From b1df1de3ecbe0c9e2004ceeb6601d5731864f9da Mon Sep 17 00:00:00 2001 From: Marcello Teodori <151025+mteodori@users.noreply.github.com> Date: Fri, 28 Jun 2024 09:37:33 +0200 Subject: [PATCH 1/4] HXOR-1514 Use AIMS2/KeycloakX --- .pre-commit-config.yaml | 1 + README.md | 85 +++++-------- .../Chart.yaml | 15 +-- .../alfresco-process-infrastructure/README.md | 74 +++++------ .../alfresco-realm.json | 75 +++++++++++ .../templates/realm-secret.yaml | 9 ++ .../values.yaml | 118 +++++++----------- install.sh | 15 --- values-localhost.yaml | 42 +++++++ 9 files changed, 243 insertions(+), 191 deletions(-) create mode 100644 helm/alfresco-process-infrastructure/alfresco-realm.json create mode 100644 helm/alfresco-process-infrastructure/templates/realm-secret.yaml delete mode 100755 install.sh diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f5b01ee8c..3e9b7ff84 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -15,6 +15,7 @@ repos: args: [--allow-multiple-documents] exclude: helm/.*/templates - id: check-json + exclude: helm/alfresco-process-infrastructure/alfresco-realm.json - id: check-merge-conflict - id: fix-byte-order-marker - id: mixed-line-ending diff --git a/README.md b/README.md index ecd494b63..6d3a56368 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,9 @@ Install the latest version of helm. An `ingress-nginx` should be installed and bound to an external DNS address, for example: ``` -helm upgrade --install --wait --repo https://kubernetes.github.io/ingress-nginx ingress-nginx ingress-nginx +helm upgrade --install ingress-nginx ingress-nginx \ + --repo https://kubernetes.github.io/ingress-nginx \ + --namespace ingress-nginx --create-namespace ``` ### helm tips @@ -53,6 +55,7 @@ If anything is stuck, check events with `kubectl get events --watch`. ```bash export DESIRED_NAMESPACE=${DESIRED_NAMESPACE:-aae} +kubectl create namespace $DESIRED_NAMESPACE ``` ### add quay-registry-secret @@ -76,28 +79,26 @@ where: ### set main helm env variables ```bash -export HELM_OPTS+=" --debug \ - --namespace $DESIRED_NAMESPACE \ - --set global.gateway.http=$HTTP \ - --set global.gateway.domain=$DOMAIN" +export HELM_OPTS="--namespace $DESIRED_NAMESPACE" ``` -where: - -* _HTTP_ is true/false depending if you want external URLs using HTTP or HTTPS -* _DOMAIN_ is your DNS domain - - ### set environment specific variables #### for localhost +A custom extra values file to add settings for _localhost_ is provided: ```bash export PROTOCOL=http export DOMAIN=host.docker.internal +HELM_OPTS+=" -f values-localhost.yaml" ``` -*NB* add to your `/etc/hosts` the line `127.0.0.1 host.docker.internal` if not present +Make sure your local cluster has at least 16GB of memory and 8 CPUs. +The startup might take as much as 10 minutes, use ```kubectl get pods -A -w``` to check the status. + +*NB* if not present already in your `/etc/hosts` file, please add a DNS mapping from `host.docker.internal` to `127.0.0.1`. + +This setup has been tested with [Rancher Desktop](https://rancherdesktop.io) using [Nginx Controller](https://docs.rancherdesktop.io/how-to-guides/setup-NGINX-Ingress-Controller). #### for a cloud environment @@ -107,21 +108,16 @@ export PROTOCOL=https export DOMAIN=$CLUSTER.envalfresco.com ``` -#### set generated variables - -```bash -export GATEWAY_HOST=$DOMAIN -export SSO_HOST=$DOMAIN -``` - ### set helm env variables ```bash export HTTP=$(if [[ "$PROTOCOL" == 'http' ]]; then echo true; else echo false; fi) -HELM_OPTS+=" --set global.gateway.http=$HTTP \ +HELM_OPTS+=" \ + --set global.gateway.http=$HTTP \ --set global.gateway.domain=$DOMAIN" ``` + ### disable alfresco-deployment-service To disable alfresco-deployment-service in the infrastructure: @@ -132,7 +128,7 @@ HELM_OPTS+=" " ``` -## Multi-AZ K8S cloud StorageClass for project release +### Multi-AZ K8S cloud StorageClass for project release A StorageClass that can work across multiple availability zones need to be available to store project release files per each application: * for EKS always use EFS @@ -163,6 +159,16 @@ HELM_OPTS+=" " ``` +### debug and dry run + +To verify the k8s yaml output: + +```bash +HELM_OPTS+=" --debug --dry-run" +``` + +If all good then launch again without `--dry-run`. + ## launch helm Set install parameters: @@ -180,11 +186,10 @@ helm upgrade --install --wait \ $HELM_OPTS $RELEASE_NAME $CHART_NAME ``` -or from the incubator repo a development chart version: +or from the incubator repo for a development chart version: ```bash helm upgrade --install --wait \ - --namespace $DESIRED_NAMESPACE \ --repo https://kubernetes-charts.alfresco.com/incubator \ $HELM_OPTS $RELEASE_NAME $CHART_NAME ``` @@ -193,46 +198,18 @@ or from the current repository directory: ```bash helm repo update -helm dependency update helm/${CHART_NAME} +helm dependency update helm/$CHART_NAME helm upgrade --install --wait \ - --namespace $DESIRED_NAMESPACE \ $HELM_OPTS $RELEASE_NAME helm/$CHART_NAME ``` -## Extra Helm install scripts - -Both support the following optional vars: - -* RELEASE_NAME to handle upgrade or a non auto-generated release name -* HELM_OPTS to pass extra options to helm - -### install.sh - -Just install/upgrade the AAE infrastructure. - -To verify the k8s yaml output: - -```bash -HELM_OPTS+="--debug --dry-run" ./install.sh -``` - -Verify the k8s yaml output than launch again without `--dry-run`. - -### run on localhost - -A custom extra