" .Values.activemq "Chart" .Chart "Release" .Release }} 5 | {{- $mqAdminPort := default "8161" (.Values.activemq.services.webConsole.ports).external.webConsole }} 6 | --- 7 | apiVersion: keda.sh/v1alpha1 8 | kind: ScaledObject 9 | metadata: 10 | labels: {{- include "alfresco-content-services.labels" $atsCtx | nindent 4 }} 11 | name: {{ printf "%s-tengine-pdfrenderer" (include "alfresco-content-services.fullname" $atsCtx) | trunc 63 | trimSuffix "-" }} 12 | spec: 13 | scaleTargetRef: 14 | name: {{ template "alfresco-transform-service.pdfrenderer.fullname" $atsCtx }} 15 | triggers: 16 | {{- $destQ := "org.alfresco.transform.engine.alfresco-pdf-renderer.acs" }} 17 | {{- $targetQSize := $atsCtx.Values.pdfrenderer.autoscaling.kedaTargetValue | default 10 | toString }} 18 | {{- $triggerOpts:= dict "metadata" (dict "targetQueueSize" $targetQSize "destinationName" $destQ ) }} 19 | {{- range (include "alfresco-content-services.mq.keda.scaler.trigger" . | fromYamlArray) }} 20 | {{- . | mustMerge $triggerOpts | list | toYaml | nindent 4 }} 21 | {{- end }} 22 | {{- include "alfresco-content-services.keda.scaler.options" (index .Values "alfresco-transform-service" "pdfrenderer") | nindent 2 }} 23 | {{- end }} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | --- 2 | title: {{ template "chart.name" . }} 3 | parent: Charts 4 | grand_parent: Helm 5 | --- 6 | 7 | {{ template "chart.header" . }} 8 | {{ template "chart.deprecationWarning" . }} 9 | 10 | {{ template "chart.badgesSection" . }} 11 | 12 | {{ template "chart.description" . }} 13 | 14 | Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for information on the Helm charts and deployment instructions. 15 | 16 | {{ template "chart.homepageLine" . }} 17 | 18 | {{ template "chart.maintainersSection" . }} 19 | 20 | {{ template "chart.sourcesSection" . }} 21 | 22 | {{ template "chart.requirementsSection" . }} 23 | 24 | {{ template "chart.valuesSection" . }} 25 | 26 | Alfresco Content Service will be deployed in a Kubernetes cluster. This cluster 27 | needs a at least 32GB memory to split among below pods: 28 | 29 | * 2 x repository 30 | * 1 x share 31 | * 1 x search 32 | * 2 x pdfrenderer 33 | * 2 x imagemagick 34 | * 2 libreoffice 35 | * 2 tika 36 | * 2 misc 37 | * 1 x postgresql 38 | * 1 activemq 39 | 40 | > Note: this is the default settings but requirements can be lowered by 41 | dropping the `replicaCount` value to 1 for each service. 42 | 43 | Default CPU and memory requirements for each pods are set as low as we think is 44 | reasonable. If you need to tweak the resource allocation you can use the 45 | `resources.limits.cpu` & `resources.limits.memory` for each component of the 46 | platform. Remember that most of them are running in JAVA VM so you might want 47 | to also raise the JVM memory settings (-Xmx) which is possible using pods' 48 | environment variables. 49 | -------------------------------------------------------------------------------- /.github/actions/charts-as-json/action.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: charts_json 3 | inputs: 4 | charts-root: 5 | required: true 6 | description: root directory containing the charts 7 | type: string 8 | outputs: 9 | all: 10 | description: matrix object charts 11 | value: ${{ steps.getcharts.outputs.all }} 12 | app: 13 | description: matrix object apps 14 | value: ${{ steps.getcharts.outputs.app }} 15 | lib: 16 | description: matrix object libs 17 | value: ${{ steps.getcharts.outputs.lib }} 18 | description: Return as JSON string with charts details 19 | runs: 20 | using: composite 21 | steps: 22 | - id: getcharts 23 | name: Get main Charts and parse manifest 24 | env: 25 | YQ_FILTER: > 26 | {"name": .name,"type": .type, "version": .version} | to_json 27 | run: | 28 | for CHART_ROOT in ${{ inputs.charts-root }}/*/; do 29 | CHART=$(basename $CHART_ROOT) 30 | VALUES_FILES=$(find ${{ inputs.charts-root }}/"${CHART}" -type f -name "*values.yaml" ! -name "linter_values.yaml" -maxdepth 1) 31 | VALUES=${VALUES_FILES//${CHART_ROOT}/} 32 | yq e "$YQ_FILTER" "${{ inputs.charts-root }}/${CHART}/Chart.yaml" | \ 33 | jq -c --arg v "${VALUES}" '.values=($v | split("\n"))' > /tmp/outputs_${CHART}.json 34 | done 35 | echo "app=$(jq -sc '{charts:.} | del(.charts[] | select(.type=="library"))' /tmp/outputs_*.json)" >> $GITHUB_OUTPUT 36 | echo "lib=$(jq -sc '{charts:.} | del(.charts[] | select(.type!="library"))' /tmp/outputs_*.json)" >> $GITHUB_OUTPUT 37 | echo "all=$(jq -sc '{charts:.}' /tmp/outputs_*.json)" >> $GITHUB_OUTPUT 38 | shell: bash 39 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | repos: 3 | # General hooks section 4 | - repo: https://github.com/pre-commit/pre-commit-hooks 5 | rev: v5.0.0 6 | hooks: 7 | - id: check-yaml 8 | args: [--allow-multiple-documents] 9 | exclude: (helm/.*/templates)|(updatecli.d/.*-manifest.ya?ml)|(docker-compose/solr6-overrides.yaml) 10 | - id: check-json 11 | - id: check-merge-conflict 12 | - id: fix-byte-order-marker 13 | - id: mixed-line-ending 14 | args: ["--fix=lf"] 15 | - id: end-of-file-fixer 16 | exclude: README.md 17 | # Helm hooks section (excluded in pre-commit-compose workflow) 18 | - repo: https://github.com/norwoodj/helm-docs 19 | rev: v1.14.2 20 | hooks: 21 | - id: helm-docs 22 | - repo: https://github.com/Alfresco/alfresco-build-tools 23 | rev: v8.27.0 24 | hooks: 25 | - id: helm-deps-build 26 | - repo: https://github.com/gruntwork-io/pre-commit 27 | rev: v0.1.30 28 | hooks: 29 | - id: helmlint 30 | - repo: https://github.com/bridgecrewio/checkov.git 31 | rev: 3.2.451 32 | hooks: 33 | - id: checkov 34 | types: [yaml] 35 | args: 36 | - --quiet 37 | - --compact 38 | - --config-file 39 | - .checkov.yaml 40 | # Docker Compose hooks section (excluded in pre-commit-helm workflow) 41 | - repo: https://github.com/IamTheFij/docker-pre-commit 42 | rev: v3.0.1 43 | hooks: 44 | - id: docker-compose-check 45 | files : docker-compose/.*compose.yaml 46 | 47 | - repo: https://github.com/igorshubovych/markdownlint-cli 48 | rev: v0.45.0 49 | hooks: 50 | - id: markdownlint 51 | args: ["--ignore", "helm/**/README.md"] 52 | -------------------------------------------------------------------------------- /test/k6/acs-sso-example.js: -------------------------------------------------------------------------------- 1 | import { browser } from 'k6/browser'; 2 | import { check, sleep } from 'k6'; 3 | 4 | export const options = { 5 | scenarios: { 6 | ui: { 7 | executor: 'shared-iterations', 8 | options: { 9 | browser: { 10 | type: 'chromium', 11 | }, 12 | }, 13 | }, 14 | }, 15 | thresholds: { 16 | 'checks{SSO:loginWithRedir}': ['rate==1'], 17 | }, 18 | }; 19 | 20 | export default async function () { 21 | const page = await browser.newPage(); 22 | let shareSearchBox = null; 23 | let systemSummaryAdmin = null; 24 | let acaToolBar = null; 25 | try { 26 | await page.goto('http://localhost/share'); 27 | 28 | // Enter login credentials 29 | await page.locator('input[name="username"]').type('admin'); 30 | await page.locator('input[name="password"]').type('secret'); 31 | await page.locator('input[type="submit"]').click(); 32 | 33 | // Wait for the page to load the Quicksearch box 34 | shareSearchBox = await page.waitForSelector('#HEADER_SEARCHBOX_FORM_FIELD', { timeout: 15000 }); 35 | 36 | await page.goto('http://localhost/alfresco/s/admin'); 37 | systemSummaryAdmin = await page.waitForSelector('a[title="Summary of general system information"]', { timeout: 3000 }); 38 | 39 | await page.goto('http://localhost/aca'); 40 | acaToolBar = await page.waitForSelector('app-toolbar-menu', { timeout: 5000 }); 41 | } finally { 42 | check(shareSearchBox, { 43 | 'search box is visible': (el) => el !== null, 44 | }, {SSO: "loginWithRedir"}); 45 | check(systemSummaryAdmin, { 46 | 'system summary admin is visible': (el) => el !== null, 47 | }, {SSO: "loginWithRedir"}); 48 | check(acaToolBar, { 49 | 'ACA toolbar is visible': (el) => el !== null, 50 | }, {SSO: "loginWithRedir"}); 51 | await page.close(); 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/community_values.yaml: -------------------------------------------------------------------------------- 1 | # This values file can be used to install the latest ACS Community version using 2 | # the latest version of the chart 3 | alfresco-repository: 4 | autoscaling: 5 | enabled: false 6 | replicaCount: 1 7 | image: 8 | repository: alfresco/alfresco-content-repository-community 9 | tag: 25.3.0 10 | persistence: 11 | accessModes: 12 | - ReadWriteOnce 13 | configuration: 14 | search: 15 | flavor: solr6 16 | activemq: 17 | image: 18 | repository: docker.io/alfresco/alfresco-activemq 19 | tag: 5.18.7-jre17-rockylinux8 20 | alfresco-search-enterprise: 21 | enabled: false 22 | elasticsearch: 23 | enabled: false 24 | share: 25 | image: 26 | repository: alfresco/alfresco-share 27 | tag: 25.3.0 28 | alfresco-search: 29 | enabled: true 30 | searchServicesImage: 31 | repository: alfresco/alfresco-search-services 32 | tag: 2.0.17 33 | # Disable Enterprise only features 34 | alfresco-transform-service: 35 | enabled: true 36 | transformrouter: 37 | enabled: false 38 | pdfrenderer: 39 | replicaCount: 1 40 | image: 41 | repository: alfresco/alfresco-pdf-renderer 42 | imagemagick: 43 | replicaCount: 1 44 | image: 45 | repository: alfresco/alfresco-imagemagick 46 | libreoffice: 47 | replicaCount: 1 48 | image: 49 | repository: alfresco/alfresco-libreoffice 50 | tika: 51 | replicaCount: 1 52 | image: 53 | repository: alfresco/alfresco-tika 54 | transformmisc: 55 | replicaCount: 1 56 | image: 57 | repository: alfresco/alfresco-transform-misc 58 | filestore: 59 | enabled: false 60 | alfresco-digital-workspace: 61 | enabled: false 62 | alfresco-sync-service: 63 | enabled: false 64 | postgresql-sync: 65 | enabled: false 66 | alfresco-ai-transformer: 67 | enabled: false 68 | alfresco-connector-ms365: 69 | enabled: false 70 | alfresco-connector-msteams: 71 | enabled: false 72 | alfresco-audit-storage: 73 | enabled: false 74 | -------------------------------------------------------------------------------- /helm/acs-sso-example/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: acs-sso-example 3 | description: | 4 | An example Chart to demonstrate how to compose your own Alfresco platform 5 | with SSO on kubernetes using a nthrid party Keycloak. 6 | if you're familiar with [Helm](ttps://helm.sh) & 7 | [Kubernetes](https://kubernetes.io) taking a look at the `values.yaml` should 8 | be enough but the principals are also documented in two differents steps: 9 | 10 | * Composing your ACS from individual component charts we provide. 11 | Check the [step by step documentation](./docs/step-by-step-guide.md) 12 | * SSO integration, to add keycloak and configure Alfresco applications 13 | accordingly: [SSO guide](./docs/sso-guide.md) 14 | 15 | > Note: this chart is just an example that can run on a localhost only. 16 | > It ships ACS repo, the repository database, the message broker, the 17 | > Keycloak IdP and front end applications (Share and Content app) & no other 18 | > component. 19 | 20 | :warning: All components have persistence disabled so all data is lost after a 21 | deployment is destroyed or rolled back! 22 | type: application 23 | version: 1.5.0 24 | appVersion: 25.3.0 25 | home: https://www.alfresco.com 26 | sources: 27 | - https://github.com/Alfresco/acs-deployment 28 | dependencies: 29 | - name: postgresql 30 | repository: oci://registry-1.docker.io/bitnamicharts 31 | version: 13.4.0 32 | alias: repository-database 33 | - name: keycloakx 34 | repository: https://codecentric.github.io/helm-charts 35 | version: 6.0.0 36 | - name: alfresco-repository 37 | repository: https://alfresco.github.io/alfresco-helm-charts/ 38 | version: 0.12.0 39 | - name: activemq 40 | repository: https://alfresco.github.io/alfresco-helm-charts/ 41 | version: 3.7.0 42 | - name: alfresco-share 43 | repository: https://alfresco.github.io/alfresco-helm-charts/ 44 | version: 1.6.0 45 | - name: alfresco-adf-app 46 | alias: alfresco-content-app 47 | repository: https://alfresco.github.io/alfresco-helm-charts/ 48 | version: 0.3.0 49 | icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4 50 | -------------------------------------------------------------------------------- /helm/acs-sso-example/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "acs-sso-example.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "acs-sso-example.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "acs-sso-example.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "acs-sso-example.labels" -}} 37 | helm.sh/chart: {{ include "acs-sso-example.chart" . }} 38 | {{ include "acs-sso-example.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "acs-sso-example.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "acs-sso-example.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "acs-sso-example.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "acs-sso-example.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/23.N_values.yaml: -------------------------------------------------------------------------------- 1 | # This values file can be used to install ACS 7.4.x using the latest version of 2 | # the chart 3 | alfresco-repository: 4 | image: 5 | tag: 23.6.0 6 | activemq: 7 | image: 8 | tag: 5.18.7-jre17-rockylinux8 9 | alfresco-transform-service: 10 | transformrouter: 11 | image: 12 | tag: 4.2.3 13 | pdfrenderer: 14 | image: 15 | tag: 5.2.4 16 | imagemagick: 17 | image: 18 | tag: 5.2.4 19 | libreoffice: 20 | image: 21 | tag: 5.2.4 22 | tika: 23 | image: 24 | tag: 5.2.4 25 | transformmisc: 26 | image: 27 | tag: 5.2.4 28 | filestore: 29 | image: 30 | tag: 4.2.3 31 | alfresco-ai-transformer: 32 | image: 33 | tag: 3.2.3 34 | share: 35 | image: 36 | tag: 23.6.0 37 | alfresco-search-enterprise: 38 | liveIndexing: 39 | mediation: 40 | image: 41 | tag: 5.2.1 42 | content: 43 | image: 44 | tag: 5.2.1 45 | metadata: 46 | image: 47 | tag: 5.2.1 48 | path: 49 | image: 50 | tag: 5.2.1 51 | reindexing: 52 | image: 53 | tag: 5.2.1 54 | alfresco-search: 55 | enabled: false 56 | searchServicesImage: 57 | tag: 2.0.17 58 | insightEngineImage: 59 | tag: 2.0.17 60 | alfresco-digital-workspace: 61 | image: 62 | tag: 7.2.0 63 | alfresco-control-center: 64 | image: 65 | tag: 10.2.0 66 | postgresql: 67 | image: 68 | tag: 15.10 69 | postgresql-sync: 70 | image: 71 | tag: 15.10 72 | alfresco-sync-service: 73 | image: 74 | tag: 5.3.0 75 | alfresco-connector-ms365: 76 | image: 77 | tag: 2.0.8 78 | alfresco-connector-msteams: 79 | image: 80 | tag: 2.0.8 81 | alfresco-audit-storage: 82 | image: 83 | tag: 1.2.0 84 | dtas: 85 | config: 86 | assertions: 87 | acs: 88 | version: 23.6.0 89 | modules: 90 | - id: org_alfresco_device_sync_repo 91 | version: 5.3.0 92 | installed: true 93 | - id: org.alfresco.integrations.google.docs 94 | version: 4.1.0 95 | installed: true 96 | - id: alfresco-aos-module 97 | version: 3.4.0 98 | installed: true 99 | -------------------------------------------------------------------------------- /docs/helm/security.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Security 3 | parent: Guides 4 | grand_parent: Helm 5 | --- 6 | 7 | # Security 8 | 9 | This pages focuses on providing information on making a secure ACS installation 10 | via Helm Charts. 11 | 12 | ## Secrets inside values 13 | 14 | When using Helm charts to deploy applications, it is necessary to include 15 | sensitive information, such as passwords and API keys, in the chart's values 16 | file. This is because the values file is used to generate the chart's 17 | configuration templates, which are then used to deploy the application. 18 | 19 | While it may be tempting to include the secrets directly in the values file, 20 | this is not considered a secure practice and should only be done for test 21 | environments. 22 | 23 | For production deployments, there are different solutions that can work for 24 | every Helm chart. Most of them permit encrypting secrets values and decrypting 25 | them on-the-fly only when they are needed. Some of the most commonly used 26 | solutions are: 27 | 28 | * [helm-secrets](https://github.com/jkroepke/helm-secrets) 29 | * [Mozilla SOPS](https://github.com/mozilla/sops) 30 | * [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) 31 | 32 | Reference the autogenerated README.md in each chart to understand which secrets 33 | can be provided using existing Kubernetes Secrets: 34 | 35 | * [alfresco-repository](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/repository-properties.md) 36 | * [activemq](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/activemq/README.md) 37 | * [alfresco-search-enterprise](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-search-enterprise/README.md) 38 | * [alfresco-search](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-search-service/README.md) 39 | * [alfresco-transform-service](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-transform-service/README.md) 40 | * [alfresco-share](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-share/README.md) 41 | * [alfresco-sync-service](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-sync-service/README.md) 42 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "alfresco-content-services.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "alfresco-content-services.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "alfresco-content-services.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "alfresco-content-services.labels" -}} 37 | helm.sh/chart: {{ include "alfresco-content-services.chart" . }} 38 | {{ include "alfresco-content-services.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "alfresco-content-services.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "alfresco-content-services.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "alfresco-content-services.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "alfresco-content-services.