diff --git a/.github/workflows/bumpVersions.yml b/.github/workflows/bumpVersions.yml index ed588548d..f868272ce 100644 --- a/.github/workflows/bumpVersions.yml +++ b/.github/workflows/bumpVersions.yml @@ -32,7 +32,7 @@ jobs: name: Helm charts dependencies if: inputs.update-type == 'charts' steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: token: ${{ secrets.BOT_GITHUB_TOKEN }} @@ -44,7 +44,7 @@ jobs: password: ${{ secrets.QUAY_PASSWORD }} - name: Install Updatecli - uses: updatecli/updatecli-action@9b35aa663a924d5d5faf89dac76594e3034bcf1f # v2.56.0 + uses: updatecli/updatecli-action@fa41baa922561b436c449de1a0bd1f5bd768248c # v2.58.0 with: version: ${{ env.UPDATE_CLI_VERSION }} @@ -52,15 +52,15 @@ jobs: env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v5.23.0 + - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v5.27.0 - name: Regenerate helm docs if necessary - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v5.23.0 + uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v5.27.0 with: pre-commit-args: helm-docs || true skip_checkout: "true" - name: Git Auto Commit - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_message: | 🛠 Updatecli pipeline charts bump @@ -76,17 +76,17 @@ jobs: if: inputs.update-type == 'values' steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: token: ${{ secrets.BOT_GITHUB_TOKEN }} - name: Install Updatecli - uses: updatecli/updatecli-action@9b35aa663a924d5d5faf89dac76594e3034bcf1f # v2.56.0 + uses: updatecli/updatecli-action@fa41baa922561b436c449de1a0bd1f5bd768248c # v2.58.0 with: version: ${{ env.UPDATE_CLI_VERSION }} - name: Checkout updatecli configs - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: alfresco/alfresco-updatecli ref: ${{ inputs.alfresco-updatecli-ref || env.DEFAULT_BRANCH_NAME }} @@ -107,15 +107,15 @@ jobs: QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} UPDATECLI_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} - - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v5.23.0 + - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v5.27.0 - name: Regenerate helm docs if necessary - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v5.23.0 + uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v5.27.0 with: pre-commit-args: helm-docs || true skip_checkout: "true" - name: Git Auto Commit - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_message: | 🛠 Updatecli pipeline values bump diff --git a/.github/workflows/docker-compose-community.yml b/.github/workflows/docker-compose-community.yml index 9537276cb..59e73fd66 100644 --- a/.github/workflows/docker-compose-community.yml +++ b/.github/workflows/docker-compose-community.yml @@ -22,6 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: >- - Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose@v5.23.0 + Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose@v5.27.0 with: compose_file_path: docker-compose/community-docker-compose.yml diff --git a/.github/workflows/docker-compose-enterprise.yml b/.github/workflows/docker-compose-enterprise.yml index 94e3ae616..bdad4e5be 100644 --- a/.github/workflows/docker-compose-enterprise.yml +++ b/.github/workflows/docker-compose-enterprise.yml @@ -27,7 +27,7 @@ jobs: outputs: matrix_json: ${{ steps.eval.outputs.matrix_json }} steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Evaluate Matrix id: eval run: >- @@ -55,7 +55,7 @@ jobs: steps: - name: Verify docker-compose uses: >- - Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose@v5.23.0 + Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose@v5.27.0 timeout-minutes: 10 with: compose_file_path: docker-compose/${{ matrix.compose_file }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml new file mode 100644 index 000000000..b521a14a7 --- /dev/null +++ b/.github/workflows/docs.yml @@ -0,0 +1,28 @@ +name: Publish docs + +permissions: + contents: write + pages: write + id-token: write + +on: + push: + branches: + - master + paths: + - "docs/**" + - ".github/workflows/docs.yml" + pull_request: + branches: + - master + paths: + - "docs/**" + - ".github/workflows/docs.yml" + +jobs: + publish: + uses: Alfresco/jekyll-build-tools/.github/workflows/jekyll-publish.yml@main + with: + working-directory: . + publish: ${{ github.event_name == 'push' && github.ref_name == 'master'}} + validate-html: true diff --git a/.github/workflows/helm-community.yml b/.github/workflows/helm-community.yml index 5ce2453a4..b8eccd7da 100644 --- a/.github/workflows/helm-community.yml +++ b/.github/workflows/helm-community.yml @@ -24,7 +24,7 @@ jobs: outputs: ver_json: ${{ steps.app_versions.outputs.json }} steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: Get charts @@ -54,9 +54,9 @@ jobs: matrix: include: ${{ fromJSON(needs.build_vars.outputs.ver_json) }} steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 + - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: "3.12.1" @@ -68,7 +68,7 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: Setup cluster - uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v5.23.0 + uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v5.27.0 with: ingress-nginx-ref: controller-v1.8.2 diff --git a/.github/workflows/helm-enterprise.yml b/.github/workflows/helm-enterprise.yml index b5016499a..d5a3db278 100644 --- a/.github/workflows/helm-enterprise.yml +++ b/.github/workflows/helm-enterprise.yml @@ -30,7 +30,7 @@ jobs: outputs: ver_json: ${{ steps.app_versions.outputs.json }} steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: Get charts @@ -64,9 +64,9 @@ jobs: matrix: include: ${{ fromJSON(needs.build_vars.outputs.ver_json) }} steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 + - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 with: version: "3.14.3" @@ -84,7 +84,7 @@ jobs: password: ${{ secrets.QUAY_PASSWORD }} - name: Setup cluster - uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v5.23.0 + uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v5.27.0 with: ingress-nginx-ref: controller-v1.8.2 metrics: "true" diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 6733a1fcc..cff074f28 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -10,7 +10,7 @@ jobs: publish: runs-on: ubuntu-latest steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 @@ -20,7 +20,7 @@ jobs: - name: Publish chart uses: >- - Alfresco/alfresco-build-tools/.github/actions/dbp-charts/publish-chart@v5.23.0 + Alfresco/alfresco-build-tools/.github/actions/dbp-charts/publish-chart@v5.27.0 with: chart_name: alfresco-content-services github_token: ${{ secrets.BOT_GITHUB_TOKEN }} diff --git a/.github/workflows/helm-static-checks.yml b/.github/workflows/helm-static-checks.yml index 20ba91ed4..cc725ddb1 100644 --- a/.github/workflows/helm-static-checks.yml +++ b/.github/workflows/helm-static-checks.yml @@ -21,7 +21,7 @@ jobs: app_charts: ${{ steps.getcharts.outputs.app }} lib_charts: ${{ steps.getcharts.outputs.lib }} steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 2 - id: getcharts @@ -38,13 +38,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: >- - Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@v5.23.0 + Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@v5.27.0 with: chart-dir: helm/${{ matrix.charts.name }} - uses: >- - Alfresco/alfresco-build-tools/.github/actions/helm-plugin@v5.23.0 + Alfresco/alfresco-build-tools/.github/actions/helm-plugin@v5.27.0 with: plugin_url: https://github.com/helm-unittest/helm-unittest - name: Run Helm unit tests if present @@ -61,13 +61,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: >- - Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@v5.23.0 + Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@v5.27.0 with: chart-dir: helm/${{ matrix.charts.name }} - uses: >- - Alfresco/alfresco-build-tools/.github/actions/helm-template-yamllint@v5.23.0 + Alfresco/alfresco-build-tools/.github/actions/helm-template-yamllint@v5.27.0 with: chart-dir: helm/${{ matrix.charts.name }} helm-options: >- diff --git a/.github/workflows/pre-commit-compose.yml b/.github/workflows/pre-commit-compose.yml index 2c10f0ba4..c4b9937f2 100644 --- a/.github/workflows/pre-commit-compose.yml +++ b/.github/workflows/pre-commit-compose.yml @@ -24,4 +24,4 @@ jobs: name: Run pre-commit runs-on: ubuntu-latest steps: - - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v5.23.0 + - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v5.27.0 diff --git a/.github/workflows/pre-commit-helm.yml b/.github/workflows/pre-commit-helm.yml index a023f290b..b29b5297d 100644 --- a/.github/workflows/pre-commit-helm.yml +++ b/.github/workflows/pre-commit-helm.yml @@ -27,8 +27,8 @@ jobs: name: Run pre-commit runs-on: ubuntu-latest steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # 4.1.2 - - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v5.23.0 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6 + - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v5.27.0 - name: Add dependency chart repos run: | for repo in $(yq eval-all \ diff --git a/.gitignore b/.gitignore index 843166d35..b5faa9bc5 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,5 @@ hs_err_pid* # updatecli workflow alfresco-updatecli merged.yaml + +_site diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 5d76b9151..87653ffea 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -1,3 +1,4 @@ --- default: true MD013: false +MD025: false diff --git a/.ruby-version b/.ruby-version new file mode 100644 index 000000000..b347b11ea --- /dev/null +++ b/.ruby-version @@ -0,0 +1 @@ +3.2.3 diff --git a/Gemfile b/Gemfile new file mode 100644 index 000000000..222231a2f --- /dev/null +++ b/Gemfile @@ -0,0 +1,6 @@ +source 'https://rubygems.org' + +gem "jekyll", "~> 4.3.3" +gem "just-the-docs", "0.8.1" +gem "jekyll-relative-links" +gem "html-proofer" diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 000000000..7be29ec06 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,187 @@ +GEM + remote: https://rubygems.org/ + specs: + Ascii85 (1.1.1) + addressable (2.8.6) + public_suffix (>= 2.0.2, < 6.0) + afm (0.2.2) + async (2.11.0) + console (~> 1.25, >= 1.25.2) + fiber-annotation + io-event (~> 1.5, >= 1.5.1) + timers (~> 4.1) + bigdecimal (3.1.8) + colorator (1.1.0) + concurrent-ruby (1.2.3) + console (1.25.2) + fiber-annotation + fiber-local (~> 1.1) + json + em-websocket (0.5.3) + eventmachine (>= 0.12.9) + http_parser.rb (~> 0) + ethon (0.16.0) + ffi (>= 1.15.0) + eventmachine (1.2.7) + ffi (1.16.3) + fiber-annotation (0.2.0) + fiber-local (1.1.0) + fiber-storage + fiber-storage (0.1.0) + forwardable-extended (2.6.0) + google-protobuf (4.26.1) + rake (>= 13) + google-protobuf (4.26.1-aarch64-linux) + rake (>= 13) + google-protobuf (4.26.1-arm64-darwin) + rake (>= 13) + google-protobuf (4.26.1-x86-linux) + rake (>= 13) + google-protobuf (4.26.1-x86_64-darwin) + rake (>= 13) + google-protobuf (4.26.1-x86_64-linux) + rake (>= 13) + hashery (2.1.2) + html-proofer (5.0.9) + addressable (~> 2.3) + async (~> 2.1) + nokogiri (~> 1.13) + pdf-reader (~> 2.11) + rainbow (~> 3.0) + typhoeus (~> 1.3) + yell (~> 2.0) + zeitwerk (~> 2.5) + http_parser.rb (0.8.0) + i18n (1.14.5) + concurrent-ruby (~> 1.0) + io-event (1.5.1) + jekyll (4.3.3) + addressable (~> 2.4) + colorator (~> 1.0) + em-websocket (~> 0.5) + i18n (~> 1.0) + jekyll-sass-converter (>= 2.0, < 4.0) + jekyll-watch (~> 2.0) + kramdown (~> 2.3, >= 2.3.1) + kramdown-parser-gfm (~> 1.0) + liquid (~> 4.0) + mercenary (>= 0.3.6, < 0.5) + pathutil (~> 0.9) + rouge (>= 3.0, < 5.0) + safe_yaml (~> 1.0) + terminal-table (>= 1.8, < 4.0) + webrick (~> 1.7) + jekyll-include-cache (0.2.1) + jekyll (>= 3.7, < 5.0) + jekyll-relative-links (0.7.0) + jekyll (>= 3.3, < 5.0) + jekyll-sass-converter (3.0.0) + sass-embedded (~> 1.54) + jekyll-seo-tag (2.8.0) + jekyll (>= 3.8, < 5.0) + jekyll-watch (2.2.1) + listen (~> 3.0) + json (2.7.2) + just-the-docs (0.8.1) + jekyll (>= 3.8.5) + jekyll-include-cache + jekyll-seo-tag (>= 2.0) + rake (>= 12.3.1) + kramdown (2.4.0) + rexml + kramdown-parser-gfm (1.1.0) + kramdown (~> 2.0) + liquid (4.0.4) + listen (3.9.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + mercenary (0.4.0) + nokogiri (1.16.5-aarch64-linux) + racc (~> 1.4) + nokogiri (1.16.5-arm-linux) + racc (~> 1.4) + nokogiri (1.16.5-arm64-darwin) + racc (~> 1.4) + nokogiri (1.16.5-x86-linux) + racc (~> 1.4) + nokogiri (1.16.5-x86_64-darwin) + racc (~> 1.4) + nokogiri (1.16.5-x86_64-linux) + racc (~> 1.4) + pathutil (0.16.2) + forwardable-extended (~> 2.6) + pdf-reader (2.12.0) + Ascii85 (~> 1.0) + afm (~> 0.2.1) + hashery (~> 2.0) + ruby-rc4 + ttfunk + public_suffix (5.0.5) + racc (1.7.3) + rainbow (3.1.1) + rake (13.2.1) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) + rexml (3.2.8) + strscan (>= 3.0.9) + rouge (4.2.1) + ruby-rc4 (0.1.5) + safe_yaml (1.0.5) + sass-embedded (1.77.1-aarch64-linux-gnu) + google-protobuf (>= 3.25, < 5.0) + sass-embedded (1.77.1-aarch64-linux-musl) + google-protobuf (>= 3.25, < 5.0) + sass-embedded (1.77.1-arm-linux-gnueabihf) + google-protobuf (>= 3.25, < 5.0) + sass-embedded (1.77.1-arm-linux-musleabihf) + google-protobuf (>= 3.25, < 5.0) + sass-embedded (1.77.1-arm64-darwin) + google-protobuf (>= 3.25, < 5.0) + sass-embedded (1.77.1-x86-linux-gnu) + google-protobuf (>= 3.25, < 5.0) + sass-embedded (1.77.1-x86-linux-musl) + google-protobuf (>= 3.25, < 5.0) + sass-embedded (1.77.1-x86_64-darwin) + google-protobuf (>= 3.25, < 5.0) + sass-embedded (1.77.1-x86_64-linux-gnu) + google-protobuf (>= 3.25, < 5.0) + sass-embedded (1.77.1-x86_64-linux-musl) + google-protobuf (>= 3.25, < 5.0) + strscan (3.1.0) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + timers (4.3.5) + ttfunk (1.8.0) + bigdecimal (~> 3.1) + typhoeus (1.4.1) + ethon (>= 0.9.0) + unicode-display_width (2.5.0) + webrick (1.8.1) + yell (2.2.2) + zeitwerk (2.6.13) + +PLATFORMS + aarch64-linux + aarch64-linux-gnu + aarch64-linux-musl + arm-linux + arm-linux-gnueabihf + arm-linux-musleabihf + arm64-darwin + x86-linux + x86-linux-gnu + x86-linux-musl + x86_64-darwin + x86_64-linux + x86_64-linux-gnu + x86_64-linux-musl + +DEPENDENCIES + html-proofer + jekyll (~> 4.3.3) + jekyll-relative-links + just-the-docs (= 0.8.1) + +BUNDLED WITH + 2.5.7 diff --git a/README.md b/README.md index 11b0116fe..21dfae33c 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,12 @@ # Alfresco Content Services Containerized Deployment [![release](https://img.shields.io/github/v/release/Alfresco/acs-deployment?display_name=release)](https://github.com/Alfresco/acs-deployment/releases/latest) +![kubernetes tested version](https://img.shields.io/badge/k8s%20version-v1.29-blue) +[![Helm release](https://github.com/Alfresco/acs-deployment/actions/workflows/helm-release.yml/badge.svg)](https://github.com/Alfresco/acs-deployment/actions/workflows/helm-release.yml) + [![helm charts (enterprise)](https://github.com/Alfresco/acs-deployment/actions/workflows/helm-enterprise.yml/badge.svg)](https://github.com/Alfresco/acs-deployment/actions/workflows/helm-enterprise.yml) [![helm charts (community)](https://github.com/Alfresco/acs-deployment/actions/workflows/helm-community.yml/badge.svg)](https://github.com/Alfresco/acs-deployment/actions/workflows/helm-community.yml) + [![docker-compose (enterprise)](https://github.com/Alfresco/acs-deployment/actions/workflows/docker-compose-enterprise.yml/badge.svg)](https://github.com/Alfresco/acs-deployment/actions/workflows/docker-compose-enterprise.yml) [![docker-compose (community)](https://github.com/Alfresco/acs-deployment/actions/workflows/docker-compose-community.yml/badge.svg)](https://github.com/Alfresco/acs-deployment/actions/workflows/docker-compose-community.yml) @@ -11,107 +15,7 @@ This project contains the code for running Alfresco Content Services (ACS) with Compose](https://docs.docker.com/compose) or on [Kubernetes](https://kubernetes.io) using [Helm Charts](https://helm.sh). -Automated tests for helm charts are running on KinD cluster v1.25 and EKS v1.27. - -## Important changes for helm charts - -The v7.0.0 release is the first release of the acs helm charts which completely -leverage the new individual subcharts we started releasing since March 2023 in a -dedicated repo: -[alfresco-helm-charts](https://github.com/Alfresco/alfresco-helm-charts). - -This change will make life easier to whoever want to customize or extend the -helm deployments and simplify the future maintenance, at the cost of breaking -the compatibility with the values structure which remained almost stable since -the v6 release. - -Please review the new [values](helm/alfresco-content-services/values.yaml) -carefully and adapt any custom configuration you may have. You can read the -[upgrades guide](docs/helm/upgrades.md) for more details on the changes. - -> Deploying to new namespace is always the preferred way of upgrading ACS as we -> do not test charts for upgrade scenarios (even with previous versions) -> neither do we provide roll-back facilities. - -## Prerequisites - -The ACS Enterprise version is installed by default, using Docker images from -Quay.io. If you're an Alfresco customer, you can request Quay.io credentials by -logging a ticket with [Hyland Community](https://community.hyland.com). - -The repository Docker image provides a limited trial of the Enterprise version -of Alfresco Content Services, which switches to read-only mode after 2 days. For -a longer trial, you can request the 30-day [Download -Trial](https://www.alfresco.com/platform/content-services-ecm/trial/download). - -The Community Edition can be installed without the need of a license or quay.io -account. - -## Versioning - -As of version 8.0.0 of the chart we have changed the release policy. -Previously, the chart was released together with the ACS product and we were -delivering additional values files for each major release of ACS (e.g. 7.3, -7.4, ...) and chart version were bumped with a similar increment as ACS. -With version 6.0.0, we started applying major versions bumps to reflect -breaking changes in the chart, despite only minor ACS release happened. - -With 8.0.0 onward, the release pace of the chart is completely independent from -the product versions. We will also stick to Semver principles when choosing -next version number, meaning that: - -* patch version will be used for bug fixes (last digit) -* minor version will be used for new features and modifications which do not - introduce breaking changes in the configuration interface. -* major version will be used for changes which involve breaking changes in the - configuration interface. - -The `alfresco-content-services` chart has always provided the ability to deploy -any currently supported version of ACS and its components and will continue to -do so. You are encoraged to always use the latest version of the chart to -deploy your ACS version, using the appropriate values file. For that reason we -stop providing the table mapping chart versions with the ACS version they -deploy (by default). Instead we'll just maintain the list of deprecated versions -versions mapped with the latest versions of the charts we tested deployment -with, so you can use that version to deploy older ACS version on Kubernetes. -Check the [ACS End of Life'd versions](#acs-end-of-lifed-versions) paragraph. - -You are encouraged to always use the latest version of the chart to deploy your -currently supported ACS version, using the appropriate values file. - -Finally, the master branch of this repository used to contain the latest -versions, including non-released versions! -We're also moving away from this pattern and the chart will now only ever -deploy released versions of our products. - -Should you want to try our latest dev versions, we now provide an additional -values file called `pre-release_values.yaml` which will be bumped on a regular -basis. - -This also means we will not produce `-M*` versions of the chart anymore. - -Check the [Release page](https://github.com/Alfresco/acs-deployment/releases) for the list of existing versions. - -### ACS End of Life'd versions - -While our latest version of the charts should be able to deployment any version -of ACS (theoretically), we only ever test deployment of _currently_ supported -versions. Also we do not provide values files for older unsupported version. If -you need to deploy old version we provide a reference table below to allow you -find the older values files and charts. You can either try using the values -file for a version with the latest charts or using the old charts. - -| unsupported ACS version | Last chart version providing it | -|-------------------------|---------------------------------| -| 7.0 | 8.0.1 | -| 6.2 | 5.3.0 | -| 6.1 | 5.1.1 | - -> These charts should not be used for any new deployment but just for reference. - -## Getting Started - -To get started please refer to the [Docker Compose](./docs/docker-compose) and [Helm Chart](./docs/helm) documentation. +User docs available at: [https://alfresco.github.io/acs-deployment/](https://alfresco.github.io/acs-deployment/) ## License @@ -142,7 +46,7 @@ First ensure that: Start the release by opening a PR against the appropriate branch that will: -* Update the [EOL table](#acs-end-of-lifed-versions) in case a version is deprecated +* Update the [EOL table](docs/index.md#acs-end-of-lifed-versions) in case a version is deprecated * In [alfresco-content-services](helm/alfresco-content-services/Chart.yaml), bump chart version to the version you want to release * Run `pre-commit run --all-files helm-docs` to update helm docs @@ -174,14 +78,3 @@ removing dependabot entries and other not-really useful changelog entries. Publish the release (remove draft status). Once the tagged workflow is successful, the release process is completed. - -## How to update workflow diagrams of Alfresco latest version - -* Go to the `docs/docker-compose/images` and/or `docs/helm/images` folders of the repository and there you will find 2 plantuml source files and their PNG diagram files. -* Update the plantuml(.puml) files for enterprise/community edition with latest changes as required. -* Once you are done with the changes, you can generate the diagrams with 2 ways. - -1. You can update the diagrams with cli method by running the below command. You need to have Java and Plantuml installed on your machine. - `java -jar plantuml.jar filename` -2. The other way to generate the diagrams is via official plantuml website. Go to the below url and paste your puml code and click on submit. - `http://www.plantuml.com/plantuml/uml/SyfFKj2rKt3CoKnELR1Io4ZDoSa70000` diff --git a/_config.yml b/_config.yml new file mode 100644 index 000000000..944ee6a3d --- /dev/null +++ b/_config.yml @@ -0,0 +1,48 @@ +title: ACS Deployment Documentation +description: User documentation for deploying Alfresco Content Services +theme: just-the-docs +color_scheme: alfresco + +url: https://alfresco.github.io + +aux_links: + Docs: https://docs.alfresco.com/ + GitHub Repository: https://github.com/Alfresco/acs-deployment + +aux_links_new_tab: true + +gh_edit_link: true +gh_edit_link_text: "Improve this page on GitHub" +gh_edit_repository: https://github.com/Alfresco/acs-deployment +gh_edit_branch: master +gh_edit_source: . +gh_edit_view_mode: edit + +logo: "/docs/images/hyland-alfresco-logos.png" +favicon_ico: "/docs/images/favicon.ico" + +defaults: + # apply the default layout to all markdown pages + - scope: + path: "*" + values: + layout: default + render_with_liquid: false + +exclude: + - Brewfile + - '*/ci/*' + - Gemfile + - Gemfile.lock + - '*.yaml' + - '*/Chart.lock' + - '*.tgz' + - '*/NOTES.txt' + - README.md + - LICENSE + +plugins: + - jekyll-relative-links + +mermaid: + version: "10.9.0" diff --git a/_includes/head_custom.html b/_includes/head_custom.html new file mode 100644 index 000000000..d555d471f --- /dev/null +++ b/_includes/head_custom.html @@ -0,0 +1,3 @@ + diff --git a/_sass/color_schemes/alfresco.scss b/_sass/color_schemes/alfresco.scss new file mode 100644 index 000000000..7cc0d84fe --- /dev/null +++ b/_sass/color_schemes/alfresco.scss @@ -0,0 +1,13 @@ +$link-color: #3273dc; +$body-font-family: "Inter", sans-serif; + +$font-size-5: 0.88rem; + +.main-content { + color: #212328; + font-weight: 300; +} + +td { + word-wrap: anywhere; +} diff --git a/docker-compose/7.1.N-docker-compose.yml b/docker-compose/7.1.N-docker-compose.yml index 80f79f1cd..3b12cd455 100644 --- a/docker-compose/7.1.N-docker-compose.yml +++ b/docker-compose/7.1.N-docker-compose.yml @@ -153,7 +153,7 @@ services: - "61616:61616" # OpenWire - "61613:61613" # STOMP digital-workspace: - image: quay.io/alfresco/alfresco-digital-workspace:2.6.2 + image: quay.io/alfresco/alfresco-digital-workspace:4.4.1 mem_limit: 128m environment: APP_CONFIG_AUTH_TYPE: "BASIC" diff --git a/docker-compose/7.2.N-docker-compose.yml b/docker-compose/7.2.N-docker-compose.yml index ddb4d7a57..86f0209a8 100644 --- a/docker-compose/7.2.N-docker-compose.yml +++ b/docker-compose/7.2.N-docker-compose.yml @@ -21,7 +21,7 @@ version: "2" services: alfresco: - image: quay.io/alfresco/alfresco-content-repository:7.2.1.15 + image: quay.io/alfresco/alfresco-content-repository:7.2.2 mem_limit: 1900m environment: JAVA_TOOL_OPTIONS: >- @@ -106,7 +106,7 @@ services: volumes: - shared-file-store-volume:/tmp/Alfresco/sfs share: - image: quay.io/alfresco/alfresco-share:7.2.1.15 + image: quay.io/alfresco/alfresco-share:7.2.2 mem_limit: 1g environment: REPO_HOST: "alfresco" @@ -157,7 +157,7 @@ services: - "61616:61616" # OpenWire - "61613:61613" # STOMP digital-workspace: - image: quay.io/alfresco/alfresco-digital-workspace:3.0.1 + image: quay.io/alfresco/alfresco-digital-workspace:4.4.1 mem_limit: 128m environment: APP_CONFIG_AUTH_TYPE: "BASIC" diff --git a/docker-compose/7.3.N-docker-compose.yml