values file to add settings for _localhost_ is provided: -```bash -HELM_OPTS+=" -f values-localhost.yaml" ./install.sh -``` -*NB* the startup might take as much as 10 minutes, use ```kubectl get pods -A -w``` to check the status. - ## Testing ### Access IDS Open browser and login to IDS: ```bash -open ${SSO_URL} +open $SSO_URL ``` ### Verify Realm @@ -254,7 +231,7 @@ In an [air gapped](https://en.wikipedia.org/wiki/Air_gap_(networking)) environme Modify the file values-external-postgresql.yaml providing values for your external database per each service, then run: ```bash -export HELM_OPTS+=" -f values-external-postgresql.yaml" +HELM_OPTS+=" -f values-external-postgresql.yaml" ``` ## CI/CD diff --git a/helm/alfresco-process-infrastructure/Chart.yaml b/helm/alfresco-process-infrastructure/Chart.yaml index 7accb29bb..3cce1435e 100644 --- a/helm/alfresco-process-infrastructure/Chart.yaml +++ b/helm/alfresco-process-infrastructure/Chart.yaml @@ -17,9 +17,10 @@ dependencies: - name: common version: 8.6.0-alpha.9 repository: https://activiti.github.io/activiti-cloud-helm-charts - - name: alfresco-identity-service - version: 6.0.0 - repository: https://kubernetes-charts.alfresco.com/stable + - name: keycloakx + version: 2.3.0 + repository: https://codecentric.github.io/helm-charts + alias: alfresco-identity-service condition: alfresco-identity-service.enabled - name: common version: 8.6.0-alpha.9 @@ -27,12 +28,12 @@ dependencies: alias: alfresco-modeling-service condition: alfresco-modeling-service.enabled - name: postgresql - version: 10.3.13 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/ + version: 15.5.11 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami condition: postgresql.enabled - name: rabbitmq - version: 8.20.5 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/ + version: 14.4.4 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami condition: rabbitmq.enabled - name: common version: 8.6.0-alpha.9 diff --git a/helm/alfresco-process-infrastructure/README.md b/helm/alfresco-process-infrastructure/README.md index 4fb6b2eda..c1effb892 100644 --- a/helm/alfresco-process-infrastructure/README.md +++ b/helm/alfresco-process-infrastructure/README.md @@ -26,10 +26,10 @@ Kubernetes: `>=1.15.0-0` | https://activiti.github.io/activiti-cloud-helm-charts | alfresco-deployment-service(common) | 8.6.0-alpha.9 | | https://activiti.github.io/activiti-cloud-helm-charts | alfresco-process-analytics-playground(common) | 8.6.0-alpha.9 | | https://activiti.github.io/activiti-cloud-helm-charts | common | 8.6.0-alpha.9 | -| https://kubernetes-charts.alfresco.com/stable | alfresco-identity-service | 6.0.0 | +| https://codecentric.github.io/helm-charts | alfresco-identity-service(keycloakx) | 2.3.0 | | https://opensearch-project.github.io/helm-charts | opensearch | 1.11.1 | -| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/ | postgresql | 10.3.13 | -| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/ | rabbitmq | 8.20.5 | +| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | postgresql | 15.5.11 | +| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | rabbitmq | 14.4.4 | ## Values @@ -167,28 +167,30 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-adapter-service.probePath | string | `"/actuator/health"` | | | alfresco-identity-adapter-service.rabbitmq.enabled | bool | `false` | | | alfresco-identity-adapter-service.replicaCount | int | `2` | | +| alfresco-identity-service.command[0] | string | `"/opt/keycloak/bin/kc.sh"` | | +| alfresco-identity-service.command[1] | string | `"start"` | | +| alfresco-identity-service.command[2] | string | `"--http-enabled=true"` | | +| alfresco-identity-service.command[3] | string | `"--http-port=8080"` | | +| alfresco-identity-service.command[4] | string | `"--hostname-strict=false"` | | +| alfresco-identity-service.command[5] | string | `"--hostname-strict-https=false"` | | +| alfresco-identity-service.command[6] | string | `"--import-realm"` | | | alfresco-identity-service.enabled | bool | `true` | | -| alfresco-identity-service.extraEnv | string | `"- name: KEYCLOAK_USER\n value: admin\n- name: KEYCLOAK_PASSWORD\n value: admin\n- name: KEYCLOAK_IMPORT\n value: /realm/alfresco-realm.json\n- name: PROXY_ADDRESS_FORWARDING\n value: \"true\"\n"` | | -| alfresco-identity-service.ingress.enabled | bool | `false` | | -| alfresco-identity-service.keycloak.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | -| alfresco-identity-service.keycloak.ingress.annotations."nginx.ingress.kubernetes.io/affinity" | string | `"cookie"` | | -| alfresco-identity-service.keycloak.