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /docker-compose/solr6-overrides.yaml: -------------------------------------------------------------------------------- 1 | # Check documentation below if need help using this file: 2 | # https://github.com/Alfresco/acs-deployment/tree/master/docs/docker-compose#choosing-a-search-engine 3 | services: 4 | alfresco: 5 | environment: 6 | JAVA_OPTS: >- 7 | -Ddb.driver=org.postgresql.Driver 8 | -Ddb.username=alfresco 9 | -Ddb.password=alfresco 10 | -Ddb.url=jdbc:postgresql://postgres:5432/alfresco 11 | -Dsolr.host=solr6 12 | -Dsolr.port=8983 13 | -Dsolr.secureComms=secret 14 | -Dsolr.sharedSecret=secret 15 | -Dsolr.base.url=/solr 16 | -Dindex.subsystem.name=solr6 17 | -Dshare.host=localhost 18 | -Dshare.port=8080 19 | -Dalfresco.host=localhost 20 | -Dalfresco.port=8080 21 | -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos 22 | -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true" 23 | -Ddeployment.method=DOCKER_COMPOSE 24 | -Dtransform.service.enabled=true 25 | -Dtransform.service.url=http://transform-router:8095 26 | -Dsfs.url=http://shared-file-store:8099/ 27 | -DlocalTransform.core-aio.url=http://transform-core-aio:8090/ 28 | -Dcsrf.filter.enabled=false 29 | -Ddsync.service.uris=http://localhost:9090/alfresco 30 | -XX:MinRAMPercentage=50 31 | -XX:MaxRAMPercentage=80 32 | solr6: 33 | image: quay.io/alfresco/search-services:2.0.17 34 | mem_limit: 2g 35 | environment: 36 | # Solr needs to know how to register itself with Alfresco 37 | SOLR_ALFRESCO_HOST: "alfresco" 38 | SOLR_ALFRESCO_PORT: "8080" 39 | # Alfresco needs to know how to call solr 40 | SOLR_SOLR_HOST: "solr6" 41 | SOLR_SOLR_PORT: "8983" 42 | # Create the default alfresco and archive cores 43 | SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive" 44 | # HTTPS or SECRET 45 | ALFRESCO_SECURE_COMMS: "secret" 46 | # SHARED SECRET VALUE 47 | JAVA_TOOL_OPTIONS: >- 48 | -Dalfresco.secureComms.secret=secret 49 | ports: 50 | - "8083:8983" # Browser port 51 | # Disable the default elastcisearch service 52 | search: !reset [] 53 | search-reindexing: !reset [] 54 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/_helpers-ats.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Local transformers config 3 | */}} 4 | {{- define "alfresco-content-services.localTransformConfig" -}} 5 | localTransform.core-aio.url= 6 | localTransform.pdfrenderer.url=http://{{ template "alfresco-transform-service.pdfrenderer.fullname" . }} 7 | localTransform.imagemagick.url=http://{{ template "alfresco-transform-service.imagemagick.fullname" . }} 8 | localTransform.libreoffice.url=http://{{ template "alfresco-transform-service.libreoffice.fullname" . }} 9 | localTransform.tika.url=http://{{ template "alfresco-transform-service.tika.fullname" . }} 10 | localTransform.misc.url=http://{{ template "alfresco-transform-service.transform-misc.fullname" . }} 11 | {{- end -}} 12 | 13 | {{/* 14 | ATS Tengines config 15 | */}} 16 | {{- define "alfresco-content-services.tengineConfig" -}} 17 | alfresco-pdf-renderer.url=http://{{ template "alfresco-transform-service.pdfrenderer.fullname" . }} 18 | img.url=http://{{ template "alfresco-transform-service.imagemagick.fullname" . }} 19 | jodconverter.url=http://{{ template "alfresco-transform-service.libreoffice.fullname" . }} 20 | tika.url=http://{{ template "alfresco-transform-service.tika.fullname" . }} 21 | transform.misc.url=http://{{ template "alfresco-transform-service.transform-misc.fullname" . }} 22 | {{- end -}} 23 | 24 | {{/* 25 | Get Alfresco Content Service configuration for Alfresco Transform Service 26 | */}} 27 | {{- define "alfresco-content-services.atsConfig" -}} 28 | {{- $atsCtx := (dict "Values" (index .Values "alfresco-transform-service") "Chart" $.Chart "Release" $.Release) }} 29 | {{ template "alfresco-content-services.localTransformConfig" $atsCtx }} 30 | {{- if and $atsCtx.Values.filestore.enabled $atsCtx.Values.transformrouter.enabled }} 31 | {{- $routerCtx := (dict "Values" (dict "nameOverride" "router" ) "Chart" .Chart "Release" .Release) }} 32 | {{- $sfsCtx := (dict "Values" (dict "nameOverride" "filestore" ) "Chart" .Chart "Release" .Release) }} 33 | transform.service.url=http://{{ template "alfresco-transform-service.transform-router.fullname" $atsCtx }} 34 | sfs.url=http://{{ template "alfresco-transform-service.filestore.fullname" $atsCtx }} 35 | {{ template "alfresco-content-services.tengineConfig" $atsCtx }} 36 | {{- end }} 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/config-repository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ .Values.config.repository.configMapName }} 5 | labels: 6 | {{- include "alfresco-content-services.labels" . | nindent 4 }} 7 | data: 8 | alfresco-global.properties: | 9 | {{- $alfUrl := include "alfresco-common.external.url" . }} 10 | deployment.method=HELM_CHART 11 | alfresco.host={{ template "alfresco-common.external.host" . }} 12 | alfresco.protocol={{ template "alfresco-common.external.scheme" . }} 13 | alfresco.port={{ template "alfresco-common.external.port" . }} 14 | aos.baseUrlOverwrite={{ $alfUrl }}/alfresco/aos 15 | csrf.filter.origin={{ $alfUrl }} 16 | csrf.filter.referer={{ $alfUrl }}/.* 17 | {{- if .Values.share.enabled }} 18 | share.protocol={{ template "alfresco-common.external.scheme" . }} 19 | share.host={{ template "alfresco-common.external.host" . }} 20 | share.port={{ template "alfresco-common.external.port" . }} 21 | {{- end }} 22 | local.transform.service.enabled={{ index .Values "alfresco-transform-service" "enabled" }} 23 | {{- with (index .Values "alfresco-transform-service") }} 24 | {{- $ats_for_enterprise := and .filestore.enabled .transformrouter.enabled }} 25 | transform.service.enabled={{ and .enabled $ats_for_enterprise }} 26 | {{- end }} 27 | {{- if index .Values "alfresco-transform-service" "enabled" }} 28 | {{- include "alfresco-content-services.atsConfig" . | indent 4 }} 29 | {{- end }} 30 | {{- with .Values.global.mail }} 31 | {{- if .host }} 32 | mail.host={{ .host }} 33 | mail.port={{ .port }} 34 | mail.protocol={{ .protocol }} 35 | mail.smtp.auth={{ .smtp.auth }} 36 | mail.smtps.auth={{ .smtp.auth }} 37 | mail.smtp.starttls.enable={{ .smtp.starttls.enable }} 38 | {{- if or .smtp.auth .smtps.auth }} 39 | mail.username={{ .username }} 40 | {{- end }} 41 | {{- end }} 42 | {{- end }} 43 | {{- if index .Values "alfresco-sync-service" "enabled" }} 44 | dsync.service.uris={{ $alfUrl }}/syncservice 45 | {{- else }} 46 | events.subsystem.autoStart=false 47 | {{- end }} 48 | {{- range $key, $value := .Values.config.repository.additionalGlobalProperties }} 49 | {{ $key }}={{ $value }} 50 | {{- end }} 51 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: alfresco-common 3 | repository: https://alfresco.github.io/alfresco-helm-charts/ 4 | version: 4.0.0 5 | - name: postgres 6 | repository: https://alfresco.github.io/alfresco-helm-charts/ 7 | version: 0.2.0 8 | - name: postgres 9 | repository: https://alfresco.github.io/alfresco-helm-charts/ 10 | version: 0.2.0 11 | - name: alfresco-adf-app 12 | repository: https://alfresco.github.io/alfresco-helm-charts/ 13 | version: 0.3.0 14 | - name: alfresco-adf-app 15 | repository: https://alfresco.github.io/alfresco-helm-charts/ 16 | version: 0.3.0 17 | - name: alfresco-repository 18 | repository: https://alfresco.github.io/alfresco-helm-charts/ 19 | version: 0.12.0 20 | - name: activemq 21 | repository: https://alfresco.github.io/alfresco-helm-charts/ 22 | version: 3.7.0 23 | - name: alfresco-transform-service 24 | repository: https://alfresco.github.io/alfresco-helm-charts/ 25 | version: 2.3.0 26 | - name: alfresco-search-service 27 | repository: https://alfresco.github.io/alfresco-helm-charts/ 28 | version: 5.2.0 29 | - name: alfresco-sync-service 30 | repository: https://alfresco.github.io/alfresco-helm-charts/ 31 | version: 7.4.0 32 | - name: alfresco-search-enterprise 33 | repository: https://alfresco.github.io/alfresco-helm-charts/ 34 | version: 4.7.0 35 | - name: alfresco-connector-msteams 36 | repository: https://alfresco.github.io/alfresco-helm-charts/ 37 | version: 2.3.0 38 | - name: alfresco-share 39 | repository: https://alfresco.github.io/alfresco-helm-charts/ 40 | version: 1.6.0 41 | - name: alfresco-connector-ms365 42 | repository: https://alfresco.github.io/alfresco-helm-charts/ 43 | version: 3.3.0 44 | - name: alfresco-ai-transformer 45 | repository: https://alfresco.github.io/alfresco-helm-charts/ 46 | version: 3.2.0 47 | - name: elastic 48 | repository: https://alfresco.github.io/alfresco-helm-charts/ 49 | version: 0.2.0 50 | - name: alfresco-audit-storage 51 | repository: https://alfresco.github.io/alfresco-helm-charts/ 52 | version: 0.5.0 53 | - name: alfresco-connector-hxi 54 | repository: https://alfresco.github.io/alfresco-helm-charts/ 55 | version: 0.2.0 56 | digest: sha256:26fa1d2d07b34bb538fdd3e7747a09784bae42976cf7815ccc91e1106a9507e4 57 | generated: "2025-12-16T09:50:02.546638267Z" 58 | -------------------------------------------------------------------------------- /.github/workflows/docker-compose-enterprise.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Docker Compose (Enterprise) 3 | 4 | on: 5 | pull_request: 6 | branches: 7 | - master 8 | - release/** 9 | - next/** 10 | paths: 11 | - "! docker-compose/community-docker-compose.yml" 12 | - docker-compose/** 13 | - test/postman/docker-compose/** 14 | - .github/workflows/docker-compose-enterprise.yml 15 | push: 16 | branches: 17 | - master 18 | - release/** 19 | 20 | concurrency: 21 | group: compose-ent-${{ github.head_ref || github.ref_name }} 22 | cancel-in-progress: true 23 | 24 | jobs: 25 | build_vars: 26 | runs-on: ubuntu-latest 27 | outputs: 28 | matrix_json: ${{ steps.eval.outputs.matrix_json }} 29 | steps: 30 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 31 | - name: Evaluate Matrix 32 | id: eval 33 | run: >- 34 | echo "matrix_json=$( 35 | ls -1 docker-compose | 36 | grep -P '^\d+' | 37 | jq -Rn '{"compose_file": [inputs]}' | 38 | jq -c '.compose_file += ["compose.yaml"]' | 39 | jq -c '.compose_file += ["pre-release-compose.yaml"]' 40 | )" >> $GITHUB_OUTPUT 41 | 42 | compose_enterprise: 43 | name: Docker Compose enterprise 44 | needs: build_vars 45 | strategy: 46 | fail-fast: false 47 | matrix: ${{ fromJSON(needs.build_vars.outputs.matrix_json) }} 48 | runs-on: ubuntu-latest 49 | if: >- 50 | github.event_name == 'push' 51 | || ( 52 | ! github.event.pull_request.head.repo.fork 53 | && github.event.pull_request.head.user.login == 'Alfresco' 54 | ) 55 | steps: 56 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 57 | - name: Verify docker-compose 58 | uses: >- 59 | Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose@v12.0.0 60 | timeout-minutes: 10 61 | with: 62 | postman_path: test/postman/docker-compose 63 | postman_json: acs-test-docker-compose-collection.json 64 | compose_file_path: docker-compose/${{ matrix.compose_file }} 65 | quay_username: ${{ secrets.QUAY_USERNAME }} 66 | quay_password: ${{ secrets.QUAY_PASSWORD }} 67 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/keda/_helpers-keda.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Render KEDA trigger for the ActiveMQ scaler 3 | 4 | Usage: include "alfresco-content-services.mq.keda.scaler.trigger" $ 5 | 6 | */}} 7 | {{- define "alfresco-content-services.mq.keda.scaler.trigger" -}} 8 | {{ $ctx := dict "Values" .Values.keda "Chart" .Chart "Release" .Release -}} 9 | {{ $mqCtx := dict "Values" .Values.activemq "Chart" .Chart "Release" .Release -}} 10 | {{ $mqAdminPort := default "8161" (.Values.activemq.services.webConsole.ports).external.webConsole -}} 11 | {{ $hasAllBrokerProps := false }} 12 | {{- with .Values.messageBroker }} 13 | {{ $hasAllBrokerProps = and .webConsole .brokerName }} 14 | {{- end }} 15 | {{- if and (not $hasAllBrokerProps) (not .Values.activemq.enabled) }} 16 | {{- fail "Enabling queue based autoscaling requires to provide the address of the web console and the broker name of your external broker or enable embeded ActiveMQ" }} 17 | {{- end }} 18 | - type: activemq 19 | metadata: 20 | managementEndpoint: {{ .Values.messageBroker.webConsole | default (printf "%s-web-console.%s.svc:%v" (include "activemq.fullname" $mqCtx) .Release.Namespace $mqAdminPort) }} 21 | brokerName: {{ .Values.messageBroker.brokerName | default (include "activemq.fullname" $mqCtx) }} 22 | {{- with .Values.messageBroker }} 23 | restAPITemplate: {{ .restAPITemplate }} 24 | {{- end }} 25 | authenticationRef: 26 | name: {{ printf "%s-activemq-auth-trigger" (include "alfresco-content-services.fullname" $ctx) | trunc 63 | trimSuffix "-" }} 27 | {{- end -}} 28 | 29 | {{/* 30 | Render KEDA scaler options for the ActiveMQ scaler 31 | 32 | Usage: include "alfresco-content-services.keda.scaler.options" $ 33 | 34 | */}} 35 | {{- define "alfresco-content-services.keda.scaler.options" -}} 36 | pollingInterval: {{ .autoscaling.kedaPollingInterval | default 15 }} 37 | initialCooldownPeriod: {{ .autoscaling.kedaInitialCooldownPeriod | default 300 }} 38 | {{- if not .autoscaling.kedaIdleDisabled }} 39 | cooldownPeriod: {{ .autoscaling.kedaCooldownPeriod | default 900 }} 40 | idleReplicaCount: 0 41 | {{- end }} 42 | minReplicaCount: {{ .autoscaling.minReplicas }} 43 | maxReplicaCount: {{ .autoscaling.maxReplicas }} 44 | advanced: 45 | horizontalPodAutoscalerConfig: 46 | behavior: {{- toYaml .autoscaling.behavior | nindent 6 }} 47 | {{- end -}} 48 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/pre-release_values.yaml: -------------------------------------------------------------------------------- 1 | # This values file can be used to install ACS with pre released images using the latest version of 2 | # the chart 3 | alfresco-repository: 4 | image: 5 | tag: 26.1.0-A.1 6 | activemq: 7 | image: 8 | repository: quay.io/alfresco/alfresco-activemq 9 | tag: 5.18.7-jre17-rockylinux8 10 | alfresco-transform-service: 11 | transformrouter: 12 | image: 13 | tag: 4.2.4-A.1 14 | pdfrenderer: 15 | image: 16 | tag: 5.2.5-A.1 17 | imagemagick: 18 | image: 19 | tag: 5.2.5-A.1 20 | libreoffice: 21 | image: 22 | tag: 5.2.5-A.1 23 | tika: 24 | image: 25 | tag: 5.2.5-A.1 26 | transformmisc: 27 | image: 28 | tag: 5.2.5-A.1 29 | filestore: 30 | image: 31 | tag: 4.2.4-A.1 32 | alfresco-ai-transformer: 33 | image: 34 | tag: 3.2.4-A.1 35 | share: 36 | image: 37 | tag: 26.1.0-A.1 38 | alfresco-search: 39 | searchServicesImage: 40 | tag: 2.1.0-A9 41 | insightEngineImage: 42 | tag: 2.1.0-A9 43 | alfresco-search-enterprise: 44 | liveIndexing: 45 | mediation: 46 | image: 47 | tag: 5.2.1 48 | content: 49 | image: 50 | tag: 5.2.1 51 | metadata: 52 | image: 53 | tag: 5.2.1 54 | path: 55 | image: 56 | tag: 5.2.1 57 | reindexing: 58 | image: 59 | tag: 5.2.1 60 | alfresco-digital-workspace: 61 | image: 62 | tag: 7.3.0-19639849786 63 | alfresco-control-center: 64 | image: 65 | tag: 10.3.0-19639849786 66 | postgresql: 67 | image: 68 | tag: 16.5 69 | postgresql-sync: 70 | image: 71 | tag: 16.5 72 | alfresco-sync-service: 73 | image: 74 | tag: 5.3.0-A.5 75 | alfresco-connector-ms365: 76 | image: 77 | tag: 2.0.8-A.2 78 | alfresco-connector-msteams: 79 | image: 80 | tag: 2.0.8-A.2 81 | elasticsearch: 82 | elasticsearch: 83 | image: 84 | tag: 8.17.3 85 | kibana: 86 | image: 87 | tag: 8.17.1 88 | alfresco-audit-storage: 89 | image: 90 | tag: 1.2.0 91 | dtas: 92 | config: 93 | assertions: 94 | acs: 95 | version: 26.1.0 96 | modules: 97 | - id: org.alfresco.integrations.google.docs 98 | version: 4.1.0 99 | installed: true 100 | -------------------------------------------------------------------------------- /.github/workflows/download-trials-release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Release Download trials 3 | 4 | on: 5 | workflow_dispatch: 6 | 7 | env: 8 | DEFAULT_BRANCH_NAME: master 9 | TRIALS_BRANCH_NAME: download-trial 10 | 11 | jobs: 12 | create_pr: 13 | runs-on: ubuntu-latest 14 | permissions: 15 | contents: write 16 | name: Create PR for download trials 17 | steps: 18 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 19 | with: 20 | ref: ${{ env.TRIALS_BRANCH_NAME }} 21 | 22 | - name: Generate Download trial compose files 23 | working-directory: docker-compose 24 | run: | 25 | git fetch --no-tags --depth=1 origin ${{ env.DEFAULT_BRANCH_NAME }}:${{ env.DEFAULT_BRANCH_NAME }} 26 | git restore --source ${{ env.DEFAULT_BRANCH_NAME }} compose.yaml community-compose.yaml commons/ 27 | docker compose -f compose.yaml config -o docker-compose.yml 28 | docker compose -f community-compose.yaml config -o community-docker-compose.yml 29 | 30 | - name: Set Commit Branch Name 31 | id: set_commit_branch_name 32 | run: 33 | echo COMMIT_BRANCH_NAME=download-trial-release-${{ github.run_id }} >> $GITHUB_OUTPUT 34 | 35 | - name: Commit updated compose files 36 | uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0 37 | with: 38 | commit_message: | 39 | 🛠 Update download trial compose files 40 | commit_user_name: ${{ vars.BOT_GITHUB_USERNAME }} 41 | commit_user_email: ${{ vars.BOT_GITHUB_EMAIL }} 42 | branch: ${{ steps.set_commit_branch_name.outputs.COMMIT_BRANCH_NAME }} 43 | create_branch: true 44 | file_pattern: >- 45 | docker-compose/docker-compose.yml 46 | docker-compose/community-docker-compose.yml 47 | 48 | - name: Create Pull Request 49 | env: 50 | GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} 51 | run: >- 52 | gh pr create --title "🛠 Update download trial compose files" 53 | --body "This PR updates the download trial compose files" 54 | --base ${{ env.TRIALS_BRANCH_NAME }} 55 | --head ${{ steps.set_commit_branch_name.outputs.COMMIT_BRANCH_NAME }} 56 | --reviewer Alfresco/alfresco-ops-readiness 57 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/7.4.N_values.yaml: -------------------------------------------------------------------------------- 1 | # This values file can be used to install ACS 7.4.x using the latest version of 2 | # the chart 3 | alfresco-repository: 4 | image: 5 | tag: 7.4.2.5 6 | configuration: 7 | search: 8 | flavor: solr6 9 | activemq: 10 | image: 11 | tag: 5.17.7-jre17-rockylinux8 12 | alfresco-transform-service: 13 | transformrouter: 14 | image: 15 | tag: 4.2.3 16 | pdfrenderer: 17 | image: 18 | tag: 5.2.4 19 | imagemagick: 20 | image: 21 | tag: 5.2.4 22 | libreoffice: 23 | image: 24 | tag: 5.2.4 25 | tika: 26 | image: 27 | tag: 5.2.4 28 | transformmisc: 29 | image: 30 | tag: 5.2.4 31 | filestore: 32 | image: 33 | tag: 4.2.3 34 | alfresco-ai-transformer: 35 | image: 36 | tag: 3.2.3 37 | share: 38 | image: 39 | tag: 7.4.2.5 40 | alfresco-search: 41 | enabled: true 42 | searchServicesImage: 43 | tag: 2.0.17 44 | insightEngineImage: 45 | tag: 2.0.17 46 | alfresco-search-enterprise: 47 | enabled: false 48 | liveIndexing: 49 | mediation: 50 | image: 51 | tag: 3.3.3 52 | content: 53 | image: 54 | tag: 3.3.3 55 | metadata: 56 | image: 57 | tag: 3.3.3 58 | path: 59 | image: 60 | tag: 3.3.3 61 | reindexing: 62 | image: 63 | tag: 3.3.3 64 | elasticsearch: 65 | enabled: false 66 | alfresco-digital-workspace: 67 | image: 68 | tag: 5.0.0 69 | alfresco-control-center: 70 | image: 71 | tag: 8.3.0 72 | postgresql: 73 | image: 74 | tag: 14.10 75 | postgresql-sync: 76 | image: 77 | tag: 14.10 78 | alfresco-sync-service: 79 | image: 80 | tag: 3.11.3 81 | alfresco-connector-ms365: 82 | image: 83 | tag: 2.0.8 84 | alfresco-connector-msteams: 85 | image: 86 | tag: 2.0.8 87 | alfresco-audit-storage: 88 | enabled: false 89 | dtas: 90 | config: 91 | assertions: 92 | acs: 93 | version: 7.4.2 94 | modules: 95 | - id: org_alfresco_device_sync_repo 96 | version: 3.11.3 97 | installed: true 98 | - id: org.alfresco.integrations.google.docs 99 | version: 3.4.2 100 | installed: true 101 | - id: alfresco-aos-module 102 | version: 1.6.2 103 | installed: true 104 | -------------------------------------------------------------------------------- /docs/helm/ingress-nginx.