b/docker-compose/7.3.N-docker-compose.yml index 6718086ce..2f4a47b79 100644 --- a/docker-compose/7.3.N-docker-compose.yml +++ b/docker-compose/7.3.N-docker-compose.yml @@ -18,7 +18,7 @@ version: "2" services: alfresco: - image: quay.io/alfresco/alfresco-content-repository:7.3.1.2 + image: quay.io/alfresco/alfresco-content-repository:7.3.2 mem_limit: 1900m environment: JAVA_TOOL_OPTIONS: >- @@ -99,7 +99,7 @@ services: volumes: - shared-file-store-volume:/tmp/Alfresco/sfs share: - image: quay.io/alfresco/alfresco-share:7.3.1.2 + image: quay.io/alfresco/alfresco-share:7.3.2 mem_limit: 1g environment: REPO_HOST: "alfresco" @@ -149,7 +149,7 @@ services: - "61616:61616" # OpenWire - "61613:61613" # STOMP digital-workspace: - image: quay.io/alfresco/alfresco-digital-workspace:3.1.1 + image: quay.io/alfresco/alfresco-digital-workspace:4.4.1 mem_limit: 128m environment: APP_CONFIG_AUTH_TYPE: "BASIC" diff --git a/docker-compose/7.4.N-docker-compose.yml b/docker-compose/7.4.N-docker-compose.yml index 91a0be7b9..1d91cd84a 100644 --- a/docker-compose/7.4.N-docker-compose.yml +++ b/docker-compose/7.4.N-docker-compose.yml @@ -18,7 +18,7 @@ version: "2" services: alfresco: - image: quay.io/alfresco/alfresco-content-repository:7.4.1.6 + image: quay.io/alfresco/alfresco-content-repository:7.4.2 mem_limit: 1900m environment: JAVA_TOOL_OPTIONS: >- @@ -58,7 +58,7 @@ services: -XX:MaxRAMPercentage=80 transform-router: mem_limit: 512m - image: quay.io/alfresco/alfresco-transform-router:4.1.1 + image: quay.io/alfresco/alfresco-transform-router:4.1.2 environment: JAVA_OPTS: >- -XX:MinRAMPercentage=50 @@ -72,7 +72,7 @@ services: links: - activemq transform-core-aio: - image: alfresco/alfresco-transform-core-aio:5.1.1 + image: alfresco/alfresco-transform-core-aio:5.1.2 mem_limit: 1536m environment: JAVA_OPTS: >- @@ -86,7 +86,7 @@ services: links: - activemq shared-file-store: - image: quay.io/alfresco/alfresco-shared-file-store:4.1.1 + image: quay.io/alfresco/alfresco-shared-file-store:4.1.2 mem_limit: 512m environment: JAVA_OPTS: >- @@ -99,7 +99,7 @@ services: volumes: - shared-file-store-volume:/tmp/Alfresco/sfs share: - image: quay.io/alfresco/alfresco-share:7.4.1.6 + image: quay.io/alfresco/alfresco-share:7.4.2 mem_limit: 1g environment: REPO_HOST: "alfresco" @@ -149,7 +149,7 @@ services: - "61616:61616" # OpenWire - "61613:61613" # STOMP digital-workspace: - image: quay.io/alfresco/alfresco-digital-workspace:4.2.0 + image: quay.io/alfresco/alfresco-digital-workspace:4.4.1 mem_limit: 128m environment: APP_CONFIG_PROVIDER: "ECM" @@ -157,7 +157,7 @@ services: BASE_PATH: ./ APP_BASE_SHARE_URL: "http://localhost:8080/workspace/#/preview/s" control-center: - image: quay.io/alfresco/alfresco-control-center:8.2.0 + image: quay.io/alfresco/alfresco-control-center:8.3.0 mem_limit: 128m environment: APP_CONFIG_PROVIDER: "ECM" diff --git a/docker-compose/community-docker-compose.yml b/docker-compose/community-docker-compose.yml index 514850f54..aeb80105e 100644 --- a/docker-compose/community-docker-compose.yml +++ b/docker-compose/community-docker-compose.yml @@ -1,139 +1,250 @@ -# This docker-compose file will spin up an ACS community installation on a local host. -# It requires at least 6GB of memory available to distribute among containers. -# -# For performance tuning, increase each container mem_limit and give a percentage of -# it to the JVM. Use either the -Xms,-Xmx flags or the newly added flags in -# java 10+: -XX:MaxRAMPercentage and -XX:MinRAMPercentage. -# More details here: -# https://www.oracle.com/technetwork/java/javase/10-relnote-issues-4108729.html -# -# Using version 2 as 3 does not support resource constraint options -# (cpu_*, mem_* limits) for non swarm mode in Compose -version: "2" +name: docker-compose services: - alfresco: - image: docker.io/alfresco/alfresco-content-repository-community:23.2.1 - mem_limit: 1900m - environment: - JAVA_TOOL_OPTIONS: >- - -Dencryption.keystore.type=JCEKS - -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding - -Dencryption.keyAlgorithm=DESede - -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore - -Dmetadata-keystore.password=mp6yc0UD9e - -Dmetadata-keystore.aliases=metadata - -Dmetadata-keystore.metadata.password=oKIWzVdEdA - -Dmetadata-keystore.metadata.algorithm=DESede - JAVA_OPTS: >- - -Ddb.driver=org.postgresql.Driver - -Ddb.username=alfresco - -Ddb.password=alfresco - -Ddb.url=jdbc:postgresql://postgres:5432/alfresco - -Dsolr.host=solr6 - -Dsolr.port=8983 - -Dsolr.http.connection.timeout=1000 - -Dsolr.secureComms=secret - -Dsolr.sharedSecret=secret - -Dsolr.base.url=/solr - -Dindex.subsystem.name=solr6 - -Dshare.host=127.0.0.1 - -Dshare.port=8080 - -Dalfresco.host=localhost - -Dalfresco.port=8080 - -Dcsrf.filter.enabled=false - -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos - -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true" - -Ddeployment.method=DOCKER_COMPOSE - -DlocalTransform.core-aio.url=http://transform-core-aio:8090/ - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - transform-core-aio: - image: alfresco/alfresco-transform-core-aio:5.1.1 - mem_limit: 1536m - environment: - JAVA_OPTS: >- - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - ports: - - "8090:8090" - share: - image: docker.io/alfresco/alfresco-share:23.2.1 - mem_limit: 1g - environment: - REPO_HOST: "alfresco" - REPO_PORT: "8080" - JAVA_OPTS: >- - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - -Dalfresco.host=localhost - -Dalfresco.port=8080 - -Dalfresco.context=alfresco - -Dalfresco.protocol=http - postgres: - image: postgres:14.4 - mem_limit: 512m - environment: - - POSTGRES_PASSWORD=alfresco - - POSTGRES_USER=alfresco - - POSTGRES_DB=alfresco - command: postgres -c max_connections=300 -c log_min_messages=LOG - ports: - - "5432:5432" - solr6: - image: docker.io/alfresco/alfresco-search-services:2.0.10 - mem_limit: 2g - environment: - # Solr needs to know how to register itself with Alfresco - SOLR_ALFRESCO_HOST: "alfresco" - SOLR_ALFRESCO_PORT: "8080" - # Alfresco needs to know how to call solr - SOLR_SOLR_HOST: "solr6" - SOLR_SOLR_PORT: "8983" - # Create the default alfresco and archive cores - SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive" - # HTTPS or SECRET - ALFRESCO_SECURE_COMMS: "secret" - # SHARED SECRET VALUE - JAVA_TOOL_OPTIONS: >- - -Dalfresco.secureComms.secret=secret - ports: - - "8083:8983" # Browser port activemq: + healthcheck: + test: + - CMD + - /opt/activemq/bin/activemq + - query + - --objname + - type=Broker,brokerName=*,service=Health + - '|' + - grep + - Good + timeout: 5s + interval: 10s + retries: 5 + start_period: 5s image: alfresco/alfresco-activemq:5.18-jre17-rockylinux8 - mem_limit: 1g + mem_limit: "1073741824" + networks: + default: null ports: - "8161:8161" # Web Console - "5672:5672" # AMQP - "61616:61616" # OpenWire - "61613:61613" # STOMP + alfresco: + environment: + JAVA_OPTS: -Ddb.driver=org.postgresql.Driver -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.url=jdbc:postgresql://postgres:5432/alfresco -Dsolr.host=solr6 -Dsolr.port=8983 -Dsolr.http.connection.timeout=1000 -Dsolr.secureComms=secret -Dsolr.sharedSecret=secret -Dsolr.base.url=/solr -Dindex.subsystem.name=solr6 -Dshare.host=localhost -Dshare.port=8080 -Dalfresco.host=localhost -Dalfresco.port=8080 -Dcsrf.filter.enabled=false -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true" -Ddeployment.method=DOCKER_COMPOSE -DlocalTransform.core-aio.url=http://transform-core-aio:8090/ -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + JAVA_TOOL_OPTIONS: -Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore -Dmetadata-keystore.password=mp6yc0UD9e -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.password=oKIWzVdEdA -Dmetadata-keystore.metadata.algorithm=DESede + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- + timeout: 3s + interval: 30s + retries: 5 + start_period: 1m0s + image: docker.io/alfresco/alfresco-content-repository-community:25.2.0 + labels: + traefik.enable: "true" + traefik.http.middlewares.acsfakeauth.basicauth.users: 'fake:' + traefik.http.middlewares.alfresco-chain.chain.middlewares: alfresco-root-redirect@docker,limit@docker + traefik.http.middlewares.alfresco-root-redirect.redirectregex.regex: ^https?://[^/]+/([^/.]+)$$ + traefik.http.middlewares.alfresco-root-redirect.redirectregex.replacement: $$0/ + traefik.http.middlewares.limit.buffering.maxRequestBodyBytes: "5368709120" + traefik.http.middlewares.prometheusipfilter.ipallowlist.sourcerange: 127.0.0.0/8 + traefik.http.routers.alfresco.middlewares: alfresco-chain@docker + traefik.http.routers.alfresco.rule: PathPrefix(`/`) + traefik.http.routers.alfrescomicrometer.middlewares: prometheusipfilter@docker + traefik.http.routers.alfrescomicrometer.rule: PathRegexp(`^/alfresco/(wc)?s(ervice)?/prometheus`) + traefik.http.routers.solrapideny.middlewares: acsfakeauth@docker + traefik.http.routers.solrapideny.rule: PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$$`) + traefik.http.services.alfresco.loadbalancer.server.port: "8080" + mem_limit: "1992294400" + networks: + default: null + volumes: + - /usr/local/tomcat/alf_data content-app: - image: alfresco/alfresco-content-app:4.4.1 - mem_limit: 128m environment: - APP_BASE_SHARE_URL: "http://localhost:8080/aca/#/preview/s" + APP_BASE_SHARE_URL: http://localhost:8080/aca/#/preview/s + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8080/ + timeout: 1s + interval: 10s + retries: 3 + start_period: 1s + image: alfresco/alfresco-content-app:7.1.0 + labels: + traefik.enable: "true" + traefik.http.middlewares.acachain.chain.middlewares: acaforceslash,acaroot + traefik.http.middlewares.acaforceslash.redirectregex.regex: ^(.*/content-app)$$ + traefik.http.middlewares.acaforceslash.redirectregex.replacement: $${1}/ + traefik.http.middlewares.acaroot.stripprefix.prefixes: /content-app + traefik.http.routers.aca.middlewares: acachain@docker + traefik.http.routers.aca.rule: PathPrefix(`/content-app`) + traefik.http.services.content-app.loadbalancer.server.port: "8080" + mem_limit: "134217728" + networks: + default: null control-center: - image: quay.io/alfresco/alfresco-control-center:8.4.1 - mem_limit: 128m environment: - APP_CONFIG_PROVIDER: "ECM" - APP_CONFIG_AUTH_TYPE: "BASIC" + APP_CONFIG_AUTH_TYPE: BASIC + APP_CONFIG_PROVIDER: ECM BASE_PATH: ./ + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8080/ + timeout: 1s + interval: 10s + retries: 3 + start_period: 1s + image: quay.io/alfresco/alfresco-control-center:10.1.0 + labels: + traefik.enable: "true" + traefik.http.middlewares.accchain.chain.middlewares: accforceslash,accroot + traefik.http.middlewares.accforceslash.redirectregex.regex: ^(.*/(admin|control-center))$$ + traefik.http.middlewares.accforceslash.redirectregex.replacement: $${1}/ + traefik.http.middlewares.accroot.stripprefix.prefixes: /admin,/control-center + traefik.http.routers.acc.middlewares: accchain@docker + traefik.http.routers.acc.rule: PathPrefix(`/control-center`) || PathPrefix(`/admin`) + traefik.http.services.control-center.loadbalancer.server.port: "8080" + mem_limit: "134217728" + networks: + default: null + postgres: + command: + - postgres + - -c + - max_connections=300 + - -c + - log_min_messages=LOG + environment: + POSTGRES_DB: alfresco + POSTGRES_PASSWORD: alfresco + POSTGRES_USER: alfresco + healthcheck: + test: + - CMD-SHELL + - pg_isready -d $$POSTGRES_DB -U $$POSTGRES_USER + timeout: 3s + interval: 10s + retries: 3 + start_period: 5s + image: postgres:16.5 + mem_limit: "536870912" + networks: + default: null + ports: + - "5432:5432" proxy: - image: alfresco/alfresco-acs-nginx:3.4.2 - mem_limit: 128m + command: + - --api.insecure=true + - --providers.docker=true + - --entrypoints.web.address=:8080 + - --entrypoints.web.transport.respondingTimeouts.readTimeout=20m + - --entryPoints.traefik.address=:8888 + - --accesslog=true + - --providers.docker.exposedByDefault=false + - --ping.entrypoint=web + - --ping=true + healthcheck: + test: + - CMD + - traefik + - healthcheck + - --ping + timeout: 10s + interval: 20s + retries: 3 + start_period: 10s + image: traefik:3.1 + mem_limit: "134217728" + networks: + default: null + ports: + - "8080:8080" + - "8888:8888" + security_opt: + - label=disable + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + share: + depends_on: + alfresco: + condition: service_healthy + required: true environment: - DISABLE_PROMETHEUS: "true" - DISABLE_SYNCSERVICE: "true" - DISABLE_ADW: "true" - ENABLE_CONTENT_APP: "true" + CSRF_FILTER_ORIGIN: http://localhost:8080 + CSRF_FILTER_REFERER: http://localhost:8080/share/.* + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 -Dalfresco.host=localhost -Dalfresco.port=8080 -Dalfresco.context=alfresco -Dalfresco.protocol=http + REPO_HOST: alfresco + REPO_PORT: "8080" + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8080/share + timeout: 2s + interval: 20s + retries: 3 + start_period: 15s + image: docker.io/alfresco/alfresco-share:25.2.0 + labels: + traefik.enable: "true" + traefik.http.middlewares.limit.buffering.maxRequestBodyBytes: "5368709120" + traefik.http.middlewares.share-chain.chain.middlewares: share-root-redirect@docker,limit@docker + traefik.http.middlewares.share-root-redirect.redirectregex.regex: /share$$ + traefik.http.middlewares.share-root-redirect.redirectregex.replacement: /share/ + traefik.http.middlewares.sharefakeauth.basicauth.users: 'fake:' + traefik.http.routers.proxiedsolrapideny.middlewares: sharefakeauth@docker + traefik.http.routers.proxiedsolrapideny.rule: PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`) + traefik.http.routers.share.middlewares: share-chain@docker + traefik.http.routers.share.rule: PathPrefix(`/share`) + traefik.http.services.share.loadbalancer.server.port: "8080" + mem_limit: "1073741824" + networks: + default: null + solr6: + environment: + ALFRESCO_SECURE_COMMS: secret + JAVA_TOOL_OPTIONS: -Dalfresco.secureComms.secret=secret + SOLR_ALFRESCO_HOST: alfresco + SOLR_ALFRESCO_PORT: "8080" + SOLR_CREATE_ALFRESCO_DEFAULTS: alfresco,archive + SOLR_SOLR_HOST: solr6 + SOLR_SOLR_PORT: "8983" + image: docker.io/alfresco/alfresco-search-services:2.0.17 + mem_limit: "2147483648" + networks: + default: null + ports: + - "8083:8983" + transform-core-aio: depends_on: - - alfresco - - content-app - - control-center + activemq: + condition: service_healthy + required: true + environment: + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8090/ready + timeout: 2s + interval: 20s + retries: 3 + start_period: 10s + image: alfresco/alfresco-transform-core-aio:5.2.2 + mem_limit: "1610612736" + networks: + default: null ports: - - "8080:8080" - links: - - content-app - - alfresco - - share - - control-center + - "8090:8090" +networks: + default: + name: docker-compose_default diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml index 5531bbe91..522f3af93 100644 --- a/docker-compose/docker-compose.yml +++ b/docker-compose/docker-compose.yml @@ -1,139 +1,171 @@ -# This docker-compose file will spin up an ACS cluster on a local host. -# It requires a minimum of 13GB Memory to distribute among containers. -# -# For performance tuning, assign the container memory and give a percentage of -# it to the JVM. Use either the -Xms,-Xmx flags or the newly added flags in -# java 10+: -XX:MaxRAMPercentage and -XX:MinRAMPercentage. -# More details here: -# https://www.oracle.com/technetwork/java/javase/10-relnote-issues-4108729.html -# -# Note: The docker-compose file from github.com is a limited trial that goes -# into read-only mode after 2 days. Get the latest docker-compose.yml file with -# a 30-day trial license by accessing the Alfresco Content Services trial -# download page at: -# https://www.alfresco.com/platform/content-services-ecm/trial/download -# -# Using version 2 as 3 does not support resource constraint options -# (cpu_*, mem_* limits) for non swarm mode in Compose -version: "2" +name: docker-compose services: + activemq: + healthcheck: + test: + - CMD + - /opt/activemq/bin/activemq + - query + - --objname + - type=Broker,brokerName=*,service=Health + - '|' + - grep + - Good + timeout: 5s + interval: 10s + retries: 5 + start_period: 5s + image: quay.io/alfresco/alfresco-activemq:5.18-jre17-rockylinux8 + mem_limit: "1073741824" + networks: + default: null + ports: + - "8161:8161" + - "5672:5672" + - "61616:61616" + - "61613:61613" alfresco: - image: quay.io/alfresco/alfresco-content-repository:23.2.1 - mem_limit: 1900m environment: - JAVA_TOOL_OPTIONS: >- - -Dencryption.keystore.type=JCEKS - -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding - -Dencryption.keyAlgorithm=DESede - -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore - -Dmetadata-keystore.password=mp6yc0UD9e - -Dmetadata-keystore.aliases=metadata - -Dmetadata-keystore.metadata.password=oKIWzVdEdA - -Dmetadata-keystore.metadata.algorithm=DESede - JAVA_OPTS: >- - -Ddb.driver=org.postgresql.Driver - -Ddb.username=alfresco - -Ddb.password=alfresco - -Ddb.url=jdbc:postgresql://postgres:5432/alfresco - -Dindex.subsystem.name=elasticsearch - -Delasticsearch.createIndexIfNotExists=true - -Delasticsearch.host=elasticsearch - -Delasticsearch.port=9200 - -Dshare.host=127.0.0.1 - -Dshare.port=8080 - -Dalfresco.host=localhost - -Dalfresco.port=8080 - -Dcsrf.filter.enabled=false - -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos - -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true" - -Ddeployment.method=DOCKER_COMPOSE - -Dtransform.service.enabled=true - -Dtransform.service.url=http://transform-router:8095 - -Dsfs.url=http://shared-file-store:8099/ - -DlocalTransform.core-aio.url=http://transform-core-aio:8090/ - -Ddsync.service.uris=http://localhost:9090/alfresco - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 + JAVA_OPTS: -Ddb.driver=org.postgresql.Driver -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.url=jdbc:postgresql://postgres:5432/alfresco -Dindex.subsystem.name=elasticsearch -Delasticsearch.createIndexIfNotExists=true -Delasticsearch.host=elasticsearch -Delasticsearch.port=9200 -Dshare.host=localhost -Dshare.port=8080 -Dalfresco.host=localhost -Dalfresco.port=8080 -Dcsrf.filter.enabled=false -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true" -Ddeployment.method=DOCKER_COMPOSE -Dtransform.service.enabled=true -Dtransform.service.url=http://transform-router:8095 -Dsfs.url=http://shared-file-store:8099/ -DlocalTransform.core-aio.url=http://transform-core-aio:8090/ -Ddsync.service.uris=http://localhost:9090/alfresco -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + JAVA_TOOL_OPTIONS: -Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore -Dmetadata-keystore.password=mp6yc0UD9e -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.password=oKIWzVdEdA -Dmetadata-keystore.metadata.algorithm=DESede healthcheck: test: - CMD - curl - -f - http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/probes/-ready- - interval: 30s timeout: 3s - retries: 3 - start_period: 1m - transform-router: - mem_limit: 512m - image: quay.io/alfresco/alfresco-transform-router:4.1.1 - environment: - JAVA_OPTS: >- - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - ACTIVEMQ_URL: nio://activemq:61616 - CORE_AIO_URL: http://transform-core-aio:8090 - FILE_STORE_URL: >- - http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file - ports: - - "8095:8095" - depends_on: - - activemq - transform-core-aio: - image: alfresco/alfresco-transform-core-aio:5.1.1 - mem_limit: 1536m - environment: - JAVA_OPTS: >- - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - ACTIVEMQ_URL: nio://activemq:61616 - FILE_STORE_URL: >- - http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file - ports: - - "8090:8090" + interval: 30s + retries: 5 + start_period: 1m0s + image: quay.io/alfresco/alfresco-content-repository:25.2.0 + labels: + traefik.enable: "true" + traefik.http.middlewares.acsfakeauth.basicauth.users: 'fake:' + traefik.http.middlewares.alfresco-chain.chain.middlewares: alfresco-root-redirect@docker,limit@docker + traefik.http.middlewares.alfresco-root-redirect.redirectregex.regex: ^https?://[^/]+/([^/.]+)$$ + traefik.http.middlewares.alfresco-root-redirect.redirectregex.replacement: $$0/ + traefik.http.middlewares.limit.buffering.maxRequestBodyBytes: "5368709120" + traefik.http.middlewares.prometheusipfilter.ipallowlist.sourcerange: 127.0.0.0/8 + traefik.http.routers.alfresco.middlewares: alfresco-chain@docker + traefik.http.routers.alfresco.rule: PathPrefix(`/`) + traefik.http.routers.alfrescomicrometer.middlewares: prometheusipfilter@docker + traefik.http.routers.alfrescomicrometer.rule: PathRegexp(`^/alfresco/(wc)?s(ervice)?/prometheus`) + traefik.http.routers.solrapideny.middlewares: acsfakeauth@docker + traefik.http.routers.solrapideny.rule: PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$$`) + traefik.http.services.alfresco.loadbalancer.server.port: "8080" + mem_limit: "1992294400" + networks: + default: null + volumes: + - /usr/local/tomcat/alf_data + audit-storage: depends_on: - - activemq - shared-file-store: - image: quay.io/alfresco/alfresco-shared-file-store:4.1.1 - mem_limit: 512m + activemq: + condition: service_healthy + required: true + elasticsearch: + condition: service_healthy + required: true environment: - JAVA_OPTS: >- - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - scheduler.content.age.millis: 86400000 - scheduler.cleanup.interval: 86400000 - ports: - - "8099:8099" - volumes: - - shared-file-store-volume:/tmp/Alfresco/sfs - share: - image: quay.io/alfresco/alfresco-share:23.2.1 - mem_limit: 1g + AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_PASSWORD: admin + AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI: http://elasticsearch:9200 + AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME: admin + AUDIT_EVENTINGESTION_URI: activemq:topic:alfresco.repo.event2 + SPRING_ACTIVEMQ_BROKERURL: failover:(nio://activemq:61616)?timeout=3000 + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8081/actuator/health/readiness + timeout: 2s + interval: 1m0s + retries: 3 + start_period: 15s + image: quay.io/alfresco/alfresco-audit-storage:1.1.0 + mem_limit: "536870912" + networks: + default: null + control-center: environment: - REPO_HOST: "alfresco" - REPO_PORT: "8080" - JAVA_OPTS: >- - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - -Dalfresco.host=localhost - -Dalfresco.port=8080 - -Dalfresco.context=alfresco - -Dalfresco.protocol=http - postgres: - image: postgres:14.4 - mem_limit: 512m + APP_CONFIG_AUTH_TYPE: BASIC + APP_CONFIG_PROVIDER: ECM + BASE_PATH: ./ + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8080/ + timeout: 1s + interval: 10s + retries: 3 + start_period: 1s + image: quay.io/alfresco/alfresco-control-center:10.1.0 + labels: + traefik.enable: "true" + traefik.http.middlewares.accchain.chain.middlewares: accforceslash,accroot + traefik.http.middlewares.accforceslash.redirectregex.regex: ^(.*/(admin|control-center))$$ + traefik.http.middlewares.accforceslash.redirectregex.replacement: $${1}/ + traefik.http.middlewares.accroot.stripprefix.prefixes: /admin,/control-center + traefik.http.routers.acc.middlewares: accchain@docker + traefik.http.routers.acc.rule: PathPrefix(`/control-center`) || PathPrefix(`/admin`) + traefik.http.services.control-center.loadbalancer.server.port: "8080" + mem_limit: "134217728" + networks: + default: null + digital-workspace: environment: - - POSTGRES_PASSWORD=alfresco - - POSTGRES_USER=alfresco - - POSTGRES_DB=alfresco - command: postgres -c max_connections=300 -c log_min_messages=LOG - ports: - - "5432:5432" + APP_BASE_SHARE_URL: http://localhost:8080/workspace/#/preview/s + APP_CONFIG_AUTH_TYPE: BASIC + APP_CONFIG_PLUGIN_MICROSOFT_ONLINE: "false" + APP_CONFIG_PLUGIN_PROCESS_SERVICE: "false" + APP_CONFIG_PROVIDER: ECM + BASE_PATH: ./ + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8080/ + timeout: 1s + interval: 10s + retries: 3 + start_period: 1s + image: quay.io/alfresco/alfresco-digital-workspace:7.1.1 + labels: + traefik.enable: "true" + traefik.http.middlewares.adwchain.chain.middlewares: adwforceslash,adwroot + traefik.http.middlewares.adwforceslash.redirectregex.regex: ^(.