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"false"` | | -| alfresco-identity-service.keycloak.ingress.annotations."nginx.ingress.kubernetes.io/proxy-buffer-size" | string | `"128k"` | | -| alfresco-identity-service.keycloak.ingress.annotations."nginx.ingress.kubernetes.io/session-cookie-hash" | string | `"sha1"` | | -| alfresco-identity-service.keycloak.ingress.annotations."nginx.ingress.kubernetes.io/session-cookie-name" | string | `"identity_affinity_route"` | | -| alfresco-identity-service.keycloak.ingress.enabled | bool | `true` | | -| alfresco-identity-service.keycloak.ingress.rules[0].host | string | `"{{ include \"common.keycloak-host\" . }}"` | | -| alfresco-identity-service.keycloak.ingress.rules[0].paths[0].path | string | `"/auth"` | | -| alfresco-identity-service.keycloak.ingress.rules[0].paths[0].pathType | string | `"Prefix"` | | -| alfresco-identity-service.keycloak.ingress.tls | list | `[]` | | -| alfresco-identity-service.keycloak.keycloak.image.tag | string | `"1.7.0"` | | -| alfresco-identity-service.keycloak.postgresql.image.tag | string | `"13.3.0"` | | -| alfresco-identity-service.keycloak.postgresql.persistence.existingClaim | string | `""` | | -| alfresco-identity-service.keycloak.postgresql.tls.enabled | bool | `false` | | -| alfresco-identity-service.rbac.create | bool | `false` | | +| alfresco-identity-service.extraEnv | string | `"- name: KEYCLOAK_ADMIN\n value: admin\n- name: KEYCLOAK_ADMIN_PASSWORD\n value: admin\n- name: JAVA_OPTS_APPEND\n value: '-Djgroups.dns.query={{ include \"keycloak.fullname\" . }}-headless'\n- name: KC_HOSTNAME\n value: '{{ include \"common.keycloak-host\" . }}'\n"` | | +| alfresco-identity-service.extraVolumeMounts | string | `"- name: realm-secret\n mountPath: /opt/keycloak/data/import\n readOnly: true\n"` | | +| alfresco-identity-service.extraVolumes | string | `"- name: realm-secret\n secret:\n secretName: realm-secret\n"` | | +| alfresco-identity-service.ingress.annotations."nginx.ingress.kubernetes.io/proxy-buffer-size" | string | `"16k"` | | +| alfresco-identity-service.ingress.enabled | bool | `true` | | +| alfresco-identity-service.ingress.ingressClassName | string | `"nginx"` | | +| alfresco-identity-service.ingress.rules[0].host | string | `"{{ include \"common.keycloak-host\" . }}"` | | +| alfresco-identity-service.ingress.rules[0].paths[0].path | string | `"/auth"` | | +| alfresco-identity-service.ingress.rules[0].paths[0].pathType | string | `"Prefix"` | | +| alfresco-identity-service.ingress.tls | list | `[]` | | +| alfresco-identity-service.postgresql.enabled | bool | `false` | | +| alfresco-identity-service.realm.alfresco.adminPassword | string | `"admin"` | | | alfresco-identity-service.realm.alfresco.client.redirectUris[0] | string | `"*"` | | | alfresco-identity-service.realm.alfresco.client.webOrigins[0] | string | `"*"` | | | alfresco-identity-service.realm.alfresco.extraClients[0].clientId | string | `"activiti"` | | +| alfresco-identity-service.realm.alfresco.extraClients[0].clientRoles | list | `[]` | | | alfresco-identity-service.realm.alfresco.extraClients[0].directAccessGrantsEnabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraClients[0].enabled | bool | `true` | | | alfresco-identity-service.realm.alfresco.extraClients[0].implicitFlowEnabled | bool | `true` | | @@ -424,7 +426,6 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.realm.alfresco.extraUsers[9].realmRoles[1] | string | `"uma_authorization"` | | | alfresco-identity-service.realm.alfresco.extraUsers[9].realmRoles[2] | string | `"ACTIVITI_MODELER"` | | | alfresco-identity-service.realm.alfresco.extraUsers[9].username | string | `"modeler"` | | -| alfresco-identity-service.serviceAccount.create | bool | `false` | | | alfresco-modeling-app.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchLabels."app.kubernetes.io/instance" | string | `"{{ .Release.Name }}"` | | | alfresco-modeling-app.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchLabels."app.kubernetes.io/name" | string | `"{{ template \"common.name\" . }}"` | | | alfresco-modeling-app.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"failure-domain.beta.kubernetes.io/zone"` | | @@ -675,36 +676,21 @@ Kubernetes: `>=1.15.0-0` | opensearch.extraEnvs[1].name | string | `"DISABLE_SECURITY_PLUGIN"` | | | opensearch.extraEnvs[1].value | string | `"true"` | | | opensearch.replicas | int | `2` | | -| postgresql.commonAnnotations.application | string | `"activiti"` | | +| postgresql.auth.password | string | `"alfresco"` | | +| postgresql.auth.username | string | `"alfresco"` | | +| postgresql.database | string | `"postgres"` | | | postgresql.enabled | bool | `true` | | -| postgresql.image.tag | string | `"13.3.0"` | | -| postgresql.persistence.mountPath | string | `"/data"` | | -| postgresql.postgresqlDataDir | string | `"/data/pgdata"` | | -| postgresql.postgresqlDatabase | string | `"postgres"` | | -| postgresql.postgresqlExtendedConf.log_min_messages | string | `"LOG"` | | -| postgresql.postgresqlExtendedConf.max_connections | int | `300` | | -| postgresql.postgresqlPassword | string | `"alfresco"` | | -| postgresql.postgresqlUsername | string | `"alfresco"` | | +| postgresql.image.tag | string | `"11.22.0"` | | +| postgresql.persistence.mountPath | string | `"/bitnami/postgresql"` | | +| postgresql.postgresqlDataDir | string | `"/bitnami/postgresql/data"` | | +| postgresql.primary.extendedConfiguration | string | `"max_connections = 300\nlog_min_messages = LOG\n"` | | | postgresql.resources.limits.memory | string | `"1500Mi"` | | | postgresql.resources.requests.memory | string | `"1500Mi"` | | | rabbitmq.auth.erlangCookie | string | `"ylY79lOdNUWsJEwAGdVQnhjSazV4QZKO="` | | | rabbitmq.auth.password | string | `"CHANGEME"` | | | rabbitmq.auth.username | string | `"user"` | | -| rabbitmq.customLivenessProbe.exec.command[0] | string | `"rabbitmq-diagnostics"` | | -| rabbitmq.customLivenessProbe.exec.command[1] | string | `"status"` | | -| rabbitmq.customLivenessProbe.initialDelaySeconds | int | `60` | | -| rabbitmq.customLivenessProbe.periodSeconds | int | `60` | | -| rabbitmq.customLivenessProbe.timeoutSeconds | int | `15` | | -| rabbitmq.customReadinessProbe.exec.command[0] | string | `"rabbitmq-diagnostics"` | | -| rabbitmq.customReadinessProbe.exec.command[1] | string | `"ping"` | | -| rabbitmq.customReadinessProbe.initialDelaySeconds | int | `20` | | -| rabbitmq.customReadinessProbe.periodSeconds | int | `60` | | | rabbitmq.enabled | bool | `true` | | | rabbitmq.extraPlugins | string | `""` | | -| rabbitmq.livenessProbe.enabled | bool | `false` | | -| rabbitmq.persistence.accessMode | string | `"ReadWriteOnce"` | | -| rabbitmq.persistence.storageClass | string | `nil` | | -| rabbitmq.readinessProbe.enabled | bool | `false` | | | rabbitmq.resources.limits.memory | string | `"1500Mi"` | | | rabbitmq.resources.requests.memory | string | `"1500Mi"` | | | setup-acs-script-job.enabled | bool | `true` | | diff --git a/helm/alfresco-process-infrastructure/alfresco-realm.json b/helm/alfresco-process-infrastructure/alfresco-realm.json new file mode 100644 index 000000000..f8273e0f6 --- /dev/null +++ b/helm/alfresco-process-infrastructure/alfresco-realm.json @@ -0,0 +1,75 @@ +{ + "realm": "alfresco", + "enabled": true, + "sslRequired": "none", + "internationalizationEnabled": true, + "defaultLocale": "en", + "supportedLocales": [ + "ca", + "de", + "en", + "es", + "fr", + "it", + "ja", + "lt", + "nl", + "no", + "pt-BR", + "ru", + "sv", + "zh-CN" + ], + "clients": [ + { + "clientId": "alfresco", + "name": "alfresco", + "enabled": true, + "standardFlowEnabled": true, + "publicClient": true, + "directAccessGrantsEnabled": true, + "redirectUris": {{ index .Values "alfresco-identity-service" "realm" "alfresco" "client" "redirectUris" | default tuple | toJson }}, + "webOrigins": {{ index .Values "alfresco-identity-service" "realm" "alfresco" "client" "webOrigins" | default tuple | toJson }}, + "attributes": { + "exclude.issuer.from.auth.response": "true" + } + } + {{- range index .Values "alfresco-identity-service" "realm" "alfresco" "extraClients" }} + {{- $noRoles := omit . "clientRoles" -}} + , {{ $noRoles | toJson }} + {{- end }} + ], + "users": [ + { + "username": "admin", + "email": "admin@alfresco.com", + "enabled": true, + "emailVerified": true, + "firstName": "admin", + "lastName": "admin", + "credentials": [ + { + "type" : "password", + "value" : "{{ index .Values "alfresco-identity-service" "realm" "alfresco" "adminPassword" }}" + } + ], + "realmRoles": [ + "offline_access", + "uma_authorization" + ] + } + ], + "roles": { + "realm": {{ index .Values "alfresco-identity-service" "realm" "alfresco" "extraRealmRoles" | toJson }}, + "client": + {{- $clientRoles := dict }} + {{- range (index .Values "alfresco-identity-service" "realm" "alfresco" "extraClients") }} + {{- if .clientRoles -}} + {{- $_ := set $clientRoles .clientId .clientRoles }} + {{- end }} + {{- end }} + {{- $clientRoles | toJson }} + }, + "groups": {{ index .Values "alfresco-identity-service" "realm" "alfresco" "extraGroups" | toJson }}, + "users": {{ index .Values "alfresco-identity-service" "realm" "alfresco" "extraUsers" | toJson }} +} diff --git a/helm/alfresco-process-infrastructure/templates/realm-secret.yaml b/helm/alfresco-process-infrastructure/templates/realm-secret.yaml new file mode 100644 index 000000000..378fce282 --- /dev/null +++ b/helm/alfresco-process-infrastructure/templates/realm-secret.yaml @@ -0,0 +1,9 @@ +{{- if and (index .Values "alfresco-identity-service" "enabled") }} +apiVersion: v1 +kind: Secret +metadata: + name: realm-secret +type: Opaque +data: + "alfresco-realm.json": {{ tpl (.Files.Get "alfresco-realm.json") . | b64enc | quote }} +{{- end }} diff --git a/helm/alfresco-process-infrastructure/values.yaml b/helm/alfresco-process-infrastructure/values.yaml index e82ca2580..3e3888a22 100644 --- a/helm/alfresco-process-infrastructure/values.yaml +++ b/helm/alfresco-process-infrastructure/values.yaml @@ -103,51 +103,48 @@ global: # global.datadog.metrics.batchSize -- configures application Datadog metrics export batch size if needed, i.e. 10000. batchSize: null alfresco-identity-service: - # set to false to disable custom alfresco-identity-service ingress with hostname support enabled: true - rbac: - create: false - serviceAccount: - create: false ingress: - enabled: false - keycloak: - keycloak: - image: - tag: 1.7.0 - ingress: - enabled: true - rules: - - host: '{{ include "common.keycloak-host" . }}' - paths: - - path: /auth - pathType: Prefix - tls: [] - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/affinity: cookie - nginx.ingress.kubernetes.io/session-cookie-name: identity_affinity_route - nginx.ingress.kubernetes.io/session-cookie-hash: sha1 - nginx.ingress.kubernetes.io/enable-cors: "false" - postgresql: - tls: - enabled: false - image: - tag: 13.3.0 - persistence: - existingClaim: "" # use default postgresql PVC + enabled: true + rules: + - host: '{{ include "common.keycloak-host" . }}' + paths: + - path: /auth + pathType: Prefix + tls: [] + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/proxy-buffer-size: 16k + command: + - "/opt/keycloak/bin/kc.sh" + - "start" + - "--http-enabled=true" + - "--http-port=8080" + - "--hostname-strict=false" + - "--hostname-strict-https=false" + - "--import-realm" extraEnv: | - - name: KEYCLOAK_USER + - name: KEYCLOAK_ADMIN value: admin - - name: KEYCLOAK_PASSWORD + - name: KEYCLOAK_ADMIN_PASSWORD value: admin - - name: KEYCLOAK_IMPORT - value: /realm/alfresco-realm.json - - name: PROXY_ADDRESS_FORWARDING - value: "true" + - name: JAVA_OPTS_APPEND + value: '-Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless' + - name: KC_HOSTNAME + value: '{{ include "common.keycloak-host" . }}' + extraVolumes: | + - name: realm-secret + secret: + secretName: realm-secret + extraVolumeMounts: | + - name: realm-secret + mountPath: /opt/keycloak/data/import + readOnly: true + postgresql: + enabled: false realm: alfresco: + adminPassword: admin client: redirectUris: - "*" @@ -162,6 +159,7 @@ alfresco-identity-service: - "*" directAccessGrantsEnabled: true implicitFlowEnabled: true + clientRoles: [] - clientId: storage-service enabled: true authorizationServicesEnabled: true @@ -478,23 +476,23 @@ alfresco-identity-service: postgresql: enabled: true image: - tag: 13.3.0 - postgresqlUsername: alfresco - postgresqlPassword: alfresco - postgresqlDatabase: postgres - postgresqlDataDir: /data/pgdata + tag: 11.22.0 + auth: + username: alfresco + password: alfresco + database: postgres + postgresqlDataDir: /bitnami/postgresql/data persistence: - mountPath: /data - postgresqlExtendedConf: - max_connections: 300 - log_min_messages: LOG + mountPath: /bitnami/postgresql + primary: + extendedConfiguration: | + max_connections = 300 + log_min_messages = LOG resources: requests: memory: 1500Mi limits: memory: 1500Mi - commonAnnotations: - application: activiti alfresco-modeling-service: enabled: true nameOverride: alfresco-modeling-service @@ -1185,28 +1183,6 @@ alfresco-admin-app: rabbitmq: enabled: true extraPlugins: "" - livenessProbe: - enabled: false - customLivenessProbe: - exec: - command: - - rabbitmq-diagnostics - - status - initialDelaySeconds: 60 - timeoutSeconds: 15 - periodSeconds: 60 - readinessProbe: - enabled: false - customReadinessProbe: - exec: - command: - - rabbitmq-diagnostics - - ping - initialDelaySeconds: 20 - periodSeconds: 60 - persistence: - storageClass: - accessMode: ReadWriteOnce auth: username: user password: CHANGEME diff --git a/install.sh b/install.sh deleted file mode 100755 index 5e3b65423..000000000 --- a/install.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -HELM_EXE="${HELM_EXE:-helm}" -CHART_REPO="${CHART_REPO:-helm}" -DIR_NAME=$(basename "${PWD}") -CHART_NAME=${CHART_NAME:-${DIR_NAME%%-deployment}} -DESIRED_NAMESPACE=${DESIRED_NAMESPACE:-default} -RELEASE_NAME=${RELEASE_NAME:-$CHART_NAME} - -"$HELM_EXE" repo add activiti https://activiti.github.io/activiti-cloud-helm-charts -"$HELM_EXE" repo add alfresco https://kubernetes-charts.alfresco.com/stable -"$HELM_EXE" repo add alfresco-incubator https://kubernetes-charts.alfresco.com/incubator -"$HELM_EXE" dep up "$CHART_REPO/$CHART_NAME" - -"$HELM_EXE" upgrade --install --wait --reuse-values ${HELM_OPTS[*]} --namespace "$DESIRED_NAMESPACE" "$RELEASE_NAME" "$CHART_REPO/$CHART_NAME" diff --git a/values-localhost.yaml b/values-localhost.yaml index c1ad34bd1..e1c0005b5 100644 --- a/values-localhost.yaml +++ b/values-localhost.yaml @@ -7,3 +7,45 @@ alfresco-deployment-service: environment: apiUrl: https://host.docker.internal:6443 apiToken: "REPLACEME" + replicaCount: 1 + podDisruptionBudget: + enabled: false + +alfresco-admin-app: + replicaCount: 1 + podDisruptionBudget: + enabled: false + +alfresco-modeling-app: + replicaCount: 1 + podDisruptionBudget: + enabled: false + +alfresco-modeling-service: + replicaCount: 1 + podDisruptionBudget: + enabled: false + +alfresco-tika-service: + replicaCount: 1 + podDisruptionBudget: + enabled: false + +alfresco-identity-adapter-service: + replicaCount: 1 + podDisruptionBudget: + enabled: false + +alfresco-static-resources: + replicaCount: 1 + podDisruptionBudget: + enabled: false + +alfresco-process-analytics-service: + enabled: false + +alfresco-process-analytics-playground: + enabled: false + +opensearch: + enabled: false From 696ab4b9a67fa3ba6c598340570abd5ba9cdf05c Mon Sep 17 00:00:00 2001 From: Marcello Teodori <151025+mteodori@users.noreply.github.com> Date: Fri, 28 Jun 2024 10:18:17 +0200 Subject: [PATCH 2/4] add patch info for modeling and PVC for keycloak --- README.md | 16 ++++++++-------- deployment-localhost-patch.yaml | 7 +++++++ helm/alfresco-process-infrastructure/README.md | 4 ++-- .../templates/keycloak-pvc.yaml | 12 ++++++++++++ helm/alfresco-process-infrastructure/values.yaml | 10 ++++++++++ 5 files changed, 39 insertions(+), 10 deletions(-) create mode 100644 deployment-localhost-patch.yaml create mode 100644 helm/alfresco-process-infrastructure/templates/keycloak-pvc.yaml diff --git a/README.md b/README.md index 6d3a56368..f7d778140 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,8 @@ where: ### set main helm env variables ```bash +export RELEASE_NAME=aae +export CHART_NAME=alfresco-process-infrastructure export HELM_OPTS="--namespace $DESIRED_NAMESPACE" ``` @@ -100,6 +102,11 @@ The startup might take as much as 10 minutes, use ```kubectl get pods -A -w``` t This setup has been tested with [Rancher Desktop](https://rancherdesktop.io) using [Nginx Controller](https://docs.rancherdesktop.io/how-to-guides/setup-NGINX-Ingress-Controller). +If the hostname `host.docker.internal` is not resolved correctly on some deployments, patch them after calling helm via: +```bash +kubectl patch deployment -n $DESIRED_NAMESPACE ${RELEASE_NAME}-alfresco-modeling-service -p "$(cat deployment-localhost-patch.yaml)" +``` + #### for a cloud environment ```bash @@ -171,14 +178,7 @@ If all good then launch again without `--dry-run`. ## launch helm -Set install parameters: - -```bash -export RELEASE_NAME=aae -export CHART_NAME=alfresco-process-infrastructure -``` - -then install from the stable repo using a released chart version: +Install from the stable repo using a released chart version: ```bash helm upgrade --install --wait \ diff --git a/deployment-localhost-patch.yaml b/deployment-localhost-patch.yaml new file mode 100644 index 000000000..2a250db22 --- /dev/null +++ b/deployment-localhost-patch.yaml @@ -0,0 +1,7 @@ +spec: + template: + spec: + hostAliases: + - ip: "192.168.5.2" + hostnames: + - "host.docker.internal" diff --git a/helm/alfresco-process-infrastructure/README.md b/helm/alfresco-process-infrastructure/README.md index c1effb892..d084fe0d0 100644 --- a/helm/alfresco-process-infrastructure/README.md +++ b/helm/alfresco-process-infrastructure/README.md @@ -176,8 +176,8 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.command[6] | string | `"--import-realm"` | | | alfresco-identity-service.enabled | bool | `true` | | | alfresco-identity-service.extraEnv | string | `"- name: KEYCLOAK_ADMIN\n value: admin\n- name: KEYCLOAK_ADMIN_PASSWORD\n value: admin\n- name: JAVA_OPTS_APPEND\n value: '-Djgroups.dns.query={{ include \"keycloak.fullname\" . }}-headless'\n- name: KC_HOSTNAME\n value: '{{ include \"common.keycloak-host\" . }}'\n"` | | -| alfresco-identity-service.extraVolumeMounts | string | `"- name: realm-secret\n mountPath: /opt/keycloak/data/import\n readOnly: true\n"` | | -| alfresco-identity-service.extraVolumes | string | `"- name: realm-secret\n secret:\n secretName: realm-secret\n"` | | +| alfresco-identity-service.extraVolumeMounts | string | `"- name: realm-secret\n mountPath: /opt/keycloak/data/import\n readOnly: true\n- name: theme\n mountPath: /opt/keycloak/themes/alfresco\n readOnly: true\n- name: h2-database\n mountPath: /opt/keycloak/data/h2\n"` | | +| alfresco-identity-service.extraVolumes | string | `"- name: realm-secret\n secret:\n secretName: realm-secret\n- name: theme\n emptyDir: {}\n- name: h2-database\n persistentVolumeClaim:\n claimName: keycloak-pvc\n"` | | | alfresco-identity-service.ingress.annotations."nginx.ingress.kubernetes.io/proxy-buffer-size" | string | `"16k"` | | | alfresco-identity-service.ingress.enabled | bool | `true` | | | alfresco-identity-service.ingress.ingressClassName | string | `"nginx"` | | diff --git a/helm/alfresco-process-infrastructure/templates/keycloak-pvc.yaml b/helm/alfresco-process-infrastructure/templates/keycloak-pvc.yaml new file mode 100644 index 000000000..5e150e539 --- /dev/null +++ b/helm/alfresco-process-infrastructure/templates/keycloak-pvc.yaml @@ -0,0 +1,12 @@ +{{- if and (index .Values "alfresco-identity-service" "enabled") }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: keycloak-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "1Gi" +{{- end }} diff --git a/helm/alfresco-process-infrastructure/values.yaml b/helm/alfresco-process-infrastructure/values.yaml index 3e3888a22..5b1123314 100644 --- a/helm/alfresco-process-infrastructure/values.yaml +++ b/helm/alfresco-process-infrastructure/values.yaml @@ -136,10 +136,20 @@ alfresco-identity-service: - name: realm-secret secret: secretName: realm-secret + - name: theme + emptyDir: {} + - name: h2-database + persistentVolumeClaim: + claimName: keycloak-pvc extraVolumeMounts: | - name: realm-secret mountPath: /opt/keycloak/data/import readOnly: true + - name: theme + mountPath: /opt/keycloak/themes/alfresco + readOnly: true + - name: h2-database + mountPath: /opt/keycloak/data/h2 postgresql: enabled: false realm: From 24405d75d2ef4035b6d16bc917bacd8c4740f61a Mon Sep 17 00:00:00 2001 From: Marcello Teodori <151025+mteodori@users.noreply.github.com> Date: Fri, 28 Jun 2024 10:45:31 +0200 Subject: [PATCH 3/4] use aae.local and add theme to keycloak --- README.md | 6 +++--- deployment-localhost-patch.yaml | 2 +- helm/alfresco-process-infrastructure/README.md | 1 + .../functions_acs.sh | 2 +- helm/alfresco-process-infrastructure/values.yaml | 15 +++++++++++++++ values-localhost.yaml | 4 ++-- 6 files changed, 23 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index f7d778140..f53d9132c 100644 --- a/README.md +++ b/README.md @@ -91,18 +91,18 @@ export HELM_OPTS="--namespace $DESIRED_NAMESPACE" A custom extra values file to add settings for _localhost_ is provided: ```bash export PROTOCOL=http -export DOMAIN=host.docker.internal +export DOMAIN=aae.local HELM_OPTS+=" -f values-localhost.yaml" ``` Make sure your local cluster has at least 16GB of memory and 8 CPUs. The startup might take as much as 10 minutes, use ```kubectl get pods -A -w``` to check the status. -*NB* if not present already in your `/etc/hosts` file, please add a DNS mapping from `host.docker.internal` to `127.0.0.1`. +*NB* in your `/etc/hosts` file, please add a DNS mapping from `aae.local` to `127.0.0.1`. This setup has been tested with [Rancher Desktop](https://rancherdesktop.io) using [Nginx Controller](https://docs.rancherdesktop.io/how-to-guides/setup-NGINX-Ingress-Controller). -If the hostname `host.docker.internal` is not resolved correctly on some deployments, patch them after calling helm via: +If the hostname `aae.local` is not resolved correctly on some deployments, patch them after calling helm via: ```bash kubectl patch deployment -n $DESIRED_NAMESPACE ${RELEASE_NAME}-alfresco-modeling-service -p "$(cat deployment-localhost-patch.yaml)" ``` diff --git a/deployment-localhost-patch.yaml b/deployment-localhost-patch.yaml index 2a250db22..aace3f19e 100644 --- a/deployment-localhost-patch.yaml +++ b/deployment-localhost-patch.yaml @@ -4,4 +4,4 @@ spec: hostAliases: - ip: "192.168.5.2" hostnames: - - "host.docker.internal" + - "aaa.local" diff --git a/helm/alfresco-process-infrastructure/README.md b/helm/alfresco-process-infrastructure/README.md index d084fe0d0..ff131a39a 100644 --- a/helm/alfresco-process-infrastructure/README.md +++ b/helm/alfresco-process-infrastructure/README.md @@ -176,6 +176,7 @@ Kubernetes: `>=1.15.0-0` | alfresco-identity-service.command[6] | string | `"--import-realm"` | | | alfresco-identity-service.enabled | bool | `true` | | | alfresco-identity-service.extraEnv | string | `"- name: KEYCLOAK_ADMIN\n value: admin\n- name: KEYCLOAK_ADMIN_PASSWORD\n value: admin\n- name: JAVA_OPTS_APPEND\n value: '-Djgroups.dns.query={{ include \"keycloak.fullname\" . }}-headless'\n- name: KC_HOSTNAME\n value: '{{ include \"common.keycloak-host\" . }}'\n"` | | +| alfresco-identity-service.extraInitContainers | string | `"- name: theme-download\n args:\n - \"-c\"\n - |\n wget https://github.com/Alfresco/alfresco-keycloak-theme/releases/download/0.3.5/alfresco-keycloak-theme-0.3.5.zip -O alfresco.zip\n unzip alfresco.zip\n mv alfresco/* /theme/\n command:\n - \"sh\"\n image: \"busybox:1.36\"\n imagePullPolicy: IfNotPresent\n volumeMounts:\n - name: theme\n mountPath: /theme\n"` | | | alfresco-identity-service.extraVolumeMounts | string | `"- name: realm-secret\n mountPath: /opt/keycloak/data/import\n readOnly: true\n- name: theme\n mountPath: /opt/keycloak/themes/alfresco\n readOnly: true\n- name: h2-database\n mountPath: /opt/keycloak/data/h2\n"` | | | alfresco-identity-service.extraVolumes | string | `"- name: realm-secret\n secret:\n secretName: realm-secret\n- name: theme\n emptyDir: {}\n- name: h2-database\n persistentVolumeClaim:\n claimName: keycloak-pvc\n"` | | | alfresco-identity-service.ingress.annotations."nginx.ingress.kubernetes.io/proxy-buffer-size" | string | `"16k"` | | diff --git a/helm/alfresco-process-infrastructure/functions_acs.sh b/helm/alfresco-process-infrastructure/functions_acs.sh index 13c52ac5b..b260df319 100644 --- a/helm/alfresco-process-infrastructure/functions_acs.sh +++ b/helm/alfresco-process-infrastructure/functions_acs.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -ACS_URL=${ACS_URL:-http://host.docker.internal} +ACS_URL=${ACS_URL:-http://aae.local} REPOSITORY_URL=${REPOSITORY_URL:-${ACS_URL}/alfresco} REPOSITORY_ADMIN_USER=${REPOSITORY_ADMIN_USER:-admin} REPOSITORY_ADMIN_PASSWORD=${REPOSITORY_ADMIN_PASSWORD:-admin} diff --git a/helm/alfresco-process-infrastructure/values.yaml b/helm/alfresco-process-infrastructure/values.yaml index 5b1123314..1aca580f0 100644 --- a/helm/alfresco-process-infrastructure/values.yaml +++ b/helm/alfresco-process-infrastructure/values.yaml @@ -150,6 +150,21 @@ alfresco-identity-service: readOnly: true - name: h2-database mountPath: /opt/keycloak/data/h2 + extraInitContainers: | + - name: theme-download + args: + - "-c" + - | + wget https://github.com/Alfresco/alfresco-keycloak-theme/releases/download/0.3.5/alfresco-keycloak-theme-0.3.5.zip -O alfresco.zip + unzip alfresco.zip + mv alfresco/* /theme/ + command: + - "sh" + image: "busybox:1.36" + imagePullPolicy: IfNotPresent + volumeMounts: + - name: theme + mountPath: /theme postgresql: enabled: false realm: diff --git a/values-localhost.yaml b/values-localhost.yaml index e1c0005b5..7e5e25a8b 100644 --- a/values-localhost.yaml +++ b/values-localhost.yaml @@ -1,11 +1,11 @@ global: gateway: - host: host.docker.internal + host: aae.local http: true alfresco-deployment-service: environment: - apiUrl: https://host.docker.internal:6443 + apiUrl: https://aae.local:6443 apiToken: "REPLACEME" replicaCount: 1 podDisruptionBudget: From d50aed3cecdf5958f1ca8168256ebe39f56a2fa9 Mon Sep 17 00:00:00 2001 From: Marcello Teodori <151025+mteodori@users.noreply.github.com> Date: Fri, 28 Jun 2024 12:40:28 +0200 Subject: [PATCH 4/4] use https only and fix theme --- README.md | 36 ++++++++----------- .../alfresco-realm.json | 1 + .../functions_acs.sh | 2 +- .../templates/NOTES.txt | 2 +- values-localhost.yaml | 5 ++- 5 files changed, 20 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index f53d9132c..0c30f5535 100644 --- a/README.md +++ b/README.md @@ -34,9 +34,9 @@ Install the latest version of helm. An `ingress-nginx` should be installed and bound to an external DNS address, for example: ``` -helm upgrade --install ingress-nginx ingress-nginx \ +helm upgrade -i ingress-nginx ingress-nginx \ --repo https://kubernetes.github.io/ingress-nginx \ - --namespace ingress-nginx --create-namespace + -n ingress-nginx --create-namespace ``` ### helm tips @@ -47,15 +47,15 @@ To install from the development chart repo, use `alfresco-incubator` rather than ### kubectl tips -Check deployment progress with `kubectl get pods --watch --all-namespaces` until all containers are running. -If anything is stuck, check events with `kubectl get events --watch`. +Check deployment progress with `kubectl get pods -w -A` until all containers are running. +If anything is stuck, check events with `kubectl get events -w -A`. ### configure installation namespace ```bash export DESIRED_NAMESPACE=${DESIRED_NAMESPACE:-aae} -kubectl