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Ingress guide 3 | parent: Guides 4 | grand_parent: Helm 5 | --- 6 | 7 | # Install ingress-nginx 8 | 9 | We currently support and test only 10 | [ingress-nginx](https://github.com/kubernetes/ingress-nginx). However, our 11 | charts provide flexibility through values such as `.ingress.className` and 12 | `.ingress.annotations`, allowing you to customize the Ingress configuration. If 13 | you prefer to manage Ingress resources yourself, you can set `.ingress.enabled` 14 | to `false` to disable the bundled Ingress resource and provide your own. 15 | 16 | ## Install on a generic Kubernetes cluster 17 | 18 | Install the ingress-nginx controller namespace: 19 | 20 | ```bash 21 | helm upgrade --install ingress-nginx ingress-nginx \ 22 | --repo https://kubernetes.github.io/ingress-nginx \ 23 | --namespace ingress-nginx --create-namespace \ 24 | --version 4.12.0 \ 25 | --set controller.config.allow-snippet-annotations=true \ 26 | --set controller.config.annotations-risk-level=Critical 27 | ``` 28 | 29 | Wait for the ingress-nginx controller: 30 | 31 | ```sh 32 | kubectl wait --namespace ingress-nginx \ 33 | --for=condition=ready pod \ 34 | --selector=app.kubernetes.io/component=controller \ 35 | --timeout=90s 36 | ``` 37 | 38 | Verify the newly created pod under the ingress-nginx namespace: 39 | 40 | ```sh 41 | kubectl get pods --namespace=ingress-nginx 42 | ``` 43 | 44 | More information can be found in the 45 | [ingress-nginx deploy docs](https://kubernetes.github.io/ingress-nginx/deploy/). 46 | 47 | ## Configure file uploads limitations 48 | 49 | The alfresco-repository & alfresco-share Helm charts this chart depends on, come 50 | with settings to limit the maximum size of file uploads and the maximum duration 51 | of a request. These settings are configured using default ingress annotations. 52 | They can be overriden from the umbrella chart (alfresco-content-services) by 53 | setting the following values: 54 | 55 | ```yaml 56 | alfresco-repository:: 57 | ingress: 58 | annotations: 59 | nginx.ingress.kubernetes.io/proxy-body-size: 100m 60 | nginx.ingress.kubernetes.io/proxy-read-timeout: 600 61 | share: 62 | ingress: 63 | annotations: 64 | nginx.ingress.kubernetes.io/proxy-body-size: 100m 65 | nginx.ingress.kubernetes.io/proxy-read-timeout: 600 66 | ``` 67 | 68 | > Above values would limit the uploads to 100 MB files or 10 minutes long 69 | uploads in bith Alfresco repository API & Share UI. 70 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/_helpers-search.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Compute the search "flavor" 3 | 4 | Usage: include "alfresco-content-services.search.flavor" $ 5 | 6 | */}} 7 | {{- define "alfresco-content-services.search.flavor" -}} 8 | {{- with .Values }} 9 | {{- if .global.search.flavor }} 10 | {{- .global.search.flavor }} 11 | {{- else if (index . "alfresco-search-enterprise" "enabled") }} 12 | {{- if eq (index . "alfresco-repository" "configuration" "search" "flavor") "elasticsearch" }} 13 | {{- print "elasticsearch" }} 14 | {{- else if not (index . "alfresco-search" "enabled") }} 15 | {{ fail ".Values.alfresco-repository.search.flavor must be set to elasticsearch" }} 16 | {{- else }} 17 | {{- print "solr6" }}{{/* migration scenario when both engines are enabled */}} 18 | {{- end }} 19 | {{- else if (index . "alfresco-search" "enabled") }} 20 | {{- if eq (index . "alfresco-repository" "configuration" "search" "flavor") "solr6" }} 21 | {{- print "solr6" }} 22 | {{- else }} 23 | {{ fail ".Values.alfresco-repository.search.flavor must be set to solr6" }} 24 | {{- end }} 25 | {{- else }} 26 | {{- print "noindex" }} 27 | {{- end }} 28 | {{- end }} 29 | {{- end -}} 30 | 31 | {{/* 32 | Compute the url for elasticsearch for audit 33 | 34 | Usage: include "alfresco-content-services.audit.elasticsearchUrl" $ 35 | 36 | */}} 37 | {{- define "alfresco-content-services.audit.elasticsearchUrl" -}} 38 | {{- $elasticsearch_audit_url := "" }} 39 | {{- if .Values.global.auditIndex.url }} 40 | {{- $elasticsearch_audit_url = .Values.global.auditIndex.url }} 41 | {{- else }} 42 | {{- with (index .Values "elasticsearch") }} 43 | {{- if .enabled }} 44 | {{- $elasticCtx := dict "Values" . "Chart" $.Chart "Release" $.Release }} 45 | {{- $auditEsHost := include "elastic.es-servicename" $elasticCtx }} 46 | {{- $auditEsPort := 9200 }} 47 | {{- $auditEsProto := "http" }} 48 | {{- $elasticsearch_audit_url = coalesce $.Values.global.auditIndex.url (printf "%s://%s:%v" $auditEsProto $auditEsHost $auditEsPort) }} 49 | {{- else if index $.Values "alfresco-audit-storage" "enabled" }} 50 | {{- fail "Chart is configured to use Alfresco Audit Storage but no index backend has been provided. Set one using either global.auditIndex.url or elasticsearch.enabled" }} 51 | {{- end }} 52 | {{- end }} 53 | {{- end }} 54 | {{- print $elasticsearch_audit_url }} 55 | {{- end -}} 56 | -------------------------------------------------------------------------------- /docs/docker-compose/examples/config/telegraf-overrides.yaml: -------------------------------------------------------------------------------- 1 | services: 2 | alfresco: 3 | environment: 4 | JAVA_OPTS: >- 5 | -Ddb.driver=org.postgresql.Driver 6 | -Ddb.username=alfresco 7 | -Ddb.password=alfresco 8 | -Ddb.url=jdbc:postgresql://postgres:5432/alfresco 9 | -Dindex.subsystem.name=elasticsearch 10 | -Delasticsearch.createIndexIfNotExists=true 11 | -Delasticsearch.host=elasticsearch 12 | -Delasticsearch.port=9200 13 | -Dshare.host=localhost 14 | -Dshare.port=8080 15 | -Dalfresco.host=localhost 16 | -Dalfresco.port=8080 17 | -Dcsrf.filter.enabled=false 18 | -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos 19 | -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true" 20 | -Ddeployment.method=DOCKER_COMPOSE 21 | -Dtransform.service.enabled=true 22 | -Dtransform.service.url=http://transform-router:8095 23 | -Dsfs.url=http://shared-file-store:8099/ 24 | -DlocalTransform.core-aio.url=http://transform-core-aio:8090/ 25 | -Ddsync.service.uris=http://localhost:9090/alfresco 26 | -XX:MinRAMPercentage=50 27 | -XX:MaxRAMPercentage=80 28 | -Dmetrics.enabled=true 29 | -Dmetrics.dbMetricsReporter.enabled=true 30 | -Dmetrics.dbMetricsReporter.query.enabled=true 31 | -Dmetrics.dbMetricsReporter.query.statements.enabled=true 32 | -Dmetrics.jvmMetricsReporter.enabled=true 33 | -Dmetrics.restMetricsReporter.enabled=true 34 | -Dmetrics.restMetricsReporter.path.enabled=true 35 | -Dmetrics.tomcatMetricsReporter.enabled=true 36 | -Dmetrics.authenticationMetricsReporter.enabled=true 37 | -javaagent:/usr/local/tomcat/lib/jolokia-agent-jvm.jar=port=7777,host=0.0.0.0,user=admin,password=admin 38 | ports: 39 | - "7777:7777" 40 | volumes: 41 | - /usr/local/tomcat/alf_data 42 | - ./jolokia-agent-jvm-2.3.0-javaagent.jar:/usr/local/tomcat/lib/jolokia-agent-jvm.jar:ro 43 | influxdb2: 44 | image: influxdb:2 45 | ports: 46 | - 8086:8086 47 | environment: 48 | - DOCKER_INFLUXDB_INIT_MODE=setup 49 | - DOCKER_INFLUXDB_INIT_USERNAME=alfresco 50 | - DOCKER_INFLUXDB_INIT_PASSWORD=alfresco 51 | - DOCKER_INFLUXDB_INIT_ORG=alfresco 52 | - DOCKER_INFLUXDB_INIT_BUCKET=alfresco 53 | - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=influx 54 | telegraf: 55 | image: telegraf:1.34 56 | cap_add: 57 | - NET_RAW 58 | volumes: 59 | - ./telegraf.conf:/etc/telegraf/telegraf.conf:ro 60 | -------------------------------------------------------------------------------- /.github/workflows/helm-static-checks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Helm static checks 3 | on: 4 | pull_request: 5 | branches: 6 | - master 7 | - release/** 8 | - next/** 9 | paths: 10 | - helm/** 11 | - test/postman/helm/** 12 | - .github/workflows/helm* 13 | push: 14 | branches: 15 | - master 16 | - release/** 17 | jobs: 18 | build_vars: 19 | runs-on: ubuntu-latest 20 | outputs: 21 | app_charts: ${{ steps.getcharts.outputs.app }} 22 | lib_charts: ${{ steps.getcharts.outputs.lib }} 23 | steps: 24 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 25 | with: 26 | fetch-depth: 2 27 | - id: getcharts 28 | uses: >- 29 | ./.github/actions/charts-as-json 30 | with: 31 | charts-root: helm 32 | 33 | helm_unit_test: 34 | needs: 35 | - build_vars 36 | strategy: 37 | matrix: ${{ fromJSON(needs.build_vars.outputs.app_charts) }} 38 | runs-on: ubuntu-latest 39 | steps: 40 | - name: Checkout 41 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 42 | - uses: >- 43 | Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@v12.0.0 44 | with: 45 | chart-dir: helm/${{ matrix.charts.name }} 46 | - uses: >- 47 | Alfresco/alfresco-build-tools/.github/actions/helm-plugin@v12.0.0 48 | with: 49 | plugin_url: https://github.com/helm-unittest/helm-unittest 50 | plugin_version: v1.0.0 51 | - name: Run Helm unit tests if present 52 | run: | 53 | if [ -d "helm/${{ matrix.charts.name }}/tests" ]; then helm unittest helm/${{ matrix.charts.name }} 54 | else echo "${{ matrix.charts.name }} chart has no unit tests... skipping." 55 | fi 56 | 57 | helm_yaml_lint: 58 | needs: 59 | - build_vars 60 | strategy: 61 | matrix: ${{ fromJSON(needs.build_vars.outputs.app_charts) }} 62 | runs-on: ubuntu-latest 63 | steps: 64 | - name: Checkout 65 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 66 | - uses: >- 67 | Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@v12.0.0 68 | with: 69 | chart-dir: helm/${{ matrix.charts.name }} 70 | - uses: >- 71 | Alfresco/alfresco-build-tools/.github/actions/helm-template-yamllint@v12.0.0 72 | with: 73 | chart-dir: helm/${{ matrix.charts.name }} 74 | helm-options: >- 75 | --set global.search.sharedSecret=dummy 76 | --set global.search.alfrescoRegistryPullSecrets=dummy 77 | -------------------------------------------------------------------------------- /docs/helm/examples/with-knowledge-retrieval.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: ACS with Knowledge Retrieval instance 3 | parent: Examples 4 | grand_parent: Helm 5 | --- 6 | 7 | # Deploying ACS + Knowledge Retrieval 8 | 9 | This guide demonstrates how to deploy connector for Knowledge Retirieval using 10 | the Alfresco ACS Deployment repository. 11 | 12 | ## Prerequisites 13 | 14 | Ensure you have the following: 15 | 16 | - Helm installed on your system. 17 | - Kubernetes cluster configured and running. 18 | 19 | ## Steps to Deploy 20 | 21 | ### Create a Secret 22 | 23 | Create env file with credentials. Customize the values as needed for your setup. 24 | 25 | ```txt 26 | HX_CLIENT_ID=sc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx 27 | HX_CLIENT_SECRET=yoursecret 28 | HX_ENV_KEY=alfresco-kd-ci-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx 29 | HX_APP_SOURCE_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx 30 | ``` 31 | 32 | Create a Kubernetes secret containing the credentials for Knowledge Retrieval instance 33 | 34 | ```bash 35 | kubectl create secret generic hxi-secrets \ 36 | --namespace=default \ 37 | --from-env-file=hxi.env 38 | ``` 39 | 40 | ### Ingress 41 | 42 | See [ingress-nginx](../ingress-nginx.md) section. 43 | 44 | ### ACS Chart 45 | 46 | See [desktop-deployment](../desktop-deployment.md#acs) section. 47 | 48 | ### Enterprise local values 49 | 50 | Download `local-dev_values.yaml` file as described in 51 | [desktop-deployment](../desktop-deployment.md#enterprise-localhost-deployment) 52 | section. 53 | 54 | ### Understand the Patch File 55 | 56 | The `hxi.yml` patch file defines the configuration for the Knowledge Retrieval. 57 | It includes settings for secrets and URLs required by both the repository and 58 | the live ingester instances. 59 | 60 | ```bash 61 | curl -fO https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/values/hxi.yml 62 | ``` 63 | 64 | ### Deploy the Infrastructure 65 | 66 | Deploy the ACS stack with the appropriate values files. 67 | 68 | > :warning: This example adds the HXI extension to the repository using an init 69 | > container. 70 | > However, a more recommended approach is to bake the extension directly into 71 | > the image. 72 | > For guidance, see our 73 | > [alfresco-dockerfiles-bakery](https://github.com/Alfresco/alfresco-dockerfiles-bakery) 74 | > repository — especially the [simple_modules section](https://github.com/Alfresco/alfresco-dockerfiles-bakery/tree/main/repository/simple_modules). 75 | 76 | ```bash 77 | helm install acs alfresco/alfresco-content-services \ 78 | --set global.known_urls=http://localhost \ 79 | --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ 80 | --values local-dev_values.yaml \ 81 | --values hxi.yaml 82 | ``` 83 | -------------------------------------------------------------------------------- /docs/helm/values/hxi.yml: -------------------------------------------------------------------------------- 1 | config: 2 | repository: 3 | additionalGlobalProperties: 4 | hxi.discovery.base-url: "https://discovery.staging.experience.hyland.com" 5 | hxi.auth.providers.hyland-experience.token-uri: &hxiAuthTokenURI "https://auth.iam.staging.experience.hyland.com/idp/connect/token" 6 | hxi.knowledge-retrieval.url: "https://alfresco-kd-ci-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx.insight.staging.ncp.hyland.com/discovery/agents" 7 | alfresco-repository: 8 | configuration: 9 | repository: 10 | existingSecrets: 11 | - name: &hxiSecretName hxi-secrets # same name as the manually created secret 12 | key: HX_CLIENT_ID 13 | purpose: property:hxi.auth.providers.hyland-experience.client-id 14 | - name: *hxiSecretName 15 | key: HX_CLIENT_SECRET 16 | purpose: property:hxi.auth.providers.hyland-experience.client-secret 17 | - name: *hxiSecretName 18 | key: HX_ENV_KEY 19 | purpose: property:hxi.auth.providers.hyland-experience.environment-key 20 | - name: *hxiSecretName 21 | key: HX_APP_SOURCE_ID 22 | purpose: property:hxi.connector.source-id 23 | extraVolumes: 24 | - name: hxinsight-ext 25 | emptyDir: {} 26 | extraVolumeMounts: 27 | - name: hxinsight-ext 28 | mountPath: /usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-hxinsight-connector-hxinsight-extension.jar 29 | subPath: alfresco-hxinsight-connector-hxinsight-extension.jar 30 | readOnly: true 31 | extraInitContainers: 32 | - name: init-hxinsight-ext 33 | image: busybox:1.37 34 | env: 35 | - name: HXINSIGHT_EXT_VERSION 36 | value: &hxi-version 2.0.2 37 | - name: HXINSIGHT_EXT_NAME 38 | value: alfresco-hxinsight-connector-hxinsight-extension 39 | - name: HXINSIGHT_EXT_URL 40 | value: https://nexus.alfresco.com/nexus/repository/releases/org/alfresco/$(HXINSIGHT_EXT_NAME)/$(HXINSIGHT_EXT_VERSION)/$(HXINSIGHT_EXT_NAME)-$(HXINSIGHT_EXT_VERSION).jar 41 | command: ["sh", "-c", "cd /data && wget -c ${HXINSIGHT_EXT_URL} && cp -f ${HXINSIGHT_EXT_NAME}-${HXINSIGHT_EXT_VERSION}.jar ${HXINSIGHT_EXT_NAME}.jar"] 42 | volumeMounts: 43 | - name: hxinsight-ext 44 | mountPath: /data 45 | alfresco-knowledge-retrieval: 46 | enabled: true 47 | hxi: 48 | hxAuthTokenUrl: *hxiAuthTokenURI 49 | hxInsightIngestionUrl: "https://ingestion-api.insight.staging.ncp.hyland.com/v1" 50 | existingSecret: 51 | name: *hxiSecretName 52 | liveIngester: 53 | image: 54 | repository: quay.io/alfresco/alfresco-hxinsight-connector-live-ingester 55 | tag: *hxi-version 56 | repository: 57 | versionOverride: 25.1.0 58 | -------------------------------------------------------------------------------- /docs/helm/examples/with-ms-teams.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Microsoft Teams Connector 3 | parent: Examples 4 | grand_parent: Helm 5 | --- 6 | 7 | # ACS Helm Deployment with Microsoft Teams Connector 8 | 9 | The [Alfresco Microsoft Teams Connector](https://support.hyland.com/p/alfresco) enables 10 | Microsoft Teams clients to be used to search content within ACS and send 11 | messages to Teams Chat / Channels with preview links to Alfresco Digital 12 | Workspace. By default, this feature is disabled. 13 | 14 | This example describes how to deploy ACS onto [EKS](https://aws.amazon.com/eks) 15 | with Microsoft Teams Integration enabled. 16 | 17 | ## Prerequisites 18 | 19 | Follow the [AWS Services](with-aws-services.md) example up until the 20 | [Deploy](with-aws-services.md#deploy) section and return to this page. 21 | 22 | ## Deploy 23 | 24 | When we bring all this together we can deploy ACS using the command below (replacing all the `YOUR-XZY` properties with the values gathered during the setup of the services): 25 | 26 | ```bash 27 | helm install acs alfresco/alfresco-content-services \ 28 | --set alfresco-repository.persistence.enabled=true \ 29 | --set alfresco-transform-service.filestore.persistence.enabled=true \ 30 | --set alfresco-transform-service.filestore.persistence.storageClass="nfs-client" \ 31 | --set global.known_urls=https://acs.YOUR-DOMAIN-NAME \ 32 | --set global.search.sharedSecret:=$(openssl rand -hex 24) \ 33 | --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ 34 | --set postgresql.enabled=false \ 35 | --set database.external=true \ 36 | --set database.driver="org.postgresql.Driver" \ 37 | --set database.url="jdbc:postgresql://YOUR-DATABASE-ENDPOINT:5432/" \ 38 | --set database.user="alfresco" \ 39 | --set database.password="YOUR-DATABASE-PASSWORD" \ 40 | --set activemq.enabled=false \ 41 | --set messageBroker.url="YOUR-MQ-ENDPOINT" \ 42 | --set messageBroker.user="alfresco" \ 43 | --set messageBroker.password="YOUR-MQ-PASSWORD" \ 44 | --set msTeams.enabled=true \ 45 | --set alfresco-connector-msteams.alfresco.baseUrl="https://acs.YOUR-DOMAIN-NAME:443" \ 46 | --set alfresco-connector-msteams.alfresco.digitalWorkspace.contextPath="/workspace/" \ 47 | --set alfresco-connector-msteams.microsoft.app.id="YOUR-MS-APP-ID" \ 48 | --set alfresco-connector-msteams.microsoft.app.password="YOUR-MS-APP-PWD" \ 49 | --set alfresco-connector-msteams.microsoft.app.oauth.connectionName="alfresco" \ 50 | --set alfresco-connector-msteams.teams.chat.filenameEnabled=true \ 51 | --set alfresco-connector-msteams.teams.chat.metadataEnabled=true \ 52 | --set alfresco-connector-msteams.teams.chat.imageEnabled=true \ 53 | --atomic \ 54 | --timeout 10m0s \ 55 | --namespace=alfresco 56 | ``` 57 | -------------------------------------------------------------------------------- /docs/helm/examples/customisation-guidelines.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Customisation Guidelines 3 | parent: Examples 4 | grand_parent: Helm 5 | --- 6 | 7 | # Customisation Guidelines 8 | 9 | Any customisations (including major configuration changes) should be done 10 | inside the Docker image, resulting in the creation of a new image with a new 11 | tag. This approach allows changes to be tracked in the source code (Dockerfile) 12 | and rolling updates to the deployment in the K8s cluster. 13 | 14 | The helm chart configuration customisation should only include 15 | environment-specific changes (for example DB server connection properties) or 16 | altered Docker image names and tags. The configuration changes applied via 17 | `--set` will only be reflected in the configuration stored in k8s cluster, a 18 | better approach would be to have those in source control i.e. maintain your own 19 | values files. 20 | 21 | ## Creating Custom Docker Images 22 | 23 | The [docker compose Customisation Guide](../../docker-compose/examples/customisation-guidelines.md) provides a 24 | detailed example of how to apply an AMP in a custom image and a more advanced 25 | example of building a custom image with configuration can be found 26 | [here](https://github.com/Alfresco/acs-packaging/blob/master/docs/create-custom-image-using-existing-docker-image.md). 27 | 28 | ## Using Custom Docker Images 29 | 30 | Once you have created your custom image you can either change the default 31 | values in the appropriate values file in [this 32 | folder](https://github.com/Alfresco/acs-deployment/blob/master/helm/alfresco-content-services) or you can override the values 33 | via the `--set` command line option during install as shown below: 34 | 35 | ```bash 36 | helm install alfresco/alfresco-content-services \ 37 | --set alfresco-repository.image.repository="yourRegistry" \ 38 | --set alfresco-repository.image.tag="yourTag" \ 39 | --set share.image.repository="yourRegistry" \ 40 | --set share.image.tag="yourTag" 41 | ``` 42 | 43 | ## Using Images From Multiple Docker Registries 44 | 45 | If you create custom images you may well store them in your private registry 46 | meaning you need to use multiple sets of credentials. 47 | 48 | To achieve this you can login and then create a generic secret using the 49 | `--from-file` option, as shown below. 50 | 51 | ```bash 52 | docker login docker.io 53 | docker login quay.io 54 | kubectl create secret generic my-registry-secrets \ 55 | --from-file=.dockerconfigjson=/your-home/.docker/config.json \ 56 | --type=kubernetes.io/dockerconfigjson -n alfresco 57 | ``` 58 | 59 | You can then provide the secret name via the `--set` option as shown below: 60 | 61 | ```bash 62 | helm install alfresco/alfresco-content-services \ 63 | --set global.alfrescoRegistryPullSecrets=my-registry-secrets ... 64 | ``` 65 | -------------------------------------------------------------------------------- /test/community-integration-test-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | alfresco-repository: 3 | resources: 4 | requests: 5 | cpu: "0.01" 6 | memory: "1024Mi" 7 | limits: 8 | cpu: "2" 9 | memory: "1560Mi" 10 | share: 11 | resources: 12 | requests: 13 | cpu: "0.01" 14 | memory: "256Mi" 15 | limits: 16 | cpu: "2" 17 | memory: "512Mi" 18 | readinessProbe: 19 | initialDelaySeconds: 60 20 | timeoutSeconds: 45 21 | livenessProbe: 22 | initialDelaySeconds: 60 23 | timeoutSeconds: 45 24 | alfresco-search: 25 | resources: 26 | requests: 27 | cpu: "0.01" 28 | memory: "512Mi" 29 | limits: 30 | cpu: "2" 31 | memory: "1280Mi" 32 | alfresco-transform-service: 33 | pdfrenderer: 34 | livenessProbe: 35 | initialDelaySeconds: 30 36 | resources: 37 | requests: 38 | cpu: "0.01" 39 | memory: "256Mi" 40 | limits: 41 | cpu: "2" 42 | memory: "512Mi" 43 | imagemagick: 44 | livenessProbe: 45 | initialDelaySeconds: 30 46 | resources: 47 | requests: 48 | cpu: "0.01" 49 | memory: "256Mi" 50 | limits: 51 | cpu: "2" 52 | memory: "1Gi" 53 | libreoffice: 54 | livenessProbe: 55 | initialDelaySeconds: 30 56 | resources: 57 | requests: 58 | cpu: "0.01" 59 | memory: "512Mi" 60 | limits: 61 | cpu: "2" 62 | memory: "1024Mi" 63 | tika: 64 | livenessProbe: 65 | initialDelaySeconds: 30 66 | resources: 67 | requests: 68 | cpu: "0.01" 69 | memory: "256Mi" 70 | limits: 71 | cpu: "2" 72 | memory: "1Gi" 73 | transformmisc: 74 | livenessProbe: 75 | initialDelaySeconds: 30 76 | resources: 77 | requests: 78 | cpu: "0.01" 79 | memory: "256Mi" 80 | limits: 81 | cpu: "2" 82 | memory: "512Mi" 83 | filestore: 84 | resources: 85 | requests: 86 | cpu: "0.01" 87 | memory: "256Mi" 88 | limits: 89 | cpu: "2" 90 | memory: "512Mi" 91 | # Disable features 92 | postgresql: 93 | primary: 94 | resources: 95 | requests: 96 | cpu: "0.01" 97 | memory: "512Mi" 98 | limits: 99 | cpu: "2" 100 | memory: "1Gi" 101 | alfresco-audit-storage: 102 | enabled: false 103 | dtas: 104 | enabled: true 105 | config: 106 | assertions: 107 | acs: 108 | edition: Community 109 | modules: 110 | - id: org.alfresco.integrations.google.docs 111 | version: 4.1.0 112 | installed: true 113 | - id: alfresco-aos-module 114 | version: 3.3.0 115 | installed: true 116 | adw: null 117 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Thanks for your interest in contributing to this project! 4 | 5 | The following is a set of guidelines for contributing to this library. Most of them will make the life of the reviewer easier and therefore decrease the time required for the patch be included in the next version. 6 | 7 | Because this project forms a part of Alfresco Content Services, the guidelines are hosted in the [Alfresco Social Community](http://community.alfresco.com/community/ecm) where they can be referenced from multiple projects. 8 | 9 | Read an [overview on how this project is governed](https://community.alfresco.com/docs/DOC-6385-project-overview-repository). 10 | 11 | You can also perform the following: 12 | 13 | - Raise issues directly against the project (GitHub bug). Please read the [instructions for a good issue report](https://community.alfresco.com/docs/DOC-6263-reporting-an-issue). 14 | 15 | - Supply pull requests. Please read the [instructions for making a contribution](https://community.alfresco.com/docs/DOC-6269-submitting-contributions). 16 | 17 | Please follow the [coding standards](https://community.alfresco.com/docs/DOC-4658-coding-standards). 18 | 19 | Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 20 | available at [http://contributor-covenant.org/version/1/4][version] 21 | 22 | [homepage]: http://contributor-covenant.org 23 | [version]: http://contributor-covenant.org/version/1/4/ 24 | 25 | ## How to handle pull requests (for maintainers) 26 | 27 | Pull requests for contributing to the helm charts that are coming from forked 28 | repositories, needs to be pushed to the main repository by an user with write 29 | privileges so that integration tests running on EKS can be run successfully (AWS 30 | credentials are not available in the build context otherwise). 31 | 32 | > Make sure to carefully check the pull request code to avoid any [pwn request](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) 33 | 34 | Here follows the procedure to push a new branch on the main repository the code from a forked repository. 35 | 36 | Add the forked repository as an additional remote to your local git: 37 | 38 | ```bash 39 | git remote add $PR_AUTHOR_USERNAME $PR_FORKED_REPO_HTTPS_URL 40 | git fetch $PR_AUTHOR_USERNAME 41 | ``` 42 | 43 | Checkout a new branch and align it to the PR branch (you can see the upstream branch at the top of the PR page): 44 | 45 | ```bash 46 | git checkout -b pr-$PR_NUMBER 47 | git reset --hard $PR_AUTHOR_USERNAME/$PR_BRANCH 48 | ``` 49 | 50 | Optionally rebase to make sure that the branch is aligned with our current master and then push: 51 | 52 | ```bash 53 | git rebase origin/master 54 | git push origin pr-$PR_NUMBER 55 | ``` 56 | 57 | The new workflow triggered will execute helm integration tests as usual using the pull request code. 58 | -------------------------------------------------------------------------------- /docs/helm/values/local-dev_values.yaml: -------------------------------------------------------------------------------- 1 | activemq: 2 | resources: 3 | requests: 4 | cpu: "100m" 5 | memory: "512Mi" 6 | limits: 7 | cpu: "1000m" 8 | memory: "1Gi" 9 | alfresco-repository: 10 | replicaCount: 1 11 | persistence: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | cpu: "0.01" 17 | memory: "1024Mi" 18 | limits: 19 | memory: "1560Mi" 20 | alfresco-transform-service: 21 | transformrouter: 22 | replicaCount: 1 23 | filestore: 24 | resources: 25 | requests: 26 | cpu: "0.01" 27 | memory: "128Mi" 28 | limits: 29 | memory: "512Mi" 30 | replicaCount: 1 31 | pdfrenderer: 32 | resources: 33 | requests: 34 | cpu: "0.01" 35 | memory: "256Mi" 36 | limits: 37 | memory: "512Mi" 38 | replicaCount: 1 39 | imagemagick: 40 | resources: 41 | requests: 42 | cpu: "0.01" 43 | memory: "256Mi" 44 | limits: 45 | memory: "1Gi" 46 | replicaCount: 1 47 | libreoffice: 48 | resources: 49 | requests: 50 | cpu: "0.01" 51 | memory: "512Mi" 52 | limits: 53 | memory: "1024Mi" 54 | replicaCount: 1 55 | tika: 56 | resources: 57 | requests: 58 | cpu: "0.01" 59 | memory: "256Mi" 60 | limits: 61 | memory: "512Mi" 62 | replicaCount: 1 63 | transformmisc: 64 | resources: 65 | requests: 66 | cpu: "0.01" 67 | memory: "256Mi" 68 | limits: 69 | memory: "512Mi" 70 | replicaCount: 1 71 | postgresql: 72 | primary: 73 | resources: 74 | requests: 75 | cpu: "0.1" 76 | memory: "500Mi" 77 | limits: 78 | memory: "500Mi" 79 | alfresco-search: 80 | resources: 81 | requests: 82 | cpu: 0.1 83 | memory: "1000Mi" 84 | limits: 85 | memory: "1500Mi" 86 | alfresco-search-enterprise: 87 | resources: 88 | requests: 89 | cpu: "100m" 90 | memory: "128Mi" 91 | limits: 92 | cpu: "1" 93 | memory: "1Gi" 94 | elasticsearch: 95 | elasticsearch: 96 | resources: 97 | requests: 98 | cpu: "0.1" 99 | memory: "512Mi" 100 | limits: 101 | cpu: "1" 102 | memory: "1Gi" 103 | kibana: 104 | resources: 105 | requests: 106 | cpu: "0.1" 107 | memory: "512Mi" 108 | limits: 109 | cpu: "1" 110 | memory: "1Gi" 111 | share: 112 | resources: 113 | requests: 114 | cpu: "0.01" 115 | memory: "256Mi" 116 | limits: 117 | memory: "512Mi" 118 | alfresco-audit-storage: 119 | resources: 120 | requests: 121 | cpu: "0.01" 122 | memory: "256Mi" 123 | limits: 124 | memory: "512Mi" 125 | alfresco-sync-service: 126 | enabled: false 127 | 128 | global: 129 | alfrescoRegistryPullSecrets: quay-registry-secret 130 | -------------------------------------------------------------------------------- /docker-compose/hxi-overrides.yaml: -------------------------------------------------------------------------------- 1 | services: 2 | alfresco: 3 | image: localhost/alfresco/alfresco-content-repository:latest 4 | environment: 5 | JAVA_OPTS: >- 6 | -Ddb.driver=org.postgresql.Driver 7 | -Ddb.username=alfresco 8 | -Ddb.password=alfresco 9 | -Ddb.url=jdbc:postgresql://postgres:5432/alfresco 10 | -Dindex.subsystem.name=elasticsearch 11 | -Delasticsearch.createIndexIfNotExists=true 12 | -Delasticsearch.host=elasticsearch 13 | -Delasticsearch.port=9200 14 | -Dshare.host=localhost 15 | -Dshare.port=8080 16 | -Dalfresco.host=localhost 17 | -Dalfresco.port=8080 18 | -Dcsrf.filter.enabled=false 19 | -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos 20 | -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true" 21 | -Ddeployment.method=DOCKER_COMPOSE 22 | -Dtransform.service.enabled=true 23 | -Dtransform.service.url=http://transform-router:8095 24 | -Dsfs.url=http://shared-file-store:8099/ 25 | -DlocalTransform.core-aio.url=http://transform-core-aio:8090/ 26 | -Ddsync.service.uris=http://localhost:9090/alfresco 27 | -XX:MinRAMPercentage=50 28 | -XX:MaxRAMPercentage=80 29 | -Dhxi.discovery.base-url=https://discovery.staging.experience.hyland.com 30 | -Dhxi.auth.providers.hyland-experience.token-uri=https://auth.iam.staging.experience.hyland.com/idp/connect/token 31 | -Dhxi.auth.providers.hyland-experience.environment-key=alfresco-kd-ci-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx 32 | -Dhxi.auth.providers.hyland-experience.client-id=sc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx 33 | -Dhxi.auth.providers.hyland-experience.client-secret=your-client-secret 34 | -Dhxi.knowledge-retrieval.url=https://alfresco-kd-ci-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx.insight.staging.ncp.hyland.com/discovery/agents 35 | -Dhxi.connector.source-id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx 36 | knowledge-retrieval: 37 | image: quay.io/alfresco/alfresco-hxinsight-connector-live-ingester:2.0.2 38 | mem_limit: 1536m 39 | environment: 40 | SPRING_ACTIVEMQ_BROKERURL: failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true 41 | ALFRESCO_TRANSFORM_SHAREDFILESTORE_BASEURL: http://shared-file-store:8099 42 | AUTH_PROVIDERS_ALFRESCO_TYPE: basic 43 | ALFRESCO_REPOSITORY_VERSIONOVERRIDE: 25.1.0 44 | AUTH_PROVIDERS_HYLANDEXPERIENCE_TOKENURI: https://auth.iam.staging.experience.hyland.com/idp/connect/token 45 | HYLANDEXPERIENCE_INSIGHT_INGESTION_BASEURL: https://ingestion-api.insight.staging.ncp.hyland.com/v1 46 | AUTH_PROVIDERS_HYLANDEXPERIENCE_CLIENTID: sc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx 47 | AUTH_PROVIDERS_HYLANDEXPERIENCE_CLIENTSECRET: your-client-secret 48 | AUTH_PROVIDERS_HYLANDEXPERIENCE_ENVIRONMENTKEY: alfresco-kd-ci-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx 49 | APPLICATION_SOURCEID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx 50 | ALFRESCO_BULKINGESTER_ENDPOINT: activemq:queue:bulk-ingester-events 51 | LOGGING_LEVEL_ORG_ALFRESCO: DEBUG 52 | SERVER_PORT: '8080' 53 | healthcheck: 54 | test: ["CMD", "curl", "-f", "http://localhost:8080/actuator/health/liveness"] 55 | interval: 10s 56 | timeout: 1s 57 | retries: 3 58 | start_period: 20s 59 | -------------------------------------------------------------------------------- /docs/helm/examples/with-elasticsearch-auth.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: ACS with local elasticsearch cluster with auth enabled 3 | parent: Examples 4 | grand_parent: Helm 5 | --- 6 | 7 | # Deploying Elasticsearch with Kibana and Authentication Enabled 8 | 9 | This guide demonstrates how to deploy Elasticsearch with Kibana and 10 | authentication enabled using the Alfresco ACS Deployment repository. 11 | 12 | > :warning: This example demonstrates how to use an embedded Elasticsearch cluster 13 | > with authentication enabled. However, it is intended for demonstration purposes 14 | > only and is **not recommended for production use**. We strongly advise against using 15 | > an embedded Elasticsearch cluster in production environments. This example is 16 | > provided solely for cases where the embedded setup is specifically needed, such 17 | > as for testing or development scenarios. 18 | 19 | ## Prerequisites 20 | 21 | Ensure you have the following: 22 | 23 | - Helm installed on your system. 24 | - Kubernetes cluster configured and running. 25 | 26 | ## Steps to Deploy 27 | 28 | ### Create a Secret 29 | 30 | Create env file with passwords. Customize the values as needed for your setup. 31 | 32 | ```txt 33 | elastic-user=elastic 34 | elasticsearch-password=alfresco 35 | kibana-password=alfrescokibana 36 | AUDIT_ELASTICSEARCH_USERNAME=elastic 37 | AUDIT_ELASTICSEARCH_PASSWORD=alfresco 38 | SEARCH_USERNAME=elastic 39 | SEARCH_PASSWORD=alfresco 40 | ``` 41 | 42 | Create a Kubernetes secret containing the credentials for Elasticsearch and 43 | Kibana using created env file. 44 | 45 | ```bash 46 | kubectl create secret generic elastic-search-secret \ 47 | --namespace=default \ 48 | --from-env-file=elastic.env 49 | ``` 50 | 51 | ### Ingress 52 | 53 | See [ingress-nginx](../ingress-nginx.md) section. 54 | 55 | ### ACS Chart 56 | 57 | See [desktop-deployment](../desktop-deployment.md#acs) section. 58 | 59 | ### Enterprise local values 60 | 61 | Download `local-dev_values.yaml` file as described in 62 | [desktop-deployment](../desktop-deployment.md#enterprise-localhost-deployment) 63 | section. 64 | 65 | ### Understand the Patch File 66 | 67 | Patch file `elasticsearch_auth_values.yaml` defines the configuration for 68 | enabling authentication and integrating Elasticsearch and Kibana with the 69 | Alfresco deployment. Update the patch file to match your requirements if 70 | necessary. 71 | 72 | ```bash 73 | curl -fO https://raw.githubusercontent.com/Alfresco/acs-deployment/master/docs/helm/values/elasticsearch_auth_values.yaml 74 | ``` 75 | 76 | ### Deploy the Infrastructure 77 | 78 | Deploy the ACS stack with the appropriate values files. 79 | 80 | ```bash 81 | helm install acs alfresco/alfresco-content-services \ 82 | --set global.known_urls=http://localhost \ 83 | --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ 84 | --values local-dev_values.yaml \ 85 | --values elasticsearch_auth_values.yaml 86 | ``` 87 | 88 | ## Accessing Kibana 89 | 90 | After the deployment is successful: 91 | 92 | 1. Open your browser and navigate to: `http://localhost/kibana` 93 | 94 | 2. Use the credentials specified in the secret to log in. 95 | 96 | - **Username**: elastic 97 | - **Password**: alfresco 98 | 99 | You should now have access to Kibana with Elasticsearch authentication enabled. 100 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.yml: -------------------------------------------------------------------------------- 1 | name: Bug Report 2 | description: Alfresco Content Service deployment issue 3 | body: 4 | - type: markdown 5 | attributes: 6 | value: | 7 | Please use this template to report issues in this repository. 8 | This helps us to process your issue faster. Remember we are not mind readers, so 9 | the more information you provide the better. 10 | Failure to provide the requested information may result in delays in answering 11 | your issue or even in closing it without further notice. 12 | - type: checkboxes 13 | id: tool 14 | validations: 15 | required: true 16 | attributes: 17 | label: What tool(s) are you facing an issue with? 18 | description: Select all that apply. 19 | options: 20 | - label: Docker Compose 21 | - label: Alfresco Content Service Helm Chart 22 | - label: ACS SSO example Helm Chart 23 | - type: input 24 | id: version 25 | validations: 26 | required: false 27 | attributes: 28 | label: What version of Alfresco Content Service deployment tool are you using? 29 | description: Please provide the version number (check the tags if unsure). 30 | placeholder: "9.5.1" 31 | - type: checkboxes 32 | id: edition 33 | validations: 34 | required: true 35 | attributes: 36 | label: Does the issue affect the Community or Enterprise edition? 37 | description: Select all that apply. 38 | options: 39 | - label: Alfresco Content Service Community Edition 40 | - label: Alfresco Content Service Enterprise Edition 41 | - type: dropdown 42 | id: issueType 43 | validations: 44 | required: true 45 | attributes: 46 | label: What type of issue are you reporting? 47 | description: Select one option. 48 | options: 49 | - Bug 50 | - Feature Request 51 | - Documentation Issue 52 | - type: textarea 53 | id: issueDescription 54 | validations: 55 | required: true 56 | min_length: 20 57 | attributes: 58 | label: Description 59 | description: Please provide a clear and concise description of the issue you are facing. 60 | placeholder: "E.g. I followed the instructions in the README to deploy Alfresco Content Service using Helm, but the deployment fails with the error 'X'." 61 | - type: textarea 62 | id: stepsToReproduce 63 | validations: 64 | required: true 65 | min_length: 20 66 | attributes: 67 | label: Steps to Reproduce 68 | description: Please provide a step-by-step description of how to reproduce the issue. 69 | placeholder: "E.g. 1. Clone the repository. 2. Navigate to the helm directory. 3. Run 'helm install ...'." 70 | - type: textarea 71 | id: expectedBehavior 72 | validations: 73 | required: true 74 | min_length: 10 75 | attributes: 76 | label: Expected Behavior 77 | description: Please describe what you expected to happen. 78 | placeholder: "E.g. The Helm chart should deploy Alfresco Content Service successfully without errors." 79 | - type: textarea 80 | id: actualBehavior 81 | validations: 82 | required: true 83 | min_length: 10 84 | attributes: 85 | label: Actual Behavior 86 | description: Please describe what actually happened. 87 | placeholder: "E.g. The deployment fails with the error 'X'." 88 | -------------------------------------------------------------------------------- /docs/helm/kind-deployment.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Kind 3 | parent: Deployment 4 | grand_parent: Helm 5 | --- 6 | 7 | # Alfresco Content Services Helm Deployment on KinD cluster 8 | 9 | This page describe how to get ACS up and running on a [Kubernetes In 10 | Docker](https://kind.sigs.k8s.io/) (KinD) cluster. 11 | 12 | KinD is better suited to run helm workloads inside CI environments but works 13 | well also for local development because it just requires a working Docker 14 | server. 15 | 16 | ## Prerequisites 17 | 18 | - Docker installed on your machine (Docker Desktop, Rancher Desktop, Podman and similar) 19 | - Kubernetes CLI (kubectl) installed on your machine 20 | - Helm CLI installed on your machine 21 | 22 | ## Step 1: Install Kind 23 | 24 | Take a look to the [KinD 25 | quickstart](https://kind.sigs.k8s.io/docs/user/quick-start/) to learn how to 26 | install the binary cli on your machine and to learn briefly the main commands 27 | that you can run. 28 | 29 | ## Step 2: Create a Kind Cluster 30 | 31 | Run the following command to create a Kind cluster: 32 | 33 | ```shell 34 | cat <- 78 | /usr/local/tomcat/webapps/share/WEB-INF/classes/share-config.properties 79 | subPath: share.properties 80 | ``` 81 | 82 | ### Digital Workspace and Control Center config 83 | 84 | Set the following values: 85 | 86 | ```yaml 87 | alfresco-digital-workspace: 88 | env: 89 | APP_CONFIG_AUTH_TYPE: OAUTH 90 | APP_CONFIG_OAUTH2_HOST: https://ids.example.com/realms/YOUR-REALM 91 | APP_CONFIG_OAUTH2_CLIENTID: YOUR-CLIENT-ID 92 | alfresco-control-center: 93 | env: 94 | APP_CONFIG_AUTH_TYPE: OAUTH 95 | APP_CONFIG_OAUTH2_HOST: https://ids.example.com/realms/YOUR-REALM 96 | APP_CONFIG_OAUTH2_CLIENTID: YOUR-CLIENT-ID 97 | ``` 98 | 99 | Please search the [Alfresco Products Official Documentation][alfresco-docs-site] 100 | for more configuration options. 101 | 102 | [alfresco-docs-site]: https://support.hyland.com/r/alfresco 103 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/tests/config-repository_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | suite: test config-repository manifest 3 | templates: 4 | - config-repository.yaml 5 | tests: 6 | - it: should have global properties rendered with default value for CSRF and baseUrl 7 | values: &testvalues 8 | - values/test_values.yaml 9 | template: config-repository.yaml 10 | asserts: 11 | - matchRegex: 12 | path: &alfglob data["alfresco-global.properties"] 13 | pattern: >- 14 | \n *aos\.baseUrlOverwrite=https://localhost/alfresco/aos 15 | - matchRegex: 16 | path: *alfglob 17 | pattern: >- 18 | \n *csrf\.filter\.origin=https://localhost 19 | - matchRegex: 20 | path: *alfglob 21 | pattern: >- 22 | \n *csrf\.filter\.referer=https://localhost/\.\* 23 | - matchRegex: 24 | path: *alfglob 25 | pattern: >- 26 | \n *share.port=443 27 | - matchRegex: 28 | path: *alfglob 29 | pattern: >- 30 | \n *share.protocol=https 31 | - matchRegex: 32 | path: *alfglob 33 | pattern: >- 34 | \n *share.host=localhost 35 | 36 | - it: should have global properties urls rendered as per known_urls & without Share config 37 | values: *testvalues 38 | set: 39 | share: 40 | enabled: false 41 | global: 42 | known_urls: 43 | - https://myecm.domain.tld:8443 44 | template: config-repository.yaml 45 | asserts: 46 | - matchRegex: 47 | path: *alfglob 48 | pattern: >- 49 | \n *aos\.baseUrlOverwrite=https://myecm.domain.tld:8443/alfresco/aos 50 | - matchRegex: 51 | path: *alfglob 52 | pattern: >- 53 | \n *csrf\.filter\.origin=https://myecm.domain.tld:8443 54 | - matchRegex: 55 | path: *alfglob 56 | pattern: >- 57 | \n *csrf\.filter\.referer=https://myecm.domain.tld:8443/\.\* 58 | - matchRegex: 59 | path: *alfglob 60 | pattern: >- 61 | \n *alfresco.port=8443 62 | - matchRegex: 63 | path: *alfglob 64 | pattern: >- 65 | \n *alfresco.protocol=https 66 | - matchRegex: 67 | path: *alfglob 68 | pattern: >- 69 | \n *alfresco.host=myecm.domain.tld 70 | - notMatchRegex: 71 | path: *alfglob 72 | pattern: share.port= 73 | - notMatchRegex: 74 | path: *alfglob 75 | pattern: share.protocol= 76 | - notMatchRegex: 77 | path: *alfglob 78 | pattern: share.host= 79 | 80 | # - it: should have ALFRESCO_OPTS and CATALINA_OPTS when mail values are set 81 | # values: *testvalues 82 | # set: 83 | # mail: 84 | # host: smtp.example.com 85 | # password: smtpPassword 86 | # port: 25 87 | # asserts: 88 | # - matchRegex: 89 | # path: *alfglob 90 | # pattern: >- 91 | # \n *mail\.host=smtp\.example\.com 92 | # template: config-repository.yaml 93 | # - matchRegex: 94 | # path: *alfglob 95 | # pattern: >- 96 | # \n *mail\.port=25 97 | # template: config-repository.yaml 98 | # - matchRegex: 99 | # path: data.CATALINA_OPTS 100 | # pattern: >- 101 | # \n *mail\.password=\$MAIL_PASSWORD 102 | # template: config-repository.yaml 103 | # 104 | # - it: should have CATALINA_OPTS with mail.password set when existing secret name is provided 105 | # values: *testvalues 106 | # set: 107 | # mail: 108 | # host: smtp.example.com 109 | # existingSecretName: existing 110 | # asserts: 111 | # - matchRegex: 112 | # path: *alfglob 113 | # pattern: >- 114 | # \n *mail\.password=\$MAIL_PASSWORD 115 | # template: config-repository.yaml 116 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Note: The Helm chart from github.com is a limited trial of the Enterprise 2 | # version of Alfresco Content Services which goes read-only after 2-days. 3 | # Request an extended 30-day trial at 4 | # https://www.alfresco.com/platform/content-services-ecm/trial/download 5 | apiVersion: v2 6 | name: alfresco-content-services 7 | version: 10.1.0 8 | appVersion: 25.3.0 9 | description: A Helm chart for deploying Alfresco Content Services 10 | keywords: 11 | - content 12 | - content services 13 | - alfresco 14 | - alfresco content services 15 | home: https://www.alfresco.com 16 | sources: 17 | - https://github.com/Alfresco/acs-deployment 18 | dependencies: 19 | - name: alfresco-common 20 | version: 4.0.0 21 | repository: https://alfresco.github.io/alfresco-helm-charts/ 22 | - name: postgres 23 | version: 0.2.0 24 | repository: https://alfresco.github.io/alfresco-helm-charts/ 25 | alias: postgresql-sync 26 | condition: postgresql-sync.enabled 27 | - name: postgres 28 | version: 0.2.0 29 | repository: https://alfresco.github.io/alfresco-helm-charts/ 30 | alias: postgresql 31 | condition: postgresql.enabled 32 | - name: alfresco-adf-app 33 | alias: alfresco-control-center 34 | repository: https://alfresco.github.io/alfresco-helm-charts/ 35 | version: 0.3.0 36 | condition: >- 37 | alfresco-control-center.enabled 38 | - name: alfresco-adf-app 39 | alias: alfresco-digital-workspace 40 | repository: https://alfresco.github.io/alfresco-helm-charts/ 41 | version: 0.3.0 42 | condition: >- 43 | alfresco-digital-workspace.enabled 44 | - name: alfresco-repository 45 | version: 0.12.0 46 | repository: https://alfresco.github.io/alfresco-helm-charts/ 47 | - name: activemq 48 | version: 3.7.0 49 | repository: https://alfresco.github.io/alfresco-helm-charts/ 50 | condition: activemq.enabled 51 | - name: alfresco-transform-service 52 | version: 2.3.0 53 | repository: https://alfresco.github.io/alfresco-helm-charts/ 54 | condition: alfresco-transform-service.enabled 55 | - name: alfresco-search-service 56 | alias: alfresco-search 57 | repository: https://alfresco.github.io/alfresco-helm-charts/ 58 | version: 5.2.0 59 | condition: alfresco-search.enabled 60 | - name: alfresco-sync-service 61 | repository: https://alfresco.github.io/alfresco-helm-charts/ 62 | version: 7.4.0 63 | condition: alfresco-sync-service.enabled 64 | - name: alfresco-search-enterprise 65 | version: 4.7.0 66 | repository: https://alfresco.github.io/alfresco-helm-charts/ 67 | condition: alfresco-search-enterprise.enabled 68 | - name: alfresco-connector-msteams 69 | version: 2.3.0 70 | repository: https://alfresco.github.io/alfresco-helm-charts/ 71 | condition: alfresco-connector-msteams.enabled 72 | - name: alfresco-share 73 | alias: share 74 | version: 1.6.0 75 | repository: https://alfresco.github.io/alfresco-helm-charts/ 76 | condition: share.enabled 77 | - name: alfresco-connector-ms365 78 | version: 3.3.0 79 | repository: https://alfresco.github.io/alfresco-helm-charts/ 80 | condition: alfresco-connector-ms365.enabled 81 | - name: alfresco-ai-transformer 82 | version: 3.2.0 83 | repository: https://alfresco.github.io/alfresco-helm-charts/ 84 | condition: alfresco-ai-transformer.enabled 85 | - name: elastic 86 | repository: https://alfresco.github.io/alfresco-helm-charts/ 87 | version: 0.2.0 88 | alias: elasticsearch 89 | condition: elasticsearch.enabled 90 | - name: alfresco-audit-storage 91 | version: 0.5.0 92 | repository: https://alfresco.github.io/alfresco-helm-charts/ 93 | condition: alfresco-audit-storage.enabled 94 | - name: alfresco-connector-hxi 95 | alias: alfresco-knowledge-retrieval 96 | version: 0.2.0 97 | repository: https://alfresco.github.io/alfresco-helm-charts/ 98 | condition: alfresco-knowledge-retrieval.enabled 99 | icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4 100 | -------------------------------------------------------------------------------- /docs/helm/storage.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Storage 3 | parent: Guides 4 | grand_parent: Helm 5 | --- 6 | 7 | # ACS Storage persistence in kubernetes 8 | 9 | ACS platform in order to serve users' requests, needs to persist several type 10 | of data so it survives pods restart, cordons of worker nodes or even crashes. 11 | This documents aims at providing guidance in setting up different kinds of 12 | data persistence. 13 | 14 | ## Available storage options 15 | 16 | There mainly 2 different options when setting up persistence in kubernetes: 17 | 18 | * Static provisioning 19 | * Dynamic provisioning 20 | 21 | The charts Alfresco provides leverage a common mechanism to configure both options. 22 | This mechanism can be reused by different charts or sub-charts in the same way. 23 | 24 | > Note: direct usage of kubernetes volumes (without PVC) is not supported) 25 | 26 | The logic used in the template is depicted in the diagram below: 27 | 28 | ```mermaid 29 | flowchart TD 30 | persistence(.Values.$componentName.persistence) --> enabled{{.enabled?}} 31 | enabled --true--> existingClaim{{.existingClaim?}} 32 | enabled --false--> emptyDir[Render Deployment with\nEphemeral Volume] 33 | 34 | existingClaim --true--> renderExistingClaim[Render deployment\nreferencing the existing PVC] 35 | existingClaim --false--> storageClass 36 | 37 | storageClass{{.storageClass?}} 38 | providedStorageClass[Render PVC with the\n provided storageClass] 39 | defaultStorageClass[Render PVC with the\n default storageClass] 40 | render[Render Deployment referencing the previously created PVC] 41 | 42 | storageClass --true--> providedStorageClass --> render 43 | storageClass --false--> defaultStorageClass --> render 44 | ``` 45 | 46 | Whatever the option you choose, start by enabling persistence under the 47 | component which needs it: 48 | 49 | ```yaml 50 | component: 51 | persistence: 52 | enabled: true 53 | ``` 54 | 55 | ### Configuring static provisioning 56 | 57 | This method requires the cluster administrator to provision in advance a 58 | [physical volume claim (PVC)](https://kubernetes.io/docs/concepts/storage/volumes/#persistentvolumeclaim). 59 | That PVC needs to fulfil requirements driven by the cluster architecture. That 60 | usually means: 61 | 62 | * offering `ReadWriteMany` 63 | [accessModes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) 64 | for components which have a `Deployment.replicas` > 1 and more than one 65 | schedule-able worker node. 66 | * Providing sufficient speed and space for the workload 67 | * Being given a [Reclaim 68 | Policy](https://kubernetes.io/docs/tasks/administer-cluster/change-pv-reclaim-policy/) 69 | that DO match environment type (you probably want to avoid using `Delete` in 70 | your production environment). 71 | 72 | Plus all your other site-specific requirements. 73 | 74 | To use static provisioning: 75 | 76 | ```yaml 77 | component: 78 | persistence: 79 | enabled: true 80 | existingClaim: ecmVolume 81 | ``` 82 | 83 | That method can be convenient in production environment where the data pre-exists 84 | the infrastructure. In that case a cluster admin might also want to [pre-bind PV and 85 | PVC](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reserving-a-persistentvolume). 86 | 87 | ### Configuring dynamic provisioning 88 | 89 | This method offers a dynamic provisioning approach so cluster admins do not need to 90 | manually create PV and its corresponding PVC. Instead what they need to have is 91 | a [storageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/) which 92 | has a [provisioner](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner). 93 | 94 | With that configuration ,if no volume exists when a deployments needs to spin up pods, 95 | Kubernetes will use the `provisioner`to create one on-the-fly: 96 | 97 | ```yaml 98 | component: 99 | persistence: 100 | enabled: true 101 | storageClass: dc1-nfs-exports 102 | ``` 103 | 104 | ## Migrating from previous chart versions 105 | 106 | See [upgrade guide](upgrades.md#persistence). 107 | -------------------------------------------------------------------------------- /docs/helm/examples/with-ooi.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Microsoft 365 Connector 3 | parent: Examples 4 | grand_parent: Helm 5 | --- 6 | 7 | # ACS Helm Deployment with Microsoft 365 Connector 8 | 9 | The [Alfresco Microsoft 365 10 | Connector](https://docs.alfresco.com/officeonline/concepts/office-online-intro.html) 11 | enables Office Online Integration (OOI) within Alfresco Digital Workspace such 12 | that users can share and co-author Office documents stored within ACS using the 13 | Microsoft 365. By default, this feature is disabled. 14 | 15 | This example describes how to deploy ACS onto [EKS](https://aws.amazon.com/eks) 16 | with OOI enabled. 17 | 18 | ## Architecture 19 | 20 | ```mermaid 21 | graph LR 22 | 23 | classDef alf fill:#0b0,color:#fff 24 | classDef aws fill:#fa0,color:#fff 25 | classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff 26 | classDef thrdP fill:#e098a6,color:#000 27 | 28 | Client("👥 Clients") 29 | 30 | subgraph Helm enterprise 31 | direction LR 32 | 33 | subgraph workloads 34 | Deployment_alfresco-repository(Deployment: alfresco-repository):::alf 35 | Deployment_connector_ms365(Deployment: connector-ms365):::alf 36 | end 37 | subgraph ingress 38 | Ingress_connector_ms365(Ingress: connector-ms365):::k8s 39 | end 40 | end 41 | 42 | subgraph ms365 43 | onedrive(Onedrive Graph API) 44 | onedrive-auth(Auth API) 45 | end 46 | 47 | Client --> Ingress_connector_ms365 --> Deployment_connector_ms365 48 | 49 | Deployment_connector_ms365 --> onedrive 50 | Deployment_connector_ms365 --> onedrive-auth 51 | Deployment_connector_ms365 --> Deployment_alfresco-repository 52 | ``` 53 | 54 | ## Prerequisites 55 | 56 | Follow the [AWS Services](with-aws-services.md) example up until the 57 | [Deploy](with-aws-services.md#deploy) section and return to this page. 58 | 59 | ## Deploy 60 | 61 | When we bring all this together we can deploy ACS using the command below 62 | (replacing all the `YOUR-XZY` properties with the values gathered during the 63 | setup of the services): 64 | 65 | ```bash 66 | helm install acs alfresco/alfresco-content-services \ 67 | --set alfresco-repository.persistence.enabled=false \ 68 | --set alfresco-transform-service.filestore.persistence.enabled=true \ 69 | --set alfresco-transform-service.filestore.persistence.storageClass="nfs-client" \ 70 | --set global.known_urls=https://acs.YOUR-DOMAIN-NAME \ 71 | --set global.search.sharedSecret:=$(openssl rand -hex 24) \ 72 | --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ 73 | --set postgresql.enabled=false \ 74 | --set database.external=true \ 75 | --set database.driver="org.postgresql.Driver" \ 76 | --set database.url="jdbc:postgresql://YOUR-DATABASE-ENDPOINT:5432/" \ 77 | --set database.user="alfresco" \ 78 | --set database.password="YOUR-DATABASE-PASSWORD" \ 79 | --set activemq.enabled=false \ 80 | --set messageBroker.url="YOUR-MQ-ENDPOINT" \ 81 | --set messageBroker.user="alfresco" \ 82 | --set messageBroker.password="YOUR-MQ-PASSWORD" \ 83 | --set alfresco-connector-ms365.enabled=true \ 84 | --set-string alfresco-digital-workspace.env.APP_CONFIG_PLUGIN_MICROSOFT_ONLINE="true" \ 85 | --set alfresco-digital-workspace.env.APP_CONFIG_MICROSOFT_ONLINE_OOI_URL="https://YOUR-EXTERNAL-HOST/ooi-service/api/-default-/private/office-integration/versions/1/edit-sessions/" \ 86 | --set alfresco-digital-workspace.env.APP_CONFIG_MICROSOFT_ONLINE_CLIENTID="YOUR-ADW-MS-ONLINE-CLIENT-ID" \ 87 | --set alfresco-digital-workspace.env.APP_CONFIG_MICROSOFT_ONLINE_AUTHORITY="https://login.microsoftonline.com/ADW-MS-ONLINE-TENANT-ID" \ 88 | --set alfresco-digital-workspace.env.APP_CONFIG_MICROSOFT_ONLINE_REDIRECT="https://YOUR-EXTERNAL-HOST" \ 89 | --atomic \ 90 | --timeout 10m0s \ 91 | --namespace=alfresco 92 | ``` 93 | 94 | > Note: as per the `helm install` example above, you will need to specify 95 | > `--set-string alfresco-digital-workspace.env.APP_CONFIG_PLUGIN_MICROSOFT_ONLINE="true"` 96 | > otherwise you may see an error such as 97 | 98 | ```sh 99 | Error: template: alfresco-content-services/charts/adw/templates/deployment.yaml:48:28: executing "alfresco-content-services/charts/adw/templates/deployment.yaml" at <$val>: wrong type for value; expected string; got bool 100 | ``` 101 | -------------------------------------------------------------------------------- /docs/helm/examples/with-external-infrastructure.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: External infrastructure 3 | parent: Examples 4 | grand_parent: Helm 5 | --- 6 | 7 | 8 | # Alfresco Content Services Helm Deployment with external infrastructure 9 | 10 | - [Alfresco Content Services Helm Deployment with external infrastructure](#alfresco-content-services-helm-deployment-with-external-infrastructure) 11 | - [Activemq broker](#activemq-broker) 12 | - [Elasticsearch index](#elasticsearch-index) 13 | - [Postgresql database](#postgresql-database) 14 | 15 | Our Helm charts includes a set of dependency which are meaningful for testing 16 | and easy evaluation but can't be really suggested for production workloads 17 | (unless you really understand what you are doing). 18 | 19 | ## Activemq broker 20 | 21 | For enhanced durability and scalability, you can provide an externally 22 | provisioned ActiveMq cluster by providing the following values: 23 | 24 | ```yaml 25 | messageBroker: 26 | url: failover:(nio://YOUR-MQ-HOSTNAME:61616)?timeout=3000&jms.useCompression=true 27 | user: YOUR-MQ-USERNAME 28 | password: YOUR-MQ-PASSWORD 29 | activemq: 30 | enabled: false 31 | ``` 32 | 33 | or alternatively you can provide your own secret instead of specifying 34 | credentials as plain values: 35 | 36 | ```yaml 37 | messageBroker: 38 | url: failover:(nio://YOUR-MQ-HOSTNAME:61616)?timeout=3000&jms.useCompression=true 39 | existingSecretName: YOUR-MQ-SECRET 40 | activemq: 41 | enabled: false 42 | alfresco-transform-service: 43 | messageBroker: 44 | name: YOUR-MQ-SECRET 45 | alfresco-search-enterprise: 46 | messageBroker: 47 | existingSecretName: YOUR-MQ-SECRET 48 | alfresco-repository: 49 | configuration: 50 | messageBroker: 51 | existingSecret: 52 | name: YOUR-MQ-SECRET 53 | alfresco-sync-service: 54 | messageBroker: 55 | existingSecret: 56 | name: YOUR-MQ-SECRET 57 | alfresco-ai-transformer: 58 | messageBroker: 59 | existingSecret: 60 | name: YOUR-MQ-SECRET 61 | ``` 62 | 63 | ## Elasticsearch index 64 | 65 | When using Search Enterprise, the default search backend since ACS v23, you can 66 | provide connection details to an external elasticsearch cluster by providing the 67 | following values: 68 | 69 | ```yaml 70 | global: 71 | search: 72 | url: https://YOUR-DOMAIN-HOSTNAME/ 73 | flavor: elasticsearch 74 | username: YOUR-DOMAIN-MASTER-USERNAME 75 | password: YOUR-DOMAIN-MASTER-PASSWORD 76 | alfresco-repository: 77 | configuration: 78 | search: 79 | flavor: elasticsearch 80 | securecomms: https 81 | ``` 82 | 83 | or alternatively you can provide your own secret instead of specifying 84 | credentials as plain values: 85 | 86 | ```yaml 87 | global: 88 | search: 89 | url: https://YOUR-DOMAIN-HOSTNAME/ 90 | flavor: elasticsearch 91 | existingSecretName: YOUR-ES-SECRET 92 | alfresco-repository: 93 | configuration: 94 | search: 95 | flavor: elasticsearch 96 | securecomms: https 97 | existingSecret: 98 | name: YOUR-ES-SECRET 99 | alfresco-search-enterprise: 100 | search: 101 | existingSecret: 102 | name: YOUR-ES-SECRET 103 | ``` 104 | 105 | ## Postgresql database 106 | 107 | For better performances and durability, you can provide an externally 108 | provisioned Postgres database by providing the following values: 109 | 110 | ```yaml 111 | database: 112 | external: true 113 | driver: org.postgresql.Driver 114 | url: jdbc:postgresql://YOUR-DATABASE-ENDPOINT:5432/ 115 | user: YOUR-DATABASE-USERNAME 116 | password: YOUR-DATABASE-PASSWORD 117 | postgresql: 118 | enabled: false 119 | ``` 120 | 121 | or alternatively you can provide your own secret instead of specifying 122 | credentials as plain values: 123 | 124 | ```yaml 125 | database: 126 | external: true 127 | driver: org.postgresql.Driver 128 | url: jdbc:postgresql://YOUR-DATABASE-ENDPOINT:5432/ 129 | existingSecretName: YOUR-DATABASE-SECRET 130 | postgresql: 131 | enabled: false 132 | alfresco-repository: 133 | configuration: 134 | db: 135 | existingSecret: 136 | name: YOUR-DATABASE-SECRET 137 | alfresco-search-enterprise: 138 | reindexing: 139 | db: 140 | existingSecret: 141 | name: YOUR-DATABASE-SECRET 142 | ``` 143 | -------------------------------------------------------------------------------- /docs/helm/examples/with-ai.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Intelligence Services 3 | parent: Examples 4 | grand_parent: Helm 5 | --- 6 | 7 | # ACS Helm Deployment with Intelligence Services 8 | 9 | By default, [Alfresco Intelligence 10 | Services](https://docs.alfresco.com/intelligence/concepts/ai-welcome.html) 11 | feature is disabled, this example describes how to deploy ACS onto 12 | [EKS](https://aws.amazon.com/eks) with AIS enabled. 13 | 14 | The diagram below shows the deployment produced by this example: 15 | 16 | ## Architecture 17 | 18 | ```mermaid 19 | graph LR 20 | 21 | classDef alf fill:#0b0,color:#fff 22 | classDef aws fill:#fa0,color:#fff 23 | classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff 24 | classDef thrdP fill:#e098a6,color:#000 25 | 26 | subgraph ats[Alfresco Transform Service] 27 | Deployment_transform-router(Deployment: transform-router):::alf 28 | Deployment_ai[Deployment: AI t-engine]:::alf 29 | end 30 | 31 | subgraph AWS 32 | comprehend:::aws 33 | rekognition:::aws 34 | textract:::aws 35 | s3:::aws 36 | end 37 | 38 | Deployment_transform-router --> Deployment_ai 39 | 40 | Deployment_ai --> comprehend 41 | Deployment_ai --> rekognition 42 | Deployment_ai --> textract 43 | Deployment_ai --> s3 44 | ``` 45 | 46 | ## Prerequisites 47 | 48 | Follow the [AWS Services](with-aws-services.md) example up until the 49 | [Deploy](with-aws-services.md#deploy) section and return to this page. 50 | 51 | ## Setup S3 Bucket 52 | 53 | Follow the steps in the official documentation to [setup an IAM user and an S3 54 | bucket](https://docs.alfresco.com/intelligence/concepts/aws-setup.html) for use 55 | by AIS. 56 | 57 | ## Deploy 58 | 59 | Create a local values file to contain Helm charts' configuration options (`ai-values.yaml`): 60 | 61 | ```yaml 62 | alfresco-ai-transformer: 63 | enabled: true 64 | aws: 65 | accessKeyId: YOUR-AI-AWS-ACCESS-KEY-ID 66 | secretAccessKey: YOUR-AI-AWS-SECRET-KEY 67 | region: YOUR-AWS-REGION 68 | s3Bucket: YOUR-AI-BUCKET-NAME 69 | comprehendRoleARN: YOUR-AI-AWS-COMPREHEND-ROLE-ARN 70 | alfresco-transform-service: 71 | filestore: 72 | persistence.enabled: true 73 | storageClass: nfs-client 74 | transformrouter: 75 | environment: 76 | JAVA_OPTS: -XX:MaxRAMPercentage=80 77 | TRANSFORMER_URL_AWS_AI: http://alfresco-intelligence-service 78 | TRANSFORMER_QUEUE_AWS_AI: "org.alfresco.transform.engine.ai-aws.acs" 79 | TRANSFORMER_ROUTES_ADDITIONAL_AI: "/etc/ats-routes/ai-pipeline-routes.json" 80 | volumeMounts: 81 | - name: ai-transform-routes 82 | mountPath: /etc/ats-routes 83 | volumes: 84 | - name: ai-routes 85 | configMap: 86 | names: ai-transform-pipelines 87 | items: 88 | - key: ai-pipeline-routes.json 89 | path: ai-pipeline-routes.json 90 | ``` 91 | 92 | > Replace AWS credentials and Kubernetes storageClass with actual values 93 | 94 | When we bring all this together we can deploy ACS using the command below 95 | (replacing all the `YOUR-XZY` properties with the values gathered during the 96 | setup of the services): 97 | 98 | ```bash 99 | helm install acs alfresco/alfresco-content-services \ 100 | --set global.known_urls=https://acs.YOUR-DOMAIN-NAME \ 101 | --set global.search.sharedSecret=$(openssl rand -hex 24) \ 102 | --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ 103 | --set alfresco-repository.persistence.enabled=false \ 104 | --set alfresco-repository.image.repository="quay.io/alfresco/alfresco-content-repository-aws" \ 105 | --set share.image.repository="quay.io/alfresco/alfresco-share-aws" \ 106 | --set postgresql.enabled=false \ 107 | --set database.external=true \ 108 | --set database.driver="org.postgresql.Driver" \ 109 | --set database.url="jdbc:postgresql://YOUR-DATABASE-ENDPOINT:5432/" \ 110 | --set database.user="alfresco" \ 111 | --set database.password="YOUR-DATABASE-PASSWORD" \ 112 | --set activemq.enabled=false \ 113 | --set messageBroker.url="YOUR-MQ-ENDPOINT" \ 114 | --set messageBroker.user="alfresco" \ 115 | --set messageBroker.password="YOUR-MQ-PASSWORD" \ 116 | --set global.ai.enabled=true \ 117 | -f ai-values.yaml \ 118 | --atomic \ 119 | --timeout 10m0s \ 120 | --namespace=alfresco 121 | ``` 122 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/tests/keda_test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | suite: test KEDA scalers 3 | templates: 4 | - keda/scaler-activemq-ats-im.yaml 5 | - keda/scaler-activemq-ats-lo.yaml 6 | - keda/scaler-activemq-ats-misc.yaml 7 | - keda/scaler-activemq-ats-pdf.yaml 8 | - keda/scaler-activemq-ats-tika.yaml 9 | tests: 10 | - it: should render individual scalers all based on embedded ActiveMQ and passed values 11 | values: 12 | - values/keda.yaml 13 | asserts: 14 | - equal: 15 | path: spec.scaleTargetRef.name 16 | value: RELEASE-NAME-imagemagick 17 | template: keda/scaler-activemq-ats-im.yaml 18 | - equal: 19 | path: spec.scaleTargetRef.name 20 | value: RELEASE-NAME-libreoffice 21 | template: keda/scaler-activemq-ats-lo.yaml 22 | - equal: 23 | path: spec.scaleTargetRef.name 24 | value: RELEASE-NAME-transform-misc 25 | template: keda/scaler-activemq-ats-misc.yaml 26 | - equal: 27 | path: spec.scaleTargetRef.name 28 | value: RELEASE-NAME-pdfrenderer 29 | template: keda/scaler-activemq-ats-pdf.yaml 30 | - equal: 31 | path: spec.scaleTargetRef.name 32 | value: RELEASE-NAME-tika 33 | template: keda/scaler-activemq-ats-tika.yaml 34 | - equal: 35 | path: spec.triggers[0].metadata.destinationName 36 | value: org.alfresco.transform.engine.imagemagick.acs 37 | template: keda/scaler-activemq-ats-im.yaml 38 | - equal: 39 | path: spec.triggers[0].metadata.destinationName 40 | value: org.alfresco.transform.engine.libreoffice.acs 41 | template: keda/scaler-activemq-ats-lo.yaml 42 | - equal: 43 | path: spec.triggers[0].metadata.destinationName 44 | value: org.alfresco.transform.engine.misc.acs 45 | template: keda/scaler-activemq-ats-misc.yaml 46 | - equal: 47 | path: spec.triggers[0].metadata.destinationName 48 | value: org.alfresco.transform.engine.alfresco-pdf-renderer.acs 49 | template: keda/scaler-activemq-ats-pdf.yaml 50 | - equal: 51 | path: spec.triggers[0].metadata.destinationName 52 | value: org.alfresco.transform.engine.tika.acs 53 | template: keda/scaler-activemq-ats-tika.yaml 54 | - equal: 55 | path: spec.triggers[0].metadata.managementEndpoint 56 | value: RELEASE-NAME-activemq-web-console.NAMESPACE.svc:8161 57 | - equal: 58 | path: spec.triggers[0].metadata.managementEndpoint 59 | value: RELEASE-NAME-activemq-web-console.NAMESPACE.svc:8161 60 | - equal: 61 | path: spec.idleReplicaCount 62 | value: 0 63 | template: keda/scaler-activemq-ats-lo.yaml 64 | - notExists: 65 | path: spec.idleReplicaCount 66 | template: keda/scaler-activemq-ats-im.yaml 67 | - equal: 68 | path: spec.pollingInterval 69 | value: 90 70 | template: keda/scaler-activemq-ats-misc.yaml 71 | - equal: 72 | path: spec.pollingInterval 73 | value: 15 74 | template: keda/scaler-activemq-ats-lo.yaml 75 | - equal: 76 | path: spec.initialCooldownPeriod 77 | value: 600 78 | template: keda/scaler-activemq-ats-lo.yaml 79 | - equal: 80 | path: spec.initialCooldownPeriod 81 | value: 300 82 | template: keda/scaler-activemq-ats-im.yaml 83 | - equal: 84 | path: spec.cooldownPeriod 85 | value: 900 86 | template: keda/scaler-activemq-ats-lo.yaml 87 | - notExists: 88 | path: spec.cooldownPeriod 89 | template: keda/scaler-activemq-ats-im.yaml 90 | - equal: 91 | path: spec.cooldownPeriod 92 | value: 3600 93 | template: keda/scaler-activemq-ats-misc.yaml 94 | - equal: 95 | path: spec.minReplicaCount 96 | value: 1 97 | template: keda/scaler-activemq-ats-im.yaml 98 | - equal: 99 | path: spec.minReplicaCount 100 | value: 3 101 | template: keda/scaler-activemq-ats-pdf.yaml 102 | - equal: 103 | path: spec.maxReplicaCount 104 | value: 3 105 | template: keda/scaler-activemq-ats-im.yaml 106 | - equal: 107 | path: spec.maxReplicaCount 108 | value: 9 109 | template: keda/scaler-activemq-ats-tika.yaml 110 | - equal: 111 | path: spec.triggers[0].metadata.targetQueueSize 112 | value: "10" 113 | template: keda/scaler-activemq-ats-im.yaml 114 | - equal: 115 | path: spec.triggers[0].metadata.targetQueueSize 116 | value: "50" 117 | template: keda/scaler-activemq-ats-tika.yaml 118 | -------------------------------------------------------------------------------- /docs/helm/examples/search-services.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Search Services 3 | parent: Examples 4 | grand_parent: Helm 5 | --- 6 | 7 | # Dealing with Search service deployment 8 | 9 | Solr has some internal behavior that make it a not so great fit for orchestrated 10 | container based environments. Some are mentioned bellow: 11 | 12 | - Solr performs better on block storage with good I/O and those usually involve 13 | some stickiness to worker nodes. While this is not impossible to setup in 14 | Kubernetes it is however not very convenient and reduces the benefit of using 15 | workload scheduler. 16 | - Solr is known to be quite resource greedy, in particular in terms of memory 17 | allocation. That has a direct impact on Kubernetes worker nodes sizing. 18 | - It uses some filesystem based locking mechanisms which do not play well with 19 | workload scheduling or the ephemeral nature of containers in general. 20 | 21 | For that reason we recommend for production environments to install Search 22 | services alongside the Kubernetes cluster and configure the Helm charts to not 23 | deploy it and instead point the repository to the external one. 24 | 25 | ## Configuring Helm chart 26 | 27 | Below we explain how to configure the Helm chart to point the repository to a 28 | Solr instance outside of the kubernetes cluster. 29 | 30 | Installing Solr instance(s) is out of the scope of this document, but it can be 31 | done following the [Search service 32 | documentation](https://docs.alfresco.com/insight-engine/latest/install/options/#install-without-mutual-tls---http-with-secret-word-zip), 33 | or by using the Ansible playbook (replication setup require an additional 34 | load-balancer), as explained 35 | [here](https://github.com/Alfresco/alfresco-ansible-deployment/blob/master/docs/search-services-deployment-guide.md). 36 | 37 | On the chart side you need to: 38 | 39 | - Tell the Helm to not create the Solr deployment 40 | - Give Helm the shared secret to use when contacting Solr. 41 | - Provide details so the repository can be configured properly 42 | 43 | ```yaml 44 | global: 45 | search: 46 | url: http://internal-load-balancer-ac3a091cb.eu-west-1.elb.amazonaws.com/solr 47 | flavor: solr6 48 | securecomms: secret 49 | sharedSecret: d0ntT3llAny0n3 50 | alfresco-search: 51 | enabled: false 52 | ``` 53 | 54 | In this example an internal load balancer is created and aims a target group 55 | composed of the slaves Solr nodes deployed on EC2 instances. All these resources 56 | should be deployed within the Kubernetes cluster's VPC, so the traffic remains 57 | internal. 58 | 59 | ## Enable Alfresco Search Services External Access 60 | 61 | This example demonstrates how to enable Alfresco Search Services (`/solr`) for 62 | external access which is disabled by default. You must also manually forge the 63 | security header to access the Solr API externally. This workaround is clunky and 64 | not recommended for production use. 65 | 66 | ### Prepare Data 67 | 68 | 1. Obtain the list of IP addresses you want to allow access to `/solr` 69 | 2. Format the IP addresses as a comma separated list of CIDR blocks i.e. 70 | "192.168.0.0/16,10.0.0.0/16", to allow access to everyone use "0.0.0.0/0" 71 | 3. Generate a `base64` encoded `htpasswd` formatted string using the following 72 | command, where "solradmin" is username and "somepassword" is the password: 73 | 74 | ```bash 75 | echo -n "$(htpasswd -nbm solradmin somepassword)" | base64 | tr -d '\n' 76 | ``` 77 | 78 | ### Install ACS Helm Chart With Search External Access 79 | 80 | Follow the [EKS deployment](../eks-deployment.md) guide up until the 81 | [ACS](../eks-deployment.md#development-version-of-charts) section, once the docker registry secret is 82 | installed come back here. 83 | 84 | Deploy the latest version of ACS Enterprise by running the command below 85 | (replacing `YOUR-DOMAIN-NAME` with the hosted zone you created previously and 86 | replacing `YOUR-BASIC-AUTH` and `YOUR-IPS` with the encoded basic 87 | authentication string and list of whitelisted IP addresses you prepared in the 88 | previous section). 89 | 90 | ```bash 91 | helm install acs alfresco/alfresco-content-services \ 92 | --set alfresco-repository.persistence.enabled=true \ 93 | --set alfresco-repository.persistence.storageClass.enabled=true \ 94 | --set alfresco-repository.persistence.storageClass.name="nfs-client" \ 95 | --set global.known_urls=https://acs.YOUR-DOMAIN-NAME \ 96 | --set global.search.securecomms=none \ 97 | --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ 98 | --set alfresco-search.ingress.enabled=true \ 99 | --set alfresco-search.ingress.annotations.nginx\.ingress.kubernetes\.io/whitelist-source-range=10.0.0.0/8 \ 100 | --set alfresco-search.ingress.basicAuth="YOUR-BASIC-AUTH" \ 101 | --atomic \ 102 | --timeout 10m0s \ 103 | --namespace=alfresco 104 | ``` 105 | -------------------------------------------------------------------------------- /docs/docker-compose/examples/config/telegraf.conf: -------------------------------------------------------------------------------- 1 | 2 | [agent] 3 | collection_jitter = "0s" 4 | debug = false 5 | flush_interval = "10s" 6 | flush_jitter = "0s" 7 | hostname = "$HOSTNAME" 8 | interval = "10s" 9 | logfile = "" 10 | metric_batch_size = 1000 11 | metric_buffer_limit = 10000 12 | omit_hostname = false 13 | precision = "" 14 | quiet = false 15 | round_interval = true 16 | [[processors.regex]] 17 | namepass = ["*"] 18 | [[processors.regex.tags]] 19 | key = "servicePath" 20 | pattern = "/alfresco/api/-default-/(private|public)/([^/]+)/versions/([0-9]+(\\.[0-9]+)*)/([^/]+)(/.*)?" 21 | replacement = "${5}" 22 | result_key = "alfresco_rest_api_endpoint" 23 | [[processors.regex.tags]] 24 | key = "servicePath" 25 | pattern = "/alfresco/api/-default-/(private|public)/([^/]+)/versions/([0-9]+(\\.[0-9]+)*)/([^/]+)(/.*)?" 26 | replacement = "${3}" 27 | result_key = "alfresco_rest_api_version" 28 | [[processors.regex.tags]] 29 | key = "servicePath" 30 | pattern = "/alfresco/api/-default-/(private|public)/([^/]+)/versions/([0-9]+(\\.[0-9]+)*)/([^/]+)(/.*)?" 31 | replacement = "${2}" 32 | result_key = "alfresco_rest_api_model" 33 | [[processors.regex.tag_rename]] 34 | pattern = "^servicePath$" 35 | replacement = "" 36 | 37 | [[outputs.influxdb_v2]] 38 | bucket = "alfresco" 39 | organization = "alfresco" 40 | timeout = "5s" 41 | token = "influx" 42 | urls = [ 43 | "http://influxdb2:8086" 44 | ] 45 | 46 | [[inputs.prometheus]] 47 | urls = [ 48 | "http://alfresco:8080/alfresco/s/prometheus" 49 | ] 50 | 51 | [[processors.starlark]] 52 | order = 100 53 | source = ''' 54 | def apply(metric): 55 | if metric.name == "alfresco_repository_descriptor": 56 | if "VersionNumber" in metric.fields: 57 | state["VersionNumber"] = str(metric.fields["VersionNumber"]) 58 | metric.tags["VersionNumber"] = state["VersionNumber"] 59 | return metric 60 | 61 | if metric.name == "alfresco_system_properties": 62 | if "java.runtime.version" in metric.fields: 63 | state["java_runtime_version"] = str(metric.fields["java.runtime.version"]) 64 | metric.tags["java_runtime_version"] = state["java_runtime_version"] 65 | return metric 66 | 67 | if "VersionNumber" in state: 68 | metric.tags["VersionNumber"] = state["VersionNumber"] 69 | 70 | if "java_runtime_version" in state: 71 | metric.tags["java_runtime_version"] = state["java_runtime_version"] 72 | return metric 73 | ''' 74 | 75 | 76 | [[inputs.jolokia2_agent]] 77 | urls = ["http://alfresco:7777/jolokia"] 78 | username = "admin" 79 | password = "admin" 80 | 81 | [[inputs.jolokia2_agent.metric]] 82 | name = "alfresco_authority" 83 | mbean = "Alfresco:Name=Authority" 84 | 85 | [[inputs.jolokia2_agent.metric]] 86 | name = "alfresco_cache_statistics" 87 | mbean = "Alfresco:Name=CacheStatistics,CacheName=*" 88 | tag_keys = ["CacheName"] 89 | 90 | [[inputs.jolokia2_agent.metric]] 91 | name = "alfresco_repo_server_mgmt" 92 | mbean = "Alfresco:Name=RepoServerMgmt" 93 | 94 | [[inputs.jolokia2_agent.metric]] 95 | name = "alfresco_repository_descriptor" 96 | mbean = "Alfresco:Name=RepositoryDescriptor,Type=Current" 97 | paths = ["VersionNumber"] 98 | 99 | [[inputs.jolokia2_agent.metric]] 100 | name = "alfresco_system_properties" 101 | mbean = "Alfresco:Name=SystemProperties" 102 | paths = ["java.runtime.version"] 103 | 104 | [[inputs.jolokia2_agent.metric]] 105 | name = "alfresco_runtime" 106 | mbean = "Alfresco:Name=Runtime" 107 | 108 | [[inputs.jolokia2_agent.metric]] 109 | name = "catalina_global_request_processor" 110 | mbean = "Catalina:type=GlobalRequestProcessor,name=\"http-nio-8080\"" 111 | 112 | [[inputs.jolokia2_agent.metric]] 113 | name = "catalina_thread_pool" 114 | mbean = "Catalina:type=Manager,host=*,context=*" 115 | tag_keys = ["host","context"] 116 | tag_prefix = "catalina_thread_pool_" 117 | 118 | [[inputs.jolokia2_agent.metric]] 119 | name = "catalina_servlet" 120 | mbean = "Catalina:j2eeType=Servlet,WebModule=*,name=*,J2EEApplication=*,J2EEServer=*" 121 | tag_keys = ["WebModule","name","J2EEApplication","J2EEServer"] 122 | tag_prefix = "catalina_servlet_" 123 | 124 | [[inputs.jolokia2_agent.metric]] 125 | name = "catalina_thread_pool_http" 126 | mbean = "Catalina:type=ThreadPool,name=\"http-nio-8080\"" 127 | 128 | [[inputs.jolokia2_agent.metric]] 129 | name = "catalina_utility_executor" 130 | mbean = "Catalina:type=UtilityExecutor" 131 | 132 | [[inputs.jolokia2_agent.metric]] 133 | name = "catalina_web_module" 134 | mbean = "Catalina:j2eeType=WebModule,name=*,J2EEApplication=*,J2EEServer=*" 135 | tag_keys = ["name","J2EEApplication","J2EEServer"] 136 | tag_prefix = "catalina_web_module_" 137 | 138 | [[inputs.internal]] 139 | collect_memstats = false 140 | -------------------------------------------------------------------------------- /.github/workflows/bumpVersions.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bump versions 3 | run-name: Bump ${{ inputs.update-type }} using alfresco-updatecli/${{ inputs.alfresco-updatecli-ref }} 4 | 5 | on: 6 | push: 7 | paths: 8 | - .github/workflows/bumpVersions.yml 9 | - updatecli-matrix-targets.yaml 10 | tags-ignore: 11 | - '**' 12 | workflow_dispatch: 13 | inputs: 14 | update-type: 15 | description: 'Which dependencies to bump' 16 | type: choice 17 | options: 18 | - charts 19 | - values 20 | alfresco-updatecli-ref: 21 | description: "The version to use for alfresco/alfresco-updatecli configs" 22 | type: string 23 | default: master 24 | 25 | env: 26 | DEFAULT_BRANCH_NAME: master 27 | 28 | jobs: 29 | bump-charts-dependencies: 30 | runs-on: ubuntu-latest 31 | name: Helm charts dependencies 32 | if: inputs.update-type == 'charts' 33 | steps: 34 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 35 | with: 36 | token: ${{ secrets.BOT_GITHUB_TOKEN }} 37 | 38 | - name: Login to quay.io 39 | uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 40 | with: 41 | registry: quay.io 42 | username: ${{ secrets.QUAY_USERNAME }} 43 | password: ${{ secrets.QUAY_PASSWORD }} 44 | 45 | - name: Install Updatecli 46 | uses: Alfresco/alfresco-build-tools/.github/actions/setup-updatecli@v12.0.0 47 | 48 | - run: updatecli apply 49 | env: 50 | GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} 51 | 52 | - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v12.0.0 53 | - name: Regenerate helm docs if necessary 54 | uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v12.0.0 55 | with: 56 | pre-commit-args: helm-docs || true 57 | skip_checkout: "true" 58 | 59 | - name: Git Auto Commit 60 | uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0 61 | with: 62 | commit_message: | 63 | 🛠 Updatecli pipeline charts bump 64 | commit_user_name: ${{ vars.BOT_GITHUB_USERNAME }} 65 | commit_user_email: ${{ vars.BOT_GITHUB_EMAIL }} 66 | branch: ${{ github.ref_name == env.DEFAULT_BRANCH_NAME && 'updatecli-bump-helm' || github.ref_name }} 67 | create_branch: true 68 | push_options: ${{ github.ref_name == env.DEFAULT_BRANCH_NAME && '--force' || '' }} 69 | 70 | bump-values-dependencies: 71 | runs-on: ubuntu-latest 72 | name: Image tags values dependencies 73 | if: inputs.update-type == 'values' 74 | steps: 75 | - name: Checkout 76 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 77 | with: 78 | token: ${{ secrets.BOT_GITHUB_TOKEN }} 79 | 80 | - name: Install Updatecli 81 | uses: Alfresco/alfresco-build-tools/.github/actions/setup-updatecli@v12.0.0 82 | 83 | - name: Checkout updatecli configs 84 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 85 | with: 86 | repository: alfresco/alfresco-updatecli 87 | ref: ${{ inputs.alfresco-updatecli-ref || env.DEFAULT_BRANCH_NAME }} 88 | path: alfresco-updatecli 89 | 90 | - name: Build manifest and run Updatecli pipelines 91 | shell: bash 92 | run: | 93 | for i in {docker-compose,helm/*}/updatecli-matrix-targets.yaml; do 94 | TARGET=$(basename $(dirname $i)) 95 | echo -e "\n###### Building Updatecli manifest for ${TARGET}\n" 96 | updatecli apply -c alfresco-updatecli/deployments/uber-manifest.tpl -v alfresco-updatecli/deployments/values/supported-matrix.yaml -v ${i} 97 | done 98 | env: 99 | QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} 100 | QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} 101 | UPDATECLI_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} 102 | 103 | - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v12.0.0 104 | - name: Regenerate helm docs if necessary 105 | uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v12.0.0 106 | with: 107 | pre-commit-args: helm-docs || true 108 | skip_checkout: "true" 109 | 110 | - name: Git Auto Commit 111 | uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0 112 | with: 113 | commit_message: | 114 | 🛠 Updatecli pipeline values bump 115 | commit_user_name: ${{ vars.BOT_GITHUB_USERNAME }} 116 | commit_user_email: ${{ vars.BOT_GITHUB_EMAIL }} 117 | branch: ${{ github.ref_name == env.DEFAULT_BRANCH_NAME && 'updatecli-bump-acs' || github.ref_name }} 118 | create_branch: true 119 | push_options: ${{ github.ref_name == env.DEFAULT_BRANCH_NAME && '--force' || '' }} 120 | -------------------------------------------------------------------------------- /helm/alfresco-content-services/templates/config-infrastructure.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ .Values.infrastructure.configMapName }} 6 | labels: 7 | {{- include "alfresco-content-services.labels" . | nindent 4 }} 8 | data: 9 | {{- $repoCtx := dict "Values" (index .Values "alfresco-repository") "Chart" .Chart "Release" .Release }} 10 | {{- $repo_svc_name := include "alfresco-repository.fullname" $repoCtx }} 11 | {{- $repo_svc_port := index .Values "alfresco-repository" "service" "port" | default 80 }} 12 | repo_svc_name: {{ $repo_svc_name }} 13 | repo_svc_port: {{ $repo_svc_port | quote }} 14 | REPOSITORY_URL: {{ printf "http://%s:%v/alfresco" $repo_svc_name $repo_svc_port }} 15 | {{- $db_url := include "alfresco-content-services.database.repo" $ }} 16 | {{ template "alfresco-repository.db.cm" (dict "url" $db_url "driver" .Values.database.driver) }} 17 | {{- if index .Values "alfresco-sync-service" "enabled" }} 18 | {{- $sync_db_url := include "alfresco-content-services.database.sync" $ }} 19 | SYNC_DATABASE_URL: {{ hasPrefix "jdbc:" $sync_db_url | ternary $sync_db_url (print "jdbc:" $sync_db_url) }} 20 | SYNC_DATABASE_DRIVER: {{ template "alfresco-common.db.driver" (dict "url" $sync_db_url "driver" .Values.database.sync.driver) }} 21 | {{- end }} 22 | {{ template "alfresco-common.activemq.cm" (include "alfresco-content-services.mq.url" .) }} 23 | {{- $search_url := "" }} 24 | {{- $search_flavor := include "alfresco-content-services.search.flavor" . }} 25 | {{- if ne "noindex" $search_flavor }} 26 | {{- if .Values.global.search.url }} 27 | {{- $search_url = .Values.global.search.url }} 28 | {{- else if eq "solr6" $search_flavor }} 29 | {{- $search_url = printf "http://%s/solr" (include "alfresco-search-service.deployment.name" .) }} 30 | {{- else if eq "elasticsearch" $search_flavor }} 31 | {{- with .Values.elasticsearch }} 32 | {{- if .enabled }} 33 | {{- $elasticCtx := dict "Values" . "Chart" $.Chart "Release" $.Release }} 34 | {{- $esHost := include "elastic.es-servicename" $elasticCtx }} 35 | {{- $esPort := 9200 }} 36 | {{- $esProto := "http" }} 37 | {{- $search_url = coalesce $.Values.global.search.url (printf "%s://%s:%v" $esProto $esHost $esPort) }} 38 | {{- else }} 39 | {{- fail "Chart is configured to use Alfresco Search Enterprise but no index backend has been provided. Set one using either global.search.url or elasticsearch.enabled" }} 40 | {{- end }} 41 | {{- end }} 42 | {{- $search_comms := "" }} 43 | {{- if hasPrefix "https://" $search_url }} 44 | {{- $search_comms = "https" }} 45 | {{- else }} 46 | {{- $search_comms = "none" }} 47 | {{- end }} 48 | {{- $_ := set .Values.global.search "securecomms" $search_comms }} 49 | {{- end }} 50 | {{- printf "SEARCH_SECURECOMMS: %s" .Values.global.search.securecomms | nindent 2}} 51 | {{- printf "SEARCH_URL: %s" $search_url | nindent 2 }} 52 | {{- printf "SEARCH_HOST: %s" (include "alfresco-common.url.host" $search_url) | nindent 2 }} 53 | {{- printf "SEARCH_PORT: %s" (include "alfresco-common.url.port" $search_url | quote) | nindent 2 }} 54 | {{- if eq "solr6" $search_flavor }} 55 | {{- printf "SOLR_BASE_URL: %s" (include "alfresco-common.url.path" $search_url | default "/solr") | nindent 2 }} 56 | {{- end }} 57 | {{- end }} 58 | SEARCH_FLAVOR: {{ template "alfresco-content-services.search.flavor" . }} 59 | {{- with (index .Values "alfresco-transform-service") }} 60 | {{- $atsCtx := dict "Values" . "Chart" $.Chart "Release" $.Release }} 61 | {{- if and .enabled .filestore.enabled .transformrouter.enabled }} 62 | {{- $sfs_baseurl := printf "http://%s" (include "alfresco-transform-service.filestore.fullname" $atsCtx) }} 63 | SFS_BASE_URL: {{ $sfs_baseurl }} 64 | SFS_URL: {{ template "alfresco-common.sfs.fullurl" $sfs_baseurl }} 65 | {{- $ats_baseurl := (printf "http://%s" (include "alfresco-transform-service.transform-router.fullname" $atsCtx)) }} 66 | {{- if index $.Values "alfresco-search-enterprise" "enabled" }} 67 | {{- include "alfresco-search-enterprise.ats.fullurl" $ats_baseurl | nindent 2 }} 68 | {{- end }} 69 | {{- else if index $.Values "alfresco-search-enterprise" "enabled" }} 70 | {{- fail "Alfresco Search Enterprise has been enabled but Transformation service is not available" }} 71 | {{- else if index $.Values "alfresco-ai-transformer" "enabled" }} 72 | {{- fail "Alfresco Intelligence service has been enabled but Transformation service is not available" }} 73 | {{- end }} 74 | {{- end }} 75 | {{- $elasticsearch_audit_url := include "alfresco-content-services.audit.elasticsearchUrl" $ }} 76 | {{- if index $.Values "alfresco-audit-storage" "enabled" }} 77 | {{- printf "AUDIT_ELASTICSEARCH_URL: %s" $elasticsearch_audit_url | nindent 2 }} 78 | {{- printf "AUDIT_ELASTICSEARCH_HOST: %s" (include "alfresco-common.url.host" $elasticsearch_audit_url) | nindent 2 }} 79 | {{- printf "AUDIT_ELASTICSEARCH_PORT: %s" (include "alfresco-common.url.port" $elasticsearch_audit_url | quote) | nindent 2 }} 80 | {{- end }} 81 | -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: ACS Deployment 3 | layout: home 4 | nav_order: 1 5 | permalink: /index.html 6 | --- 7 | # Alfresco Content Services Containerized Deployment 8 | 9 | [![release](https://img.shields.io/github/v/release/Alfresco/acs-deployment?display_name=release)](https://github.com/Alfresco/acs-deployment/releases/latest) 10 | ![kubernetes tested version](https://img.shields.io/badge/k8s%20version-v1.31-blue) 11 | 12 | This project contains the code for running Alfresco Content Services (ACS) with 13 | [Docker](https://docs.docker.com/get-started) using [Docker 14 | Compose](https://docs.docker.com/compose) or on 15 | [Kubernetes](https://kubernetes.io) using [Helm Charts](https://helm.sh). 16 | 17 | > Automated tests for helm charts are running on KinD cluster v1.31 and EKS v1.31. 18 | 19 | ## Prerequisites 20 | 21 | The ACS Enterprise version is installed by default, using Docker images from 22 | Quay.io. If you're an Alfresco customer, you can request Quay.io credentials by 23 | logging a ticket with [Hyland Community](https://community.hyland.com). 24 | 25 | The repository Docker image provides a limited trial of the Enterprise version 26 | of Alfresco Content Services, which switches to read-only mode after 2 days. For 27 | a longer trial, you can request the 30-day [Download 28 | Trial](https://www.alfresco.com/platform/content-services-ecm/trial/download). 29 | 30 | The Community Edition can be installed without the need of a license or quay.io 31 | account. 32 | 33 | ## Versioning 34 | 35 | As of version 8.0.0 of the chart we have changed the release policy. 36 | Previously, the chart was released together with the ACS product and we were 37 | delivering additional values files for each major release of ACS (e.g. 7.4, ...) 38 | and chart version were bumped with a similar increment as ACS. 39 | With version 6.0.0, we started applying major versions bumps to reflect 40 | breaking changes in the chart, despite only minor ACS release happened. 41 | 42 | With 8.0.0 onward, the release pace of the chart is completely independent from 43 | the product versions. We will also stick to Semver principles when choosing 44 | next version number, meaning that: 45 | 46 | * patch version will be used for bug fixes (last digit) 47 | * minor version will be used for new features and modifications which do not 48 | introduce breaking changes in the configuration interface. 49 | * major version will be used for changes which involve breaking changes in the 50 | configuration interface. 51 | 52 | The `alfresco-content-services` chart has always provided the ability to deploy 53 | any currently supported version of ACS and its components and will continue to 54 | do so. You are encoraged to always use the latest version of the chart to 55 | deploy your ACS version, using the appropriate values file. For that reason we 56 | stop providing the table mapping chart versions with the ACS version they 57 | deploy (by default). Instead we'll just maintain the list of deprecated versions 58 | versions mapped with the latest versions of the charts we tested deployment 59 | with, so you can use that version to deploy older ACS version on Kubernetes. 60 | Check the [ACS End of Life'd versions](#acs-end-of-lifed-versions) paragraph. 61 | 62 | You are encouraged to always use the latest version of the chart to deploy your 63 | currently supported ACS version, using the appropriate values file. 64 | 65 | Finally, the master branch of this repository used to contain the latest 66 | versions, including non-released versions! 67 | We're also moving away from this pattern and the chart will now only ever 68 | deploy released versions of our products. 69 | 70 | Should you want to try our latest dev versions, we now provide an additional 71 | values file called `pre-release_values.yaml` which will be bumped on a regular 72 | basis. 73 | 74 | This also means we will not produce `-M*` versions of the chart anymore. 75 | 76 | Check the [Release page](https://github.com/Alfresco/acs-deployment/releases) for the list of existing versions. 77 | 78 | ### ACS End of Life'd versions 79 | 80 | While our latest version of the charts should be able to deployment any version 81 | of ACS (theoretically), we only ever test deployment of _currently_ supported 82 | versions. Also we do not provide values files for older unsupported version. If 83 | you need to deploy old version we provide a reference table below to allow you 84 | find the older values files and charts. You can either try using the values 85 | file for a version with the latest charts or using the old charts. 86 | 87 | | unsupported ACS version | Last chart version providing it | 88 | |-------------------------|---------------------------------| 89 | | 7.3 | 9.5.1 | 90 | | 7.2 | 9.1.1 | 91 | | 7.1 | 8.5.2 | 92 | | 7.0 | 8.0.1 | 93 | | 6.2 | 5.3.0 | 94 | | 6.1 | 5.1.1 | 95 | 96 | > These charts should not be used for any new deployment but just for reference. 97 | 98 | ## Getting Started 99 | 100 | To get started please refer to the [Docker Compose](compose.md) and [Helm Chart](helm.md) documentation. 101 | -------------------------------------------------------------------------------- /test/enterprise-integration-test-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | alfresco-repository: 3 | resources: 4 | requests: 5 | cpu: "0.01" 6 | memory: "1024Mi" 7 | limits: 8 | cpu: "2" 9 | memory: "2Gi" 10 | # https://alfresco.atlassian.net/browse/ACS-6670 11 | replicaCount: 1 12 | persistence: 13 | accessModes: 14 | - ReadWriteOnce 15 | startupProbe: 16 | failureThreshold: 20 17 | share: 18 | resources: 19 | requests: 20 | cpu: "0.01" 21 | memory: "256Mi" 22 | limits: 23 | cpu: "2" 24 | memory: "1Gi" 25 | readinessProbe: 26 | initialDelaySeconds: 60 27 | timeoutSeconds: 45 28 | livenessProbe: 29 | initialDelaySeconds: 60 30 | timeoutSeconds: 45 31 | alfresco-search: 32 | resources: 33 | requests: 34 | cpu: "0.01" 35 | memory: "512Mi" 36 | limits: 37 | cpu: "2" 38 | memory: "1280Mi" 39 | elasticsearch: 40 | elasticsearch: 41 | resources: 42 | requests: 43 | cpu: "0.01" 44 | memory: "512Mi" 45 | limits: 46 | cpu: "1" 47 | memory: "1Gi" 48 | livenessProbe: 49 | initialDelaySeconds: 100 50 | readinessProbe: 51 | initialDelaySeconds: 100 52 | kibana: 53 | resources: 54 | requests: 55 | cpu: "0.01" 56 | memory: "512Mi" 57 | limits: 58 | cpu: "1" 59 | memory: "1Gi" 60 | alfresco-search-enterprise: 61 | reindexing: 62 | hookExecution: false 63 | resources: 64 | requests: 65 | cpu: "0.01" 66 | memory: "128Mi" 67 | limits: 68 | cpu: "1" 69 | memory: "1Gi" 70 | resources: 71 | requests: 72 | cpu: "0.01" 73 | memory: "128Mi" 74 | limits: 75 | cpu: "1" 76 | memory: "1Gi" 77 | alfresco-transform-service: 78 | pdfrenderer: 79 | livenessProbe: 80 | initialDelaySeconds: 120 81 | resources: 82 | requests: 83 | cpu: "0.01" 84 | memory: "256Mi" 85 | limits: 86 | cpu: "2" 87 | memory: "512Mi" 88 | replicaCount: 1 89 | imagemagick: 90 | livenessProbe: 91 | initialDelaySeconds: 120 92 | resources: 93 | requests: 94 | cpu: "0.01" 95 | memory: "256Mi" 96 | limits: 97 | cpu: "2" 98 | memory: "1Gi" 99 | replicaCount: 1 100 | libreoffice: 101 | livenessProbe: 102 | initialDelaySeconds: 120 103 | resources: 104 | requests: 105 | cpu: "0.01" 106 | memory: "512Mi" 107 | limits: 108 | cpu: "2" 109 | memory: "1024Mi" 110 | replicaCount: 1 111 | tika: 112 | livenessProbe: 113 | initialDelaySeconds: 120 114 | resources: 115 | requests: 116 | cpu: "0.01" 117 | memory: "256Mi" 118 | limits: 119 | cpu: "2" 120 | memory: "1Gi" 121 | replicaCount: 1 122 | transformmisc: 123 | livenessProbe: 124 | initialDelaySeconds: 120 125 | resources: 126 | requests: 127 | cpu: "0.01" 128 | memory: "256Mi" 129 | limits: 130 | cpu: "2" 131 | memory: "512Mi" 132 | replicaCount: 1 133 | transformrouter: 134 | livenessProbe: 135 | initialDelaySeconds: 120 136 | resources: 137 | requests: 138 | cpu: "0.01" 139 | memory: "256Mi" 140 | limits: 141 | cpu: "2" 142 | memory: "800Mi" 143 | replicaCount: 1 144 | filestore: 145 | resources: 146 | requests: 147 | cpu: "0.01" 148 | memory: "256Mi" 149 | limits: 150 | cpu: "2" 151 | memory: "512Mi" 152 | postgresql: 153 | primary: 154 | resources: 155 | requests: 156 | cpu: "0.01" 157 | memory: "1Gi" 158 | limits: 159 | cpu: "2" 160 | memory: "1Gi" 161 | postgresql-sync: &postgresql-sync 162 | primary: 163 | resources: 164 | requests: 165 | cpu: "0.01" 166 | memory: "512Mi" 167 | limits: 168 | cpu: "2" 169 | memory: "1Gi" 170 | alfresco-sync-service: 171 | livenessProbe: 172 | initialDelaySeconds: 120 173 | resources: 174 | requests: 175 | cpu: "0.01" 176 | memory: "512Mi" 177 | limits: 178 | cpu: "2" 179 | memory: "1Gi" 180 | postgresql: *postgresql-sync 181 | activemq: 182 | resources: 183 | requests: 184 | cpu: "0.01" 185 | memory: "512Mi" 186 | alfresco-digital-workspace: 187 | resources: 188 | requests: 189 | cpu: "0.01" 190 | alfresco-control-center: 191 | resources: 192 | requests: 193 | cpu: "0.01" 194 | alfresco-ai-transformer: 195 | enabled: true 196 | replicaCount: 1 197 | aws: 198 | accessKeyId: AAAAAAAAAAAAAAAAA 199 | secretAccessKey: ZZZZZZZZZZZZZZZZZ 200 | s3Bucket: somebucket 201 | region: us-east-1 202 | comprehendRoleARN: arn:aws:iam::000000000000:user/comprehend 203 | resources: 204 | requests: 205 | cpu: "0.01" 206 | memory: "512Mi" 207 | livenessProbe: 208 | initialDelaySeconds: 120 209 | alfresco-audit-storage: 210 | livenessProbe: 211 | initialDelaySeconds: 120 212 | resources: 213 | requests: 214 | cpu: "0.01" 215 | memory: "256Mi" 216 | dtas: 217 | enabled: true 218 | # In case of any changes, please ensure that the values are also updated in `docs/helm/values/local-dev_values.yaml` 219 | -------------------------------------------------------------------------------- /.github/workflows/helm-community.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Helm (Community) 3 | on: 4 | pull_request: 5 | branches: 6 | - master 7 | - release/** 8 | - next/** 9 | paths: 10 | - helm/** 11 | - test/k6/acs-sso-example.js 12 | - test/postman/helm/** 13 | - .github/workflows/helm* 14 | - test/community-integration-test-values.yaml 15 | push: 16 | branches: 17 | - master 18 | - release/** 19 | concurrency: 20 | group: helm-com-${{ github.head_ref || github.ref_name }} 21 | cancel-in-progress: true 22 | jobs: 23 | build_vars: 24 | runs-on: ubuntu-latest 25 | outputs: 26 | ver_json: ${{ steps.app_versions.outputs.json }} 27 | steps: 28 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 29 | with: 30 | fetch-depth: 0 31 | - name: Get charts 32 | id: getcharts 33 | uses: ./.github/actions/charts-as-json 34 | with: 35 | charts-root: helm 36 | - name: Keep only ACS enterprise 37 | id: app_versions 38 | env: 39 | JSON: ${{ toJSON(fromJSON(steps.getcharts.outputs.all)) }} 40 | JQ_FILTER: >- 41 | [inputs | .charts[] | {name: .name, values: .values[]} 42 | | select(.values=="community_values.yaml" or .name=="acs-sso-example")] 43 | run: | 44 | echo "${JSON}" | jq -nc '${{ env.JQ_FILTER }}' 45 | VERS=$(echo "${JSON}" | jq -nc '${{ env.JQ_FILTER }}') 46 | echo "json=$VERS" >> $GITHUB_OUTPUT 47 | 48 | community_charts: 49 | runs-on: ubuntu-latest 50 | timeout-minutes: 10 51 | needs: 52 | - build_vars 53 | env: 54 | REGISTRY_SECRET_NAME: ${{ github.event.pull_request.head.repo.fork && '' || 'regcred' }} 55 | strategy: 56 | fail-fast: false 57 | matrix: 58 | include: ${{ fromJSON(needs.build_vars.outputs.ver_json) }} 59 | steps: 60 | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 61 | 62 | - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 63 | with: 64 | version: "3.12.1" 65 | 66 | - name: Login to Docker Hub 67 | uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 68 | if: >- 69 | ! github.event.pull_request.head.repo.fork 70 | with: 71 | username: ${{ secrets.DOCKER_USERNAME }} 72 | password: ${{ secrets.DOCKER_PASSWORD }} 73 | 74 | - name: Setup cluster 75 | uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v12.0.0 76 | with: 77 | ingress-nginx-ref: controller-v1.12.1 78 | import-docker-credentials-secret-name: ${{ env.REGISTRY_SECRET_NAME }} 79 | 80 | - name: Set nginx ingress config 81 | run: | 82 | kubectl -n ingress-nginx patch cm ingress-nginx-controller \ 83 | -p '{"data": {"annotations-risk-level":"Critical","allow-snippet-annotations":"true"}}' 84 | 85 | - name: Add dependency chart repos 86 | run: | 87 | helm repo add self https://alfresco.github.io/alfresco-helm-charts/ 88 | helm repo add codecentric https://codecentric.github.io/helm-charts/ 89 | helm repo add elastic https://helm.elastic.co/ 90 | 91 | - name: Helm install 92 | run: | 93 | helm dep build . 94 | helm install ${{ matrix.name }} . \ 95 | --set global.search.sharedSecret="$(openssl rand -hex 24)" \ 96 | --set global.known_urls=http://localhost \ 97 | --set global.alfrescoRegistryPullSecrets=${{ env.REGISTRY_SECRET_NAME }} \ 98 | --set global.imagePullSecrets[0]=${{ env.REGISTRY_SECRET_NAME }} \ 99 | --wait --timeout 6m0s \ 100 | --values ${{ matrix.values }} \ 101 | --values ../../test/community-integration-test-values.yaml 102 | working-directory: helm/${{ matrix.name }} 103 | 104 | - name: Spit cluster status 105 | if: always() 106 | run: | 107 | helm ls --all-namespaces 108 | kubectl get all --all-namespaces 109 | kubectl describe pod 110 | 111 | - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v.3.0.2 112 | if: matrix.name == 'alfresco-content-services' 113 | with: 114 | timeout_minutes: 1 115 | retry_wait_seconds: 30 116 | max_attempts: 5 117 | command: >- 118 | docker run --network=host 119 | -v $(pwd)/test/postman:/etc/postman 120 | -t postman/newman run /etc/postman/helm/acs-test-helm-collection.json 121 | --global-var protocol=http --global-var url=localhost 122 | 123 | - name: Setup k6 124 | if: matrix.name == 'acs-sso-example' 125 | uses: grafana/setup-k6-action@ffe7d7290dfa715e48c2ccc924d068444c94bde2 # v1.1.0 126 | 127 | - name: Run SSO example chart tests 128 | if: matrix.name == 'acs-sso-example' 129 | env: 130 | K6_BROWSER_ARGS: no-sandbox 131 | uses: grafana/run-k6-action@a15e2072ede004e8d46141e33d7f7dad8ad08d9d # v1.3.1 132 | with: 133 | path: test/k6/acs-sso-example.js 134 | 135 | - name: Spit cluster status after tests 136 | if: always() 137 | run: | 138 | helm ls --all-namespaces 139 | kubectl get all --all-namespaces 140 | kubectl describe pod 141 | -------------------------------------------------------------------------------- /docker-compose/commons/base.yaml: -------------------------------------------------------------------------------- 1 | # For now just traefik labels and traefik service 2 | services: 3 | alfresco: 4 | labels: 5 | - "traefik.enable=true" 6 | - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)" 7 | - "traefik.http.services.alfresco.loadbalancer.server.port=8080" 8 | - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" 9 | - "traefik.http.middlewares.alfresco-root-redirect.redirectregex.regex=^https?://[^/]+/([^/.]+)$$" 10 | - "traefik.http.middlewares.alfresco-root-redirect.redirectregex.replacement=$$0/" 11 | - "traefik.http.middlewares.alfresco-chain.chain.middlewares=alfresco-root-redirect@docker,limit@docker" 12 | - "traefik.http.routers.alfresco.middlewares=alfresco-chain@docker" 13 | - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$$`)" 14 | - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:" 15 | - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker" 16 | - "traefik.http.routers.alfrescomicrometer.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/prometheus`)" 17 | - "traefik.http.middlewares.prometheusipfilter.ipallowlist.sourcerange=127.0.0.0/8" 18 | - "traefik.http.routers.alfrescomicrometer.middlewares=prometheusipfilter@docker" 19 | share: 20 | labels: 21 | - "traefik.enable=true" 22 | - "traefik.http.routers.share.rule=PathPrefix(`/share`)" 23 | - "traefik.http.services.share.loadbalancer.server.port=8080" 24 | - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120" 25 | - "traefik.http.middlewares.share-root-redirect.redirectregex.regex=/share$$" 26 | - "traefik.http.middlewares.share-root-redirect.redirectregex.replacement=/share/" 27 | - "traefik.http.middlewares.share-chain.chain.middlewares=share-root-redirect@docker,limit@docker" 28 | - "traefik.http.routers.share.middlewares=share-chain@docker" 29 | - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`)" 30 | - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:" 31 | - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker" 32 | digital-workspace: 33 | labels: 34 | - "traefik.enable=true" 35 | - "traefik.http.routers.adw.rule=PathPrefix(`/workspace`)" 36 | - "traefik.http.services.digital-workspace.loadbalancer.server.port=8080" 37 | - "traefik.http.middlewares.adwforceslash.redirectregex.regex=^(.*/workspace)$$" 38 | - "traefik.http.middlewares.adwforceslash.redirectregex.replacement=$${1}/" 39 | - "traefik.http.middlewares.adwroot.stripprefix.prefixes=/workspace" 40 | - "traefik.http.middlewares.adwchain.chain.middlewares=adwforceslash,adwroot" 41 | - "traefik.http.routers.adw.middlewares=adwchain@docker" 42 | content-app: 43 | labels: 44 | - "traefik.enable=true" 45 | - "traefik.http.routers.aca.rule=PathPrefix(`/content-app`)" 46 | - "traefik.http.services.content-app.loadbalancer.server.port=8080" 47 | - "traefik.http.middlewares.acaroot.stripprefix.prefixes=/content-app" 48 | - "traefik.http.middlewares.acaforceslash.redirectregex.regex=^(.*/content-app)$$" 49 | - "traefik.http.middlewares.acaforceslash.redirectregex.replacement=$${1}/" 50 | - "traefik.http.middlewares.acachain.chain.middlewares=acaforceslash,acaroot" 51 | - "traefik.http.routers.aca.middlewares=acachain@docker" 52 | control-center: 53 | labels: 54 | - "traefik.enable=true" 55 | - "traefik.http.routers.acc.rule=PathPrefix(`/control-center`) || PathPrefix(`/admin`)" 56 | - "traefik.http.services.control-center.loadbalancer.server.port=8080" 57 | - "traefik.http.middlewares.accroot.stripprefix.prefixes=/admin,/control-center" 58 | - "traefik.http.middlewares.accforceslash.redirectregex.regex=^(.*/(admin|control-center))$$" 59 | - "traefik.http.middlewares.accforceslash.redirectregex.replacement=$${1}/" 60 | - "traefik.http.middlewares.accchain.chain.middlewares=accforceslash,accroot" 61 | - "traefik.http.routers.acc.middlewares=accchain@docker" 62 | proxy: 63 | image: traefik:3.6 64 | mem_limit: 128m 65 | command: 66 | - "--api.insecure=true" 67 | - "--providers.docker=true" 68 | - "--entrypoints.web.address=:8080" 69 | - "--entrypoints.web.transport.respondingTimeouts.readTimeout=20m" 70 | - "--entryPoints.traefik.address=:8888" 71 | - "--accesslog=true" 72 | - "--providers.docker.exposedByDefault=false" 73 | - "--ping.entrypoint=web" 74 | - "--ping=true" 75 | ports: 76 | - "8080:8080" 77 | - "8888:8888" 78 | healthcheck: 79 | test: ["CMD", "traefik", "healthcheck", "--ping"] 80 | interval: 20s 81 | timeout: 10s 82 | retries: 3 83 | start_period: 10s 84 | security_opt: 85 | - label=disable # Required for accessing the Docker socket on Selinux enabled systems 86 | volumes: 87 | - /var/run/docker.sock:/var/run/docker.sock:ro 88 | sync-service: 89 | labels: 90 | - "traefik.enable=true" 91 | - "traefik.http.routers.syncservice.rule=PathPrefix(`/syncservice`)" 92 | - "traefik.http.services.sync-service.loadbalancer.server.port=9090" 93 | - "traefik.http.middlewares.syncservice.replacepathregex.regex=^/syncservice/(.*)" 94 | - "traefik.http.middlewares.syncservice.replacepathregex.replacement=/alfresco/$$1" 95 | - "traefik.http.routers.syncservice.middlewares=syncservice@docker" 96 | --------------------------------------------------------------------------------