*/workspace)$$ + traefik.http.middlewares.adwforceslash.redirectregex.replacement: $${1}/ + traefik.http.middlewares.adwroot.stripprefix.prefixes: /workspace + traefik.http.routers.adw.middlewares: adwchain@docker + traefik.http.routers.adw.rule: PathPrefix(`/workspace`) + traefik.http.services.digital-workspace.loadbalancer.server.port: "8080" + mem_limit: "134217728" + networks: + default: null elasticsearch: - image: elasticsearch:7.10.1 + cap_add: + - IPC_LOCK environment: - - xpack.security.enabled=false - - discovery.type=single-node + discovery.type: single-node + xpack.security.enabled: "false" + healthcheck: + test: + - CMD-SHELL + - curl -s -X GET http://localhost:9200/_cluster/health?pretty | grep status | grep -q '\(green\|yellow\)' + timeout: 10s + interval: 10s + retries: 5 + start_period: 30s + image: elasticsearch:8.17.3 + networks: + default: null + ports: + - "9200:9200" + - "9300:9300" ulimits: memlock: soft: -1 @@ -141,97 +173,291 @@ services: nofile: soft: 65536 hard: 65536 - cap_add: - - IPC_LOCK + kibana: + depends_on: + elasticsearch: + condition: service_healthy + required: true + environment: + ELASTICSEARCH_HOSTS: http://elasticsearch:9200 + healthcheck: + test: + - CMD + - curl + - -f + - -o + - /dev/null + - http://localhost:5601/status + timeout: 2s + interval: 10s + retries: 5 + start_period: 30s + image: kibana:7.17.26 + mem_limit: "1073741824" + networks: + default: null + ports: + - "5601:5601" + postgres: + command: + - postgres + - -c + - max_connections=300 + - -c + - log_min_messages=LOG + environment: + POSTGRES_DB: alfresco + POSTGRES_PASSWORD: alfresco + POSTGRES_USER: alfresco + healthcheck: + test: + - CMD-SHELL + - pg_isready -d $$POSTGRES_DB -U $$POSTGRES_USER + timeout: 3s + interval: 10s + retries: 3 + start_period: 5s + image: postgres:16.5 + mem_limit: "536870912" + networks: + default: null ports: - - 9200:9200 - - 9300:9300 + - "5432:5432" + proxy: + command: + - --api.insecure=true + - --providers.docker=true + - --entrypoints.web.address=:8080 + - --entrypoints.web.transport.respondingTimeouts.readTimeout=20m + - --entryPoints.traefik.address=:8888 + - --accesslog=true + - --providers.docker.exposedByDefault=false + - --ping.entrypoint=web + - --ping=true + healthcheck: + test: + - CMD + - traefik + - healthcheck + - --ping + timeout: 10s + interval: 20s + retries: 3 + start_period: 10s + image: traefik:3.1 + mem_limit: "134217728" + networks: + default: null + ports: + - "8080:8080" + - "8888:8888" + security_opt: + - label=disable + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro search: - image: quay.io/alfresco/alfresco-elasticsearch-live-indexing:4.0.1 - mem_limit: 1g depends_on: - - elasticsearch - - alfresco + elasticsearch: + condition: service_healthy + required: true + shared-file-store: + condition: service_healthy + required: true + transform-core-aio: + condition: service_healthy + required: true environment: - ALFRESCO_ACCEPTED_CONTENT_MEDIA_TYPES_CACHE_BASE_URL: >- - http://transform-core-aio:8090/transform/config - ALFRESCO_SHAREDFILESTORE_BASEURL: >- - http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file/ + ALFRESCO_ACCEPTED_CONTENT_MEDIA_TYPES_CACHE_BASE_URL: http://transform-core-aio:8090/transform/config + ALFRESCO_SHAREDFILESTORE_BASEURL: http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file/ SPRING_ACTIVEMQ_BROKERURL: nio://activemq:61616 SPRING_ELASTICSEARCH_REST_URIS: http://elasticsearch:9200 + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8080/actuator/health + timeout: 2s + interval: 20s + retries: 3 + start_period: 20s + image: quay.io/alfresco/alfresco-elasticsearch-live-indexing:5.2.0 + mem_limit: "1073741824" + networks: + default: null search-reindexing: - image: quay.io/alfresco/alfresco-elasticsearch-reindexing:4.0.1 - mem_limit: 1g - restart: on-failure:10 + depends_on: + alfresco: + condition: service_healthy + required: true + elasticsearch: + condition: service_healthy + required: true + postgres: + condition: service_healthy + required: true environment: - ALFRESCO_ACCEPTED_CONTENT_MEDIA_TYPES_CACHE_BASE_URL: >- - http://transform-core-aio:8090/transform/config + ALFRESCO_ACCEPTED_CONTENT_MEDIA_TYPES_CACHE_BASE_URL: http://transform-core-aio:8090/transform/config SPRING_ACTIVEMQ_BROKERURL: nio://activemq:61616 + SPRING_DATASOURCE_PASSWORD: alfresco SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/alfresco SPRING_DATASOURCE_USERNAME: alfresco - SPRING_DATASOURCE_PASSWORD: alfresco SPRING_ELASTICSEARCH_REST_URIS: http://elasticsearch:9200 + image: quay.io/alfresco/alfresco-elasticsearch-reindexing:5.2.0 + mem_limit: "1073741824" + networks: + default: null + restart: on-failure:5 + share: depends_on: - postgres: - condition: service_started - elasticsearch: - condition: service_started alfresco: condition: service_healthy - activemq: - image: alfresco/alfresco-activemq:5.18-jre17-rockylinux8 - mem_limit: 1g - ports: - - "8161:8161" # Web Console - - "5672:5672" # AMQP - - "61616:61616" # OpenWire - - "61613:61613" # STOMP - digital-workspace: - image: quay.io/alfresco/alfresco-digital-workspace:4.4.1 - mem_limit: 128m + required: true environment: - APP_CONFIG_PROVIDER: "ECM" - APP_CONFIG_AUTH_TYPE: "BASIC" - BASE_PATH: ./ - APP_CONFIG_PLUGIN_PROCESS_SERVICE: "false" - APP_CONFIG_PLUGIN_MICROSOFT_ONLINE: "false" - APP_BASE_SHARE_URL: "http://localhost:8080/workspace/#/preview/s" - control-center: - image: quay.io/alfresco/alfresco-control-center:8.4.1 - mem_limit: 128m + CSRF_FILTER_ORIGIN: http://localhost:8080 + CSRF_FILTER_REFERER: http://localhost:8080/share/.* + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 -Dalfresco.host=localhost -Dalfresco.port=8080 -Dalfresco.context=alfresco -Dalfresco.protocol=http + REPO_HOST: alfresco + REPO_PORT: "8080" + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8080/share + timeout: 2s + interval: 20s + retries: 3 + start_period: 15s + image: quay.io/alfresco/alfresco-share:25.2.0 + labels: + traefik.enable: "true" + traefik.http.middlewares.limit.buffering.maxRequestBodyBytes: "5368709120" + traefik.http.middlewares.share-chain.chain.middlewares: share-root-redirect@docker,limit@docker + traefik.http.middlewares.share-root-redirect.redirectregex.regex: /share$$ + traefik.http.middlewares.share-root-redirect.redirectregex.replacement: /share/ + traefik.http.middlewares.sharefakeauth.basicauth.users: 'fake:' + traefik.http.routers.proxiedsolrapideny.middlewares: sharefakeauth@docker + traefik.http.routers.proxiedsolrapideny.rule: PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr/`) + traefik.http.routers.share.middlewares: share-chain@docker + traefik.http.routers.share.rule: PathPrefix(`/share`) + traefik.http.services.share.loadbalancer.server.port: "8080" + mem_limit: "1073741824" + networks: + default: null + shared-file-store: environment: - APP_CONFIG_PROVIDER: "ECM" - APP_CONFIG_AUTH_TYPE: "BASIC" - BASE_PATH: ./ - proxy: - image: alfresco/alfresco-acs-nginx:3.4.2 - mem_limit: 128m + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + scheduler.cleanup.interval: "86400000" + scheduler.content.age.millis: "86400000" + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8099/ready + timeout: 2s + interval: 20s + retries: 3 + start_period: 10s + image: quay.io/alfresco/alfresco-shared-file-store:4.2.2 + mem_limit: "536870912" + networks: + default: null ports: - - "8080:8080" - depends_on: - - digital-workspace - - alfresco - - share - - control-center + - "8099:8099" + volumes: + - /tmp/Alfresco sync-service: - image: quay.io/alfresco/service-sync:5.0.0 - mem_limit: 1g + depends_on: + alfresco: + condition: service_healthy + required: true + postgres: + condition: service_healthy + required: true environment: - JAVA_OPTS: >- - -Dsql.db.driver=org.postgresql.Driver - -Dsql.db.url=jdbc:postgresql://postgres:5432/alfresco - -Dsql.db.username=alfresco - -Dsql.db.password=alfresco - -Dmessaging.broker.host=activemq - -Drepo.hostname=alfresco - -Drepo.port=8080 - -Ddw.server.applicationConnectors[0].type=http - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 + JAVA_OPTS: -Dsync.cluster.enabled=false -Dsql.db.driver=org.postgresql.Driver -Dsql.db.url=jdbc:postgresql://postgres:5432/alfresco -Dsql.db.username=alfresco -Dsql.db.password=alfresco -Dmessaging.broker.host=activemq -Drepo.hostname=alfresco -Drepo.port=8080 -Ddw.server.applicationConnectors[0].type=http -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:9090/alfresco/healthcheck + timeout: 2s + interval: 30s + retries: 3 + start_period: 20s + image: quay.io/alfresco/service-sync:5.3.0 + labels: + traefik.enable: "true" + traefik.http.middlewares.syncservice.replacepathregex.regex: ^/syncservice/(.*) + traefik.http.middlewares.syncservice.replacepathregex.replacement: /alfresco/$$1 + traefik.http.routers.syncservice.middlewares: syncservice@docker + traefik.http.routers.syncservice.rule: PathPrefix(`/syncservice`) + traefik.http.services.sync-service.loadbalancer.server.port: "9090" + mem_limit: "1073741824" + networks: + default: null ports: - "9090:9090" -volumes: - shared-file-store-volume: - driver_opts: - type: tmpfs - device: tmpfs + transform-core-aio: + depends_on: + activemq: + condition: service_healthy + required: true + shared-file-store: + condition: service_healthy + required: true + environment: + ACTIVEMQ_URL: nio://activemq:61616 + FILE_STORE_URL: http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8090/ready + timeout: 2s + interval: 20s + retries: 3 + start_period: 10s + image: quay.io/alfresco/alfresco-transform-core-aio:5.2.2 + mem_limit: "1610612736" + networks: + default: null + ports: + - "8090:8090" + transform-router: + depends_on: + activemq: + condition: service_healthy + required: true + shared-file-store: + condition: service_healthy + required: true + environment: + ACTIVEMQ_URL: nio://activemq:61616 + CORE_AIO_URL: http://transform-core-aio:8090 + FILE_STORE_URL: http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file + JAVA_OPTS: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8095/actuator/health + timeout: 2s + interval: 10s + retries: 3 + start_period: 20s + image: quay.io/alfresco/alfresco-transform-router:4.2.2 + mem_limit: "536870912" + networks: + default: null + ports: + - "8095:8095" +networks: + default: + name: docker-compose_default diff --git a/docker-compose/pre-release-docker-compose.yml b/docker-compose/pre-release-docker-compose.yml index edf5d5be6..9c7994de3 100644 --- a/docker-compose/pre-release-docker-compose.yml +++ b/docker-compose/pre-release-docker-compose.yml @@ -66,7 +66,7 @@ services: start_period: 1m transform-router: mem_limit: 512m - image: quay.io/alfresco/alfresco-transform-router:4.1.1 + image: quay.io/alfresco/alfresco-transform-router:4.1.2 environment: JAVA_OPTS: >- -XX:MinRAMPercentage=50 @@ -80,7 +80,7 @@ services: depends_on: - activemq transform-core-aio: - image: alfresco/alfresco-transform-core-aio:5.1.1 + image: alfresco/alfresco-transform-core-aio:5.1.2 mem_limit: 1536m environment: JAVA_OPTS: >- @@ -94,7 +94,7 @@ services: depends_on: - activemq shared-file-store: - image: quay.io/alfresco/alfresco-shared-file-store:4.1.1 + image: quay.io/alfresco/alfresco-shared-file-store:4.1.2 mem_limit: 512m environment: JAVA_OPTS: >- @@ -107,7 +107,7 @@ services: volumes: - shared-file-store-volume:/tmp/Alfresco/sfs share: - image: quay.io/alfresco/alfresco-share:23.3.0-A10 + image: quay.io/alfresco/alfresco-share:23.3.0-A16 mem_limit: 1g environment: REPO_HOST: "alfresco" @@ -187,7 +187,7 @@ services: - "61616:61616" # OpenWire - "61613:61613" # STOMP digital-workspace: - image: quay.io/alfresco/alfresco-digital-workspace:4.5.0-8753109671 + image: quay.io/alfresco/alfresco-digital-workspace:4.5.0-9269023247 mem_limit: 128m environment: APP_CONFIG_PROVIDER: "ECM" @@ -197,7 +197,7 @@ services: APP_CONFIG_PLUGIN_MICROSOFT_ONLINE: "false" APP_BASE_SHARE_URL: "http://localhost:8080/workspace/#/preview/s" control-center: - image: quay.io/alfresco/alfresco-control-center:8.5.0-8753109671 + image: quay.io/alfresco/alfresco-control-center:8.5.0-9269023247 mem_limit: 128m environment: APP_CONFIG_PROVIDER: "ECM" @@ -214,7 +214,7 @@ services: - share - control-center sync-service: - image: quay.io/alfresco/service-sync:5.0.0 + image: quay.io/alfresco/service-sync:4.0.1.1-A1 mem_limit: 1g environment: JAVA_OPTS: >- diff --git a/docs/compose.md b/docs/compose.md new file mode 100644 index 000000000..f71f5f70e --- /dev/null +++ b/docs/compose.md @@ -0,0 +1,6 @@ +--- +title: Docker Compose +has_children: true +--- + +This section contains available guides for docker-compose deployment diff --git a/docs/docker-compose/README.md b/docs/docker-compose/README.md index 81e621184..de14b167f 100644 --- a/docs/docker-compose/README.md +++ b/docs/docker-compose/README.md @@ -1,3 +1,8 @@ +--- +title: Deployment +parent: Docker Compose +--- + # Alfresco Content Services Docker Compose Deployment This page describes how to quickly deploy Alfresco Content Services (ACS) using @@ -5,11 +10,103 @@ Docker Compose. Using one of the Enterprise compose files will deploy the following system: -![Docker Compose Enterprise](./images/docker-compose-enterprise.png) +```mermaid +graph TB + +subgraph "Docker Compose (enterprise)" + direction TB + Client("👥 Clients") + proxy("nginx reverse proxy") + acs("Alfresco Content Services") + sync("Alfresco Sync Service") + + subgraph "Alfresco Transform Service" + trouter("Transform Router") + sfs("Shared File Store") + tcore("Transform Core (AIO)") + end + + subgraph "Alfresco Search Enterprise" + aser("Reindexing") + ase("Live Indexing") + end + + subgraph "Webapps" + acc("Alfresco Control Center") + adw("Alfresco Digital Workspace") + share("Alfresco Share") + end + + subgraph "Persistence" + pg[("PostgreSQL")] + es[("Elasticsearch")] + amq[("ActiveMQ")] + end +end + +Client --> proxy + +proxy --> acc +proxy --> share +proxy ---> adw +proxy ---> acs +proxy ----> sync + +ase --> es +ase --> amq +aser --> pg +aser --> es + +acs ---> es +acs ---> pg +acs ---> amq +acs ---> trouter + +trouter --> tcore +trouter --> sfs +trouter --> amq + +share --> acs + +sync --> acs +sync --> pg +sync --> amq +``` Using the Community compose file will deploy the following system: -![Docker Compose Community](./images/docker-compose-community.png) +```mermaid +graph TB + +subgraph "Docker Compose (community)" + direction TB + Client("👥 Users") + proxy("nginx reverse proxy") + acs("Alfresco Content Services") + ass("Alfresco Search Services") + pg[("PostgreSQL")] + amq[("ActiveMQ")] + tcore("Transform Core (AIO)") + + acc("Alfresco Control Center") + share("Alfresco Share") + aca("Alfresco Content App") +end + +Client --> proxy + +proxy --> acc +proxy --> share +proxy --> aca +proxy --> acs + +acs --> ass +acs --> pg +acs --> tcore +acs --> amq +share --> acs + +``` ## Considerations @@ -18,8 +115,7 @@ suited for test or demo environment but certainly not for production use. ## Prerequisites -As well as the prerequisites mentioned on the [main -README](/README.md#prerequisites) you will need a machine with at least 13GB of +As well as the prerequisites mentioned on the [main README](../index.md#prerequisites) you will need a machine with at least 13GB of free memory and the following software installed: * [Docker](https://www.docker.com/products/docker-desktop) @@ -39,7 +135,7 @@ Docker Daemon). ## Deploy 1. Clone this repository or download one of the docker compose files from - [here](../../docker-compose) + [here](https://github.com/Alfresco/acs-deployment/tree/master/docker-compose) 2. Navigate to the folder where the docker compose file you want to use is located 3. Log in to Quay.io with your credentials: `docker login quay.io` (only @@ -48,14 +144,14 @@ Docker Daemon). `docker compose -f major.minor.N-docker-compose.yml up` to use a previous version of ACS, or `docker compose -f pre-release-docker-compose.yml up` 5. Open the following URLs in your browser to check that everything starts up: - * Administration and REST APIs: [http://:8080/alfresco](http://localhost:8080/alfresco) - * Control Center: [http://:8080/admin](http://localhost:8080/admin) - * Alfresco Digital Workspace: [http://:8080/workspace](http://localhost:8080/workspace) - * Share: [http://:8080/share](http://localhost:8080/share) - * Search administration: [http://:8083/solr](http://localhost:8083/solr) + * Administration and REST APIs: `http://:8080/alfresco` + * Control Center: `http://:8080/admin` + * Alfresco Digital Workspace: `http://:8080/workspace` + * Share: `http://:8080/share` + * Search administration: `http://:8083/solr` 6. If you requested an extended trial license navigate to the Admin Console and apply your license: - * [http://:8080/alfresco/service/enterprise/admin/admin-license](http://localhost:8080/alfresco/service/enterprise/admin/admin-license) (`` will usually just be `localhost`) + * `http://:8080/alfresco/service/enterprise/admin/admin-license` (`` will usually just be `localhost`) * Default username and password is `admin` * See [Uploading a new license](https://docs.alfresco.com/content-services/latest/admin/license/#uploadlicense) for more details @@ -222,15 +318,15 @@ share: | SEARCH_LOG_LEVEL | The root logger level (`ERROR`, `WARN`, `INFO`, `DEBUG` or `TRACE`). | INFO | | ENABLE_SPELLCHECK | Whether spellchecking is enabled or not (`true` or `false`). | | | DISABLE_CASCADE_TRACKING | Whether cascade tracking is enabled or not (`true` or `false`). Disabling cascade tracking will improve performance, but result in some feature loss (e.g. path queries). | | -| ALFRESCO_SECURE_COMMS | Whether communication with the repository is secured (`https` or `none`). See this [page](https://github.com/Alfresco/InsightEngine/blob/master/search-services/README.md) for more details. | none | -| SOLR_SSL_KEY_STORE | Path to SSL key store. See this [page](https://github.com/Alfresco/InsightEngine/blob/master/search-services/README.md#use-alfresco-search-services-docker-image-with-docker-compose) for more details. | | -| SOLR_SSL_KEY_STORE_PASSWORD | Password for key store. See this [page](https://github.com/Alfresco/InsightEngine/blob/master/search-services/README.md#use-alfresco-search-services-docker-image-with-docker-compose) for more details. | | -| SOLR_SSL_KEY_STORE_TYPE | Key store type. See this [page](https://github.com/Alfresco/InsightEngine/blob/master/search-services/README.md#use-alfresco-search-services-docker-image-with-docker-compose) for more details. | JCEKS | -| SOLR_SSL_TRUST_STORE | Path to SSL trust store. See this [page](https://github.com/Alfresco/InsightEngine/blob/master/search-services/README.md#use-alfresco-search-services-docker-image-with-docker-compose) for more details. | | -| SOLR_SSL_TRUST_STORE_PASSWORD | Password for trust store. See this [page](https://github.com/Alfresco/InsightEngine/blob/master/search-services/README.md#use-alfresco-search-services-docker-image-with-docker-compose) for more details. | | -| SOLR_SSL_TRUST_STORE_TYPE | Trust store type. See this [page](https://github.com/Alfresco/InsightEngine/blob/master/search-services/README.md#use-alfresco-search-services-docker-image-with-docker-compose) for more details. | JCEKS | -| SOLR_SSL_NEED_CLIENT_AUTH | This variable is used to configure SSL (`true` or `false`). See this [page](https://github.com/Alfresco/InsightEngine/blob/master/search-services/README.md#use-alfresco-search-services-docker-image-with-docker-compose) for more details. | | -| SOLR_SSL_WANT_CLIENT_AUTH | This variable is used to configure SSL (`true` or `false`). See this [page](https://github.com/Alfresco/InsightEngine/blob/master/search-services/README.md#use-alfresco-search-services-docker-image-with-docker-compose) for more details. | | +| ALFRESCO_SECURE_COMMS | Whether communication with the repository is secured (`https` or `none`). See this [page](https://github.com/Alfresco/SearchServices/blob/master/search-services/README.md) for more details. | none | +| SOLR_SSL_KEY_STORE | Path to SSL key store. See this [page](https://github.com/Alfresco/SearchServices/blob/master/search-services/README.md) for more details. | | +| SOLR_SSL_KEY_STORE_PASSWORD | Password for key store. See this [page](https://github.com/Alfresco/SearchServices/blob/master/search-services/README.md) for more details. | | +| SOLR_SSL_KEY_STORE_TYPE | Key store type. See this [page](https://github.com/Alfresco/SearchServices/blob/master/search-services/README.md) for more details. | JCEKS | +| SOLR_SSL_TRUST_STORE | Path to SSL trust store. See this [page](https://github.com/Alfresco/SearchServices/blob/master/search-services/README.md) for more details. | | +| SOLR_SSL_TRUST_STORE_PASSWORD | Password for trust store. See this [page](https://github.com/Alfresco/SearchServices/blob/master/search-services/README.md) for more details. | | +| SOLR_SSL_TRUST_STORE_TYPE | Trust store type. See this [page](https://github.com/Alfresco/SearchServices/blob/master/search-services/README.md) for more details. | JCEKS | +| SOLR_SSL_NEED_CLIENT_AUTH | This variable is used to configure SSL (`true` or `false`). See this [page](https://github.com/Alfresco/SearchServices/blob/master/search-services/README.md) for more details. | | +| SOLR_SSL_WANT_CLIENT_AUTH | This variable is used to configure SSL (`true` or `false`). See this [page](https://github.com/Alfresco/SearchServices/blob/master/search-services/README.md) for more details. | | ### Alfresco Transform Router (transform-router) @@ -372,6 +468,6 @@ The list below shows the location of the publicly available `Dockerfile` for the * [share](https://github.com/Alfresco/share/blob/master/packaging/docker/Dockerfile) * [content-app](https://github.com/Alfresco/alfresco-content-app/blob/master/Dockerfile) * [solr6](https://github.com/Alfresco/SearchServices/blob/master/search-services/packaging/src/docker/Dockerfile) -* [transform-core-aio](https://github.com/Alfresco/alfresco-transform-core/blob/master/alfresco-transform-core-aio/alfresco-transform-core-aio-boot/Dockerfile) +* [transform-core-aio](https://github.com/Alfresco/alfresco-transform-core/blob/master/engines/aio/Dockerfile) * [activemq](https://github.com/Alfresco/alfresco-docker-activemq/blob/master/Dockerfile) * [proxy](https://github.com/Alfresco/acs-ingress/blob/master/Dockerfile) diff --git a/docs/docker-compose/examples/customisation-guidelines.md b/docs/docker-compose/examples/customisation-guidelines.md index 3fb966d62..a81d08a20 100644 --- a/docs/docker-compose/examples/customisation-guidelines.md +++ b/docs/docker-compose/examples/customisation-guidelines.md @@ -1,3 +1,8 @@ +--- +title: Customisation Guidelines +parent: Docker Compose +--- + # Customisation Guidelines Although it's possible to change and mount files/folders into existing Docker images the recommended approach is to create new custom Docker images. @@ -29,9 +34,9 @@ This process requires some familiarty with [Docker](https://www.docker.com/) and You will now need to install the AMP files into the Alfresco Content Repository image. -1. The docker-compose folder contains a file for each main code line of ACS, examine the relevant docker compose file for the version of ACS you want to apply the AMPs to. For example, to apply to the latest version of 7.3 take a look at the [7.3.N-docker-compose file](../../../docker-compose/7.3.N-docker-compose.yml) +1. The docker-compose folder contains a file for each main code line of ACS, examine the relevant docker compose file for the version of ACS you want to apply the AMPs to. For example, to apply to the latest version of 7.3 take a look at the [7.3.N-docker-compose file](https://github.com/Alfresco/acs-deployment/blob/master/docker-compose/7.3.N-docker-compose.yml) -2. Take note of the image and tag being used for the **alfresco** service in the docker compose file you chose in the previous step. For example, if you are using 7.3.N-docker-compose.yml, you will find this on [line 15](https://github.com/Alfresco/acs-deployment/blob/229fe58d077414c5d91bab9f5cec91adc902453c/docker-compose/7.3.N-docker-compose.yml#L15) as follows: +2. Take note of the image and tag being used for the **alfresco** service in the docker compose file you chose in the previous step. For example, if you are using 7.3.N-docker-compose.yml, you will find this on [line 21](https://github.com/Alfresco/acs-deployment/blob/master/docker-compose/7.3.N-docker-compose.yml) as follows: ```bash alfresco/alfresco-content-repository:7.3.0.1 @@ -90,7 +95,7 @@ You will now need to install the AMP files into the Alfresco Content Repository We will now repeat the process for the Alfresco Share image. -1. Take note of the image and tag being used for the **share** service in the docker compose file you chose in the previous section. For example, if you are using 7.3.N-docker-compose.yml, you will find this on [line 89](https://github.com/Alfresco/acs-deployment/blob/229fe58d077414c5d91bab9f5cec91adc902453c/docker-compose/7.3.N-docker-compose.yml#L89) as follows: +1. Take note of the image and tag being used for the **share** service in the docker compose file you chose in the previous section. For example, if you are using 7.3.N-docker-compose.yml, you will find this on [line 102](https://github.com/Alfresco/acs-deployment/blob/master/docker-compose/7.3.N-docker-compose.yml) as follows: ```bash alfresco/alfresco-share:7.3.0 @@ -139,4 +144,7 @@ You can start your custom docker-compose.yml using the following command: docker-compose -f up ``` -Further information on starting up or troubleshooting can be found [here](../README.md) and a more advanced example of building a custom image with configuration can be found [here](https://github.com/Alfresco/acs-packaging/blob/master/docs/create-custom-image-using-existing-docker-image.md#applying-amps-that-require-additional-configuration-advanced). +Further information on starting up or troubleshooting can be found +[here](../README.md) and a more advanced example of building a custom image with +configuration can be found +[here](https://github.com/Alfresco/acs-packaging/blob/master/docs/create-custom-image-using-existing-docker-image.md). diff --git a/docs/docker-compose/images/docker-compose-community.png b/docs/docker-compose/images/docker-compose-community.png deleted file mode 100644 index 771c9a4cc..000000000 Binary files a/docs/docker-compose/images/docker-compose-community.png and /dev/null differ diff --git a/docs/docker-compose/images/docker-compose-community.puml b/docs/docker-compose/images/docker-compose-community.puml deleted file mode 100644 index 9bdf0e9df..000000000 --- a/docs/docker-compose/images/docker-compose-community.puml +++ /dev/null @@ -1,42 +0,0 @@ -@startuml - -Title: Docker Compose Deployment Overview (Community) - -skinparam componentStyle uml2 -skinparam linetype ortho -skinparam rectangle { - BorderStyle dashed - FontSize 15 - FontStyle none -} - -actor Client - -node "Docker Compose" { - component "NGINX proxy" as proxy #lightgrey - component "Alfresco Content Services" as acs #lightgrey - component "Alfresco Admin Console" as aac #lightgrey - component "Alfresco Search Services" as ass #lightgrey - component "PostgreSQL" as psql #lightgrey - component "Alfresco Share" as share #lightgrey - component "ActiveMQ" as amq #lightgrey - component "Transform Core (AIO)" as tcore #lightgrey - component "Alfresco Content App" as aca #lightgrey -} - -Client --> proxy - -proxy --> aac -proxy --> share -proxy --> aca -proxy --> acs - -acs <-left-> ass -acs --> psql -acs --> tcore -acs <-left-> amq -share -left-> acs - -center footer Copyright 2022 Alfresco Software Inc - -@enduml diff --git a/docs/docker-compose/images/docker-compose-enterprise.png b/docs/docker-compose/images/docker-compose-enterprise.png deleted file mode 100644 index 392b28583..000000000 Binary files a/docs/docker-compose/images/docker-compose-enterprise.png and /dev/null differ diff --git a/docs/docker-compose/images/docker-compose-enterprise.puml b/docs/docker-compose/images/docker-compose-enterprise.puml deleted file mode 100644 index 656d023b0..000000000 --- a/docs/docker-compose/images/docker-compose-enterprise.puml +++ /dev/null @@ -1,55 +0,0 @@ -@startuml - -Title: Docker Compose Deployment Overview (Enterprise) - -skinparam componentStyle uml2 -skinparam linetype ortho -skinparam rectangle { - BorderStyle dashed - FontSize 15 - FontStyle none -} - -actor Client - -node "Docker Compose" { - component "NGINX proxy" as proxy #lightgrey - component "Alfresco Admin Console" as aac #lightgrey - component "Alfresco Digital Workspace" as adw #lightgrey - component "Alfresco Content Services" as acs #lightgrey - component "Alfresco Search Services" as ass #lightgrey - component "Alfresco Sync Service" as sync #lightgrey - component "PostgreSQL" as psql #lightgrey - component "Alfresco Share" as share #lightgrey - component "ActiveMQ" as amq #lightgrey - rectangle "Alfresco Transform Service" { - component "Transform Router" as tr #lightgrey - component "Shared File Store" as sfs #lightgrey - component "Transform Core (AIO)" as tcore #lightgrey - } -} - -Client --> proxy - -proxy --> aac -proxy --> share -proxy --> adw -proxy --> acs - -share --> acs -acs <-left-> ass -sync <-left-> acs -sync --> psql -sync --> amq -acs --> psql -acs --> tcore -acs --> sfs -acs <--> amq -tr --> tcore -tr <-up-> amq -tcore --> sfs - - -center footer Copyright 2023 Alfresco Software Inc - -@enduml diff --git a/docs/helm-charts.md b/docs/helm-charts.md new file mode 100644 index 000000000..14585b2e5 --- /dev/null +++ b/docs/helm-charts.md @@ -0,0 +1,7 @@ +--- +title: Charts +parent: Helm +has_children: true +--- + +This section contains available documentation for charts. diff --git a/docs/helm-deployment.md b/docs/helm-deployment.md new file mode 100644 index 000000000..ce1ab366b --- /dev/null +++ b/docs/helm-deployment.md @@ -0,0 +1,7 @@ +--- +title: Deployment +parent: Helm +has_children: true +--- + +This section contains available documentation for charts deployment. diff --git a/docs/helm-examples.md b/docs/helm-examples.md new file mode 100644 index 000000000..a3ba2fb4f --- /dev/null +++ b/docs/helm-examples.md @@ -0,0 +1,7 @@ +--- +title: Examples +parent: Helm +has_children: true +--- + +This section contains available documentation for charts examples. diff --git a/docs/helm-guides.md b/docs/helm-guides.md new file mode 100644 index 000000000..d2020b854 --- /dev/null +++ b/docs/helm-guides.md @@ -0,0 +1,7 @@ +--- +title: Guides +parent: Helm +has_children: true +--- + +This section contains available documentation for charts guides. diff --git a/docs/helm.md b/docs/helm.md new file mode 100644 index 000000000..d2f581875 --- /dev/null +++ b/docs/helm.md @@ -0,0 +1,6 @@ +--- +title: Helm +has_children: true +--- + +This section contains available guides for helm deployment diff --git a/docs/helm/README.md b/docs/helm/README.md index 144996ab2..0a54d3b7c 100644 --- a/docs/helm/README.md +++ b/docs/helm/README.md @@ -1,16 +1,216 @@ +--- +title: Overview +parent: Deployment +grand_parent: Helm +nav_order: 1 +--- + # Alfresco Content Services Helm Deployment Alfresco Content Services (ACS) is an Enterprise Content Management (ECM) system that is used for document and case management, project collaboration, web content publishing, and compliant records management. The flexible compute, storage, and database services that Kubernetes offers make it an ideal platform for Alfresco Content Services. This helm chart presents an enterprise-grade Alfresco Content Services configuration that you can adapt to virtually any scenario with the ability to scale up, down or out, depending on your use case. The Helm chart in this repository supports deploying the Enterprise or Community Edition of ACS. -The Enterprise configuration will deploy the following system: +## Architectures + +### Enterprise edition + +The Enterprise configuration will deploy the following system (Alfresco +Transform Service and Alfresco Search Enterprise are detailed in the next +diagrams): + +```mermaid +graph LR + +classDef alf fill:#0b0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +Client("👥 Clients") + +subgraph Helm enterprise + direction LR + subgraph storage + PersistentVolumeClaim_activemq-default-pvc(PersistentVolumeClaim: activemq-default-pvc):::k8s + PersistentVolumeClaim_data-acs-postgresql(PersistentVolumeClaim: data-acs-postgresql):::k8s + PersistentVolumeClaim_data-sync-postgresql(PersistentVolumeClaim: data-sync-postgresql):::k8s + PersistentVolumeClaim_repository-default-pvc(PersistentVolumeClaim: repository-default-pvc):::k8s + pv1[(Data Volume)]:::k8s + pv2[(Data Volume)]:::k8s + pv3[(Data Volume)]:::k8s + pv4[(Data Volume)]:::k8s + end + subgraph workloads + Deployment_activemq(Deployment: activemq):::thrdP + Deployment_alfresco-cc(Deployment: alfresco-cc):::alf + Deployment_alfresco-dw(Deployment: alfresco-dw):::alf + Deployment_alfresco-repository(Deployment: alfresco-repository):::alf + Deployment_alfresco-sync-service(Deployment: alfresco-sync-service):::alf + Deployment_share(Deployment: share):::alf + + StatefulSet_elasticsearch-master(StatefulSet: elasticsearch-master):::thrdP + StatefulSet_postgresql-sync(StatefulSet: postgresql-sync):::thrdP + StatefulSet_postgresql-acs(StatefulSet: postgresql-acs):::thrdP + end + + subgraph ingress + Ingress_alfresco-cc(Ingress: alfresco-cc):::k8s + Ingress_alfresco-dw(Ingress: alfresco-dw):::k8s + Ingress_alfresco-repository(Ingress: alfresco-repository):::k8s + Ingress_alfresco-sync-service(Ingress: alfresco-sync-service):::k8s + Ingress_share(Ingress: share):::k8s + end +end + +Client ---> Ingress_alfresco-cc --> Deployment_alfresco-cc +Client ---> Ingress_alfresco-dw --> Deployment_alfresco-dw +Client --> Ingress_alfresco-repository --> Deployment_alfresco-repository +Client --> Ingress_share --> Deployment_share +Client --> Ingress_alfresco-sync-service --> Deployment_alfresco-sync-service + +Deployment_share --> Deployment_alfresco-repository + +Deployment_alfresco-repository --> StatefulSet_postgresql-acs --> PersistentVolumeClaim_data-acs-postgresql --> pv1 +Deployment_alfresco-repository --> Deployment_activemq +Deployment_alfresco-repository --> StatefulSet_elasticsearch-master + +Deployment_alfresco-sync-service --> StatefulSet_postgresql-sync --> PersistentVolumeClaim_data-sync-postgresql --> pv2 +Deployment_alfresco-sync-service --> Deployment_activemq +Deployment_alfresco-sync-service --> Deployment_alfresco-repository + +Deployment_alfresco-repository --> PersistentVolumeClaim_repository-default-pvc --> pv3 +Deployment_activemq --> PersistentVolumeClaim_activemq-default-pvc --> pv4 +``` + +#### Alfresco Transform Services + +```mermaid +graph LR + +classDef alf fill:#0b0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +subgraph ats[Alfresco Transform Service] + Deployment_filestore(Deployment: filestore):::alf + Deployment_imagemagick(Deployment: imagemagick):::alf + Deployment_libreoffice(Deployment: libreoffice):::alf + Deployment_pdfrenderer(Deployment: pdfrenderer):::alf + Deployment_tika(Deployment: tika):::alf + Deployment_transform-misc(Deployment: transform-misc):::alf + Deployment_transform-router(Deployment: transform-router):::alf +end + +Deployment_activemq(Deployment: activemq):::thrdP +PersistentVolumeClaim_filestore-default-pvc(PersistentVolumeClaim: filestore-default-pvc):::k8s +pv1[(Data Volume)]:::k8s + +Deployment_transform-router --> Deployment_activemq +Deployment_transform-router --> Deployment_imagemagick +Deployment_transform-router --> Deployment_libreoffice +Deployment_transform-router --> Deployment_pdfrenderer +Deployment_transform-router --> Deployment_tika +Deployment_transform-router --> Deployment_transform-misc +Deployment_transform-router --> Deployment_filestore + +Deployment_filestore --> PersistentVolumeClaim_filestore-default-pvc --> pv1 +``` + +#### Search Enterprise + +```mermaid +graph TB + +classDef alf fill:#0b0,color:#fff +classDef aws fill:#fa0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 -![Helm Deployment Enterprise](./images/helm-enterprise.png) +subgraph live[Live Indexing] + Deployment_alfresco-search-enterprise-content(Deployment: alfresco-search-enterprise-content):::alf + Deployment_alfresco-search-enterprise-metadata(Deployment: alfresco-search-enterprise-metadata):::alf + Deployment_alfresco-search-enterprise-path(Deployment: alfresco-search-enterprise-path):::alf + StatefulSet_alfresco-search-enterprise-mediation(StatefulSet: alfresco-search-enterprise-mediation):::alf +end -The Community configuration will deploy the following system: +Job_alfresco-search-enterprise-reindexing(Job: alfresco-search-enterprise-reindexing):::alf -![Helm Deployment Community](./images/helm-community.png) +StatefulSet_postgresql-acs(StatefulSet: postgresql-acs):::thrdP +Deployment_activemq(Deployment: activemq):::thrdP +StatefulSet_elasticsearch-master(StatefulSet: elasticsearch-master):::thrdP + +Job_alfresco-search-enterprise-reindexing --> StatefulSet_elasticsearch-master +Job_alfresco-search-enterprise-reindexing --> StatefulSet_postgresql-acs + +live --> Deployment_activemq +live --> StatefulSet_elasticsearch-master +``` + +### Community edition + +The Community configuration will deploy the following architecture: + +```mermaid +graph LR + +classDef alf fill:#0b0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +Client("👥 Clients") + +subgraph Helm community + subgraph storage + PersistentVolumeClaim_activemq-default-pvc(PersistentVolumeClaim: activemq-default-pvc):::k8s + PersistentVolumeClaim_repository-default-pvc(PersistentVolumeClaim: repository-default-pvc):::k8s + PersistentVolumeClaim_solr-default-pvc(PersistentVolumeClaim: solr-default-pvc):::k8s + PersistentVolumeClaim_data-acs-postgresql(PersistentVolumeClaim: data-acs-postgresql):::k8s + pv1[(Data Volume)]:::k8s + pv2[(Data Volume)]:::k8s + pv3[(Data Volume)]:::k8s + pv4[(Data Volume)]:::k8s + end + subgraph workloads + Deployment_activemq(Deployment: activemq):::thrdP + Deployment_alfresco-cc(Deployment: alfresco-cc):::alf + Deployment_alfresco-repository(Deployment: alfresco-repository):::alf + Deployment_solr(Deployment: solr):::alf + Deployment_share(Deployment: share):::alf + subgraph "Alfresco Transform Service" + Deployment_imagemagick(Deployment: imagemagick):::alf + Deployment_libreoffice(Deployment: libreoffice):::alf + Deployment_pdfrenderer(Deployment: pdfrenderer):::alf + Deployment_tika(Deployment: tika):::alf + Deployment_transform-misc(Deployment: transform-misc):::alf + end + StatefulSet_postgresql-acs(StatefulSet: postgresql-acs):::thrdP + end + subgraph ingress + Ingress_alfresco-cc(Ingress: alfresco-cc):::k8s + Ingress_alfresco-repository(Ingress: alfresco-repository):::k8s + Ingress_share(Ingress: share):::k8s + end +end + +Client ----> Ingress_alfresco-cc --> Deployment_alfresco-cc +Client --> Ingress_alfresco-repository --> Deployment_alfresco-repository +Client --> Ingress_share --> Deployment_share + +Deployment_share --> Deployment_alfresco-repository + +Deployment_alfresco-repository --> Deployment_solr +Deployment_alfresco-repository --> StatefulSet_postgresql-acs --> PersistentVolumeClaim_data-acs-postgresql --> pv1 +Deployment_alfresco-repository --> Deployment_activemq +Deployment_alfresco-repository --> Deployment_imagemagick +Deployment_alfresco-repository --> Deployment_libreoffice +Deployment_alfresco-repository --> Deployment_pdfrenderer +Deployment_alfresco-repository --> Deployment_tika +Deployment_alfresco-repository --> Deployment_transform-misc + +Deployment_alfresco-repository ---> PersistentVolumeClaim_repository-default-pvc --> pv2 +Deployment_activemq --> PersistentVolumeClaim_activemq-default-pvc --> pv3 +Deployment_solr --> PersistentVolumeClaim_solr-default-pvc --> pv4 +``` ## Overview @@ -29,7 +229,7 @@ database via [Bitnami charts][bitnami-repo] and an ActiveMQ message broker with a simple [activemq subchart][activemq-readme], both with basic authentication and without any kind of redundancy. -[activemq-readme]: ../../helm/alfresco-content-services/charts/activemq/README.md +[activemq-readme]: https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/activemq/README.md [bitnami-repo]: https://github.com/bitnami/charts You typically want to disable the embedded postgres and activemq broker and @@ -63,8 +263,7 @@ the installation. ## Deploy -For the best results we recommend [deploying ACS to AWS -EKS](./eks-deployment.md). If you have a machine with at least 16GB of memory +For the best results we recommend [deploying ACS to AWS EKS](./eks-deployment.md). If you have a machine with at least 16GB of memory you can [deploy using Docker Desktop](./desktop-deployment.md) (or similar apps like Rancher and Podman Desktop) or via [KinD](kind-deployment.md) which just requires a working Docker install on any OS. @@ -72,19 +271,19 @@ requires a working Docker install on any OS. The recommended cluster resources for the Enterprise version with the components enabled by default are: at least 3 nodes with 12 cpu cores and 32 GB of memory in total. You can install with lower requirements by fine tuning the [resource requests](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes) -available in the [values](../../helm/alfresco-content-services/values.yaml) for each component. +available in the [values](https://github.com/Alfresco/acs-deployment/blob/master/helm/alfresco-content-services/values.yaml) for each component. -There are also several [examples](./examples) showing how to deploy with various configurations: +There are also several [examples](../helm-examples.md) showing how to deploy with various configurations: * [Deploy with AWS Services (S3, RDS and MQ)](./examples/with-aws-services.md) * [Deploy with Intelligence Services](./examples/with-ai.md) * [Deploy with Microsoft 365 Connector (Office Online Integration)](./examples/with-ooi.md) * [Deploy with external Keycloak SSO authentication](./examples/with-keycloak.md) * [Deploy with external infrastructure components](./examples/with-external-infrastructure.md) (e.g. elasticsearch, activemq, postgres) -* [Enable access to Search Services](./examples/search-services.mdi#enable-alfresco-search-services-external-access) -* [Enable Email Services](./examples/email-enabled.md) -* [Use a custom metadata keystore](./examples/custom-metadata-keystore.md) -* [Install ACS license as part of the deployment](./examples/alf_license.md) +* [Enable access to Search Services](./examples/search-services.md#enable-alfresco-search-services-external-access) +* [Enable Email Services](https://alfresco.github.io/alfresco-helm-charts/charts/alfresco-repository/docs/email.html) +* [Use a custom metadata keystore](https://alfresco.github.io/alfresco-helm-charts/charts/alfresco-repository/docs/keystores.html) +* [Install ACS license as part of the deployment](https://alfresco.github.io/alfresco-helm-charts/charts/alfresco-repository/docs/enterprise-license.html) ## Upgrade @@ -97,13 +296,6 @@ helm charts versions. An autogenerated list of helm values used in the chart and their default values can be found here: [Alfresco Content Services Helm Chart](./../../helm/alfresco-content-services/README.md) -Since the Alfresco Content Services chart also has local chart dependencies you can find the list of values that can be configured for these charts in their respective base folder: - -* [Alfresco ActiveMQ Helm Chart](./../../helm/alfresco-content-services/charts/activemq/README.md) -* [Alfresco Search Helm Chart](./../../helm/alfresco-content-services/charts/alfresco-search/README.md) -* [Alfresco Insight Zeppelin Helm Chart](./../../helm/alfresco-content-services/charts/alfresco-search/charts/alfresco-insight-zeppelin/README.md) -* [Alfresco Sync Service Helm Chart](./../../helm/alfresco-content-services/charts/alfresco-sync-service/README.md) - ## Customise To customise the Helm deployment, for example applying AMPs, we recommend following the best practice of creating your own custom Docker image(s). The [Customisation Guide](./examples/customisation-guidelines.md) walks you through this process. @@ -112,7 +304,7 @@ To customise the Helm deployment, for example applying AMPs, we recommend follow ### Lens -The easiest way to troubleshoot issues on a Kubernetes deployment is to use the [Lens](https://k8slens.dev) desktop application, which is available for Mac, Windows and Linux. Follow the [getting started guide](https://docs.k8slens.dev/v4.0.3/getting-started) to configure your environment. +The easiest way to troubleshoot issues on a Kubernetes deployment is to use the [Lens](https://k8slens.dev) desktop application, which is available for Mac, Windows and Linux. Follow the [getting started guide](https://docs.k8slens.dev/getting-started/) to configure your environment. ![Lens Application](./images/k8s-lens.png) diff --git a/docs/helm/autoscaling.md b/docs/helm/autoscaling.md index 1729ba686..38b9ae8b3 100644 --- a/docs/helm/autoscaling.md +++ b/docs/helm/autoscaling.md @@ -1,3 +1,9 @@ +--- +title: Autoscaling +parent: Guides +grand_parent: Helm +--- + # Alfresco components auto-scaling `alfresco-content-services` can leverage Kubernetes HorinzontalPodAutoscaling diff --git a/docs/helm/desktop-deployment.md b/docs/helm/desktop-deployment.md index db6120514..5cb01b2be 100644 --- a/docs/helm/desktop-deployment.md +++ b/docs/helm/desktop-deployment.md @@ -1,3 +1,9 @@ +--- +title: Desktop +parent: Deployment +grand_parent: Helm +--- + # Alfresco Content Services Helm Deployment on local machines This page describes how to deploy Alfresco Content Services (ACS) Enterprise or @@ -7,7 +13,7 @@ Desktop](https://docs.docker.com/desktop/). ## Prerequisites -- You've read the projects [main README](/README.md#prerequisites) +- You've read the projects [main README](../index.md#prerequisites) prerequisites section - You've read the [main Helm README](./README.md) page - You are proficient in Kubernetes @@ -28,7 +34,7 @@ Then proceed to the [deployment](#deployment) section to install ingress-nginx. ### Docker Desktop specific configuration On top of the Docker desktop -[Prerequisites](./desktop-deployment.md#Prerequisites), it is essential to +[Prerequisites](./desktop-deployment.md#prerequisites), it is essential to install the latest version of [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) & [Helm](https://helm.sh/docs/intro/install). @@ -77,7 +83,7 @@ helm repo update #### Community localhost deployment To install the latest version of Community we need to download the -[community_values.yaml file](../../helm/alfresco-content-services). Once +[community_values.yaml file](https://github.com/Alfresco/acs-deployment/blob/master/helm/alfresco-content-services/community_values.yaml). Once downloaded, execute the following to initiate the deployment. ```bash @@ -93,10 +99,10 @@ helm install acs alfresco/alfresco-content-services \ #### Enterprise localhost deployment -ACS enterprise version needs to pull container images from private image repositories. -To configure credentials for accessing the Alfresco Enterprise registry, please -review the information provided in the [registry -authentication](registry-authentication.md) +ACS enterprise version needs to pull container images from private image +repositories. To configure credentials for accessing the Alfresco Enterprise +registry, please review the information provided in the +[registry-authentication](./registry-authentication.md) The Enterprise Helm deployment is intended for a Cloud based Kubernetes cluster and therefore requires a large amount of resources out-of-the-box. To reduce the @@ -129,7 +135,7 @@ The `helm` command above installs the most current released version of ACS Enter To deploy a previous version of ACS Enterprise follow the steps below. -1. Download the version specific values file you require from [this folder](../../helm/alfresco-content-services) +1. Download the version specific values file you require from [this folder](https://github.com/Alfresco/acs-deployment/tree/master/helm/alfresco-content-services) 2. Deploying the specific version of ACS can be achieved by executing the following: ```bash @@ -151,7 +157,7 @@ To deploy ACS platform with the latest development version follow the steps belo 1. Download the [pre-release_values.yaml - file](https://raw.githubusercontent.com/Alfresco/acs-deployment/master/docs/helm/values/pre-release_values.yaml) + file](https://raw.githubusercontent.com/Alfresco/acs-deployment/master/helm/alfresco-content-services/pre-release_values.yaml) 2. Deploy ACS by executing the following command: ```bash @@ -199,7 +205,7 @@ If you deployed Enterprise you'll also have access to: In the event of a deployment failure, it is important to recognize that resource constraints are a common underlying cause. For further insights and guidance. Additionally, you can find more comprehensive troubleshooting advice -in the [Helm Troubleshooting section](./README.md#Troubleshooting) +in the [Helm Troubleshooting section](./README.md#troubleshooting) ### Lack Of Resources @@ -235,6 +241,6 @@ an increased timeout, eg. --timeout 15m0s. Alteratively run without following: --atomic --timeout 10m0s ``` -and then monitor the logs for any failing pods. Please also consult the [Helm -Troubleshooting section](./README.md#Troubleshooting) for deploying Kubernetes +and then monitor the logs for any failing pods. Please also consult the +[Helm Troubleshooting section](./README.md#troubleshooting) for deploying Kubernetes Dashboard and more generic troubleshooting tips and tricks. diff --git a/docs/helm/eks-deployment.md b/docs/helm/eks-deployment.md index 2797e34ce..67309e116 100644 --- a/docs/helm/eks-deployment.md +++ b/docs/helm/eks-deployment.md @@ -1,3 +1,9 @@ +--- +title: EKS +parent: Deployment +grand_parent: Helm +--- + # Alfresco Content Services Helm Deployment with AWS EKS This page describes how to deploy Alfresco Content Services (ACS) Enterprise or @@ -8,17 +14,224 @@ manage, and scale containerized applications using Kubernetes on AWS. EKS runs the Kubernetes management infrastructure for you across multiple AWS availability zones to eliminate a single point of failure. -The Enterprise configuration will deploy the following system: +## Architectures + +### Enterprise edition + +The Enterprise configuration will deploy the following system (Alfresco +Transform Service and Alfresco Search Enterprise are detailed in the next +diagrams): + +```mermaid +graph LR + +classDef alf fill:#0b0,color:#fff +classDef aws fill:#fa0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +Client("👥 Clients") + +subgraph Helm enterprise + direction LR + subgraph storage + PersistentVolumeClaim_activemq-default-pvc(PersistentVolumeClaim: activemq-default-pvc):::k8s + PersistentVolumeClaim_data-acs-postgresql(PersistentVolumeClaim: data-acs-postgresql):::k8s + PersistentVolumeClaim_data-sync-postgresql(PersistentVolumeClaim: data-sync-postgresql):::k8s + PersistentVolumeClaim_repository-default-pvc(PersistentVolumeClaim: repository-default-pvc):::k8s + end + + subgraph workloads + Deployment_activemq(Deployment: activemq):::thrdP + Deployment_alfresco-cc(Deployment: alfresco-cc):::alf + Deployment_alfresco-dw(Deployment: alfresco-dw):::alf + Deployment_alfresco-repository(Deployment: alfresco-repository):::alf + Deployment_alfresco-sync-service(Deployment: alfresco-sync-service):::alf + Deployment_share(Deployment: share):::alf + + StatefulSet_elasticsearch-master(StatefulSet: elasticsearch-master):::thrdP + StatefulSet_postgresql-sync(StatefulSet: postgresql-sync):::thrdP + StatefulSet_postgresql-acs(StatefulSet: postgresql-acs):::thrdP + end + + subgraph ingress + Ingress_alfresco-cc(Ingress: alfresco-cc):::k8s + Ingress_alfresco-dw(Ingress: alfresco-dw):::k8s + Ingress_alfresco-repository(Ingress: alfresco-repository):::k8s + Ingress_alfresco-sync-service(Ingress: alfresco-sync-service):::k8s + Ingress_share(Ingress: share):::k8s + end +end + +subgraph AWS + EFS[(EFS: Datastore)]:::aws + EBS-acs[(EBS: Alfresco)]:::aws + EBS-sync[(EBS: Sync)]:::aws + EBS-mq[(EBS: ActiveMQ)]:::aws +end + +Client ---> Ingress_alfresco-cc --> Deployment_alfresco-cc +Client ---> Ingress_alfresco-dw --> Deployment_alfresco-dw +Client --> Ingress_alfresco-repository --> Deployment_alfresco-repository +Client --> Ingress_share --> Deployment_share +Client --> Ingress_alfresco-sync-service --> Deployment_alfresco-sync-service + +Deployment_share --> Deployment_alfresco-repository + +Deployment_alfresco-repository --> StatefulSet_postgresql-acs --> PersistentVolumeClaim_data-acs-postgresql --> EBS-acs +Deployment_alfresco-repository --> Deployment_activemq +Deployment_alfresco-repository --> StatefulSet_elasticsearch-master + +Deployment_alfresco-sync-service --> StatefulSet_postgresql-sync --> PersistentVolumeClaim_data-sync-postgresql --> EBS-sync +Deployment_alfresco-sync-service --> Deployment_activemq +Deployment_alfresco-sync-service --> Deployment_alfresco-repository + +Deployment_alfresco-repository --> PersistentVolumeClaim_repository-default-pvc --> EFS +Deployment_activemq --> PersistentVolumeClaim_activemq-default-pvc --> EBS-mq +``` + +#### Alfresco Transform Services + +```mermaid +graph LR + +classDef alf fill:#0b0,color:#fff +classDef aws fill:#fa0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +subgraph ats[Alfresco Transform Service] + Deployment_filestore(Deployment: filestore):::alf + Deployment_imagemagick(Deployment: imagemagick):::alf + Deployment_libreoffice(Deployment: libreoffice):::alf + Deployment_pdfrenderer(Deployment: pdfrenderer):::alf + Deployment_tika(Deployment: tika):::alf + Deployment_transform-misc(Deployment: transform-misc):::alf + Deployment_transform-router(Deployment: transform-router):::alf +end + +subgraph AWS + EFS[(EFS: Datastore)]:::aws +end + +Deployment_activemq(Deployment: activemq):::thrdP +PersistentVolumeClaim_filestore-default-pvc(PersistentVolumeClaim: filestore-default-pvc):::k8s + + +Deployment_transform-router --> Deployment_activemq +Deployment_transform-router --> Deployment_imagemagick +Deployment_transform-router --> Deployment_libreoffice +Deployment_transform-router --> Deployment_pdfrenderer +Deployment_transform-router --> Deployment_tika +Deployment_transform-router --> Deployment_transform-misc +Deployment_transform-router --> Deployment_filestore + +Deployment_filestore --> PersistentVolumeClaim_filestore-default-pvc --> EFS +``` + +#### Search Enterprise + +```mermaid +graph TB + +classDef alf fill:#0b0,color:#fff +classDef aws fill:#fa0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +subgraph live[Live Indexing] + Deployment_alfresco-search-enterprise-content(Deployment: alfresco-search-enterprise-content):::alf + Deployment_alfresco-search-enterprise-metadata(Deployment: alfresco-search-enterprise-metadata):::alf + Deployment_alfresco-search-enterprise-path(Deployment: alfresco-search-enterprise-path):::alf + StatefulSet_alfresco-search-enterprise-mediation(StatefulSet: alfresco-search-enterprise-mediation):::alf +end -![ACS Enterprise on EKS](./images/helm-eks-enterprise.png) +Job_alfresco-search-enterprise-reindexing(Job: alfresco-search-enterprise-reindexing):::alf -The Community configuration will deploy the following system: +StatefulSet_postgresql-acs(StatefulSet: postgresql-acs):::thrdP +Deployment_activemq(Deployment: activemq):::thrdP +StatefulSet_elasticsearch-master(StatefulSet: elasticsearch-master):::thrdP -![ACS Community on EKS](./images/helm-eks-community.png) +Job_alfresco-search-enterprise-reindexing --> StatefulSet_elasticsearch-master +Job_alfresco-search-enterprise-reindexing --> StatefulSet_postgresql-acs + +live --> Deployment_activemq +live --> StatefulSet_elasticsearch-master +``` + +### Community edition + +The Community configuration will deploy the following architecture: + +```mermaid +graph LR + +classDef alf fill:#0b0,color:#fff +classDef aws fill:#fa0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +Client("👥 Clients") + +subgraph Helm community + subgraph storage + PersistentVolumeClaim_activemq-default-pvc(PersistentVolumeClaim: activemq-default-pvc):::k8s + PersistentVolumeClaim_repository-default-pvc(PersistentVolumeClaim: repository-default-pvc):::k8s + PersistentVolumeClaim_solr-default-pvc(PersistentVolumeClaim: solr-default-pvc):::k8s + PersistentVolumeClaim_data-acs-postgresql(PersistentVolumeClaim: data-acs-postgresql):::k8s + end + subgraph workloads + Deployment_activemq(Deployment: activemq):::thrdP + Deployment_alfresco-cc(Deployment: alfresco-cc):::alf + Deployment_alfresco-repository(Deployment: alfresco-repository):::alf + Deployment_solr(Deployment: solr):::alf + Deployment_share(Deployment: share):::alf + StatefulSet_postgresql-acs(StatefulSet: postgresql-acs):::thrdP + end + subgraph ingress + Ingress_alfresco-cc(Ingress: alfresco-cc):::k8s + Ingress_alfresco-repository(Ingress: alfresco-repository):::k8s + Ingress_share(Ingress: share):::k8s + end + subgraph "Alfresco Transform Service" + Deployment_imagemagick(Deployment: imagemagick):::alf + Deployment_libreoffice(Deployment: libreoffice):::alf + Deployment_pdfrenderer(Deployment: pdfrenderer):::alf + Deployment_tika(Deployment: tika):::alf + Deployment_transform-misc(Deployment: transform-misc):::alf + end +end + +subgraph AWS + EBS-acs[(EBS: Alfresco)]:::aws + EBS-mq[(EBS: ActiveMQ)]:::aws + EBS-solr[(EBS: Solr)]:::aws + EFS[(EFS: Datastore)]:::aws +end + +Client ----> Ingress_alfresco-cc --> Deployment_alfresco-cc +Client --> Ingress_alfresco-repository --> Deployment_alfresco-repository +Client --> Ingress_share --> Deployment_share + +Deployment_share --> Deployment_alfresco-repository + +Deployment_alfresco-repository --> Deployment_solr +Deployment_alfresco-repository --> StatefulSet_postgresql-acs --> PersistentVolumeClaim_data-acs-postgresql --> EBS-acs +Deployment_alfresco-repository --> Deployment_activemq +Deployment_alfresco-repository --> Deployment_imagemagick +Deployment_alfresco-repository --> Deployment_libreoffice +Deployment_alfresco-repository --> Deployment_pdfrenderer +Deployment_alfresco-repository --> Deployment_tika +Deployment_alfresco-repository --> Deployment_transform-misc + +Deployment_alfresco-repository ---> PersistentVolumeClaim_repository-default-pvc --> EFS +Deployment_activemq --> PersistentVolumeClaim_activemq-default-pvc --> EBS-mq +Deployment_solr --> PersistentVolumeClaim_solr-default-pvc --> EBS-solr +``` ## Prerequisites -* You've read the projects [main README](/README.md#prerequisites) +* You've read the projects [main README](../index.md#prerequisites) prerequisites section * You've read the [main Helm README](./README.md) page * You are proficient in AWS and Kubernetes @@ -34,9 +247,9 @@ To better troubleshoot any issue, you may want to install applications such as: * [lens](https://k8slens.dev/) (GUI) * [k9s](https://k9scli.io/) (CLI) -## Setup An EKS Cluster +## Create the EKS cluster -There are multiple ways to setup an EKS cluster, but one of the most simple is +There are multiple ways to set up an EKS cluster, but one of the most simple is by using `eksctl`. This section will guide you in creating a new EKS cluster that satisfy the minimum requirements to have a basic ACS installation up and running. @@ -54,138 +267,27 @@ Set the cluster name in an environment variable that can be reused later: EKS_CLUSTER_NAME=my-alfresco-eks ``` -Create the cluster using a supported version (we are currently testing against -1.24). Most common choices for instance types are `m5.xlarge` and `t3.xlarge`: +Create the cluster using the latest supported version - check the main [README](https://github.com/Alfresco/acs-deployment/blob/master/README.md). +Most common choices for instance types are `m5.xlarge` and `t3.xlarge`: ```sh -eksctl create cluster --name $EKS_CLUSTER_NAME --version 1.24 --instance-types t3.xlarge +eksctl create cluster --name $EKS_CLUSTER_NAME --version 1.29 --instance-types t3.xlarge --nodes 3 ``` Enable the OIDC provider that is necessary to install further EKS addons later: ```sh -eksctl utils associate-iam-oidc-provider --cluster=$EKS_CLUSTER_NAME —approve +eksctl utils associate-iam-oidc-provider --cluster=$EKS_CLUSTER_NAME --approve ``` For further information please refer to the [Getting started with Amazon EKS – eksctl](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html) guide. -## Prepare The Cluster For ACS +## Set up ACS infrastructure dependencies Now that we have an EKS cluster up and running, there are a few one time steps -that we need to perform to prepare the cluster for ACS to be installed. - -### DNS - -1. Create a hosted zone in Route53 using [these - steps](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingHostedZone.html) - if you don't already have one available. - -2. Create a public certificate for the hosted zone created in step 1 in - Certificate Manager using [these - steps](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) - if you don't have one already available and make a note of the certificate - ARN for use later. - -3. Create a file called `external-dns.yaml` with the text below (replacing - `YOUR-DOMAIN-NAME` with the domain name you created in step 1). This manifest - defines a service account and a cluster role for managing DNS. - - ```yaml - apiVersion: v1 - kind: ServiceAccount - metadata: - name: external-dns - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: external-dns - rules: - - apiGroups: [""] - resources: ["services","endpoints","pods"] - verbs: ["get","watch","list"] - - apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["get","watch","list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["list","watch"] - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: external-dns-viewer - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: external-dns - subjects: - - kind: ServiceAccount - name: external-dns - namespace: kube-system - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: external-dns - spec: - strategy: - type: Recreate - selector: - matchLabels: - app: external-dns - template: - metadata: - labels: - app: external-dns - spec: - serviceAccountName: external-dns - containers: - - name: external-dns - image: registry.opensource.zalan.do/teapot/external-dns:latest - args: - - --source=service - - --domain-filter=YOUR-DOMAIN-NAME - - --provider=aws - - --policy=sync - - --aws-zone-type=public - - --registry=txt - - --txt-owner-id=acs-deployment - - --log-level=debug - ``` - -4. Use the kubectl command to deploy the external-dns service. - - ```bash - kubectl apply -f external-dns.yaml -n kube-system - ``` - -5. Find the name of the nodegroup created by running the following command - (replacing `YOUR-CLUSTER-NAME` with the name you gave your cluster): - - ```bash - eksctl get nodegroup --cluster=`YOUR-CLUSTER-NAME` - ``` - -6. Find the name of the role used by the nodes by running the following command - (replacing `YOUR-CLUSTER-NAME` with the name you gave your cluster, and - `YOUR-NODE-GROUP` with the nodegroup from the step above): - - ```bash - aws eks describe-nodegroup \ - --cluster-name YOUR-CLUSTER-NAME \ - --nodegroup-name YOUR-NODE-GROUP \ - --query "nodegroup.nodeRole" \ - --output text - ``` - -7. In the [IAM console](https://console.aws.amazon.com/iam/home) find the role - discovered in the previous step and attach the "AmazonRoute53FullAccess" - managed policy as shown in the screenshot below: - - ![Attach Policy](./images/eks-attach-policy.png) +that we need to perform before ACS can be successfully installed. ### Storage @@ -196,11 +298,12 @@ For the main you can alternatively: * Use an Elastic File System, installing the ([EFS CSI driver](#efs-csi-driver)) - (the default we suggest, see `storageClass="nfs-client"` values in [helm - install section](#latest-enterprise-version)) -* Use an EBS block-storage, enabling [EBS CSI driver](#ebs-csi-driver) (not - possible with Enterprise in clustered mode) -* Use a bucket on [S3](examples/with-aws-services.md#s3) + (the default, as documented below, required when repository replicas are more + than 1) +* Use an EBS block-storage, enabling [EBS CSI driver](#ebs-csi-driver) (when + repository replicas are just one and with node groups in the same availability + zone - not meant for production) +* Use an [S3](examples/with-aws-services.md#s3) bucket For the [database](https://docs.alfresco.com/content-services/latest/config/databases/), @@ -230,25 +333,25 @@ you can alternatively: 2. Find The ID of VPC created when your cluster was built using the command below (replacing `YOUR-CLUSTER-NAME` with the name you gave your cluster): - ```bash + ```sh aws eks describe-cluster \ - --name YOUR-CLUSTER-NAME \ - --query "cluster.resourcesVpcConfig.vpcId" \ - --output text + --name $EKS_CLUSTER_NAME \ + --query "cluster.resourcesVpcConfig.vpcId" \ + --output text ``` 3. Find The CIDR range of VPC using the command below (replacing `VPC-ID` with the ID retrieved in the previous step): - ```bash + ```sh aws ec2 describe-vpcs \ - --vpc-ids VPC-ID \ - --query "Vpcs[].CidrBlock" \ - --output text + --vpc-ids VPC-ID \ + --query "Vpcs[].CidrBlock" \ + --output text ``` 4. Go to the [Security Groups section of the VPC - Console](https://console.aws.amazon.com/vpc/home#SecurityGroups) and search + Console](https://console.aws.amazon.com/vpc/home) and search for the VPC using the ID retrieved in step 2, as shown in the screenshot below: @@ -266,7 +369,7 @@ you can alternatively: you're using e.g. "fs-72f5e4f1" (this step replace previous deployment of the now obsolete nfs-client-provisioner): - ```bash + ```sh cat > aws-efs-values.yml < Since EKS 1.24 it is mandatory to install EBS CSI Driver for the dynamic +> Since EKS 1.24 it is **mandatory** to install EBS CSI Driver for the dynamic > provisioning via the default `gp2` storage class. Upgrading from 1.23 without > it will break any existing PVC. @@ -307,128 +410,146 @@ Create the IAM Service Account with access to EBS that will be used by the drive ```sh eksctl create iamserviceaccount \ - --name ebs-csi-controller-sa \ - --namespace kube-system \ - --cluster $EKS_CLUSTER_NAME \ - --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ - --approve \ - --role-only \ - --role-name AmazonEKS_EBS_CSI_DriverRole +--name ebs-csi-controller-sa \ +--namespace kube-system \ +--cluster $EKS_CLUSTER_NAME \ +--attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ +--approve \ +--role-only \ +--role-name AmazonEKS_EBS_CSI_DriverRole ``` Enable the addon referencing the IAM role created previously: ```sh eksctl create addon \ - --name aws-ebs-csi-driver \ - --cluster $EKS_CLUSTER_NAME \ - --service-account-role-arn arn:aws:iam::$AWS_ACCOUNT_ID:role/AmazonEKS_EBS_CSI_DriverRole \ - --force +--name aws-ebs-csi-driver \ +--cluster $EKS_CLUSTER_NAME \ +--service-account-role-arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/AmazonEKS_EBS_CSI_DriverRole \ +--force ``` At this point the provisioning of EBS volumes using the default GP2 storageClass will be handled by this driver. -For further information please refer to the official [Amazon EBS CSI driver]( -ttps://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) guide. +For further information please refer to the official +[Amazon EBS CSI driver](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) guide. ## Deploy -Now the EKS cluster is setup we can deploy ACS. +Now the EKS cluster is set up, we can start to provision Kubernetes resources on +top of it. + +### Ingress + +See [ingress-nginx](ingress-nginx.md) section. -### Namespace +### DNS -Namespaces in Kubernetes isolate workloads from each other, create a namespace -to host ACS inside the cluster using the following command (we'll then use the -`alfresco` namespace throughout the rest of the tutorial): +In order to access Alfresco once installed, you need to set up a DNS record that +resolve to the ELB hostname that has been provisioned by `ingress-nginx`. -```bash -kubectl create namespace alfresco +This is a typical architecture, which you can learn more about at +[Exposing Kubernetes Applications article](https://aws.amazon.com/blogs/containers/exposing-kubernetes-applications-part-3-nginx-ingress-controller/). + +To retrieve the automatically assigned hostname of the ELB you need to inspect +the ingress resources: + +```sh +kubectl get service -n ingress-nginx ``` -### Ingress +which will return an output like the following: -1. Create a file called `ingress-rbac.yaml` with the text below: - - ```yaml - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: acs:psp - namespace: alfresco - rules: - - apiGroups: - - policy - resourceNames: - - kube-system - resources: - - podsecuritypolicies - verbs: - - use - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: acs:psp:default - namespace: alfresco - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: acs:psp - subjects: - - kind: ServiceAccount - name: default - namespace: alfresco - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: acs:psp:acs-ingress - namespace: alfresco - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: acs:psp - subjects: - - kind: ServiceAccount - name: acs-ingress - namespace: alfresco - ``` +```sh +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +ingress-nginx-controller LoadBalancer 10.100.132.184 ???.eu-west-1.elb.amazonaws.com 80:31780/TCP,443:32152/TCP 3m +``` -2. Use the kubectl command to create the cluster roles required by the ingress service. +Now you can proceed to creating a new DNS record in `YOUR-DOMAIN-NAME` zone, like: - ```bash - kubectl apply -f ingress-rbac.yaml -n alfresco - ``` +* Record name: `acs` +* Record type: `CNAME` +* Value: `???.eu-west-1.elb.amazonaws.com` -3. Deploy the ingress using the following commands (replacing - `ACM_CERTIFICATE_ARN` and `YOUR-DOMAIN-NAME` with the ARN of the certificate - and hosted zone created earlier in the DNS section): - - ```bash - helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx - helm repo update - - helm install acs-ingress ingress-nginx/ingress-nginx --version=4.0.18 \ - --set controller.scope.enabled=true \ - --set controller.scope.namespace=alfresco \ - --set rbac.create=true \ - --set controller.config."proxy-body-size"="100m" \ - --set controller.service.targetPorts.https=80 \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol"="http" \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-ports"="https" \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-cert"="ACM_CERTIFICATE_ARN" \ - --set controller.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="acs.YOUR-DOMAIN-NAME" \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-negotiation-policy"="ELBSecurityPolicy-TLS-1-2-2017-01" \ - --set controller.publishService.enabled=true \ - --set controller.admissionWebhooks.enabled=false \ - --atomic \ - --namespace alfresco - ``` +Wait a few minutes before trying to access `http://acs.YOUR-DOMAIN-NAME` in your +browser to allow the new record to propagate. Once ready, you should get the +default `404 Not Found` nginx error page. + +Set an environment variable with the hostname which will be useful later. + +```sh +export ACS_HOSTNAME=acs.YOUR-DOMAIN-NAME +``` + +### HTTPS + +The simplest way to access applications running on Kubernetes behind HTTPS is +using [cert-manager](https://cert-manager.io/) to request on-the-fly a +[LetsEncrypt](https://letsencrypt.org/) certificate. +This is an optional but recommended step. - > NOTE: The command will wait until the deployment is ready so please be patient. +> In case you have a private PKI, you may want to take a look at providing a +> [custom certificate without cert-manager](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) +> instead. -### ACS +Add the cert-manager helm repository: + +```sh +helm repo add jetstack https://charts.jetstack.io --force-update +helm repo update +``` + +Install it: + +```sh +helm install \ +cert-manager jetstack/cert-manager \ +--namespace cert-manager \ +--create-namespace \ +--set installCRDs=true +``` + +Create a `ClusterIssuer` resource which will automatically register a new +account on LetsEncrypt production directory, generate a private key and be ready +to request certificates for any ingress that will contain a reference to it: + +```sh +kubectl apply -n cert-manager -f - < letsencrypt_values.yaml +``` + +### Set up namespace + +Namespaces in Kubernetes logically groups resources, so it's good practice to +create a namespace dedicated to alfresco using the following command (we'll then +use the `alfresco` namespace throughout the rest of the tutorial): + +```sh +kubectl create namespace alfresco +``` + +### Get charts This repository allows you to either deploy a system using released stable artefacts or the latest in-progress development artefacts. @@ -436,21 +557,35 @@ artefacts or the latest in-progress development artefacts. To use a released version of the Helm chart add the stable repository using the following command: -```bash +```sh helm repo add alfresco https://kubernetes-charts.alfresco.com/stable helm repo update ``` +#### Development version of charts + Alternatively, to use the latest in-progress development version of the Helm -chart add the incubator repository using the following command: +charts, you can clone the git repository or grab the master zip directly from +[GitHub](https://github.com/Alfresco/acs-deployment). -```bash -helm repo add alfresco https://kubernetes-charts.alfresco.com/incubator -helm repo update +Enter the `helm/alfresco-content-services` folder and fetch dependencies with: + +```sh +cd acs-deployment/helm/alfresco-content-services +helm dep build ``` -Now decide whether you want to install the latest version of ACS (Enterprise or -Community) or a previous version and follow the steps in the relevant section below. +Now you can run the next `helm` commands using `.` instead of +`alfresco/alfresco-content-services`. + +### Install charts + +Choose your desired ACS version (Enterprise or Community) - latest or previous - +and proceed to the corresponding section below for installation instructions. + +Please note that we are using `helm upgrade --install` instead of the usual +`helm install` so you can simply re-run the command as many times as you want and +upgrade an eventually existing deployment after tuning values. #### Latest Enterprise Version @@ -460,66 +595,85 @@ credentials to access the Alfresco Enterprise registry. Deploy the latest version of ACS by running the following command (replacing `YOUR-DOMAIN-NAME` with the hosted zone you created earlier): -```bash -helm install acs alfresco/alfresco-content-services \ - --set alfresco-repository.persistence.enabled=true \ - --set alfresco-repository.persistence.storageClass="nfs-client" \ - --set alfresco-transform-service.filestore.persistence.enabled=true \ - --set alfresco-transform-service.filestore.persistence.storageClass="nfs-client" \ - --set global.known_urls=https://acs.YOUR-DOMAIN-NAME \ - --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ - --set global.search.sharedSecret=$(openssl rand -hex 24) \ - --atomic \ - --timeout 10m0s \ - --namespace=alfresco +```sh +helm upgrade --install acs alfresco/alfresco-content-services \ +--set alfresco-repository.persistence.enabled=true \ +--set alfresco-repository.persistence.storageClass="nfs-client" \ +--set alfresco-transform-service.filestore.persistence.enabled=true \ +--set alfresco-transform-service.filestore.persistence.storageClass="nfs-client" \ +--set global.known_urls=https://${ACS_HOSTNAME} \ +--set global.alfrescoRegistryPullSecrets=quay-registry-secret \ +--values letsencrypt_values.yaml \ +--namespace=alfresco ``` -> NOTE: The command will wait until the deployment is ready so please be patient. - #### Latest Community Version -1. Download the Community values file from [here](../../helm/alfresco-content-services/community_values.yaml). +Download the Community values file with: -2. Deploy ACS Community by running the following command (replacing - `YOUR-DOMAIN-NAME` with the hosted zone you created earlier): +```sh +curl -fO https://raw.githubusercontent.com/Alfresco/acs-deployment/master/helm/alfresco-content-services/community_values.yaml +``` - ```bash - helm install acs alfresco/alfresco-content-services \ - --values=community_values.yaml \ - --set global.known_urls=https://acs.YOUR-DOMAIN-NAME \ - --set alfresco-repository.persistence.enabled=true \ - --set alfresco-repository.persistence.storageClass="nfs-client" \ - --atomic \ - --timeout 10m0s \ - --namespace=alfresco - ``` +Deploy ACS Community by running the following command: - > NOTE: The command will wait until the deployment is ready so please be patient. - -#### Previous Enterprise Version - -1. Download the version specific values file you require from [this folder](../../helm/alfresco-content-services). - -2. Deploy the specific version of ACS by running the following command - (replacing `YOUR-DOMAIN-NAME` with the hosted zone you created earlier and - `MAJOR` & `MINOR` with the appropriate values): - - ```bash - helm install acs alfresco/alfresco-content-services \ - --values=MAJOR.MINOR.N_values.yaml \ - --set global.known_urls=https://acs.YOUR-DOMAIN-NAME \ - --set alfresco-repository.persistence.enabled=true \ - --set alfresco-repository.persistence.storageClass="nfs-client" \ - --set alfresco-transform-service.filestore.persistence.enabled=true \ - --set alfresco-transform-service.filestore.persistence.storageClass="nfs-client" \ - --set global.alfrescoRegistryPullSecrets=quay-registry-secret \ - --set global.search.sharedSecret=$(openssl rand -hex 24) \ - --atomic \ - --timeout 10m0s \ - --namespace=alfresco - ``` +```sh +helm upgrade --install acs alfresco/alfresco-content-services \ +--values=community_values.yaml \ +--set alfresco-repository.persistence.enabled=true \ +--set alfresco-repository.persistence.storageClass="nfs-client" \ +--set global.known_urls=https://${ACS_HOSTNAME} \ +--set global.search.sharedSecret=$(openssl rand -hex 24) \ +--values letsencrypt_values.yaml \ +--namespace=alfresco +``` + +#### Previous Enterprise Versions + +1. Download the version-specific values file you require from [this folder](https://github.com/Alfresco/acs-deployment/blob/master/helm/alfresco-content-services). + +Deploy the specific version of ACS by running the following command (replacing +`YOUR-DOMAIN-NAME` with the hosted zone you created earlier and `MAJOR` & +`MINOR` with the appropriate values): + +```sh +helm upgrade --install acs alfresco/alfresco-content-services \ +--values=MAJOR.MINOR.N_values.yaml \ +--set alfresco-repository.persistence.enabled=true \ +--set alfresco-repository.persistence.storageClass="nfs-client" \ +--set alfresco-transform-service.filestore.persistence.enabled=true \ +--set alfresco-transform-service.filestore.persistence.storageClass="nfs-client" \ +--set global.known_urls=https://${ACS_HOSTNAME} \ +--set global.alfrescoRegistryPullSecrets=quay-registry-secret \ +--values letsencrypt_values.yaml \ +--namespace=alfresco +``` + +### Wait for successful deployment + +You can monitor the progress of deployments with: + +```sh +kubectl get pod -n alfresco +``` + +In a few minutes, each pod should be in `Running` in the `Status` column and +showing `1/1` in the `Ready` column. + +If it doesn't happen, you can first describe the pod not in the Running state yet +and look for the events section at the end: - > NOTE: The command will wait until the deployment is ready so please be patient. +```sh +kubectl describe pod acs-alfresco-repository-???-??? -n alfresco +``` + +If the pod is in the running state but can't achieve the `1/1` Ready before the +readiness probe fails as many times the readiness threshold allows, you should +take a look at the logs with: + +```sh +kubectl logs acs-alfresco-repository-???-??? -n alfresco +``` ## Access @@ -538,7 +692,7 @@ If you deployed Enterprise you'll also have access to: If you requested an extended trial license navigate to the Admin Console and apply your license: -* [https://acs.YOUR-DOMAIN-NAME/alfresco/service/enterprise/admin/admin-license](http://localhost:8080/alfresco/service/enterprise/admin/admin-license) +* `https://acs.YOUR-DOMAIN-NAME/alfresco/service/enterprise/admin/admin-license` * Default username and password is ```admin``` * See [Uploading a new license](https://docs.alfresco.com/content-services/latest/admin/license/#uploadlicense) @@ -548,39 +702,33 @@ apply your license: By default, this tutorial installs an out-of-the-box setup, however there are many configurations options described [here](./README.md#configure). There are -also several [examples](./examples) covering various use cases. +also several [examples](../helm-examples.md) covering various use cases. This deployment is also not fully secured by default, to learn about and apply further restrictions including pod security, network policies etc. please refer to the [EKS Best Practices for Security](https://aws.github.io/aws-eks-best-practices/). -## Cleanup +## Uninstall -1. Remove the `acs` and `acs-ingress` deployments by running the following command: +Remove the `acs` deployments by running the following command: - ```bash - helm uninstall -n alfresco acs acs-ingress - ``` - -2. Delete the Kubernetes namespace using the command below: +```sh +helm uninstall acs -n alfresco +``` - ```bash - kubectl delete namespace alfresco - ``` +Delete the Kubernetes namespace using the command below: -3. Go to the [EFS Console](https://console.aws.amazon.com/efs), select the file - system we created earlier and press the "Delete" button to remove the mount - targets and file system. +```sh +kubectl delete namespace alfresco +``` -4. Go to the [IAM console](https://console.aws.amazon.com/iam/home) and remove - the AmazonRoute53FullAccess managed policy we added to the NodeInstanceRole - in the File System section otherwise the cluster will fail to delete in the - next step. +If you created an EFS filesystem before, go to the [EFS +Console](https://console.aws.amazon.com/efs), select the file system and press +the "Delete" button to remove the mount targets and file system. -5. Finally, delete the EKS cluster using the command below (replacing - `YOUR-CLUSTER-NAME` with the name you gave your cluster): +Finally, delete the EKS cluster: - ```bash - eksctl delete cluster --name YOUR-CLUSTER-NAME - ``` +```sh +eksctl delete cluster --name $EKS_CLUSTER_NAME +``` diff --git a/docs/helm/examples/customisation-guidelines.md b/docs/helm/examples/customisation-guidelines.md index 4186bfb8e..aae4ded00 100644 --- a/docs/helm/examples/customisation-guidelines.md +++ b/docs/helm/examples/customisation-guidelines.md @@ -1,3 +1,9 @@ +--- +title: Customisation Guidelines +parent: Examples +grand_parent: Helm +--- + # Customisation Guidelines Any customisations (including major configuration changes) should be done @@ -14,17 +20,16 @@ values files. ## Creating Custom Docker Images -The [docker compose Customisation -Guide](../../docker-compose/examples/customisation-guidelines.md) provides a +The [docker compose Customisation Guide](../../docker-compose/examples/customisation-guidelines.md) provides a detailed example of how to apply an AMP in a custom image and a more advanced example of building a custom image with configuration can be found -[here](https://github.com/Alfresco/acs-packaging/blob/master/docs/create-custom-image-using-existing-docker-image.md#applying-amps-that-require-additional-configuration-advanced). +[here](https://github.com/Alfresco/acs-packaging/blob/master/docs/create-custom-image-using-existing-docker-image.md). ## Using Custom Docker Images Once you have created your custom image you can either change the default values in the appropriate values file in [this -folder](../../../helm/alfresco-content-services) or you can override the values +folder](https://github.com/Alfresco/acs-deployment/blob/master/helm/alfresco-content-services) or you can override the values via the `--set` command line option during install as shown below: ```bash diff --git a/docs/helm/examples/external-hazelcast.md b/docs/helm/examples/external-hazelcast.md index 260d1bb11..37588d7d7 100644 --- a/docs/helm/examples/external-hazelcast.md +++ b/docs/helm/examples/external-hazelcast.md @@ -1,3 +1,9 @@ +--- +title: Hazelcast +parent: Examples +grand_parent: Helm +--- + # Alfresco Content Services Helm Deployment with external Hazelcast cluster - [Alfresco Content Services Helm Deployment with external Hazelcast @@ -26,8 +32,7 @@ ## Step by step guide -1. Deploy alfresco-content-services. See [desktop - deployment](../desktop-deployment.md) section. Remember to stick to one +1. Deploy alfresco-content-services. See [desktop deployment](../desktop-deployment.md) section. Remember to stick to one namespace in next steps. 2. Prepare a valid Hazelcast xml configuration, which also must include @@ -92,13 +97,13 @@ Now copy generated xml configuration into manifest file. (Remember to correctly indent copied text) -7. Deploy created [manifest](external-hazelcast_files/configmap-hazelcast.yaml) +7. Deploy created [manifest](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/examples/external-hazelcast_files/configmap-hazelcast.yaml) ```bash kubectl apply -f configmap-hazelcast.yaml ``` -8. Deploy hazelcast with [values](external-hazelcast_files/hazelcast.yaml) +8. Deploy hazelcast with [values](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/examples/external-hazelcast_files/hazelcast.yaml) presented below ```yaml @@ -119,7 +124,7 @@ ``` 9. Now change the config of alfresco-repository by adding another [values - file](external-hazelcast_files/acs-hazelcast.yaml). In below file specify + file](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/examples/external-hazelcast_files/acs-hazelcast.yaml). In below file specify properties that will make repository use external hazelcast cluster deployed in previous step. Remember to accordingly change the values if needed. @@ -170,8 +175,8 @@ You should get empty response. -4. Login into [Alfresco - UI](http://localhost/alfresco/s/enterprise/admin/admin-clustering) and after +4. Login into Alfresco UI on + `http://localhost/alfresco/s/enterprise/admin/admin-clustering` and after that repeat commands from previous step. You should see response from all nodes similar to this: diff --git a/docs/helm/examples/search-services.md b/docs/helm/examples/search-services.md index bb5195820..66b9e76bc 100644 --- a/docs/helm/examples/search-services.md +++ b/docs/helm/examples/search-services.md @@ -1,3 +1,9 @@ +--- +title: Search Services +parent: Examples +grand_parent: Helm +--- + # Dealing with Search service deployment Solr has some internal behavior that make it a not so great fit for orchestrated @@ -73,7 +79,7 @@ api, so it doesn't make much sense to use external access. ### Install ACS Helm Chart With Search External Access Follow the [EKS deployment](../eks-deployment.md) guide up until the -[ACS](../eks-deployment.md#acs) section, once the docker registry secret is +[ACS](../eks-deployment.md#development-version-of-charts) section, once the docker registry secret is installed come back here. Deploy the latest version of ACS Enterprise by running the command below diff --git a/docs/helm/examples/with-ai.md b/docs/helm/examples/with-ai.md index be0c0b926..ccdb43659 100644 --- a/docs/helm/examples/with-ai.md +++ b/docs/helm/examples/with-ai.md @@ -1,3 +1,9 @@ +--- +title: Intelligence Services +parent: Examples +grand_parent: Helm +--- + # ACS Helm Deployment with Intelligence Services By default, [Alfresco Intelligence @@ -7,7 +13,35 @@ feature is disabled, this example describes how to deploy ACS onto The diagram below shows the deployment produced by this example: -![Helm with Intelligence Services](../images/helm-eks-s3-rds-mq-ai.png) +## Architecture + +```mermaid +graph LR + +classDef alf fill:#0b0,color:#fff +classDef aws fill:#fa0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +subgraph ats[Alfresco Transform Service] + Deployment_transform-router(Deployment: transform-router):::alf + Deployment_ai[Deployment: AI t-engine]:::alf +end + +subgraph AWS + comprehend:::aws + rekognition:::aws + textract:::aws + s3:::aws +end + +Deployment_transform-router --> Deployment_ai + +Deployment_ai --> comprehend +Deployment_ai --> rekognition +Deployment_ai --> textract +Deployment_ai --> s3 +``` ## Prerequisites diff --git a/docs/helm/examples/with-aws-services.md b/docs/helm/examples/with-aws-services.md index e72f171ae..415e308c4 100644 --- a/docs/helm/examples/with-aws-services.md +++ b/docs/helm/examples/with-aws-services.md @@ -1,6 +1,15 @@ +--- +title: AWS Services +parent: Examples +grand_parent: Helm +--- + # Alfresco Content Services Helm Deployment with AWS Services - [Alfresco Content Services Helm Deployment with AWS Services](#alfresco-content-services-helm-deployment-with-aws-services) + - [Architecture diagrams](#architecture-diagrams) + - [Alfresco Transform Services](#alfresco-transform-services) + - [Search Enterprise](#search-enterprise) - [Prerequisites](#prerequisites) - [Setup Services](#setup-services) - [S3](#s3) @@ -14,14 +23,140 @@ and use [S3](https://aws.amazon.com/s3) for content storage, [RDS](https://aws.amazon.com/rds) as an external database and [Amazon MQ](https://aws.amazon.com/amazon-mq) as an external message broker. +## Architecture diagrams + The diagram below shows the deployment produced by this example: -![Helm with AWS Services](../images/helm-eks-aws-services.png) +```mermaid +graph LR + +classDef alf fill:#0b0,color:#fff +classDef aws fill:#fa0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +Client("👥 Clients") + +subgraph Helm enterprise + direction LR + + subgraph workloads + Deployment_alfresco-cc(Deployment: alfresco-cc):::alf + Deployment_alfresco-dw(Deployment: alfresco-dw):::alf + Deployment_alfresco-repository(Deployment: alfresco-repository):::alf + Deployment_alfresco-sync-service(Deployment: alfresco-sync-service):::alf + Deployment_share(Deployment: share):::alf + end + + subgraph ingress + Ingress_alfresco-cc(Ingress: alfresco-cc):::k8s + Ingress_alfresco-dw(Ingress: alfresco-dw):::k8s + Ingress_alfresco-repository(Ingress: alfresco-repository):::k8s + Ingress_alfresco-sync-service(Ingress: alfresco-sync-service):::k8s + Ingress_share(Ingress: share):::k8s + end +end + +subgraph AWS + mq[Amazon MQ]:::aws + opensearch[OpenSearch]:::aws + rds[Aurora RDS]:::aws + s3[S3 Bucket]:::aws +end + +Client ---> Ingress_alfresco-cc --> Deployment_alfresco-cc +Client ---> Ingress_alfresco-dw --> Deployment_alfresco-dw +Client --> Ingress_alfresco-repository --> Deployment_alfresco-repository +Client --> Ingress_share --> Deployment_share +Client --> Ingress_alfresco-sync-service --> Deployment_alfresco-sync-service + +Deployment_share --> Deployment_alfresco-repository + +Deployment_alfresco-repository --> rds +Deployment_alfresco-repository --> mq +Deployment_alfresco-repository --> opensearch + +Deployment_alfresco-sync-service --> rds +Deployment_alfresco-sync-service --> mq +Deployment_alfresco-sync-service --> Deployment_alfresco-repository + +Deployment_alfresco-repository --> s3 +``` + +### Alfresco Transform Services + +```mermaid +graph LR + +classDef alf fill:#0b0,color:#fff +classDef aws fill:#fa0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +subgraph ats[Alfresco Transform Service] + Deployment_filestore(Deployment: filestore):::alf + Deployment_imagemagick(Deployment: imagemagick):::alf + Deployment_libreoffice(Deployment: libreoffice):::alf + Deployment_pdfrenderer(Deployment: pdfrenderer):::alf + Deployment_tika(Deployment: tika):::alf + Deployment_transform-misc(Deployment: transform-misc):::alf + Deployment_transform-router(Deployment: transform-router):::alf +end + +subgraph AWS + EFS[(EFS: Datastore)]:::aws + mq[Amazon MQ]:::aws +end + +PersistentVolumeClaim_filestore-default-pvc(PersistentVolumeClaim: filestore-default-pvc):::k8s + +Deployment_transform-router --> mq +Deployment_transform-router --> Deployment_imagemagick +Deployment_transform-router --> Deployment_libreoffice +Deployment_transform-router --> Deployment_pdfrenderer +Deployment_transform-router --> Deployment_tika +Deployment_transform-router --> Deployment_transform-misc +Deployment_transform-router --> Deployment_filestore + +Deployment_filestore --> PersistentVolumeClaim_filestore-default-pvc --> EFS +``` + +### Search Enterprise + +```mermaid +graph TB + +classDef alf fill:#0b0,color:#fff +classDef aws fill:#fa0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +subgraph live[Live Indexing] + Deployment_alfresco-search-enterprise-content(Deployment: alfresco-search-enterprise-content):::alf + Deployment_alfresco-search-enterprise-metadata(Deployment: alfresco-search-enterprise-metadata):::alf + Deployment_alfresco-search-enterprise-path(Deployment: alfresco-search-enterprise-path):::alf + StatefulSet_alfresco-search-enterprise-mediation(StatefulSet: alfresco-search-enterprise-mediation):::alf +end + +subgraph AWS + mq[Amazon MQ]:::aws + opensearch[OpenSearch]:::aws + rds[Aurora RDS]:::aws +end + +Job_alfresco-search-enterprise-reindexing(Job: alfresco-search-enterprise-reindexing):::alf + +Job_alfresco-search-enterprise-reindexing --> opensearch +Job_alfresco-search-enterprise-reindexing --> rds + +live --> mq +live --> opensearch +``` ## Prerequisites Follow the [EKS deployment](../eks-deployment.md) guide up until the -[ACS](../eks-deployment.md#acs) section, once the docker registry secret is +[ACS](../eks-deployment.md#development-version-of-charts) section, once the docker registry secret is installed return to this page. :information_source: In the EKS installation documentation mentioned above, the diff --git a/docs/helm/examples/with-external-infrastructure.md b/docs/helm/examples/with-external-infrastructure.md index b2e35bd4c..c01b8871e 100644 --- a/docs/helm/examples/with-external-infrastructure.md +++ b/docs/helm/examples/with-external-infrastructure.md @@ -1,3 +1,10 @@ +--- +title: External infrastructure +parent: Examples +grand_parent: Helm +--- + + # Alfresco Content Services Helm Deployment with external infrastructure - [Alfresco Content Services Helm Deployment with external infrastructure](#alfresco-content-services-helm-deployment-with-external-infrastructure) diff --git a/docs/helm/examples/with-keycloak.md b/docs/helm/examples/with-keycloak.md index 52abb236e..b1bc582e9 100644 --- a/docs/helm/examples/with-keycloak.md +++ b/docs/helm/examples/with-keycloak.md @@ -1,3 +1,9 @@ +--- +title: Keycloak server +parent: Examples +grand_parent: Helm +--- + # ACS Helm Deployment with an external Keycloak server In this section we are going to describe how to install Alfresco with Helm on diff --git a/docs/helm/examples/with-ms-teams.md b/docs/helm/examples/with-ms-teams.md index 7649d7a2d..5c1875265 100644 --- a/docs/helm/examples/with-ms-teams.md +++ b/docs/helm/examples/with-ms-teams.md @@ -1,3 +1,9 @@ +--- +title: Microsoft Teams Connector +parent: Examples +grand_parent: Helm +--- + # ACS Helm Deployment with Microsoft Teams Connector The [Alfresco Microsoft Teams Connector](https://docs.alfresco.com/) enables diff --git a/docs/helm/examples/with-ooi.md b/docs/helm/examples/with-ooi.md index db309ce88..cee2a338b 100644 --- a/docs/helm/examples/with-ooi.md +++ b/docs/helm/examples/with-ooi.md @@ -1,3 +1,9 @@ +--- +title: Microsoft 365 Connector +parent: Examples +grand_parent: Helm +--- + # ACS Helm Deployment with Microsoft 365 Connector The [Alfresco Microsoft 365 @@ -9,9 +15,41 @@ Microsoft 365. By default, this feature is disabled. This example describes how to deploy ACS onto [EKS](https://aws.amazon.com/eks) with OOI enabled. -The diagram below shows the deployment produced by this example: +## Architecture + +```mermaid +graph LR + +classDef alf fill:#0b0,color:#fff +classDef aws fill:#fa0,color:#fff +classDef k8s fill:#326ce5,stroke:#326ce5,stroke-width:2px,color:#fff +classDef thrdP fill:#e098a6,color:#000 + +Client("👥 Clients") + +subgraph Helm enterprise + direction LR -![Helm with Office Online Integration](../images/helm-eks-s3-rds-mq-ooi.png) + subgraph workloads + Deployment_alfresco-repository(Deployment: alfresco-repository):::alf + Deployment_connector_ms365(Deployment: connector-ms365):::alf + end + subgraph ingress + Ingress_connector_ms365(Ingress: connector-ms365):::k8s + end +end + +subgraph ms365 + onedrive(Onedrive Graph API) + onedrive-auth(Auth API) +end + +Client --> Ingress_connector_ms365 --> Deployment_connector_ms365 + +Deployment_connector_ms365 --> onedrive +Deployment_connector_ms365 --> onedrive-auth +Deployment_connector_ms365 --> Deployment_alfresco-repository +``` ## Prerequisites diff --git a/docs/helm/images/charts-storage-persistence.png b/docs/helm/images/charts-storage-persistence.png deleted file mode 100644 index 31f9fca58..000000000 Binary files a/docs/helm/images/charts-storage-persistence.png and /dev/null differ diff --git a/docs/helm/images/charts-storage-persistence.puml b/docs/helm/images/charts-storage-persistence.puml deleted file mode 100644 index 4db629ad4..000000000 --- a/docs/helm/images/charts-storage-persistence.puml +++ /dev/null @@ -1,32 +0,0 @@ -@startuml Component Persistence Diagram -'!theme crt-amber -title Component Persistence - -skinparam linetype ortho - -start -:Read .Values.component.persistence; -if (.enabled?) then (yes) - if(.existingClaim?) then (yes) - :Render deployment with Persistent volume - backed by existingClaim PVC; - else (no) - :Create PVC; - if(.StorageClass?) then (yes) - :Use provided storageClass - for dynamic provisioning of PV; - else (no) - :Use default storageClass - for dynamic provisioning of PV; - endif - :Render deployment with Persistent volume - backed by created PVC; - endif -else (no) - :Render deployment - with Ephemeral volume (emptyDir); -endif -stop - -center footer Copyright 2022 Alfresco Software Inc -@enduml diff --git a/docs/helm/images/helm-community.png b/docs/helm/images/helm-community.png deleted file mode 100644 index 536559ffb..000000000 Binary files a/docs/helm/images/helm-community.png and /dev/null differ diff --git a/docs/helm/images/helm-community.puml b/docs/helm/images/helm-community.puml deleted file mode 100644 index 619604ff4..000000000 --- a/docs/helm/images/helm-community.puml +++ /dev/null @@ -1,67 +0,0 @@ -@startuml -!theme bluegray -Title: ACS Helm Community Deployment - -skinparam componentStyle uml2 -skinparam linetype ortho -skinparam rectangle { - BorderStyle dashed - FontSize 15 - FontStyle none - BackgroundColor Azure -} - -actor Client - -frame "alfresco namespace" { - component "NGINX ingress-controller" as nginx - component "Alfresco Content Services" as acs - component "Alfresco Search Services" as ass - component "PostgreSQL" as psql - component "Alfresco Share" as share - component "ActiveMQ" as amq - together { - database "Volume Claim" as vc1 - database "Volume Claim" as vc2 - database "Volume Claim" as vc3 - database "Volume Claim" as vc4 - } - rectangle "Alfresco Transform Service" as ats { - ' component "Transform Router" as tr - ' component "Shared File Store" as sfs - component "Alfresco PDF Renderer" as pdfr - component "LibreOffice" as libr - component "ImageMagick" as img - component "Tika" as tika - component "TransformMisc" as misc - } -} - -acs -[hidden]- ats -img -[hidden]- pdfr -img -[hidden]- misc - -Client -->> nginx - -nginx -->> acs -nginx -->> share - -acs -->> vc1 -amq -->> vc2 -ass -->> vc3 -psql -->> vc4 - -ass <<->> acs -acs -->> psql -acs -->> pdfr -acs -->> libr -acs -->> img -acs -->> tika -acs -->> misc -acs <<-->> amq - -share -->> acs - -center footer Copyright 2021 Alfresco Software Inc - -@enduml diff --git a/docs/helm/images/helm-eks-aws-services.png b/docs/helm/images/helm-eks-aws-services.png deleted file mode 100644 index 20c6a290c..000000000 Binary files a/docs/helm/images/helm-eks-aws-services.png and /dev/null differ diff --git a/docs/helm/images/helm-eks-aws-services.puml b/docs/helm/images/helm-eks-aws-services.puml deleted file mode 100644 index c2f423a84..000000000 --- a/docs/helm/images/helm-eks-aws-services.puml +++ /dev/null @@ -1,107 +0,0 @@ -@startuml -!theme bluegray -Title: ACS on EKS using S3, RDS, MQ & OpenSearch Helm Deployment Overview - -skinparam linetype ortho - -skinparam cloud { - BorderThickness 3 - BorderColor Orange - BackgroundColor white - CloudFontSize 15 -} - -skinparam rectangle { - BorderStyle dashed - BackgroundColor Azure - FontSize 15 - FontStyle none -} - -actor Client - -frame "alfresco namespace" { - component "NGINX ingress-controller" as nginx - component "Alfresco Digital Workspace" as adw - together { - component "Alfresco Content Services" as acs - component "Alfresco Share" as share - } - rectangle "Alfresco Search Enterprise 3" as se3 { - component "mediation" as se3mediation - component "content" as se3content - component "metadata" as se3metadata - component "path" as se3path - component "ReIndexing" as se3reidx - } - component "Alfresco Sync Service" as sync - rectangle "Alfresco Transform Service" { - component "Transform Router" as tr - component "Shared File Store" as sfs - component "Alfresco PDF Renderer" as pdfr - component "LibreOffice" as libr - component "ImageMagick" as img - component "Tika" as tika - component "TransformMisc" as misc - } -} - -cloud "Amazon Web Services" { - database "Aurora RDS" as db #Orange - storage "S3" as s3 #Orange - storage "EFS Volume Claim" as vc #Orange - queue "Amazon MQ" as mq #Orange - collections "OpenSearch" as osearch #Orange -} - -acs -[hidden]- se3 - -Client -->> nginx - -nginx -->> acs -nginx -->> share -nginx -->> adw - -acs -->> s3 -acs -->> osearch -se3content -->> osearch -se3metadata -->> osearch -se3path -->> osearch -se3content -->> se3mediation -se3metadata -->> se3mediation -se3path -->> se3mediation -se3mediation -->> mq -se3reidx -->> db -se3reidx -->> osearch -sfs -->> vc - -se3 <<-- acs -acs -->> db -acs -->> pdfr -acs -->> libr -acs -->> img -acs -->> tika -acs -->> misc -acs -->> sfs -acs <<-->> mq -tr -up->> pdfr -tr -up->> libr -tr -up->> img -tr -up->> tika -tr -up->> misc -tr <<-->> mq -pdfr -->> sfs -libr -->> sfs -img -->> sfs -tika -->> sfs -misc -->> sfs -share -->> acs -adw -->> acs - -sync <<->> acs -sync -->> db -sync -->> mq - -center footer Copyright 2021 Alfresco Software Inc - -@enduml diff --git a/docs/helm/images/helm-eks-community.puml b/docs/helm/images/helm-eks-community.puml deleted file mode 100644 index 241b10e7b..000000000 --- a/docs/helm/images/helm-eks-community.puml +++ /dev/null @@ -1,76 +0,0 @@ -@startuml -!theme bluegray -Title: ACS Community on EKS Helm Deployment Overview - -skinparam componentStyle uml2 -skinparam linetype ortho -skinparam rectangle { - BorderStyle dashed - FontSize 15 - FontStyle none - BackgroundColor Azure -} - -skinparam cloud { - BorderThickness 3 - BorderColor Orange - BackgroundColor white - CloudFontSize 15 -} - -actor Client - -frame "alfresco namespace" { - component "NGINX ingress-controller" as nginx - component "Alfresco Content Services" as acs - component "Alfresco Search Services" as ass - component "PostgreSQL" as psql - component "Alfresco Share" as share - component "ActiveMQ" as amq - rectangle "Alfresco Transform Service" as ats { - component "Alfresco PDF Renderer" as pdfr - component "LibreOffice" as libr - component "ImageMagick" as img - component "Tika" as tika - component "TransformMisc" as misc - } -} - -cloud "Amazon Web Services" { - rectangle "GP2/3" { - storage "EBS Volume" as ebs1 #Orange - storage "EBS Volume" as ebs2 #Orange - storage "EBS Volume" as ebs3 #Orange - } - rectangle "EFS CSI" { - storage "EFS Volume" as vc #Orange - } -} - -acs -[hidden]- ats -img -[hidden]- pdfr -img -[hidden]- misc - -Client -->> nginx - -nginx -->> acs -nginx -->> share - -acs -->> vc -psql -->> ebs1 -ass -->> ebs2 -amq -->> ebs3 - -ass <<->> acs -acs -->> psql -acs -->> pdfr -acs -->> libr -acs -->> img -acs -->> tika -acs -->> misc -acs <<-->> amq -share -->> acs - -center footer Copyright 2021 Alfresco Software Inc - -@enduml diff --git a/docs/helm/images/helm-eks-enterprise.puml b/docs/helm/images/helm-eks-enterprise.puml deleted file mode 100644 index e64028e1b..000000000 --- a/docs/helm/images/helm-eks-enterprise.puml +++ /dev/null @@ -1,97 +0,0 @@ -@startuml -!theme bluegray -Title: ACS Enterprise on EKS Helm Deployment Overview - -skinparam linetype ortho -skinparam rectangle { - BorderStyle dashed - FontSize 15 - FontStyle none - BackgroundColor Azure -} - -skinparam cloud { - BorderThickness 3 - BorderColor Orange - BackgroundColor white - CloudFontSize 15 -} - -actor Client - -frame "alfresco namespace" { - component "NGINX ingress-controller" as nginx - together { - component "Alfresco Digital Workspace" as adw - component "Alfresco Share" as share - } - component "Alfresco Content Services" as acs - component "Alfresco Search Services" as ass - component "Alfresco Sync Service" as sync - component "PostgreSQL" as psql - component "ActiveMQ" as amq - rectangle "Alfresco Transform Service" as ats { - component "Transform Router" as tr - component "Shared File Store" as sfs - component "Alfresco PDF Renderer" as pdfr - component "LibreOffice" as libr - component "ImageMagick" as img - component "Tika" as tika - component "TransformMisc" as misc - } -} - -cloud "Amazon Web Services" { - rectangle "GP2/3" { - storage "EBS Volume" as ebs1 #Orange - storage "EBS Volume" as ebs2 #Orange - storage "EBS Volume" as ebs3 #Orange - } - rectangle "EFS CSI" { - storage "EFS Volume" as vc #Orange - } -} - -Client -->> nginx - -nginx -->> acs -nginx -->> share -nginx -->> adw - -acs -[hidden]- ats -acs -->> vc -amq -->> ebs1 -psql -->> ebs2 -sfs -->> vc -ass -->> ebs3 - -acs -->> psql -acs -->> pdfr -acs -->> libr -acs -->> img -acs -->> tika -acs -->> misc -acs -->> sfs -acs <<-->> amq -tr -->> pdfr -tr -->> libr -tr -->> img -tr -->> tika -tr -->> misc -tr <<-->> amq -pdfr -->> sfs -libr -->> sfs -img -->> sfs -tika -->> sfs -misc -->> sfs -share -->> acs -adw ->> acs - -acs <<->> ass -sync <<->> acs -sync -->> psql -sync -->> amq - -center footer Copyright 2021 Alfresco Software Inc - -@enduml diff --git a/docs/helm/images/helm-eks-s3-rds-mq-ai.png b/docs/helm/images/helm-eks-s3-rds-mq-ai.png deleted file mode 100644 index 261810ca1..000000000 Binary files a/docs/helm/images/helm-eks-s3-rds-mq-ai.png and /dev/null differ diff --git a/docs/helm/images/helm-eks-s3-rds-mq-ai.puml b/docs/helm/images/helm-eks-s3-rds-mq-ai.puml deleted file mode 100644 index 9d403ac2c..000000000 --- a/docs/helm/images/helm-eks-s3-rds-mq-ai.puml +++ /dev/null @@ -1,109 +0,0 @@ -@startuml -!theme bluegray -Title: ACS with Intelligence Services on EKS using S3, RDS and MQ Helm Deployment Overview - -skinparam componentStyle uml2 -skinparam linetype ortho -skinparam rectangle { - BorderStyle dashed - FontSize 15 - FontStyle none - BackgroundColor Azure -} - -skinparam cloud { - BorderThickness 3 - BorderColor Orange - BackgroundColor white - CloudFontSize 15 -} - -actor Client - -frame "alfresco namespace" { - component "NGINX ingress-controller" as nginx - together { - component "Alfresco Digital Workspace \n (with AI config)" as adw - component "Alfresco Share \n (with AI AMP)" as share - } - component "Alfresco Content Services \n (with AI AMP)" as acs - component "Alfresco Search Services" as ass - component "Alfresco Sync Service" as sync - rectangle "Alfresco Transform Service" as ats { - component "Transform Router \n (with AI config)" as tr - component "Shared File Store" as sfs - component "Alfresco PDF Renderer" as pdfr - component "LibreOffice" as libr - component "ImageMagick" as img - component "Tika" as tika - component "TransformMisc" as misc - component "AI T-Engine" as aiEngine - } -} - -cloud "Amazon Web Services" { - rectangle "S3 buckets" { - storage "ACS" as s3acs #Orange - storage "AI" as s3ai #Orange - } - database "Aurora RDS" as db #Orange - rectangle "GP2/3" { - storage "EBS Volume" as ebs #Orange - } - rectangle "EFS CSI" { - storage "EFS Volume Claim" as vc #Orange - } - queue "Amazon MQ" as mq #Orange - node "Comprehend" as comp #Orange - node "Rekognition" as rek #Orange - node "Textract" as tex #Orange -} - -acs -[hidden]- ats -Client -->> nginx - -nginx -->> acs -nginx -->> share -nginx -->> adw - -ass -->> ebs -sfs -->> vc -acs -->> s3acs - -ass <<->> acs -acs -->> db -acs -->> pdfr -acs -->> libr -acs -->> img -acs -->> tika -acs -->> misc -acs -->> sfs -acs <<-->> mq -tr -up->> pdfr -tr -up->> libr -tr -up->> img -tr -up->> tika -tr -up->> misc -tr -up->> aiEngine -tr <<-->> mq -pdfr -->> sfs -libr -->> sfs -img -->> sfs -tika -->> sfs -misc -->> sfs -share -->> acs -adw -->> acs - -sync <<->> acs -sync -->> db -sync -->> mq - -aiEngine -->> sfs -aiEngine -->> s3ai -aiEngine -->> comp -aiEngine -->> rek -aiEngine -->> tex - -center footer Copyright 2021 Alfresco Software Inc - -@enduml diff --git a/docs/helm/images/helm-eks-s3-rds-mq-ooi.png b/docs/helm/images/helm-eks-s3-rds-mq-ooi.png deleted file mode 100644 index 87222fb23..000000000 Binary files a/docs/helm/images/helm-eks-s3-rds-mq-ooi.png and /dev/null differ diff --git a/docs/helm/images/helm-eks-s3-rds-mq-ooi.puml b/docs/helm/images/helm-eks-s3-rds-mq-ooi.puml deleted file mode 100644 index 746ac9c21..000000000 --- a/docs/helm/images/helm-eks-s3-rds-mq-ooi.puml +++ /dev/null @@ -1,101 +0,0 @@ -@startuml -!theme bluegray -Title: ACS with Office Online Integration (OOI) on EKS using S3, RDS and MQ Helm Deployment Overview - -skinparam linetype ortho -skinparam rectangle { - BorderStyle dashed - FontSize 15 - FontStyle none - BackgroungColor Azure -} - -skinparam cloud { - BorderThickness 3 - BorderColor Orange - BackgroundColor white - CloudFontSize 15 -} - -actor Client - -frame "alfresco namespace" { - component "NGINX ingress-controller" as nginx - component "Alfresco Digital Workspace \n (with OOI config)" as adw - component "Alfresco Content Services \n" as acs - component "Alfresco Search Services" as ass - component "Alfresco Sync Service" as sync - component "Alfresco Share \n" as share - component "Alfresco OOI Service" as ooi - rectangle "Alfresco Transform Service" as ats { - component "Transform Router" as tr - component "Shared File Store" as sfs - component "Alfresco PDF Renderer" as pdfr - component "LibreOffice" as libr - component "ImageMagick" as img - component "Tika" as tika - component "TransformMisc" as misc - } -} - -cloud "Amazon Web Services" { - rectangle "S3 Buckets" { - storage "ACS Contentstore" as s3acs #Orange - } - database "Aurora RDS" as db #Orange - storage "EBS Volume" as ebs #Orange - storage "EFS Volume" as vc #Orange - queue "Amazon MQ" as mq #Orange -} - -cloud "Microsoft 365" { - storage "Auth" as msauth #DodgerBlue - storage "Graph Files (OneDrive)" as msgraph #DodgerBlue -} - -acs -[hidden]- ats -Client -->> nginx - -nginx -->> acs -nginx -->> share -nginx -->> adw - -ass -->> ebs -sfs -->> vc -acs -->> s3acs - -ass <<->> acs -acs -->> db -acs -->> pdfr -acs -->> libr -acs -->> img -acs -->> tika -acs -->> misc -acs -->> sfs -acs <<-->> mq -tr -up->> pdfr -tr -up->> libr -tr -up->> img -tr -up->> tika -tr -up->> misc -tr <<-->> mq -pdfr -->> sfs -libr -->> sfs -img -->> sfs -tika -->> sfs -misc -->> sfs -share -->> acs -adw -->> acs -adw -->> ooi -adw -->> msauth - -ooi -->> acs -ooi -->> msgraph - -sync <<->> acs -sync -->> db -sync -->> mq - -center footer Copyright 2021 Alfresco Software Inc - -@enduml diff --git a/docs/helm/images/helm-enterprise.png b/docs/helm/images/helm-enterprise.png deleted file mode 100644 index 66753967b..000000000 Binary files a/docs/helm/images/helm-enterprise.png and /dev/null differ diff --git a/docs/helm/images/helm-enterprise.puml b/docs/helm/images/helm-enterprise.puml deleted file mode 100644 index e14df3709..000000000 --- a/docs/helm/images/helm-enterprise.puml +++ /dev/null @@ -1,88 +0,0 @@ -@startuml -!theme bluegray -Title: ACS Helm Enterprise Deployment - -skinparam componentStyle uml2 -skinparam linetype ortho -skinparam rectangle { - BorderStyle dashed - FontSize 15 - FontStyle none - BackgroundColor Azure -} - -actor Client - -frame "alfresco namespace" { - component "NGINX ingress-controller" as nginx - component "Alfresco Digital Workspace" as adw - together { - component "Alfresco Share" as share - component "Alfresco Content Services" as acs - } - component "Alfresco Search Services" as ass - component "Alfresco Sync Service" as sync - component "PostgreSQL" as psql - component "ActiveMQ" as amq - together { - database "Volume Claim" as vc1 - database "Volume Claim" as vc2 - database "Volume Claim" as vc3 - database "Volume Claim" as vc4 - database "Volume Claim" as vc5 - } - rectangle "Alfresco Transform Service" as ats { - component "Transform Router" as tr - component "Shared File Store" as sfs - component "Alfresco PDF Renderer" as pdfr - component "LibreOffice" as libr - component "ImageMagick" as img - component "Tika" as tika - component "TransformMisc" as misc - } -} - -acs -[hidden]- ats - -Client -->> nginx - -nginx -->> acs -nginx -->> share -nginx -->> adw - -acs -->> vc1 -ass -->> vc2 -psql -->> vc3 -sfs -->> vc4 -amq -->> vc5 - -acs -->> psql -acs -->> pdfr -acs -->> libr -acs -->> img -acs -->> tika -acs -->> misc -acs -->> sfs -acs <<-->> amq -tr -->> pdfr -tr -->> libr -tr -->> img -tr -->> tika -tr -->> misc -tr <<-up->> amq -pdfr -->> sfs -libr -->> sfs -img -->> sfs -tika -->> sfs -misc -->> sfs -share -->> acs -adw -->> acs - -sync <<->> acs -acs <<->> ass -sync -->> psql -sync -->> amq - -center footer Copyright 2021 Alfresco Software Inc - -@enduml diff --git a/docs/helm/ingress-nginx.md b/docs/helm/ingress-nginx.md index e04751eeb..4467eb328 100644 --- a/docs/helm/ingress-nginx.md +++ b/docs/helm/ingress-nginx.md @@ -1,3 +1,9 @@ +--- +title: Ingress guide +parent: Guides +grand_parent: Helm +--- + # Install ingress-nginx We currently support and test only @@ -11,8 +17,8 @@ Install the ingress-nginx controller namespace: ```bash helm upgrade --install ingress-nginx ingress-nginx \ - --repo https://kubernetes.github.io/ingress-nginx \ - --namespace ingress-nginx --create-namespace +--repo https://kubernetes.github.io/ingress-nginx \ +--namespace ingress-nginx --create-namespace ``` Enable snippet annotations which is disabled by default for security reasons, but @@ -21,14 +27,23 @@ the ones we strictly need. ```bash kubectl -n ingress-nginx patch cm ingress-nginx-controller \ - -p '{"data": {"allow-snippet-annotations":"true"}}' +-p '{"data": {"allow-snippet-annotations":"true"}}' ``` Wait for the ingress-nginx controller to be up again after the configuration change: ```sh kubectl wait --namespace ingress-nginx \ - --for=condition=ready pod \ - --selector=app.kubernetes.io/component=controller \ - --timeout=90s +--for=condition=ready pod \ +--selector=app.kubernetes.io/component=controller \ +--timeout=90s +``` + +Verify the newly created pod under the ingress-nginx namespace: + +```sh +kubectl get pods --namespace=ingress-nginx ``` + +More information can be found in the +[ingress-nginx deploy docs](https://kubernetes.github.io/ingress-nginx/deploy/). diff --git a/docs/helm/kind-deployment.md b/docs/helm/kind-deployment.md index f51efed8b..62ba37975 100644 --- a/docs/helm/kind-deployment.md +++ b/docs/helm/kind-deployment.md @@ -1,3 +1,9 @@ +--- +title: Kind +parent: Deployment +grand_parent: Helm +--- + # Alfresco Content Services Helm Deployment on KinD cluster This page describe how to get ACS up and running on a [Kubernetes In diff --git a/docs/helm/registry-authentication.md b/docs/helm/registry-authentication.md index 25c0e7257..e28557136 100644 --- a/docs/helm/registry-authentication.md +++ b/docs/helm/registry-authentication.md @@ -1,3 +1,9 @@ +--- +title: Registry authentication +parent: Guides +grand_parent: Helm +--- + # Private registry authentication For pulling images served by a registry that requires authentication, you have diff --git a/docs/helm/security.md b/docs/helm/security.md index f4889e24a..e4853bab6 100644 --- a/docs/helm/security.md +++ b/docs/helm/security.md @@ -1,3 +1,9 @@ +--- +title: Security +parent: Guides +grand_parent: Helm +--- + # Security This pages focuses on providing information on making a secure ACS installation diff --git a/docs/helm/storage.md b/docs/helm/storage.md index 56ac2b475..210868e3b 100644 --- a/docs/helm/storage.md +++ b/docs/helm/storage.md @@ -1,3 +1,9 @@ +--- +title: Storage +parent: Guides +grand_parent: Helm +--- + # ACS Storage persistence in kubernetes ACS platform in order to serve users' requests, needs to persist several type @@ -17,9 +23,25 @@ This mechanism can be reused by different charts or sub-charts in the same way. > Note: direct usage of kubernetes volumes (without PVC) is not supported) -The logic used in the template is depicted b the diagram below: +The logic used in the template is depicted in the diagram below: + +```mermaid +flowchart TD +persistence(.Values.$componentName.persistence) --> enabled{{.enabled?}} +enabled --true--> existingClaim{{.existingClaim?}} +enabled --false--> emptyDir[Render Deployment with\nEphemeral Volume] + +existingClaim --true--> renderExistingClaim[Render deployment\nreferencing the existing PVC] +existingClaim --false--> storageClass -![persistence of storage in acs chart](images/charts-storage-persistence.png) +storageClass{{.storageClass?}} +providedStorageClass[Render PVC with the\n provided storageClass] +defaultStorageClass[Render PVC with the\n default storageClass] +render[Render Deployment referencing the previously created PVC] + +storageClass --true--> providedStorageClass --> render +storageClass --false--> defaultStorageClass --> render +``` Whatever the option you choose, start by enabling persistence under the component which needs it: diff --git a/docs/helm/upgrades.md b/docs/helm/upgrades.md index 82e60efdf..bfa409052 100644 --- a/docs/helm/upgrades.md +++ b/docs/helm/upgrades.md @@ -1,3 +1,9 @@ +--- +title: Upgrades +parent: Guides +grand_parent: Helm +--- + # Upgrading the helm charts Our helm charts are continuously improved and sometimes arise the need to @@ -13,8 +19,7 @@ version in which they have been released. ## 8.0.0 * Search Enterprise is now the default search engine when installing Enterprise - version. For production it's suggested to use an [external elaticsearch - index](examples/with-external-infrastructure.md#elasticsearch-index). + version. For production it's suggested to use an [external elaticsearch index](examples/with-external-infrastructure.md#elasticsearch-index). ## 8.0.0-M.1 @@ -123,12 +128,12 @@ that using this values has always required and still requires using a custom image embedding the Alfresco S3 connector. Please refer to the [alfresco-repository chart -documentation](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/properties.md) +documentation](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/repository-properties.md) ### Chart modularization: Alfresco repository Repository is now deployed as part of an independent subchart. Checkout -[alfresco-repository](https://github.com/Alfresco/alfresco-helm-charts/charts/alfresco-repository/README.md) +[alfresco-repository](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/README.md) for details on how to use that new chart. This `alfresco-content-services` chart is now essentially a wrapper of subcharts @@ -398,7 +403,7 @@ according to the standard [kubernetes resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes). For example, in the [alfresco-content-services values -file](../../helm/alfresco-content-services/values.yaml) you can find: +file](https://github.com/Alfresco/acs-deployment/blob/master/helm/alfresco-content-services/values.yaml) you can find: ```yaml repository: diff --git a/docs/helm/values/letsencrypt_values.yaml b/docs/helm/values/letsencrypt_values.yaml new file mode 100644 index 000000000..bed309af2 --- /dev/null +++ b/docs/helm/values/letsencrypt_values.yaml @@ -0,0 +1,55 @@ +# Configure all ingresses with the annotation that enables LetsEncrypt +# certificate generation +# see eks-deployment.md#https +alfresco-control-center: + ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: ${ACS_HOSTNAME} + paths: + - path: /control-center + pathType: Prefix + tls: + - hosts: + - ${ACS_HOSTNAME} + secretName: letsencrypt-key +alfresco-digital-workspace: + ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: ${ACS_HOSTNAME} + paths: + - path: /workspace + pathType: Prefix + tls: + - hosts: + - ${ACS_HOSTNAME} + secretName: letsencrypt-key +alfresco-repository: + ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: ${ACS_HOSTNAME} + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - ${ACS_HOSTNAME} + secretName: letsencrypt-key +share: + ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: ${ACS_HOSTNAME} + paths: + - path: /share + pathType: ImplementationSpecific + tls: + - hosts: + - ${ACS_HOSTNAME} + secretName: letsencrypt-key diff --git a/docs/images/favicon.ico b/docs/images/favicon.ico new file mode 100644 index 000000000..d246c0b86 Binary files /dev/null and b/docs/images/favicon.ico differ diff --git a/docs/images/hyland-alfresco-logos.png b/docs/images/hyland-alfresco-logos.png new file mode 100644 index 000000000..0fd08dda5 Binary files /dev/null and b/docs/images/hyland-alfresco-logos.png differ diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 000000000..b8f2ed45b --- /dev/null +++ b/docs/index.md @@ -0,0 +1,117 @@ +--- +title: ACS Deployment +layout: home +nav_order: 1 +permalink: /index.html +--- +# Alfresco Content Services Containerized Deployment + +[![release](https://img.shields.io/github/v/release/Alfresco/acs-deployment?display_name=release)](https://github.com/Alfresco/acs-deployment/releases/latest) +![kubernetes tested version](https://img.shields.io/badge/k8s%20version-v1.29-blue) + +This project contains the code for running Alfresco Content Services (ACS) with +[Docker](https://docs.docker.com/get-started) using [Docker +Compose](https://docs.docker.com/compose) or on +[Kubernetes](https://kubernetes.io) using [Helm Charts](https://helm.sh). + +> Automated tests for helm charts are running on KinD cluster v1.29 and EKS v1.28. + +## Important changes for helm charts + +The v7.0.0 release is the first release of the acs helm charts which completely +leverage the new individual subcharts we started releasing since March 2023 in a +dedicated repo: +[alfresco-helm-charts](https://github.com/Alfresco/alfresco-helm-charts). + +This change will make life easier to whoever want to customize or extend the +helm deployments and simplify the future maintenance, at the cost of breaking +the compatibility with the values structure which remained almost stable since +the v6 release. + +Please review the new [values](https://github.com/Alfresco/acs-deployment/blob/master/helm/alfresco-content-services/values.yaml) +carefully and adapt any custom configuration you may have. You can read the +[upgrades guide](helm/upgrades.md) for more details on the changes. + +> Deploying to new namespace is always the preferred way of upgrading ACS as we +> do not test charts for upgrade scenarios (even with previous versions) +> neither do we provide roll-back facilities. + +## Prerequisites + +The ACS Enterprise version is installed by default, using Docker images from +Quay.io. If you're an Alfresco customer, you can request Quay.io credentials by +logging a ticket with [Hyland Community](https://community.hyland.com). + +The repository Docker image provides a limited trial of the Enterprise version +of Alfresco Content Services, which switches to read-only mode after 2 days. For +a longer trial, you can request the 30-day [Download +Trial](https://www.alfresco.com/platform/content-services-ecm/trial/download). + +The Community Edition can be installed without the need of a license or quay.io +account. + +## Versioning + +As of version 8.0.0 of the chart we have changed the release policy. +Previously, the chart was released together with the ACS product and we were +delivering additional values files for each major release of ACS (e.g. 7.3, +7.4, ...) and chart version were bumped with a similar increment as ACS. +With version 6.0.0, we started applying major versions bumps to reflect +breaking changes in the chart, despite only minor ACS release happened. + +With 8.0.0 onward, the release pace of the chart is completely independent from +the product versions. We will also stick to Semver principles when choosing +next version number, meaning that: + +* patch version will be used for bug fixes (last digit) +* minor version will be used for new features and modifications which do not + introduce breaking changes in the configuration interface. +* major version will be used for changes which involve breaking changes in the + configuration interface. + +The `alfresco-content-services` chart has always provided the ability to deploy +any currently supported version of ACS and its components and will continue to +do so. You are encoraged to always use the latest version of the chart to +deploy your ACS version, using the appropriate values file. For that reason we +stop providing the table mapping chart versions with the ACS version they +deploy (by default). Instead we'll just maintain the list of deprecated versions +versions mapped with the latest versions of the charts we tested deployment +with, so you can use that version to deploy older ACS version on Kubernetes. +Check the [ACS End of Life'd versions](#acs-end-of-lifed-versions) paragraph. + +You are encouraged to always use the latest version of the chart to deploy your +currently supported ACS version, using the appropriate values file. + +Finally, the master branch of this repository used to contain the latest +versions, including non-released versions! +We're also moving away from this pattern and the chart will now only ever +deploy released versions of our products. + +Should you want to try our latest dev versions, we now provide an additional +values file called `pre-release_values.yaml` which will be bumped on a regular +basis. + +This also means we will not produce `-M*` versions of the chart anymore. + +Check the [Release page](https://github.com/Alfresco/acs-deployment/releases) for the list of existing versions. + +### ACS End of Life'd versions + +While our latest version of the charts should be able to deployment any version +of ACS (theoretically), we only ever test deployment of _currently_ supported +versions. Also we do not provide values files for older unsupported version. If +you need to deploy old version we provide a reference table below to allow you +find the older values files and charts. You can either try using the values +file for a version with the latest charts or using the old charts. + +| unsupported ACS version | Last chart version providing it | +|-------------------------|---------------------------------| +| 7.0 | 8.0.1 | +| 6.2 | 5.3.0 | +| 6.1 | 5.1.1 | + +> These charts should not be used for any new deployment but just for reference. + +## Getting Started + +To get started please refer to the [Docker Compose](compose.md) and [Helm Chart](helm.md) documentation. diff --git a/helm/acs-sso-example/Chart.yaml b/helm/acs-sso-example/Chart.yaml index 9fb183533..16f8f203a 100644 --- a/helm/acs-sso-example/Chart.yaml +++ b/helm/acs-sso-example/Chart.yaml @@ -10,7 +10,7 @@ description: | * Composing your ACS from individual component charts we provide. Check the [step by step documentation](./docs/step-by-step-guide.md) * SSO integration, to add keycloak and configure Alfresco applications - accordingly: [SSO guide](./docs/step-by-step-guide.md) + accordingly: [SSO guide](./docs/sso-guide.md) > Note: this chart is just an example that can run on a localhost only. > It ships ACS repo, the repository database, the message broker, the @@ -25,7 +25,7 @@ version: 0.1.0 appVersion: 23.2.0-A12 home: https://www.alfresco.com sources: - - https://github.com/Alfresco/acs-deployment/helm/acs-sso-example + - https://github.com/Alfresco/acs-deployment dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts diff --git a/helm/acs-sso-example/README.md b/helm/acs-sso-example/README.md index 32b12b905..a3e3d54c3 100644 --- a/helm/acs-sso-example/README.md +++ b/helm/acs-sso-example/README.md @@ -1,3 +1,9 @@ +--- +title: acs-sso-example +parent: Charts +grand_parent: Helm +--- + # acs-sso-example ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.2.0-A12](https://img.shields.io/badge/AppVersion-23.2.0--A12-informational?style=flat-square) @@ -11,7 +17,7 @@ be enough but the principals are also documented in two differents steps: * Composing your ACS from individual component charts we provide. Check the [step by step documentation](./docs/step-by-step-guide.md) * SSO integration, to add keycloak and configure Alfresco applications - accordingly: [SSO guide](./docs/step-by-step-guide.md) + accordingly: [SSO guide](./docs/sso-guide.md) > Note: this chart is just an example that can run on a localhost only. > It ships ACS repo, the repository database, the message broker, the @@ -25,7 +31,7 @@ deployment is destroyed or rolled back! ## Source Code -* +* ## Requirements @@ -40,171 +46,17 @@ deployment is destroyed or rolled back! ## Values - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
activemqobject
-check values.yaml
-
-		Configure the ACS ActiveMQ message broker as per https://github.com/Alfresco/alfresco-helm-charts/tree/activemq-3.4.1/charts/activemq
alfresco-content-appobject
-check values.yaml
-
-		Configure the Alfresco Conent-app as per https://github.com/Activiti/activiti-cloud-common-chart/tree/8.2.0/charts/common
alfresco-repositoryobject
-check values.yaml
-
-		Configure the ACS repository as per https://github.com/Alfresco/alfresco-helm-charts/tree/alfresco-repository-0.1.3/charts/alfresco-repository
alfresco-shareobject
-check values.yaml
-
-		Configure the Alfresco Share as per https://github.com/Alfresco/alfresco-helm-charts/tree/alfresco-share-0.3.0/charts/alfresco-share
global.known_urlslist
-[
-  "http://localhost"
-]
-
-		list of trusted URLs. URLs a re used to configure Cross-origin protections Also the first entry is considered the main hosting domain of the platform.
keycloakxobject
-check values.yaml
-
-		Configure the ACS Keycloak Identity provider as per https://github.com/codecentric/helm-charts/tree/keycloakx-2.3.0
keycloakx.admin.passwordstring
-random ascii string
-
-		Keycloak admin password. By default generated on first deployment, to get its value use:
kubectl get secrets keycloak -o jsonpath='{@.data.KEYCLOAK_ADMIN_PASSWORD}' | base64 -d
keycloakx.admin.realm[0]object
-{
-  "clients": [
-    {
-      "clientId": "alfresco",
-      "enabled": true,
-      "implicitFlowEnabled": true,
-      "publicClient": true,
-      "redirectUris": "{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}",
-      "standardFlowEnabled": true,
-      "webOrigins": "{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"
-    }
-  ],
-  "defaultLocale": "en",
-  "enabled": true,
-  "id": "alfresco",
-  "internationalizationEnabled": true,
-  "loginTheme": "alfresco",
-  "realm": "alfresco",
-  "sslRequired": "none",
-  "supportedLocales": [
-    "ca",
-    "de",
-    "en",
-    "es",
-    "fr",
-    "it",
-    "ja",
-    "lt",
-    "nl",
-    "no",
-    "pt-BR",
-    "ru",
-    "sv",
-    "zh-CN"
-  ],
-  "users": [
-    {
-      "credentials": [
-        {
-          "type": "password",
-          "value": "secret"
-        }
-      ],
-      "enabled": true,
-      "username": "admin"
-    }
-  ]
-}
-
-		Alfresco Realm definition
keycloakx.admin.realm[0].users[0].credentials[0].valuestring
-"secret"
-
-		default Alfresco admin password
keycloakx.admin.realm[0].users[0].usernamestring
-"admin"
-
-		default Alfresco admin user
keycloakx.admin.usernamestring
-"admin"
-
-		Keycloak admin username
repository-databaseobject
-check values.yaml
-
-		Configure the ACS repository Postgres database as per https://github.com/bitnami/charts/tree/002c752f871c8fa068a770dc80fec4cf798798ab/bitnami/postgresql
- +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| activemq | object | check values.yaml | Configure the ACS ActiveMQ message broker as per https://github.com/Alfresco/alfresco-helm-charts/tree/activemq-3.4.1/charts/activemq | +| alfresco-content-app | object | check values.yaml | Configure the Alfresco Conent-app as per https://github.com/Activiti/activiti-cloud-common-chart/tree/8.2.0/charts/common | +| alfresco-repository | object | check values.yaml | Configure the ACS repository as per https://github.com/Alfresco/alfresco-helm-charts/tree/alfresco-repository-0.1.3/charts/alfresco-repository | +| alfresco-share | object | check values.yaml | Configure the Alfresco Share as per https://github.com/Alfresco/alfresco-helm-charts/tree/alfresco-share-0.3.0/charts/alfresco-share | +| global.known_urls | list | `["http://localhost"]` | list of trusted URLs. URLs a re used to configure Cross-origin protections Also the first entry is considered the main hosting domain of the platform. | +| keycloakx | object | check values.yaml | Configure the ACS Keycloak Identity provider as per https://github.com/codecentric/helm-charts/tree/keycloakx-2.3.0 | +| keycloakx.admin.password | string | random ascii string | Keycloak admin password. By default generated on first deployment, to get its value use:
kubectl get secrets keycloak -o jsonpath='{@.data.KEYCLOAK_ADMIN_PASSWORD}' | base64 -d | +| keycloakx.admin.realm[0] | object | `{"clients":[{"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"enabled":true,"username":"admin"}]}` | Alfresco Realm definition | +| keycloakx.admin.realm[0].users[0].credentials[0].value | string | `"secret"` | default Alfresco admin password | +| keycloakx.admin.realm[0].users[0].username | string | `"admin"` | default Alfresco admin user | +| keycloakx.admin.username | string | `"admin"` | Keycloak admin username | +| repository-database | object | check values.yaml | Configure the ACS repository Postgres database as per https://github.com/bitnami/charts/tree/002c752f871c8fa068a770dc80fec4cf798798ab/bitnami/postgresql | diff --git a/helm/acs-sso-example/README.md.gotmpl b/helm/acs-sso-example/README.md.gotmpl index 4ce76be30..532775f03 100644 --- a/helm/acs-sso-example/README.md.gotmpl +++ b/helm/acs-sso-example/README.md.gotmpl @@ -1,3 +1,9 @@ +--- +title: {{ template "chart.name" . }} +parent: Charts +grand_parent: Helm +--- + {{ template "chart.header" . }} {{ template "chart.deprecationWarning" . }} @@ -13,4 +19,4 @@ {{ template "chart.requirementsSection" . }} -{{ template "chart.valuesSectionHtml" . }} +{{ template "chart.valuesSection" . }} diff --git a/helm/acs-sso-example/docs/sso-guide.md b/helm/acs-sso-example/docs/sso-guide.md index dcd0d22cc..925e6b28d 100644 --- a/helm/acs-sso-example/docs/sso-guide.md +++ b/helm/acs-sso-example/docs/sso-guide.md @@ -1,7 +1,12 @@ +--- +title: SSO +parent: Examples +grand_parent: Helm +--- + # SSO integration with Keycloak (vanilla) -This is an extension of the base setup presented in the [step by step -guide](./step-by-step-guide.md). Make sure you have it running before reading +This is an extension of the base setup presented in the [step by step guide](./step-by-step-guide.md). Make sure you have it running before reading further (unless you just want to look at how to integrate Keycloak with ACS component without trying it on your local machine). diff --git a/helm/acs-sso-example/docs/step-by-step-guide.md b/helm/acs-sso-example/docs/step-by-step-guide.md index 936948936..1fc3c09ea 100644 --- a/helm/acs-sso-example/docs/step-by-step-guide.md +++ b/helm/acs-sso-example/docs/step-by-step-guide.md @@ -1,3 +1,9 @@ +--- +title: Step by step +parent: Guides +grand_parent: Helm +--- + # Anatomy of the example chart (and how you can build your own) This document explains the mechanisms used in this chart to build a Alfresco @@ -5,7 +11,7 @@ platform to deploy on [Kubernetes](https://kubernetes.io/). ## Why an example charts when there is already the alfresco-content-services? -With [alfresco-content-services chart](../../alfrescocontent-services/) we +With [alfresco-content-services chart](../../alfresco-content-services/README.md) we tried to provide something that can deploy most of our software components - still not all of them are included - but also serves as a basis for customization for real world scenarios. These two paradigms have actually @@ -18,7 +24,7 @@ including third party ones (database, message broker, Identity provider, ...). For that reason we have started creating individual charts for Alfresco components in the [alfresco-helm-charts -repository](https://github.com/Alfresco/alfreso-helm-charts/charts/) (more to +repository](https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts) (more to come and PR are welcome). ## High overview of the example chart @@ -311,7 +317,7 @@ approach we prefer using to configure Alfresco component charts. #### Configuring the repository subchart The [Alfresco repository chart -documentation](ihttps://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/alfresco-repository) +documentation](https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/alfresco-repository) shows how to configure the repo db and message broker using configmaps and secrets: ```yaml @@ -407,7 +413,7 @@ Now we can create configmaps to compute the services URL: The URL is built dynamically using string concatenation and the very same [named template](https://helm.sh/docs/chart_template_guide/named_templates/) that's used in the postgresql subchart to define the postgresql service name: see the -[code](https://github.com/bitnami/charts/blob/fc36e80c9ae42fd6a423a567c7fa1f6dab44ffd3/bitnami/postgresql/templates/primary/svc.yaml#L9). +[code](https://github.com/bitnami/charts/blob/fc36e80c9ae42fd6a423a567c7fa1f6dab44ffd3/bitnami/postgresql/templates/primary/svc.yaml). > Note we are building a `$dbCtx` to mimic the context the subchart uses when > evaluating `postgresql.v1.primary.fullname`. This is where it's important to @@ -455,7 +461,7 @@ helm dep build # pull dependencies helm install --generate-name --atomic . ``` -You can now open your browser on [http://localhost/alfresco](http://localhost/alfresco) +You can now open your browser on `http://localhost/alfresco` ## Next steps diff --git a/helm/acs-sso-example/values.yaml b/helm/acs-sso-example/values.yaml index 05aa4fe36..c5cef6ad6 100644 --- a/helm/acs-sso-example/values.yaml +++ b/helm/acs-sso-example/values.yaml @@ -41,6 +41,8 @@ repository-database: # @default -- check values.yaml keycloakx: nameOverride: keycloak + image: + tag: 24.0.5 admin: # -- Keycloak admin username username: admin diff --git a/helm/alfresco-content-services/7.1.N_values.yaml b/helm/alfresco-content-services/7.1.N_values.yaml index 087b1c2c1..af7188e91 100644 --- a/helm/alfresco-content-services/7.1.N_values.yaml +++ b/helm/alfresco-content-services/7.1.N_values.yaml @@ -74,7 +74,7 @@ postgresql-sync: tag: 13.3.0 alfresco-digital-workspace: image: - tag: 2.6.2 + tag: 4.4.1 alfresco-sync-service: image: tag: 3.11.3 diff --git a/helm/alfresco-content-services/7.2.N_values.yaml b/helm/alfresco-content-services/7.2.N_values.yaml index 9264d25d6..d96c92b1e 100644 --- a/helm/alfresco-content-services/7.2.N_values.yaml +++ b/helm/alfresco-content-services/7.2.N_values.yaml @@ -2,7 +2,7 @@ # the chart alfresco-repository: image: - tag: 7.2.1.15 + tag: 7.2.2 configuration: search: flavor: solr6 @@ -37,7 +37,7 @@ alfresco-transform-service: tag: 2.1.2 share: image: - tag: 7.2.1.15 + tag: 7.2.2 alfresco-search: enabled: true searchServicesImage: @@ -66,7 +66,7 @@ elasticsearch: enabled: false alfresco-digital-workspace: image: - tag: 3.0.1 + tag: 4.4.1 alfresco-control-center: image: tag: 7.9.0 @@ -89,10 +89,10 @@ dtas: config: assertions: acs: - version: 7.2.1 + version: 7.2.2 modules: - id: org.alfresco.integrations.google.docs - version: 3.2.1.3 + version: 3.2.2 installed: true - id: alfresco-aos-module version: 1.4.1 diff --git a/helm/alfresco-content-services/7.3.N_values.yaml b/helm/alfresco-content-services/7.3.N_values.yaml index af2668fb7..b5f696538 100644 --- a/helm/alfresco-content-services/7.3.N_values.yaml +++ b/helm/alfresco-content-services/7.3.N_values.yaml @@ -2,7 +2,7 @@ # the chart alfresco-repository: image: - tag: 7.3.1.2 + tag: 7.3.2 configuration: search: flavor: solr6 @@ -15,7 +15,7 @@ alfresco-ai-transformer: tag: 1.5.1 share: image: - tag: 7.3.1.2 + tag: 7.3.2 alfresco-transform-service: transformrouter: image: @@ -66,7 +66,7 @@ elasticsearch: enabled: false alfresco-digital-workspace: image: - tag: 3.1.1 + tag: 4.4.1 alfresco-control-center: image: tag: 7.9.0 @@ -89,10 +89,10 @@ dtas: config: assertions: acs: - version: 7.3.1 + version: 7.3.2 modules: - id: org.alfresco.integrations.google.docs - version: 3.3.0 + version: 3.4.2 installed: true - id: alfresco-aos-module version: 1.5.0 diff --git a/helm/alfresco-content-services/7.4.N_values.yaml b/helm/alfresco-content-services/7.4.N_values.yaml index 954e69479..e0811ad66 100644 --- a/helm/alfresco-content-services/7.4.N_values.yaml +++ b/helm/alfresco-content-services/7.4.N_values.yaml @@ -2,7 +2,7 @@ # the chart alfresco-repository: image: - tag: 7.4.1.6 + tag: 7.4.2 configuration: search: flavor: solr6 @@ -13,31 +13,31 @@ activemq: alfresco-transform-service: transformrouter: image: - tag: 4.1.1 + tag: 4.1.2 pdfrenderer: image: - tag: 5.1.1 + tag: 5.1.2 imagemagick: image: - tag: 5.1.1 + tag: 5.1.2 libreoffice: image: - tag: 5.1.1 + tag: 5.1.2 tika: image: - tag: 5.1.1 + tag: 5.1.2 transformmisc: image: - tag: 5.1.1 + tag: 5.1.2 filestore: image: - tag: 4.1.1 + tag: 4.1.2 alfresco-ai-transformer: image: - tag: 3.1.2 + tag: 3.1.3 share: image: - tag: 7.4.1.6 + tag: 7.4.2 alfresco-search: enabled: true searchServicesImage: @@ -49,27 +49,27 @@ alfresco-search-enterprise: liveIndexing: mediation: image: - tag: 3.3.1.1 + tag: 3.3.3 content: image: - tag: 3.3.1.1 + tag: 3.3.3 metadata: image: - tag: 3.3.1.1 + tag: 3.3.3 path: image: - tag: 3.3.1.1 + tag: 3.3.3 reindexing: image: - tag: 3.3.1.1 + tag: 3.3.3 elasticsearch: enabled: false alfresco-digital-workspace: image: - tag: 4.2.0 + tag: 4.4.1 alfresco-control-center: image: - tag: 8.2.0 + tag: 8.3.0 postgresql: image: tag: 14.10.0 @@ -89,7 +89,7 @@ dtas: config: assertions: acs: - version: 7.4.1 + version: 7.4.2 modules: - id: org.alfresco.integrations.google.docs version: 3.4.2 diff --git a/helm/alfresco-content-services/Chart.lock b/helm/alfresco-content-services/Chart.lock index 02b8ada73..170236500 100644 --- a/helm/alfresco-content-services/Chart.lock +++ b/helm/alfresco-content-services/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: alfresco-common repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 3.1.2 + version: 3.1.3 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.8.5 @@ -16,13 +16,13 @@ dependencies: version: 0.1.0 - name: alfresco-repository repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 0.5.0 + version: 0.5.1 - name: activemq repository: https://alfresco.github.io/alfresco-helm-charts/ version: 3.5.3 - name: alfresco-transform-service repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 1.3.1 + version: 1.3.2 - name: alfresco-search-service repository: https://alfresco.github.io/alfresco-helm-charts/ version: 3.3.1 @@ -43,9 +43,9 @@ dependencies: version: 0.7.1 - name: alfresco-ai-transformer repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 1.2.2 + version: 1.2.3 - name: elasticsearch repository: https://helm.elastic.co version: 7.17.3 -digest: sha256:fac906575eeb668e561fa200df34e42a23b8b31efd75c37efae6650540afce51 -generated: "2024-04-18T10:52:26.629289265Z" +digest: sha256:4eacdf946479b47b7276bfdf86ebb6b513266f0e293ed10eae66c495abbf9b78 +generated: "2024-05-29T18:01:29.438117+02:00" diff --git a/helm/alfresco-content-services/Chart.yaml b/helm/alfresco-content-services/Chart.yaml index 53b5245c4..37b7ce8c1 100644 --- a/helm/alfresco-content-services/Chart.yaml +++ b/helm/alfresco-content-services/Chart.yaml @@ -4,7 +4,7 @@ # https://www.alfresco.com/platform/content-services-ecm/trial/download apiVersion: v2 name: alfresco-content-services -version: 8.1.0 +version: 8.2.0 appVersion: 23.2.1 description: A Helm chart for deploying Alfresco Content Services keywords: @@ -17,7 +17,7 @@ sources: - https://github.com/Alfresco/acs-deployment dependencies: - name: alfresco-common - version: 3.1.2 + version: 3.1.3 repository: https://alfresco.github.io/alfresco-helm-charts/ - name: postgresql version: 12.8.5 @@ -41,14 +41,14 @@ dependencies: condition: >- alfresco-digital-workspace.enabled - name: alfresco-repository - version: 0.5.0 + version: 0.5.1 repository: https://alfresco.github.io/alfresco-helm-charts/ - name: activemq version: 3.5.3 repository: https://alfresco.github.io/alfresco-helm-charts/ condition: activemq.enabled - name: alfresco-transform-service - version: 1.3.1 + version: 1.3.2 repository: https://alfresco.github.io/alfresco-helm-charts/ condition: alfresco-transform-service.enabled - name: alfresco-search-service @@ -78,7 +78,7 @@ dependencies: repository: https://alfresco.github.io/alfresco-helm-charts/ condition: alfresco-connector-ms365.enabled - name: alfresco-ai-transformer - version: 1.2.2 + version: 1.2.3 repository: https://alfresco.github.io/alfresco-helm-charts/ condition: alfresco-ai-transformer.enabled - name: elasticsearch diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index 9c8293f01..f6f913a78 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -1,6 +1,12 @@ +--- +title: alfresco-content-services +parent: Charts +grand_parent: Helm +--- + # alfresco-content-services -![Version: 8.1.0](https://img.shields.io/badge/Version-8.1.0-informational?style=flat-square) ![AppVersion: 23.2.1](https://img.shields.io/badge/AppVersion-23.2.1-informational?style=flat-square) +![Version: 8.2.0](https://img.shields.io/badge/Version-8.2.0-informational?style=flat-square) ![AppVersion: 23.2.1](https://img.shields.io/badge/AppVersion-23.2.1-informational?style=flat-square) A Helm chart for deploying Alfresco Content Services @@ -19,16 +25,16 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.5.3 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-control-center(alfresco-adf-app) | 0.1.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-digital-workspace(alfresco-adf-app) | 0.1.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-ai-transformer | 1.2.2 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.2 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-ai-transformer | 1.2.3 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.3 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-ms365 | 0.7.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-msteams | 0.5.1 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.5.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.5.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search-enterprise | 3.2.6 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search(alfresco-search-service) | 3.3.1 | | https://alfresco.github.io/alfresco-helm-charts/ | share(alfresco-share) | 0.6.1 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-sync-service | 5.2.3 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-transform-service | 1.3.1 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-transform-service | 1.3.2 | | https://helm.elastic.co | elasticsearch | 7.17.3 | | oci://registry-1.docker.io/bitnamicharts | postgresql-sync(postgresql) | 12.8.5 | | oci://registry-1.docker.io/bitnamicharts | postgresql | 12.8.5 | @@ -48,7 +54,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-ai-transformer.enabled | bool | `false` | toggle deploying Alfresco ai transformer for more details about configuration check https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/alfresco-ai-transformer | | alfresco-ai-transformer.fullnameOverride | string | `"alfresco-intelligence-service"` | Enforce static resource naming in AIS so the ATS trouter can be given the URL of the service | | alfresco-ai-transformer.image.repository | string | `"quay.io/alfresco/alfresco-ai-docker-engine"` | | -| alfresco-ai-transformer.image.tag | string | `"3.1.2"` | | +| alfresco-ai-transformer.image.tag | string | `"3.1.3"` | | | alfresco-ai-transformer.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the message broker URL | | alfresco-ai-transformer.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | Name of the configmap which holds the message broker credentials | | alfresco-ai-transformer.sfs.existingConfigMap.keys.url | string | `"SFS_URL"` | Name of the key within the configmap which holds the sfs url | @@ -145,7 +151,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-sync-service.database.existingConfigMap.name | string | `"alfresco-infrastructure"` | | | alfresco-sync-service.database.existingSecret.name | string | `"alfresco-cs-sync"` | | | alfresco-sync-service.enabled | bool | `true` | Toggle deployment of Alfresco Sync Service (Desktop-Sync) Check [Alfresco Sync Service Documentation](https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/alfresco-sync-service) | -| alfresco-sync-service.image.tag | string | `"5.0.0"` | | +| alfresco-sync-service.image.tag | string | `"4.0.1"` | | | alfresco-sync-service.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | | | alfresco-sync-service.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | | | alfresco-sync-service.replicaCount | int | `1` | | @@ -155,31 +161,31 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-transform-service.enabled | bool | `true` | | | alfresco-transform-service.filestore.enabled | bool | `true` | Declares the alfresco-shared-file-store used by the content repository and transform service | | alfresco-transform-service.filestore.image.repository | string | `"quay.io/alfresco/alfresco-shared-file-store"` | | -| alfresco-transform-service.filestore.image.tag | string | `"4.1.1"` | | +| alfresco-transform-service.filestore.image.tag | string | `"4.1.2"` | | | alfresco-transform-service.filestore.persistence.data.mountPath | string | `"/tmp/Alfresco"` | | | alfresco-transform-service.filestore.persistence.data.subPath | string | `"alfresco-content-services/filestore-data"` | | | alfresco-transform-service.filestore.persistence.enabled | bool | `true` | Persist filestore data | | alfresco-transform-service.filestore.replicaCount | int | `1` | | | alfresco-transform-service.imagemagick.enabled | bool | `true` | Declares the alfresco-imagemagick service used by the content repository to transform image files | | alfresco-transform-service.imagemagick.image.repository | string | `"alfresco/alfresco-imagemagick"` | | -| alfresco-transform-service.imagemagick.image.tag | string | `"5.1.1"` | | +| alfresco-transform-service.imagemagick.image.tag | string | `"5.1.2"` | | | alfresco-transform-service.libreoffice.enabled | bool | `true` | Declares the alfresco-libreoffice service used by the content repository to transform office files | | alfresco-transform-service.libreoffice.image.repository | string | `"alfresco/alfresco-libreoffice"` | | -| alfresco-transform-service.libreoffice.image.tag | string | `"5.1.1"` | | +| alfresco-transform-service.libreoffice.image.tag | string | `"5.1.2"` | | | alfresco-transform-service.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the ATS shared filestore URL | | alfresco-transform-service.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | | | alfresco-transform-service.pdfrenderer.enabled | bool | `true` | Declares the alfresco-pdf-renderer service used by the content repository to transform pdf files | | alfresco-transform-service.pdfrenderer.image.repository | string | `"alfresco/alfresco-pdf-renderer"` | | -| alfresco-transform-service.pdfrenderer.image.tag | string | `"5.1.1"` | | +| alfresco-transform-service.pdfrenderer.image.tag | string | `"5.1.2"` | | | alfresco-transform-service.tika.enabled | bool | `true` | Declares the alfresco-tika service used by the content repository to transform office files | | alfresco-transform-service.tika.image.repository | string | `"alfresco/alfresco-tika"` | | -| alfresco-transform-service.tika.image.tag | string | `"5.1.1"` | | +| alfresco-transform-service.tika.image.tag | string | `"5.1.2"` | | | alfresco-transform-service.transformmisc.enabled | bool | `true` | Declares the alfresco-tika service used by the content repository to transform office files | | alfresco-transform-service.transformmisc.image.repository | string | `"alfresco/alfresco-transform-misc"` | | -| alfresco-transform-service.transformmisc.image.tag | string | `"5.1.1"` | | +| alfresco-transform-service.transformmisc.image.tag | string | `"5.1.2"` | | | alfresco-transform-service.transformrouter.enabled | bool | `true` | Declares the alfresco-transform-router service used by the content repository to route transformation requests | | alfresco-transform-service.transformrouter.image.repository | string | `"quay.io/alfresco/alfresco-transform-router"` | | -| alfresco-transform-service.transformrouter.image.tag | string | `"4.1.1"` | | +| alfresco-transform-service.transformrouter.image.tag | string | `"4.1.2"` | | | alfresco-transform-service.transformrouter.livenessProbe.path | string | `"/transform/config"` | Overrride liveness probe endpoint to work around https://alfresco.atlassian.net/browse/ACS-7269 | | alfresco-transform-service.transformrouter.replicaCount | int | `2` | | | config.repository.additionalGlobalProperties | object | `{}` | | diff --git a/helm/alfresco-content-services/README.md.gotmpl b/helm/alfresco-content-services/README.md.gotmpl index 82698597d..1d5d3c9f7 100644 --- a/helm/alfresco-content-services/README.md.gotmpl +++ b/helm/alfresco-content-services/README.md.gotmpl @@ -1,3 +1,9 @@ +--- +title: {{ template "chart.name" . }} +parent: Charts +grand_parent: Helm +--- + {{ template "chart.header" . }} {{ template "chart.deprecationWarning" . }} diff --git a/helm/alfresco-content-services/community_values.yaml b/helm/alfresco-content-services/community_values.yaml index 4a4434de3..1b72fe357 100644 --- a/helm/alfresco-content-services/community_values.yaml +++ b/helm/alfresco-content-services/community_values.yaml @@ -51,6 +51,8 @@ alfresco-digital-workspace: enabled: false alfresco-sync-service: enabled: false +postgresql-sync: + enabled: false alfresco-ai-transformer: enabled: false alfresco-connector-ms365: diff --git a/helm/alfresco-content-services/pre-release_values.yaml b/helm/alfresco-content-services/pre-release_values.yaml index 1ef8540e8..f33b9ed2b 100644 --- a/helm/alfresco-content-services/pre-release_values.yaml +++ b/helm/alfresco-content-services/pre-release_values.yaml @@ -10,31 +10,31 @@ activemq: alfresco-transform-service: transformrouter: image: - tag: 4.1.1 + tag: 4.1.2 pdfrenderer: image: - tag: 5.1.1 + tag: 5.1.2 imagemagick: image: - tag: 5.1.1 + tag: 5.1.2 libreoffice: image: - tag: 5.1.1 + tag: 5.1.2 tika: image: - tag: 5.1.1 + tag: 5.1.2 transformmisc: image: - tag: 5.1.1 + tag: 5.1.2 filestore: image: - tag: 4.1.1 + tag: 4.1.2 alfresco-ai-transformer: image: - tag: 3.1.2 + tag: 3.1.3 share: image: - tag: 23.3.0-A10 + tag: 23.3.0-A16 alfresco-search: searchServicesImage: tag: 2.0.10 @@ -59,10 +59,10 @@ alfresco-search-enterprise: tag: 4.1.0-A8 alfresco-digital-workspace: image: - tag: 4.5.0-8753109671 + tag: 4.5.0-9269023247 alfresco-control-center: image: - tag: 8.5.0-8753109671 + tag: 8.5.0-9269023247 postgresql: image: tag: 14.4.0 @@ -71,7 +71,7 @@ postgresql-syncservice: tag: 14.4.0 alfresco-sync-service: image: - tag: 5.0.0 + tag: 4.0.1.1-A1 alfresco-connector-ms365: image: tag: 2.0.1 diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index 0a764af57..a76b145f8 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -205,7 +205,7 @@ alfresco-transform-service: replicaCount: 2 image: repository: quay.io/alfresco/alfresco-transform-router - tag: 4.1.1 + tag: 4.1.2 livenessProbe: # -- Overrride liveness probe endpoint to work around # https://alfresco.atlassian.net/browse/ACS-7269 @@ -216,35 +216,35 @@ alfresco-transform-service: enabled: true image: repository: alfresco/alfresco-pdf-renderer - tag: 5.1.1 + tag: 5.1.2 imagemagick: # -- Declares the alfresco-imagemagick service used by the content repository # to transform image files enabled: true image: repository: alfresco/alfresco-imagemagick - tag: 5.1.1 + tag: 5.1.2 libreoffice: # -- Declares the alfresco-libreoffice service used by the content repository # to transform office files enabled: true image: repository: alfresco/alfresco-libreoffice - tag: 5.1.1 + tag: 5.1.2 tika: # -- Declares the alfresco-tika service used by the content repository # to transform office files enabled: true image: repository: alfresco/alfresco-tika - tag: 5.1.1 + tag: 5.1.2 transformmisc: # -- Declares the alfresco-tika service used by the content repository # to transform office files enabled: true image: repository: alfresco/alfresco-transform-misc - tag: 5.1.1 + tag: 5.1.2 filestore: # -- Declares the alfresco-shared-file-store used by the content repository # and transform service @@ -252,7 +252,7 @@ alfresco-transform-service: replicaCount: 1 image: repository: quay.io/alfresco/alfresco-shared-file-store - tag: 4.1.1 + tag: 4.1.2 persistence: # -- Persist filestore data enabled: true @@ -442,7 +442,7 @@ alfresco-sync-service: enabled: true replicaCount: 1 image: - tag: 5.0.0 + tag: 4.0.1 database: existingSecret: name: *sync_database_secretName @@ -496,7 +496,7 @@ alfresco-ai-transformer: fullnameOverride: alfresco-intelligence-service image: repository: quay.io/alfresco/alfresco-ai-docker-engine - tag: 3.1.2 + tag: 3.1.3 sfs: existingConfigMap: # -- Name of the configmap which holds the ATS shared filestore URL