create namespace $DESIRED_NAMESPACE +kubectl create ns $DESIRED_NAMESPACE ``` ### add quay-registry-secret @@ -64,7 +64,7 @@ Configure access to pull images from quay.io in the installation namespace: ```bash kubectl create secret \ - --namespace $DESIRED_NAMESPACE \ + -n $DESIRED_NAMESPACE \ docker-registry quay-registry-secret \ --docker-server=quay.io \ --docker-username=$QUAY_USERNAME \ @@ -81,7 +81,7 @@ where: ```bash export RELEASE_NAME=aae export CHART_NAME=alfresco-process-infrastructure -export HELM_OPTS="--namespace $DESIRED_NAMESPACE" +export HELM_OPTS="-n $DESIRED_NAMESPACE" ``` ### set environment specific variables @@ -90,19 +90,16 @@ export HELM_OPTS="--namespace $DESIRED_NAMESPACE" A custom extra values file to add settings for _localhost_ is provided: ```bash -export PROTOCOL=http -export DOMAIN=aae.local +export DOMAIN=host.docker.internal HELM_OPTS+=" -f values-localhost.yaml" ``` Make sure your local cluster has at least 16GB of memory and 8 CPUs. -The startup might take as much as 10 minutes, use ```kubectl get pods -A -w``` to check the status. +The startup might take as much as 10 minutes, use `kubectl get pods -A -w` to check the status. -*NB* in your `/etc/hosts` file, please add a DNS mapping from `aae.local` to `127.0.0.1`. +*NB* if not already present in your `/etc/hosts` file, please add a DNS mapping from `host.docker.internal` to `127.0.0.1`. -This setup has been tested with [Rancher Desktop](https://rancherdesktop.io) using [Nginx Controller](https://docs.rancherdesktop.io/how-to-guides/setup-NGINX-Ingress-Controller). - -If the hostname `aae.local` is not resolved correctly on some deployments, patch them after calling helm via: +If the hostname `host.docker.internal` is not resolved correctly on some deployments, patch them after calling helm via: ```bash kubectl patch deployment -n $DESIRED_NAMESPACE ${RELEASE_NAME}-alfresco-modeling-service -p "$(cat deployment-localhost-patch.yaml)" ``` @@ -111,16 +108,13 @@ kubectl patch deployment -n $DESIRED_NAMESPACE ${RELEASE_NAME}-alfresco-modeling ```bash export CLUSTER=aaedev -export PROTOCOL=https export DOMAIN=$CLUSTER.envalfresco.com ``` ### set helm env variables ```bash -export HTTP=$(if [[ "$PROTOCOL" == 'http' ]]; then echo true; else echo false; fi) HELM_OPTS+=" \ - --set global.gateway.http=$HTTP \ --set global.gateway.domain=$DOMAIN" ``` @@ -181,7 +175,7 @@ If all good then launch again without `--dry-run`. Install from the stable repo using a released chart version: ```bash -helm upgrade --install --wait \ +helm upgrade -i --wait \ --repo https://kubernetes-charts.alfresco.com/stable \ $HELM_OPTS $RELEASE_NAME $CHART_NAME ``` @@ -189,7 +183,7 @@ helm upgrade --install --wait \ or from the incubator repo for a development chart version: ```bash -helm upgrade --install --wait \ +helm upgrade -i --wait \ --repo https://kubernetes-charts.alfresco.com/incubator \ $HELM_OPTS $RELEASE_NAME $CHART_NAME ``` @@ -199,7 +193,7 @@ or from the current repository directory: ```bash helm repo update helm dependency update helm/$CHART_NAME -helm upgrade --install --wait \ +helm upgrade -i --wait \ $HELM_OPTS $RELEASE_NAME helm/$CHART_NAME ``` @@ -217,7 +211,7 @@ open $SSO_URL To read back the realm from the secret, use: ```bash kubectl get secret \ - --namespace $DESIRED_NAMESPACE \ + -n $DESIRED_NAMESPACE \ realm-secret -o jsonpath="{['data']['alfresco-realm\.json']}" | base64 -D > alfresco-realm.json ``` diff --git a/helm/alfresco-process-infrastructure/alfresco-realm.json b/helm/alfresco-process-infrastructure/alfresco-realm.json index f8273e0f6..7d53e2622 100644 --- a/helm/alfresco-process-infrastructure/alfresco-realm.json +++ b/helm/alfresco-process-infrastructure/alfresco-realm.json @@ -2,6 +2,7 @@ "realm": "alfresco", "enabled": true, "sslRequired": "none", + "loginTheme": "alfresco", "internationalizationEnabled": true, "defaultLocale": "en", "supportedLocales": [ diff --git a/helm/alfresco-process-infrastructure/functions_acs.sh b/helm/alfresco-process-infrastructure/functions_acs.sh index b260df319..13c52ac5b 100644 --- a/helm/alfresco-process-infrastructure/functions_acs.sh +++ b/helm/alfresco-process-infrastructure/functions_acs.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -ACS_URL=${ACS_URL:-http://aae.local} +ACS_URL=${ACS_URL:-http://host.docker.internal} REPOSITORY_URL=${REPOSITORY_URL:-${ACS_URL}/alfresco} REPOSITORY_ADMIN_USER=${REPOSITORY_ADMIN_USER:-admin} REPOSITORY_ADMIN_PASSWORD=${REPOSITORY_ADMIN_PASSWORD:-admin} diff --git a/helm/alfresco-process-infrastructure/templates/NOTES.txt b/helm/alfresco-process-infrastructure/templates/NOTES.txt index e5a36cf48..13fd54521 100644 --- a/helm/alfresco-process-infrastructure/templates/NOTES.txt +++ b/helm/alfresco-process-infrastructure/templates/NOTES.txt @@ -19,4 +19,4 @@ Get the application URLs: To see deployment status, try: - $ kubectl get pods -n {{ .Release.Namespace }} --watch + $ kubectl get pods -n {{ .Release.Namespace }} -w diff --git a/values-localhost.yaml b/values-localhost.yaml index 7e5e25a8b..d49c724d7 100644 --- a/values-localhost.yaml +++ b/values-localhost.yaml @@ -1,11 +1,10 @@ global: gateway: - host: aae.local - http: true + host: host.docker.internal alfresco-deployment-service: environment: - apiUrl: https://aae.local:6443 + apiUrl: https://host.docker.internal:6443 apiToken: "REPLACEME" replicaCount: 1 podDisruptionBudget: