From d429e45729d2c5d4687a55997e4dad36a7ac7aaa Mon Sep 17 00:00:00 2001 From: George Taylor Date: Thu, 28 Nov 2024 19:06:21 +0000 Subject: [PATCH 1/7] chore: update readme v1 --- README.md | 125 ++++++++++++++++-------------------------------------- 1 file changed, 36 insertions(+), 89 deletions(-) diff --git a/README.md b/README.md index ea0b455..2b99a53 100644 --- a/README.md +++ b/README.md @@ -1,102 +1,49 @@ -### Purpose +# hmpps-delius-alfresco -These example instsructions explain how you would customise one particular dependant Helm chart and publish a newer version to GitHub pages. Instructions assume GitHub pages are already configured for your repo; see the reference section below +## Helm + Kustomize -### Start services -In order to start the alfresco-repository service, we need to make a valid license available in the namespace. A secret containing the license needs to be created: -```bash -ACS_NAMESPACE=hmpps-delius-alfrsco-poc -kubectl create secret generic alfresco-license \ - --namespace $ACS_NAMESPACE \ - --from-file /example/path/to/license/file.lic -``` +This repository contains the Helm and Kustomize configuration for the Delius Alfresco deployment. -Next We will need to ensure all services are up and running. -Start k8s services by executing helm command _(Helm will complain if a random secret is not created)_ +Rather than using/modifying the Helm chart directly, we use Kustomize to overlay the Helm chart with our custom configuration. +This allows us to keep the Helm chart as a dependency and only modify the configuration that we need to. -```bash -cd hmpps-delius-alfresco-poc/alfresco-content-services -export SECRET=$(openssl rand -base64 20) -export BUCKET_NAME=$(awk '{print substr($0, 0)}' <<< $(kubectl get secrets s3-bucket-output -o jsonpath='{.data.BUCKET_NAME}' | base64 -d)) -helm install alfresco-content-services . --values=./values.yaml \ ---set s3connector.config.bucketName=$BUCKET_NAME \ ---set global.tracking.sharedsecret=$SECRET -``` +### Usage + +Note: we use taskfile to simplify the commands. You can install taskfile by running `brew install go-task/tap/go-task`. + + +To deploy the Delius Alfresco stack, you can use the following command: -### Check the chart file for dependent charts and pull the required version -For the purpose of this demo, we will select the following service from the `Chart.yaml` file -```yaml -- condition: alfresco-sync-service.enabled - name: alfresco-sync-service - repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 4.1.0 ``` +task helm_upgrade ENV= DEBUG= ``` -1. Delete existing tar file for the sync service. There will be an error pulling the chart otherwise -rm -rf charts/alfresco-sync-service-4.1.0.tgz -2. Pull a particular version of `alfresco-sync-service` chart -helm pull alfresco-sync-service --repo https://alfresco.github.io/alfresco-helm-charts --version 4.1.0 -d charts --untar +This will deploy the Delius Alfresco stack to the specified environment. +The `DEBUG` flag can be used to enable debug mode, which will enable helm verbose logging + output the templated, +rendered and kustomized manifests to the environment directory. -3. The above command will pull a tar file called `charts/alfresco-sync-service-4.1.0.tgz` and then untar it into a directory called `alfresco-sync-service`. Delete the tar file -rm -rf charts/alfresco-sync-service-4.1.0.tgz -``` -### Modify charts - -1. Change the chart version in the newly pulled chart. For example change is from `4.1.0` to `4.1.1` -2. Make your changes and then test them by upgrading Helm release - ``` - - export SECRET=$(awk '{print substr($0, 19)}' <<< $(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d)) - - export BUCKET_NAME=$(awk '{print substr($0, 0)}' <<< $(kubectl get secrets s3-bucket-output -o jsonpath='{.data.BUCKET_NAME}' | base64 -d)) - - helm upgrade alfresco-content-services . --values=./values.yaml --set s3connector.config.bucketName=$BUCKET_NAME --set global.tracking.sharedsecret=$SECRET - - NOTE: For the release upgrade, use the existing secret. You will otherwise have to restart pods consuming those secrets - ``` -4. Once satisfied with your changes, create a package and add it to the docs directory - - "helm package charts/alfresco-sync-service -d ../docs" -5. Create / update an index file in docs directory - - "helm repo index ../docs --url https://ministryofjustice.github.io/hmpps-delius-alfresco-poc" - - -### Update the lock file and commit changes -Locate the `Chart.yaml` file and modify the repository URL and version. It should now look like the code snippet below after the change: -```yaml -- condition: alfresco-sync-service.enabled - name: alfresco-sync-service - repository: https://ministryofjustice.github.io/hmpps-delius-alfresco-poc/ - version: 4.1.1 -``` +### Configuration -1. Delete `charts/alfresco-sync-service` directory as it is no longer needed -2. Push your changes / docs directory to the feature branch -3. Update your GitHub pages settings so that the `source branch` is pointing to your feature branch -4. Update helm dependencies which will pull the updated charts and will update the lock file - - `helm dependency update .` -5. Push the lock file and charts dirctory to the feature branch and get merge approval -6. Merge into main branch -7. Update your GitHub pages settings so that the `source branch` is pointing to your main branch -8. Upgrade the helm release for the changes to be updated in kubernetes cluster - ``` - - export SECRET=$(awk '{print substr($0, 19)}' <<< $(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d)) - - helm upgrade alfresco-content-services . --values=./values.yaml --set global.tracking.sharedsecret=$SECRET - - NOTE: For the release upgrade, use the existing secret. You will otherwise have to restart pods consuming those secrets - ``` - -### Alternatively, pull a particular chart either directly from repository URL or by adding it in the local repo - -1. Pull a chart with a particular version direcly from the GitHub pages -- `helm pull alfresco-sync-service --repo https://ministryofjustice.github.io/hmpps-delius-alfresco-poc/ --version 4.1.1 -d charts --untar` - -2. Or add the updated chart in a local helm repo -``` -helm repo add alfresco-sync-service https://ministryofjustice.github.io/hmpps-delius-alfresco-poc/ +1. Helm values +The base helm values are stored in the `kustomize/base/values.yaml` file. +Each environment has its own values file, which is stored in the `kustomize/environments//values.yaml` file. +These values are combined when deploying the stack, with the environment values taking precedence. -helm search repo alfresco-sync-service -NAME CHART VERSION APP VERSION DESCRIPTION -alfresco-sync-service/alfresco-sync-service 4.1.1 3.9.0 Alfresco Sync Service -``` +2. Kustomize +The kustomize overlays are stored in the `kustomize/environments/` directory. +These overlays are applied to the Helm chart's resources to modify the configuration as needed for the environment. + + +### Secrets + +A number of secrets are required to deploy the Delius Alfresco stack. Some of these are set by the cloud-platform-environments repository, while others are set manually. -### References to various docs that explain how to set up GitHub pages and how to publish Helm charts -- [The Chart Repository Guide](https://helm.sh/docs/topics/chart_repository/#github-pages-example) -- [Chart Releaser Action to Automate GitHub Page Charts ](https://helm.sh/docs/howto/chart_releaser_action/#github-actions-workflow) -- [Example on how to publish a chart on GitHub pages](https://github.com/technosophos/tscharts) +Table: +| Secret Name | Description | Set By | example/required keys | +| --- | --- | --- | --- | +| amazon-mq-broker-secret | The secret for the Amazon MQ broker | cloud-platform-environments | see [cloud-platform-environments](https://github.com/ministryofjustice/cloud-platform-environments/blob/7968f9c66f6914d33db35b68209c55b2dcb25d7d/namespaces/live.cloud-platform.service.justice.gov.uk/hmpps-delius-alfresco-stage/resources/amq.tf#L218) | +| alfresco-license | The Alfresco license file | manual | ` : ` +| legacy-rds-instance | The RDS instance for the legacy Delius Alfresco stack | manual | `DATABASE_NAME: , DATABASE_USERNAME: , DATABASE_PASSWORD: , RDS_INSTANCE_ADDRESS: ` | +| rds-instance-outpur | The RDS instance for the CP Delius Alfresco stack | cloud-platform-environments | see [cloud-platform-environments](https://github.com/ministryofjustice/cloud-platform-environments/blob/7968f9c66f6914d33db35b68209c55b2dcb25d7d/namespaces/live.cloud-platform.service.justice.gov.uk/hmpps-delius-alfresco-stage/resources/rds.tf#L35) | +| quay-registry-secret | The secret for the Quay registry | manual | `.dockerconfigjson: {"auths":{"quay.io":{"username":"","password":"","email":"","auth":""}}}` | From 6964c0b62bf32a678428a8393d68d5a1adc1003b Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Dec 2024 15:24:16 +0000 Subject: [PATCH 2/7] new helm chart version updates --- .gitignore | 2 + .../templates/reindexing-config.yaml | 2 +- jobs/reindex/templates/reindexing-config.yaml | 2 +- .../templates/reindexing-config.yaml | 2 +- kustomize/base/kustomization.yaml | 11 +- kustomize/base/patch-ingress-repository.yaml | 2 +- kustomize/base/patch-ingress-share.yaml | 2 +- kustomize/base/patch-router.yaml | 4 +- kustomize/base/patch-shared-filestore.yaml | 17 - kustomize/base/values-versions.yaml | 80 +++ kustomize/base/values.yaml | 70 +-- kustomize/base/values703.yaml | 552 ++++++++++++++++++ kustomize/preprod/kustomization.yaml | 10 +- kustomize/preprod/patch-filestore-pvc.yaml | 8 - .../preprod/patch-ingress-repository.yaml | 10 +- kustomize/preprod/patch-ingress-share.yaml | 10 +- .../preprod/patch-live-indexing-content.yaml | 12 + .../patch-live-indexing-mediation.yaml | 12 + .../preprod/patch-live-indexing-metadata.yaml | 12 + .../preprod/patch-live-indexing-path.yaml | 12 + kustomize/preprod/patch-router.yaml | 12 + kustomize/preprod/patch-tika.yaml | 12 + .../preprod/patch-transform-imagemagick.yaml | 12 + .../preprod/patch-transform-libreoffice.yaml | 12 + kustomize/preprod/patch-transform-misc.yaml | 12 + kustomize/preprod/values.yaml | 46 +- 26 files changed, 800 insertions(+), 138 deletions(-) delete mode 100644 kustomize/base/patch-shared-filestore.yaml create mode 100644 kustomize/base/values-versions.yaml create mode 100644 kustomize/base/values703.yaml delete mode 100644 kustomize/preprod/patch-filestore-pvc.yaml create mode 100644 kustomize/preprod/patch-live-indexing-content.yaml create mode 100644 kustomize/preprod/patch-live-indexing-mediation.yaml create mode 100644 kustomize/preprod/patch-live-indexing-metadata.yaml create mode 100644 kustomize/preprod/patch-live-indexing-path.yaml create mode 100644 kustomize/preprod/patch-router.yaml create mode 100644 kustomize/preprod/patch-tika.yaml create mode 100644 kustomize/preprod/patch-transform-imagemagick.yaml create mode 100644 kustomize/preprod/patch-transform-libreoffice.yaml create mode 100644 kustomize/preprod/patch-transform-misc.yaml diff --git a/.gitignore b/.gitignore index 052a22a..d7349ee 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ kustomize/base/resources.yaml jobs/reindex/values-reindex-*.yaml completed.txt ids.json +alfresco-content-services/ +s3-config/ diff --git a/jobs/reindex-list/templates/reindexing-config.yaml b/jobs/reindex-list/templates/reindexing-config.yaml index 6616917..aec8c2e 100644 --- a/jobs/reindex-list/templates/reindexing-config.yaml +++ b/jobs/reindex-list/templates/reindexing-config.yaml @@ -5,7 +5,7 @@ metadata: data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} - ALFRESCO_SHAREDFILESTORE_BASEURL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} diff --git a/jobs/reindex/templates/reindexing-config.yaml b/jobs/reindex/templates/reindexing-config.yaml index b9086dc..57711c7 100644 --- a/jobs/reindex/templates/reindexing-config.yaml +++ b/jobs/reindex/templates/reindexing-config.yaml @@ -5,7 +5,7 @@ metadata: data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} - ALFRESCO_SHAREDFILESTORE_BASEURL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} diff --git a/jobs/reindex_date/templates/reindexing-config.yaml b/jobs/reindex_date/templates/reindexing-config.yaml index 90ab791..11199b1 100644 --- a/jobs/reindex_date/templates/reindexing-config.yaml +++ b/jobs/reindex_date/templates/reindexing-config.yaml @@ -5,7 +5,7 @@ metadata: data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} - ALFRESCO_SHAREDFILESTORE_BASEURL: http://alfresco-content-services-alfresco-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/ + ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 7e9a02e..4242f51 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -7,10 +7,9 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - - path: patch-delete-reindexing-config-map.yaml - - path: patch-live-path-indexing.yaml - - path: patch-live-metadata-indexing.yaml - - path: patch-live-content-indexing.yaml - - path: patch-live-mediation-indexing.yaml - - path: patch-shared-filestore.yaml + # - path: patch-delete-reindexing-config-map.yaml + # - path: patch-live-path-indexing.yaml + # - path: patch-live-metadata-indexing.yaml + # - path: patch-live-content-indexing.yaml + # - path: patch-live-mediation-indexing.yaml - path: patch-router.yaml diff --git a/kustomize/base/patch-ingress-repository.yaml b/kustomize/base/patch-ingress-repository.yaml index 2362385..ddd5f53 100644 --- a/kustomize/base/patch-ingress-repository.yaml +++ b/kustomize/base/patch-ingress-repository.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository annotations: external-dns.alpha.kubernetes.io/aws-weight: "100" kubernetes.io/ingress.class: default diff --git a/kustomize/base/patch-ingress-share.yaml b/kustomize/base/patch-ingress-share.yaml index ed6a361..66f58b7 100644 --- a/kustomize/base/patch-ingress-share.yaml +++ b/kustomize/base/patch-ingress-share.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share annotations: external-dns.alpha.kubernetes.io/aws-weight: "100" kubernetes.io/ingress.class: default diff --git a/kustomize/base/patch-router.yaml b/kustomize/base/patch-router.yaml index f904722..ac1e81e 100644 --- a/kustomize/base/patch-router.yaml +++ b/kustomize/base/patch-router.yaml @@ -1,12 +1,12 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: alfresco-content-services-alfresco-router + name: alfresco-content-services-transform-router spec: template: spec: containers: - - name: alfresco-content-services + - name: alfresco-transform-service env: - name: SPRING_ACTIVEMQ_POOL_ENABLED value: "true" diff --git a/kustomize/base/patch-shared-filestore.yaml b/kustomize/base/patch-shared-filestore.yaml deleted file mode 100644 index 20a82b7..0000000 --- a/kustomize/base/patch-shared-filestore.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-filestore -spec: - strategy: - type: Recreate - rollingUpdate: null - template: - spec: - containers: - - name: alfresco-content-services - env: - - name: scheduler.content.age.millis - value: "518400000" # 3 days - - name: scheduler.cleanup.interval - value: "259200000" # 1 days diff --git a/kustomize/base/values-versions.yaml b/kustomize/base/values-versions.yaml new file mode 100644 index 0000000..aec48f2 --- /dev/null +++ b/kustomize/base/values-versions.yaml @@ -0,0 +1,80 @@ +# This values file can be used to install ACS 7.3.x using the latest version of +# the chart +alfresco-repository: + image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository + tag: release_7.3.2_elasticsearch-r5.0.1-content-latest +alfresco-ai-transformer: + image: + tag: 1.5.1 +share: + image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share + tag: release_7.3.2_elasticsearch-r5.0.1-share-latest +alfresco-transform-service: + transformrouter: + image: + repository: quay.io/alfresco/alfresco-transform-router + tag: 2.1.1 + pdfrenderer: + image: + tag: 3.1.1 + imagemagick: + image: + tag: 3.1.1 + libreoffice: + image: + tag: 3.1.1 + tika: + image: + tag: 3.1.1 + transformmisc: + image: + tag: 3.1.1 + filestore: + image: + tag: 2.1.1 +alfresco-search: + searchServicesImage: + tag: 2.0.5.2 + insightEngineImage: + tag: 2.0.5.2 +alfresco-search-enterprise: + enabled: false + liveIndexing: + mediation: + image: + tag: 3.2.0.2 + content: + image: + tag: 3.2.0.2 + metadata: + image: + tag: 3.2.0.2 + path: + image: + tag: 3.2.0.2 + reindexing: + image: + tag: 3.2.0.2 +alfresco-digital-workspace: + image: + tag: 3.1.1 +alfresco-control-center: + image: + tag: 7.9.0 +postgresql: + image: + tag: 14.4.0 +postgresql-syncservice: + image: + tag: 14.4.0 +alfresco-sync-service: + image: + tag: 3.11.1 +alfresco-connector-ms365: + image: + tag: 1.1.3.2 +alfresco-connector-msteams: + image: + tag: 1.1.0 diff --git a/kustomize/base/values.yaml b/kustomize/base/values.yaml index 94d1640..ae4b2b6 100644 --- a/kustomize/base/values.yaml +++ b/kustomize/base/values.yaml @@ -78,6 +78,7 @@ repository: -Dsystem.delete_not_exists.timeout_seconds=3600 -Dfilecontentstore.subsystem.name=S3 -Ds3.flatRoot=false + -Dsfs.url=https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk securityContext: allowPrivilegeEscalation: false runAsNonRoot: true @@ -564,74 +565,7 @@ aiTransformer: # -- Declares the alfresco-shared-file-store used by the content repository # and transform service filestore: - replicaCount: 1 - nodeSelector: {} - image: - repository: ghcr.io/ministryofjustice/hmpps-delius-alfresco-shared-file-store - tag: 2.1.2-4 - pullPolicy: IfNotPresent - internalPort: 8099 - initContainer: - image: - repository: busybox - tag: 1.35.0 - pullPolicy: IfNotPresent - resources: - limits: - cpu: "0.50" - memory: "10Mi" - service: - name: filestore - type: ClusterIP - externalPort: 80 - securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - podSecurityContext: - runAsUser: 33030 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - cpu: "0.25" - memory: "200Mi" - limits: - cpu: "2" - memory: "2000Mi" - environment: - scheduler.content.age.millis: "86400000" - scheduler.cleanup.interval: "86400000" - JAVA_OPTS: >- - -XX:MinRAMPercentage=50 - -XX:MaxRAMPercentage=80 - readinessProbe: - initialDelaySeconds: 20 - periodSeconds: 60 - timeoutSeconds: 10 - livenessProbe: - initialDelaySeconds: 10 - periodSeconds: 20 - timeoutSeconds: 10 - livenessPercent: 150 - livenessSavePeriodSeconds: 600 - persistence: - # -- Persist filestore data - enabled: true - # -- Specify a storageClass for dynamic provisioning - accessModes: - - ReadWriteOnce - # -- Bind PVC based on storageClass (e.g. dynamic provisionning) - storageClass: - # -- Use pre-provisioned pv through its claim (e.g. static provisionning) - existingClaim: null - data: - mountPath: "/tmp/Alfresco" - subPath: "alfresco-content-services/filestore-data" + enabled: false # -- Define the alfresco-share properties to use in the k8s cluster # This is the default presentation layer(UI) of Alfresco Content Services share: diff --git a/kustomize/base/values703.yaml b/kustomize/base/values703.yaml new file mode 100644 index 0000000..077ea1e --- /dev/null +++ b/kustomize/base/values703.yaml @@ -0,0 +1,552 @@ +# This is a YAML-formatted file. +# It declares variables to be passed into your templates. +# ACS will be created in a k8s cluster with a minimum of 16GB memory to split +# among below nodes: +# 2 x repository, 1 x share, 1 x postgres and +# 1 x transformers (pdfrenderer, imagemagick, libreoffice, tika, misc) +# +# Limit container memory and assign X percentage to JVM. There are couple of +# ways to allocate JVM Memory for ACS Containers, for example: +# JAVA_OPTS: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap" +# But, as per Oracle docs +# (https://docs.oracle.com/javase/9/gctuning/parallel-collector1.htm#JSGCT-GUID-CAB83393-3438-44ED-98F0-D15641B43C7D) +# If container memory is not explicitly set, then the above flags will default +# max heap to 1/4th of container's memory which may not be ideal. Hence, setting +# up explicit Container memory and then assigning a percentage of it to the JVM +# for performance tuning. +infrastructure: + configMapName: &infrastructure_cmName alfresco-infrastructure +global: + # -- list of trusted URLs. + # URLs a re used to configure Cross-origin protections + # Also the first entry is considered the main hosting domain of the platform. + known_urls: null # added to each environment values file + # -- For a full information of configuring the outbound email system, see + # https://docs.alfresco.com/content-services/latest/config/email/#manage-outbound-emails + mail: + # -- SMTP server to use for the system to send outgoing email + host: null + # -- SMTP server port + port: 587 + # -- SMTP protocol to use. Either smtp or smtps + protocol: smtp + username: anonymous + password: null + smtp: + auth: true + starttls: + enable: true + smtps: + auth: true + search: + # -- set this URL if you have an external search service + url: null # set by helm install task as inline value + # -- set the type of search service used externally (solr6 or elasticsearch) + flavor: elasticsearch + # -- set the security level used with the external search service (secret, none or https) + securecomms: none + # -- Mandatory secret to provide when using Solr search with 'secret' security level + sharedSecret: null + # -- Name of the secret managed by this chart + secretName: &acs_search_secretName alfresco-search-secret + # -- If a private image registry a secret can be defined and passed to + # kubernetes, see: + # https://github.com/Alfresco/acs-deployment/blob/a924ad6670911f64f1bba680682d266dd4ea27fb/docs/helm/eks-deployment.md#docker-registry-secret + alfrescoRegistryPullSecrets: quay-registry-secret + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + registryPullSecrets: + - quay-registry-secret + ai: + # -- Enable AI capabilities in ADW AI plugin + enabled: false +database: + # -- Enable using an external database for Alfresco Content Services. Must disable `postgresql.enabled` when true. + external: true + # -- Postgresql jdbc driver name ex: org.postgresql.Driver. It should be available in the container image. + driver: null + # -- External Postgresql database user + user: null + # -- External Postgresql database password + password: null + # -- External Postgresql jdbc url ex: `jdbc:postgresql://oldfashioned-mule-postgresql-acs:5432/alfresco` + url: null + # -- Name of the secret managed by this chart + configMapName: *infrastructure_cmName + # -- Name of the secret managed by this chart + # secretName: &acs_database_secretName alfresco-cs-database + # -- An existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys. + # When using embedded postgres you need to also set `postgresql.existingSecret`. + existingSecretName: rds-instance-output +# -- Activemq connection details (activemq.enabled must also be set to false) +messageBroker: + url: null + user: null + password: null + # -- Name of the secret managed by this chart + # secretName: &acs_messageBroker_secretName acs-alfresco-cs-brokersecret + existingSecretName: amazon-mq-broker-secret +alfresco-repository: + environment: + JAVA_OPTS: >- + -Dindex.subsystem.name=elasticsearch + -Delasticsearch.indexName=alfresco + -Delasticsearch.createIndexIfNotExists=true + -Dtransform.service.enabled=true + -XX:MinRAMPercentage=50 + -XX:MaxRAMPercentage=80 + -Dencryption.keystore.type=JCEKS + -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede + -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.aliases=metadata + -Dmetadata-keystore.metadata.algorithm=DESede + -Dsystem.workflow.engine.activiti.enabled=false + -Dsystem.prop_table_cleaner.algorithm=V2 + -Dsystem.delete_not_exists.read_only=false + -Dsystem.delete_not_exists.timeout_seconds=3600 + -Dfilecontentstore.subsystem.name=S3 + -Dsfs.url=https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk + nameOverride: alfresco-repository + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + podSecurityContext: + runAsNonRoot: true + runAsUser: 33000 + runAsGroup: 1000 + fsGroup: 1000 + # -- The startup probe to cover the worse case startup time for slow clusters + startupProbe: + periodSeconds: 30 + failureThreshold: 10 + # The repository readiness probe is used to check startup only as a failure + # of the liveness probe later will result in the pod being restarted. + readinessProbe: + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + livenessProbe: + initialDelaySeconds: 130 + periodSeconds: 20 + timeoutSeconds: 15 + # image: set by environment values file + configuration: + repository: + existingConfigMap: repository + existingSecrets: + - name: alfresco-license + key: Alfresco-ent73-NOMSNationalOffenderManagementService-Expires10.03.2025.lic + purpose: acs-license + - name: s3-connector-config + purpose: subsystems:ContentStore:S3 + db: + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: rds-instance-output + messageBroker: + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: amazon-mq-broker-secret + search: + flavor: elasticsearch + # existingConfigMap: + # name: *infrastructure_cmName + # existingSecret: + # name: *acs_search_secretName + # keys: + # username: SEARCH_USERNAME + # password: SEARCH_PASSWORD + persistence: + # -- Persist repository data + enabled: false + baseSize: 20Gi + # -- Specify a storageClass for dynamic provisioning + accessModes: + - ReadWriteOnce +activemq: + nameOverride: activemq + enabled: false + # -- Possibility to choose Node for pod, with a key-value pair label + # e.g {"kubernetes.io/hostname": multinode-demo-m02} + nodeSelector: {} + adminUser: + # -- Default username for the embedded broker admin user + user: admin + # -- Default password for the embedded broker admin user + password: admin + existingSecretName: amazon-mq-broker-secret + existingSecretName: null +alfresco-connector-ms365: + # -- Enable/Disable Alfresco Content Connector for Microsoft 365 + enabled: false + image: + repository: quay.io/alfresco/alfresco-ooi-service + tag: 2.0.0 + repository: + existingConfigMap: + # -- Name of the configmap which hold the repository connection details + name: *infrastructure_cmName + keys: + # -- Name of the key in the configmap which points to the repository + # service hostname + host: repo_svc_name + # -- Name of the key in the configmap which points to the repository + # service port + port: repo_svc_port +alfresco-connector-msteams: + # -- Enable/Disable Alfresco Content Connector for Microsoft Teams + enabled: false + image: + repository: quay.io/alfresco/alfresco-ms-teams-service + tag: 2.0.0 +alfresco-transform-service: + enabled: true + messageBroker: + existingSecretName: amazon-mq-broker-secret + transformrouter: + # -- Declares the alfresco-transform-router service used by the content repository + # to route transformation requests + enabled: true + replicaCount: 2 + # image: # set by environment values file + pdfrenderer: + # -- Declares the alfresco-pdf-renderer service used by the content repository + # to transform pdf files + enabled: true + # image: set by environment values file + imagemagick: + # -- Declares the alfresco-imagemagick service used by the content repository + # to transform image files + enabled: true + # image: set by environment values file + libreoffice: + # -- Declares the alfresco-libreoffice service used by the content repository + # to transform office files + enabled: true + # image: set by environment values file + tika: + # -- Declares the alfresco-tika service used by the content repository + # to transform office files + enabled: true + # image: set by environment values file + transformmisc: + # -- Declares the alfresco-tika service used by the content repository + # to transform office files + enabled: true + image: + repository: alfresco/alfresco-transform-misc + tag: 5.0.1 + filestore: + # -- Declares the alfresco-shared-file-store used by the content repository + # and transform service + # due to platform constraints, the filestore is in MP + enabled: false + replicaCount: 0 + image: + repository: quay.io/alfresco/alfresco-shared-file-store + tag: 4.0.1 + persistence: + # -- Persist filestore data + enabled: true + data: + mountPath: "/tmp/Alfresco" + subPath: "alfresco-content-services/filestore-data" +share: + # -- toggle deploying Alfresco Share UI + enabled: true + # image: set by environment values file + nameOverride: share + repository: + existingConfigMap: + # -- Name of the configmap which hold the repository connection details + name: *infrastructure_cmName + keys: + # -- Name of the key in the configmap which points to the repository + # service hostname + host: repo_svc_name + # -- Name of the key in the configmap which points to the repository + # service port + port: repo_svc_port + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - NET_RAW + - ALL + seccompProfile: + type: RuntimeDefault + podSecurityContext: + runAsUser: 65534 + resources: + requests: + cpu: "1" + memory: "512Mi" + limits: + cpu: "4" + memory: "2000Mi" +alfresco-search: + enabled: false + repository: + existingConfigMap: + name: *infrastructure_cmName + keys: + host: repo_svc_name + port: repo_svc_port + securecomms: SEARCH_SECURECOMMS + existingSecret: + name: *acs_search_secretName + keys: + sharedSecret: SOLR_SECRET + searchServicesImage: + repository: quay.io/alfresco/search-services + tag: 2.0.8.2 + insightEngineImage: + repository: quay.io/alfresco/insight-engine + tag: 2.0.8.2 + nameOverride: alfresco-search + # If an external Solr service is to be used then enabled must be set to false + # and external has to be configured accordingly. + external: + # -- Host dns/ip of the external solr6 instance. + host: null + # -- Port of the external solr6 instance. + port: null + alfresco-insight-zeppelin: + enabled: false + ingress: + # -- Alfresco Search services endpoint ('/solr') + enabled: false + # -- Default solr basic auth user/password: admin / admin + # You can create your own with htpasswd utility & encode it with base64. + # Example: `echo -n "$(htpasswd -nbm admin admin)" | base64 | tr -d '\n'` + # basicAuth: YWRtaW46JGFwcjEkVVJqb29uS00kSEMuS1EwVkRScFpwSHB2a3JwTDd1Lg== + basicAuth: null + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local +alfresco-search-enterprise: + enabled: true + search: + existingConfigMap: + name: *infrastructure_cmName + existingSecret: + name: *acs_search_secretName + ats: + existingConfigMap: + name: *infrastructure_cmName + messageBroker: + existingConfigMap: + name: *infrastructure_cmName + existingSecretName: amazon-mq-broker-secret + liveIndexing: + # set in value-versions yaml + mediation: + image: + tag: 4.0.0.1 + content: + image: + tag: 4.0.0.1 + metadata: + image: + tag: 4.0.0.1 + path: + image: + tag: 4.0.0.1 + reindexing: + enabled: false # leave as false - reindexing job is now standalone + repository: + existingConfigMap: + name: *infrastructure_cmName + db: + existingSecret: + name: rds-instance-output + existingConfigMap: + name: *infrastructure_cmName + image: + tag: 4.0.0.1 +alfresco-digital-workspace: + nodeSelector: {} + enabled: false + nameOverride: "alfresco-dw" + service: + envType: frontend + ingress: + path: /workspace + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: "5g" + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + image: + repository: quay.io/alfresco/alfresco-digital-workspace + tag: 4.3.0 + pullPolicy: IfNotPresent + registryPullSecrets: + - "{{ $.Values.global.alfrescoRegistryPullSecrets }}" + env: + APP_CONFIG_PROVIDER: "ECM" + APP_CONFIG_AUTH_TYPE: "BASIC" + API_URL: "{protocol}//{hostname}{:port}" + extraEnv: |- + {{- if .Values.global.ai.enabled }} + - name: APP_CONFIG_PLUGIN_AI_SERVICE + value: '{{ .Values.global.ai.enabled }}' + {{- end }} + securityContext: + runAsNonRoot: true + runAsUser: 101 + capabilities: + drop: + - NET_RAW + - ALL + resources: + requests: + cpu: "0.25" + memory: "256Mi" + limits: + cpu: "1" + memory: "1024Mi" +alfresco-control-center: + nodeSelector: {} + enabled: false + nameOverride: "alfresco-cc" + service: + envType: frontend + ingress: + path: /control-center + annotations: + kubernetes.io/ingress.class: nginx + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + image: + repository: quay.io/alfresco/alfresco-control-center + tag: 8.3.0 + pullPolicy: IfNotPresent + registryPullSecrets: + - "{{ $.Values.global.alfrescoRegistryPullSecrets }}" + env: + APP_CONFIG_PROVIDER: "ECM" + APP_CONFIG_AUTH_TYPE: "BASIC" + API_URL: "{protocol}//{hostname}{:port}" + securityContext: + runAsNonRoot: true + runAsUser: 101 + capabilities: + drop: + - NET_RAW + - ALL + resources: + requests: + cpu: "0.25" + memory: "256Mi" + limits: + cpu: "1" + memory: "1024Mi" +postgresql: + # -- Toggle embedded postgres for Alfresco Content Services repository + # Check [PostgreSQL Bitnami chart + # Documentation](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) + enabled: false + nameOverride: postgresql-acs + image: + tag: 14.4.0 + pullPolicy: IfNotPresent + commonAnnotations: + application: alfresco-content-services + auth: + existingSecret: null + username: alfresco + password: alfresco + database: alfresco + primary: + extendedConfiguration: | + max_connections = 250 + shared_buffers = 512MB + effective_cache_size = 2GB + wal_level = minimal + max_wal_senders = 0 + max_replication_slots = 0 + log_min_messages = LOG + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "8" + memory: "8Gi" + service: + ports: + postgresql: 5432 + persistence: + # -- set the storageClass to use for dynamic provisioning. + # setting it to null means "default storageClass". + storageClass: null + # -- provide an existing persistent volume claim name to persist SQL data + # Make sure the root folder has the appropriate permissions/ownership set. + existingClaim: null + subPath: "alfresco-content-services/database-data" +alfresco-sync-service: + # -- Toggle deployment of Alfresco Sync Service (Desktop-Sync) + # Check [Alfresco Sync Service + # Documentation](https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/alfresco-sync-service) + enabled: false + image: + tag: 4.0.1 + postgresql: + enabled: true + image: + tag: 14.4.0 + auth: + enablePostgresUser: false + username: alfresco + password: admin + database: syncservice-postgresql + primary: + resources: + requests: + cpu: 250m + memory: 1Gi + limits: + cpu: "4" + memory: 4Gi + messageBroker: + existingSecretName: amazon-mq-broker-secret + repository: + nameOverride: alfresco-repository + port: 80 + # -- toggle deploying Alfresco ai transformer +alfresco-ai-transformer: + enabled: false + messageBroker: + existingSecretName: amazon-mq-broker-secret + image: + repository: quay.io/alfresco/alfresco-ai-docker-engine + tag: 3.0.1 +# aws: +# accessKey: +# secretAccessKey: +# region: +# s3Bucket: +# comprehendRoleARN: +elasticsearch: + # -- Enables the embedded elasticsearch cluster + enabled: false + replicas: 1 + clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" diff --git a/kustomize/preprod/kustomization.yaml b/kustomize/preprod/kustomization.yaml index 757ef78..b01d7a7 100644 --- a/kustomize/preprod/kustomization.yaml +++ b/kustomize/preprod/kustomization.yaml @@ -7,4 +7,12 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - - path: patch-filestore-pvc.yaml + # - path: patch-live-indexing-path.yaml + # - path: patch-live-indexing-content.yaml + # - path: patch-live-indexing-mediation.yaml + # - path: patch-live-indexing-metadata.yaml + - path: patch-router.yaml + # - path: patch-tika.yaml + # - path: patch-transform-misc.yaml + # - path: patch-transform-libreoffice.yaml + # - path: patch-transform-imagemagick.yaml diff --git a/kustomize/preprod/patch-filestore-pvc.yaml b/kustomize/preprod/patch-filestore-pvc.yaml deleted file mode 100644 index 58bcc70..0000000 --- a/kustomize/preprod/patch-filestore-pvc.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: filestore-default-pvc -spec: - resources: - requests: - storage: 4000Gi diff --git a/kustomize/preprod/patch-ingress-repository.yaml b/kustomize/preprod/patch-ingress-repository.yaml index 5d4911e..7ff5f4e 100644 --- a/kustomize/preprod/patch-ingress-repository.yaml +++ b/kustomize/preprod/patch-ingress-repository.yaml @@ -1,10 +1,10 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-preprod-green + nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" spec: rules: - host: hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-repository + name: alfresco-content-services-alfresco-repository port: number: 80 path: /api-explorer diff --git a/kustomize/preprod/patch-ingress-share.yaml b/kustomize/preprod/patch-ingress-share.yaml index 4eb86e9..d896720 100644 --- a/kustomize/preprod/patch-ingress-share.yaml +++ b/kustomize/preprod/patch-ingress-share.yaml @@ -1,10 +1,10 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share annotations: - external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-preprod-green + nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" spec: rules: - host: share.hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk @@ -12,14 +12,14 @@ spec: paths: - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share port: number: 80 path: / pathType: Prefix - backend: service: - name: alfresco-content-services-alfresco-cs-share + name: alfresco-content-services-share port: number: 80 path: /share/page/ diff --git a/kustomize/preprod/patch-live-indexing-content.yaml b/kustomize/preprod/patch-live-indexing-content.yaml new file mode 100644 index 0000000..107f989 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-content.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-metadata +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-metadata + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-mediation.yaml b/kustomize/preprod/patch-live-indexing-mediation.yaml new file mode 100644 index 0000000..7c071b1 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-mediation.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-content +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-content + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-metadata.yaml b/kustomize/preprod/patch-live-indexing-metadata.yaml new file mode 100644 index 0000000..fe075ec --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-metadata.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-mediation +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-mediation + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-path.yaml b/kustomize/preprod/patch-live-indexing-path.yaml new file mode 100644 index 0000000..d4f1798 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-path.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-path +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-path + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-router.yaml b/kustomize/preprod/patch-router.yaml new file mode 100644 index 0000000..5fccf66 --- /dev/null +++ b/kustomize/preprod/patch-router.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-transform-router +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-tika.yaml b/kustomize/preprod/patch-tika.yaml new file mode 100644 index 0000000..ea02ac6 --- /dev/null +++ b/kustomize/preprod/patch-tika.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-cs-tika +spec: + template: + spec: + containers: + - name: alfresco-content-services + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-imagemagick.yaml b/kustomize/preprod/patch-transform-imagemagick.yaml new file mode 100644 index 0000000..4026fe5 --- /dev/null +++ b/kustomize/preprod/patch-transform-imagemagick.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-cs-imagemagick +spec: + template: + spec: + containers: + - name: alfresco-content-services + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-libreoffice.yaml b/kustomize/preprod/patch-transform-libreoffice.yaml new file mode 100644 index 0000000..1d7c521 --- /dev/null +++ b/kustomize/preprod/patch-transform-libreoffice.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-cs-libreoffice +spec: + template: + spec: + containers: + - name: alfresco-content-services + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-misc.yaml b/kustomize/preprod/patch-transform-misc.yaml new file mode 100644 index 0000000..eee6508 --- /dev/null +++ b/kustomize/preprod/patch-transform-misc.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-cs-transform-misc +spec: + template: + spec: + containers: + - name: alfresco-content-services + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/values.yaml b/kustomize/preprod/values.yaml index 2335747..0b78bb3 100644 --- a/kustomize/preprod/values.yaml +++ b/kustomize/preprod/values.yaml @@ -1,6 +1,6 @@ # this file overrides values defined in ./values.yaml repository: - # -- The startup probe to cover the worse case startup time for slow clusters + # -- The startup probe to cover the worse case startup time for slow clusters # startupProbe: # periodSeconds: 30 # failureThreshold: 40 @@ -14,7 +14,7 @@ repository: # periodSeconds: 20 # timeoutSeconds: 15 # failureThreshold: 40 - replicaCount: 10 + replicaCount: 1 image: tag: release_7.3.2_elasticsearch-r5.0.2-content-latest resources: # requests and limits set closer together to ensure CP stability @@ -30,29 +30,33 @@ share: replicaCount: 1 image: tag: release_7.3.2_elasticsearch-r5.0.2-share-latest -externalHost: hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk externalProtocol: https externalPort: 443 -tika: - replicaCount: 8 - resources: - limits: - cpu: 2 - memory: 4Gi -transformrouter: - replicaCount: 12 - resources: - requests: - cpu: "0.75" - memory: "300Mi" - limits: - cpu: "2" - memory: "756Mi" +alfresco-transform-service: + tika: + replicaCount: 1 + resources: + limits: + cpu: 2 + memory: 4Gi + transformrouter: + replicaCount: 1 + resources: + requests: + cpu: "0.75" + memory: "300Mi" + limits: + cpu: "2" + memory: "756Mi" alfresco-search-enterprise: liveIndexing: content: - replicaCount: 8 + replicaCount: 1 mediation: - replicaCount: 4 + replicaCount: 1 metadata: - replicaCount: 4 + replicaCount: 1 + +global: + known_urls: + - https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk From d0237e044e9997806ad24d04e226c0fd1ced7817 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Dec 2024 15:24:25 +0000 Subject: [PATCH 3/7] Update Taskfile.yml --- Taskfile.yml | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/Taskfile.yml b/Taskfile.yml index 5ae8504..eca8339 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -10,6 +10,11 @@ vars: sh: kubectl get svc --namespace {{.NAMESPACE}} | grep 'opensearch-proxy-service-cloud-platform' | awk '{ print $1 }' OPENSEARCH_HOST: sh: echo "{{.OPEN_SEARCH_PREFIX}}.{{.NAMESPACE}}.svc.cluster.local" + MESSAGEBROKER_URL: + sh: | + kubectl get secrets amazon-mq-broker-secret -o json | \ + jq -r ".data | map_values(@base64d) | .BROKER_URL" | \ + sed -e 's/(/\\(/g' -e 's/)/\\)/g' -e 's/,/\\,/g' ALLOWLIST: sh: yq 'join(",")' ./kustomize/{{.ENV}}/allowlist.yaml RDS_JDBC_URL: @@ -22,7 +27,7 @@ vars: ATOMIC: "true" ATOMIC_FLAG: sh: if [ "{{.ATOMIC}}" = "true" ]; then echo "--atomic"; else echo ""; fi - CHART_VERSION: "6.0.2" + CHART_VERSION: "7.0.3" tasks: helm_upgrade: @@ -82,11 +87,12 @@ tasks: cmds: - | helm upgrade --install alfresco-content-services alfresco/alfresco-content-services --version {{.CHART_VERSION}} --namespace {{.NAMESPACE}} \ - --values=../base/values.yaml --values=values.yaml \ + --values=../base/values703.yaml --values=../base/values-versions.yaml --values=values.yaml \ --set s3connector.config.bucketName={{.BUCKET_NAME}} \ --set database.url={{.RDS_JDBC_URL}} \ - --set global.elasticsearch.host={{.OPENSEARCH_HOST}} \ - --set alfresco-search-enterprise.searchIndex.host={{.OPENSEARCH_HOST}} \ + --set-string messageBroker.url="{{.MESSAGEBROKER_URL}}" \ + --set global.search.url=http://{{.OPENSEARCH_HOST}}:8080 \ + --set global.search.host={{.OPENSEARCH_HOST}} \ --wait --timeout=60m \ --post-renderer ../kustomizer.sh --post-renderer-args "{{.HELM_POST_RENDERER_ARGS}}" \ {{.DEBUG_FLAG}} {{.ATOMIC_FLAG}} @@ -103,15 +109,15 @@ tasks: cmds: - yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i patch-ingress-repository.yaml - yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i patch-ingress-share.yaml - + simple_reindex: cmds: - - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=27451380" --set "toId=27908429" --namespace {{.NAMESPACE}} + - | + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=52000100" --set "toId=52001000" --namespace {{.NAMESPACE}} reindex_list: cmds: - - | + - | # Set your batch size (you can adjust this number as needed) BATCH_SIZE=40 @@ -178,23 +184,20 @@ tasks: if [ "$index" -gt 0 ]; then create_helm_job "${batch[@]}" fi - + echo "All jobs have been created!" echo "Cleaning up..." helm uninstall "reindex-list-${RANDOM_ID}" --namespace {{.NAMESPACE}} echo "Cleanup complete!" - - - simple_reindex_date: cmds: - - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=201707060001" --set "toTime=201707070001" --namespace {{.NAMESPACE}} + - | + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=201711280001" --set "toTime=201712280001" --namespace {{.NAMESPACE}} simple_reindex_date_metadata-only: cmds: - - | + - | helm install "reindex-default-date-meta" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=202402010100" --set "toTime=202402100100" --set "content=false" --namespace {{.NAMESPACE}} batch_reindex: @@ -249,7 +252,7 @@ tasks: for item in $previous_completed; do pending=$(echo "$pending" | grep -v "$item") done - + total_items=$(echo "$pending" | wc -l) echo "Total items: $total_items" @@ -275,11 +278,11 @@ tasks: if [ $running_jobs -ge {{.CONCURRENCY}} ]; then echo "No available slots, waiting for 5 seconds" sleep 5 - else + else echo "Found at least 1 available slot!" echo "Available slots left: $(({{.CONCURRENCY}} - $running_jobs))" # run the job - echo "helm install reindex-${start}-${end} ./jobs/reindex --set global.elasticsearch.host={{.OPENSEARCH_HOST}} --set fromId=${start} --set toId=${end} --namespace {{.NAMESPACE}}" + echo "helm install reindex-${start}-${end} ./jobs/reindex --set global.elasticsearch.host={{.OPENSEARCH_HOST}} --set fromId=${start} --set toId=${end} --namespace {{.NAMESPACE}}" helm install "reindex-${start}-${end}" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=${start}" --set "toId=${end}" --namespace {{.NAMESPACE}} # Remove the item from the list pending=$(echo "$pending" | tail -n +2) @@ -330,4 +333,3 @@ tasks: echo "Uninstalling release: $release" helm uninstall "$release" -n "$NAMESPACE" done - \ No newline at end of file From 47c029617ac8ea9756232ed7db94ba788fa21a22 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Dec 2024 17:46:41 +0000 Subject: [PATCH 4/7] values changes --- kustomize/base/values-versions.yaml | 14 ---------- kustomize/base/values703.yaml | 27 ++++++++++++++++--- .../preprod/patch-ingress-repository.yaml | 2 +- kustomize/preprod/patch-ingress-share.yaml | 2 +- kustomize/preprod/values.yaml | 13 +++------ 5 files changed, 28 insertions(+), 30 deletions(-) diff --git a/kustomize/base/values-versions.yaml b/kustomize/base/values-versions.yaml index aec48f2..578608f 100644 --- a/kustomize/base/values-versions.yaml +++ b/kustomize/base/values-versions.yaml @@ -1,16 +1,3 @@ -# This values file can be used to install ACS 7.3.x using the latest version of -# the chart -alfresco-repository: - image: - repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository - tag: release_7.3.2_elasticsearch-r5.0.1-content-latest -alfresco-ai-transformer: - image: - tag: 1.5.1 -share: - image: - repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share - tag: release_7.3.2_elasticsearch-r5.0.1-share-latest alfresco-transform-service: transformrouter: image: @@ -40,7 +27,6 @@ alfresco-search: insightEngineImage: tag: 2.0.5.2 alfresco-search-enterprise: - enabled: false liveIndexing: mediation: image: diff --git a/kustomize/base/values703.yaml b/kustomize/base/values703.yaml index 077ea1e..d37ff22 100644 --- a/kustomize/base/values703.yaml +++ b/kustomize/base/values703.yaml @@ -108,7 +108,8 @@ alfresco-repository: -Dsystem.delete_not_exists.read_only=false -Dsystem.delete_not_exists.timeout_seconds=3600 -Dfilecontentstore.subsystem.name=S3 - -Dsfs.url=https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk + CATALINA_OPTS: >- + -Ds3.bucketLocation=eu-west-2 nameOverride: alfresco-repository securityContext: allowPrivilegeEscalation: false @@ -146,8 +147,18 @@ alfresco-repository: - name: alfresco-license key: Alfresco-ent73-NOMSNationalOffenderManagementService-Expires10.03.2025.lic purpose: acs-license - - name: s3-connector-config - purpose: subsystems:ContentStore:S3 + - name: s3-bucket-output + key: ACCESSKEY + purpose: property:s3.accessKey + - name: s3-bucket-output + key: SECRETKEY + purpose: property:s3.secretKey + - name: s3-bucket-output + key: BUCKET_NAME + purpose: property:s3.bucketName + - name: sfs-url + key: SFS_URL + purpose: property:sfs.url db: existingConfigMap: name: *infrastructure_cmName @@ -350,21 +361,29 @@ alfresco-search-enterprise: messageBroker: existingConfigMap: name: *infrastructure_cmName - existingSecretName: amazon-mq-broker-secret + existingSecret: + name: amazon-mq-broker-secret + keys: + username: BROKER_USERNAME + password: BROKER_PASSWORD liveIndexing: # set in value-versions yaml mediation: image: tag: 4.0.0.1 + replicaCount: 1 content: image: tag: 4.0.0.1 + replicaCount: 1 metadata: image: tag: 4.0.0.1 + replicaCount: 1 path: image: tag: 4.0.0.1 + replicaCount: 1 reindexing: enabled: false # leave as false - reindexing job is now standalone repository: diff --git a/kustomize/preprod/patch-ingress-repository.yaml b/kustomize/preprod/patch-ingress-repository.yaml index 7ff5f4e..34b3ff0 100644 --- a/kustomize/preprod/patch-ingress-repository.yaml +++ b/kustomize/preprod/patch-ingress-repository.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-repository annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: - host: hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/preprod/patch-ingress-share.yaml b/kustomize/preprod/patch-ingress-share.yaml index d896720..2f22313 100644 --- a/kustomize/preprod/patch-ingress-share.yaml +++ b/kustomize/preprod/patch-ingress-share.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-share annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" spec: rules: - host: share.hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/preprod/values.yaml b/kustomize/preprod/values.yaml index 0b78bb3..5fab91d 100644 --- a/kustomize/preprod/values.yaml +++ b/kustomize/preprod/values.yaml @@ -1,5 +1,5 @@ # this file overrides values defined in ./values.yaml -repository: +alfresco-repository: # -- The startup probe to cover the worse case startup time for slow clusters # startupProbe: # periodSeconds: 30 @@ -16,6 +16,7 @@ repository: # failureThreshold: 40 replicaCount: 1 image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository tag: release_7.3.2_elasticsearch-r5.0.2-content-latest resources: # requests and limits set closer together to ensure CP stability requests: @@ -29,6 +30,7 @@ repository: share: replicaCount: 1 image: + repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share tag: release_7.3.2_elasticsearch-r5.0.2-share-latest externalProtocol: https externalPort: 443 @@ -48,15 +50,6 @@ alfresco-transform-service: limits: cpu: "2" memory: "756Mi" -alfresco-search-enterprise: - liveIndexing: - content: - replicaCount: 1 - mediation: - replicaCount: 1 - metadata: - replicaCount: 1 - global: known_urls: - https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk From a477b3f433a7ad7d4ec86729a21972ac83206722 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Dec 2024 18:21:05 +0000 Subject: [PATCH 5/7] patching --- jobs/reindex/templates/reindexing-config.yaml | 2 +- kustomize/base/kustomization.yaml | 8 +++---- .../patch-delete-reindexing-config-map.yaml | 5 ----- .../base/patch-live-mediation-indexing.yaml | 22 ------------------- kustomize/preprod/kustomization.yaml | 10 +-------- kustomize/preprod/patch-infra-config-map.yaml | 6 +++++ .../preprod/patch-live-indexing-content.yaml | 12 ---------- .../patch-live-indexing-mediation.yaml | 12 ---------- .../preprod/patch-live-indexing-metadata.yaml | 12 ---------- .../preprod/patch-live-indexing-path.yaml | 12 ---------- kustomize/preprod/patch-router.yaml | 12 ---------- kustomize/preprod/patch-tika.yaml | 12 ---------- .../preprod/patch-transform-imagemagick.yaml | 12 ---------- .../preprod/patch-transform-libreoffice.yaml | 12 ---------- kustomize/preprod/patch-transform-misc.yaml | 12 ---------- 15 files changed, 11 insertions(+), 150 deletions(-) delete mode 100644 kustomize/base/patch-delete-reindexing-config-map.yaml delete mode 100644 kustomize/base/patch-live-mediation-indexing.yaml create mode 100644 kustomize/preprod/patch-infra-config-map.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-content.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-mediation.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-metadata.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-path.yaml delete mode 100644 kustomize/preprod/patch-router.yaml delete mode 100644 kustomize/preprod/patch-tika.yaml delete mode 100644 kustomize/preprod/patch-transform-imagemagick.yaml delete mode 100644 kustomize/preprod/patch-transform-libreoffice.yaml delete mode 100644 kustomize/preprod/patch-transform-misc.yaml diff --git a/jobs/reindex/templates/reindexing-config.yaml b/jobs/reindex/templates/reindexing-config.yaml index 57711c7..14d1ca7 100644 --- a/jobs/reindex/templates/reindexing-config.yaml +++ b/jobs/reindex/templates/reindexing-config.yaml @@ -6,7 +6,7 @@ data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ - ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-transform-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} {{- if .Values.environment }} diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 4242f51..a3547aa 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -7,9 +7,7 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - # - path: patch-delete-reindexing-config-map.yaml - # - path: patch-live-path-indexing.yaml - # - path: patch-live-metadata-indexing.yaml - # - path: patch-live-content-indexing.yaml - # - path: patch-live-mediation-indexing.yaml + - path: patch-live-path-indexing.yaml + - path: patch-live-metadata-indexing.yaml + - path: patch-live-content-indexing.yaml - path: patch-router.yaml diff --git a/kustomize/base/patch-delete-reindexing-config-map.yaml b/kustomize/base/patch-delete-reindexing-config-map.yaml deleted file mode 100644 index f46c94b..0000000 --- a/kustomize/base/patch-delete-reindexing-config-map.yaml +++ /dev/null @@ -1,5 +0,0 @@ -$patch: delete -apiVersion: v1 -kind: ConfigMap -metadata: - name: alfresco-content-services-alfresco-search-enterprise-reindexing-configmap diff --git a/kustomize/base/patch-live-mediation-indexing.yaml b/kustomize/base/patch-live-mediation-indexing.yaml deleted file mode 100644 index 4dd4cd3..0000000 --- a/kustomize/base/patch-live-mediation-indexing.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-mediation -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-mediation - env: - - name: SPRING_ACTIVEMQ_POOL_ENABLED - value: "true" - - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS - value: "100" - - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT - value: "30000" # 30 seconds idle timeout - - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT - value: "60000" # 60 seconds expiry timeout - - name: JAVA_OPTS - value: "-Dspring.activemq.packages.trustAll=true" - # - name: INPUT_ALFRESCO_MEDIATION_BATCH_EVENT_CHANNEL - # value: sjms-batch:mediation.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 diff --git a/kustomize/preprod/kustomization.yaml b/kustomize/preprod/kustomization.yaml index b01d7a7..e4a32fb 100644 --- a/kustomize/preprod/kustomization.yaml +++ b/kustomize/preprod/kustomization.yaml @@ -7,12 +7,4 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - # - path: patch-live-indexing-path.yaml - # - path: patch-live-indexing-content.yaml - # - path: patch-live-indexing-mediation.yaml - # - path: patch-live-indexing-metadata.yaml - - path: patch-router.yaml - # - path: patch-tika.yaml - # - path: patch-transform-misc.yaml - # - path: patch-transform-libreoffice.yaml - # - path: patch-transform-imagemagick.yaml + - path: patch-infra-config-map.yaml diff --git a/kustomize/preprod/patch-infra-config-map.yaml b/kustomize/preprod/patch-infra-config-map.yaml new file mode 100644 index 0000000..d448b9f --- /dev/null +++ b/kustomize/preprod/patch-infra-config-map.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alfresco-infrastructure +data: + SFS_URL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-live-indexing-content.yaml b/kustomize/preprod/patch-live-indexing-content.yaml deleted file mode 100644 index 107f989..0000000 --- a/kustomize/preprod/patch-live-indexing-content.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-metadata -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-metadata - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-mediation.yaml b/kustomize/preprod/patch-live-indexing-mediation.yaml deleted file mode 100644 index 7c071b1..0000000 --- a/kustomize/preprod/patch-live-indexing-mediation.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-content -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-content - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-metadata.yaml b/kustomize/preprod/patch-live-indexing-metadata.yaml deleted file mode 100644 index fe075ec..0000000 --- a/kustomize/preprod/patch-live-indexing-metadata.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-mediation -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-mediation - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-path.yaml b/kustomize/preprod/patch-live-indexing-path.yaml deleted file mode 100644 index d4f1798..0000000 --- a/kustomize/preprod/patch-live-indexing-path.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-path -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-path - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-router.yaml b/kustomize/preprod/patch-router.yaml deleted file mode 100644 index 5fccf66..0000000 --- a/kustomize/preprod/patch-router.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-transform-router -spec: - template: - spec: - containers: - - name: alfresco-transform-service - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-tika.yaml b/kustomize/preprod/patch-tika.yaml deleted file mode 100644 index ea02ac6..0000000 --- a/kustomize/preprod/patch-tika.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-cs-tika -spec: - template: - spec: - containers: - - name: alfresco-content-services - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-imagemagick.yaml b/kustomize/preprod/patch-transform-imagemagick.yaml deleted file mode 100644 index 4026fe5..0000000 --- a/kustomize/preprod/patch-transform-imagemagick.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-cs-imagemagick -spec: - template: - spec: - containers: - - name: alfresco-content-services - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-libreoffice.yaml b/kustomize/preprod/patch-transform-libreoffice.yaml deleted file mode 100644 index 1d7c521..0000000 --- a/kustomize/preprod/patch-transform-libreoffice.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-cs-libreoffice -spec: - template: - spec: - containers: - - name: alfresco-content-services - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-misc.yaml b/kustomize/preprod/patch-transform-misc.yaml deleted file mode 100644 index eee6508..0000000 --- a/kustomize/preprod/patch-transform-misc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-cs-transform-misc -spec: - template: - spec: - containers: - - name: alfresco-content-services - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file From 4491bcbde99c0389008ec35d44dc598b1316e62e Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 2 Dec 2024 22:05:55 +0000 Subject: [PATCH 6/7] patching for filestore url --- Taskfile.yml | 2 +- .../base/patch-live-mediation-indexing.yaml | 28 +++++++++++++++++++ kustomize/base/values.yaml | 2 +- kustomize/preprod/kustomization.yaml | 10 +++++++ kustomize/preprod/patch-infra-config-map.yaml | 2 +- .../preprod/patch-live-indexing-content.yaml | 12 ++++++++ .../patch-live-indexing-mediation.yaml | 16 +++++++++++ .../preprod/patch-live-indexing-metadata.yaml | 12 ++++++++ .../preprod/patch-live-indexing-path.yaml | 12 ++++++++ kustomize/preprod/patch-router.yaml | 12 ++++++++ kustomize/preprod/patch-tika.yaml | 12 ++++++++ .../preprod/patch-transform-imagemagick.yaml | 12 ++++++++ .../preprod/patch-transform-libreoffice.yaml | 12 ++++++++ kustomize/preprod/patch-transform-misc.yaml | 12 ++++++++ kustomize/preprod/values.yaml | 14 +++++----- kustomize/stage/values.yaml | 2 -- 16 files changed, 160 insertions(+), 12 deletions(-) create mode 100644 kustomize/base/patch-live-mediation-indexing.yaml create mode 100644 kustomize/preprod/patch-live-indexing-content.yaml create mode 100644 kustomize/preprod/patch-live-indexing-mediation.yaml create mode 100644 kustomize/preprod/patch-live-indexing-metadata.yaml create mode 100644 kustomize/preprod/patch-live-indexing-path.yaml create mode 100644 kustomize/preprod/patch-router.yaml create mode 100644 kustomize/preprod/patch-tika.yaml create mode 100644 kustomize/preprod/patch-transform-imagemagick.yaml create mode 100644 kustomize/preprod/patch-transform-libreoffice.yaml create mode 100644 kustomize/preprod/patch-transform-misc.yaml diff --git a/Taskfile.yml b/Taskfile.yml index eca8339..e5adc76 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -113,7 +113,7 @@ tasks: simple_reindex: cmds: - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=52000100" --set "toId=52001000" --namespace {{.NAMESPACE}} + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=52000000" --set "toId=53000000" --namespace {{.NAMESPACE}} reindex_list: cmds: diff --git a/kustomize/base/patch-live-mediation-indexing.yaml b/kustomize/base/patch-live-mediation-indexing.yaml new file mode 100644 index 0000000..d91f4df --- /dev/null +++ b/kustomize/base/patch-live-mediation-indexing.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: alfresco-search-enterprise-mediation +spec: + serviceName: alfresco-search-enterprise-mediation + selector: + matchLabels: + app: alfresco-search-enterprise-mediation + strategy: + type: Recreate + template: + spec: + containers: + - name: alfresco-search-enterprise-mediation + env: + - name: SPRING_ACTIVEMQ_POOL_ENABLED + value: "true" + - name: SPRING_ACTIVEMQ_POOL_MAX_CONNECTIONS + value: "100" + - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT + value: "30000" # 30 seconds idle timeout + - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT + value: "60000" # 60 seconds expiry timeout + - name: JAVA_OPTS + value: "-Dspring.activemq.packages.trustAll=true" + # - name: INPUT_ALFRESCO_MEDIATION_BATCH_EVENT_CHANNEL + # value: sjms-batch:mediation.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&consumerCount=20 diff --git a/kustomize/base/values.yaml b/kustomize/base/values.yaml index ae4b2b6..f79c415 100644 --- a/kustomize/base/values.yaml +++ b/kustomize/base/values.yaml @@ -78,7 +78,7 @@ repository: -Dsystem.delete_not_exists.timeout_seconds=3600 -Dfilecontentstore.subsystem.name=S3 -Ds3.flatRoot=false - -Dsfs.url=https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk + -Dsfs.url=https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/ securityContext: allowPrivilegeEscalation: false runAsNonRoot: true diff --git a/kustomize/preprod/kustomization.yaml b/kustomize/preprod/kustomization.yaml index e4a32fb..9625ecc 100644 --- a/kustomize/preprod/kustomization.yaml +++ b/kustomize/preprod/kustomization.yaml @@ -7,4 +7,14 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml + # - path: patch-live-indexing-path.yaml + # - path: patch-live-indexing-content.yaml + # - path: patch-live-indexing-mediation.yaml + # - path: patch-live-indexing-metadata.yaml + - path: patch-router.yaml + - path: patch-tika.yaml + - path: patch-transform-misc.yaml + - path: patch-transform-libreoffice.yaml + - path: patch-transform-imagemagick.yaml - path: patch-infra-config-map.yaml + diff --git a/kustomize/preprod/patch-infra-config-map.yaml b/kustomize/preprod/patch-infra-config-map.yaml index d448b9f..3ec98b6 100644 --- a/kustomize/preprod/patch-infra-config-map.yaml +++ b/kustomize/preprod/patch-infra-config-map.yaml @@ -3,4 +3,4 @@ kind: ConfigMap metadata: name: alfresco-infrastructure data: - SFS_URL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file + SFS_URL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-content.yaml b/kustomize/preprod/patch-live-indexing-content.yaml new file mode 100644 index 0000000..7c071b1 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-content.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-content +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-content + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-mediation.yaml b/kustomize/preprod/patch-live-indexing-mediation.yaml new file mode 100644 index 0000000..2696c33 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-mediation.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: alfresco-search-enterprise-mediation +spec: + serviceName: alfresco-search-enterprise-mediation + selector: + matchLabels: + app: alfresco-search-enterprise-mediation + template: + spec: + containers: + - name: alfresco-search-enterprise-mediation + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-metadata.yaml b/kustomize/preprod/patch-live-indexing-metadata.yaml new file mode 100644 index 0000000..107f989 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-metadata.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-metadata +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-metadata + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-path.yaml b/kustomize/preprod/patch-live-indexing-path.yaml new file mode 100644 index 0000000..d4f1798 --- /dev/null +++ b/kustomize/preprod/patch-live-indexing-path.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-alfresco-search-enterprise-path +spec: + template: + spec: + containers: + - name: alfresco-search-enterprise-path + env: + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-router.yaml b/kustomize/preprod/patch-router.yaml new file mode 100644 index 0000000..5fccf66 --- /dev/null +++ b/kustomize/preprod/patch-router.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-transform-router +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-tika.yaml b/kustomize/preprod/patch-tika.yaml new file mode 100644 index 0000000..547125a --- /dev/null +++ b/kustomize/preprod/patch-tika.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-tika +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-imagemagick.yaml b/kustomize/preprod/patch-transform-imagemagick.yaml new file mode 100644 index 0000000..3819ee0 --- /dev/null +++ b/kustomize/preprod/patch-transform-imagemagick.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-imagemagick +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-libreoffice.yaml b/kustomize/preprod/patch-transform-libreoffice.yaml new file mode 100644 index 0000000..c3ffa1f --- /dev/null +++ b/kustomize/preprod/patch-transform-libreoffice.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-libreoffice +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/patch-transform-misc.yaml b/kustomize/preprod/patch-transform-misc.yaml new file mode 100644 index 0000000..58b0f3c --- /dev/null +++ b/kustomize/preprod/patch-transform-misc.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alfresco-content-services-transform-misc +spec: + template: + spec: + containers: + - name: alfresco-transform-service + env: + - name: FILE_STORE_URL + value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/values.yaml b/kustomize/preprod/values.yaml index 5fab91d..2babfb0 100644 --- a/kustomize/preprod/values.yaml +++ b/kustomize/preprod/values.yaml @@ -14,7 +14,7 @@ alfresco-repository: # periodSeconds: 20 # timeoutSeconds: 15 # failureThreshold: 40 - replicaCount: 1 + replicaCount: 10 image: repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-content-repository tag: release_7.3.2_elasticsearch-r5.0.2-content-latest @@ -25,8 +25,6 @@ alfresco-repository: limits: cpu: 4 memory: 10Gi - persistence: - baseSize: 100Gi share: replicaCount: 1 image: @@ -36,20 +34,22 @@ externalProtocol: https externalPort: 443 alfresco-transform-service: tika: - replicaCount: 1 + replicaCount: 4 resources: limits: cpu: 2 memory: 4Gi transformrouter: - replicaCount: 1 + replicaCount: 8 resources: requests: cpu: "0.75" - memory: "300Mi" + memory: "512Mi" limits: cpu: "2" - memory: "756Mi" + memory: "1024Mi" global: known_urls: - https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + - https://share.hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + - https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk diff --git a/kustomize/stage/values.yaml b/kustomize/stage/values.yaml index cb84319..1e2f7cd 100644 --- a/kustomize/stage/values.yaml +++ b/kustomize/stage/values.yaml @@ -24,8 +24,6 @@ repository: limits: cpu: 4 memory: 10Gi - persistence: - baseSize: 100Gi share: replicaCount: 1 image: From 098625d4c9ce5899428be9a1cc5d7163705c242a Mon Sep 17 00:00:00 2001 From: George Taylor Date: Thu, 5 Dec 2024 01:29:15 +0000 Subject: [PATCH 7/7] Update readme (#117) * fix: matrix env typo (#110) * chore: add awscli to utils container (#111) * correct values for preprod * move to config map as source of truth * create config map with correct values in it and update size limit --------- Co-authored-by: Andrew Moore <20435317+andrewmooreio@users.noreply.github.com> --- .github/workflows/opensearch-backup.yml | 3 +- Taskfile.yml | 4 +- .../templates/reindexing-config.yaml | 2 +- .../templates/reindexing-config.yaml | 2 +- kustomize/base/kustomization.yaml | 11 ++- .../patch-delete-reindexing-config-map.yaml | 5 ++ ....yaml => patch-live-indexing-content.yaml} | 7 +- ...aml => patch-live-indexing-mediation.yaml} | 10 +-- ...yaml => patch-live-indexing-metadata.yaml} | 7 +- .../patch-live-indexing-path.yaml | 7 +- kustomize/base/patch-live-path-indexing.yaml | 22 ----- kustomize/base/patch-router.yaml | 5 ++ kustomize/{preprod => base}/patch-tika.yaml | 5 +- .../patch-transform-imagemagick.yaml | 6 +- .../patch-transform-libreoffice.yaml | 5 +- .../patch-transform-misc.yaml | 5 +- kustomize/base/values703.yaml | 4 +- kustomize/preprod/alf-prop-config-map.yaml | 80 +++++++++++++++++++ kustomize/preprod/kustomization.yaml | 10 +-- kustomize/preprod/patch-infra-config-map.yaml | 3 +- .../preprod/patch-ingress-repository.yaml | 2 +- kustomize/preprod/patch-ingress-share.yaml | 2 +- .../preprod/patch-live-indexing-content.yaml | 12 --- .../patch-live-indexing-mediation.yaml | 16 ---- .../preprod/patch-live-indexing-metadata.yaml | 12 --- kustomize/preprod/patch-router.yaml | 12 --- kustomize/preprod/values.yaml | 20 ++++- tools/utils/Dockerfile | 2 +- 28 files changed, 166 insertions(+), 115 deletions(-) create mode 100644 kustomize/base/patch-delete-reindexing-config-map.yaml rename kustomize/base/{patch-live-content-indexing.yaml => patch-live-indexing-content.yaml} (77%) rename kustomize/base/{patch-live-mediation-indexing.yaml => patch-live-indexing-mediation.yaml} (73%) rename kustomize/base/{patch-live-metadata-indexing.yaml => patch-live-indexing-metadata.yaml} (77%) rename kustomize/{preprod => base}/patch-live-indexing-path.yaml (53%) delete mode 100644 kustomize/base/patch-live-path-indexing.yaml rename kustomize/{preprod => base}/patch-tika.yaml (56%) rename kustomize/{preprod => base}/patch-transform-imagemagick.yaml (57%) rename kustomize/{preprod => base}/patch-transform-libreoffice.yaml (57%) rename kustomize/{preprod => base}/patch-transform-misc.yaml (57%) create mode 100644 kustomize/preprod/alf-prop-config-map.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-content.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-mediation.yaml delete mode 100644 kustomize/preprod/patch-live-indexing-metadata.yaml delete mode 100644 kustomize/preprod/patch-router.yaml diff --git a/.github/workflows/opensearch-backup.yml b/.github/workflows/opensearch-backup.yml index ac3b5e3..783804e 100644 --- a/.github/workflows/opensearch-backup.yml +++ b/.github/workflows/opensearch-backup.yml @@ -16,6 +16,7 @@ on: - test - stage - preprod + - prod jobs: backup: @@ -24,7 +25,7 @@ jobs: strategy: matrix: - environment: ${{ github.event_name == 'schedule' && fromJson('["poc," "dev", "test", "stage"]') || fromJson(format('["{0}"]', github.event.inputs.environment)) }} + environment: ${{ github.event_name == 'schedule' && fromJson('["poc", "dev", "test", "stage"]') || fromJson(format('["{0}"]', github.event.inputs.environment)) }} environment: ${{ matrix.environment }}-preapproved diff --git a/Taskfile.yml b/Taskfile.yml index e5adc76..fe93bd9 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -113,7 +113,7 @@ tasks: simple_reindex: cmds: - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=52000000" --set "toId=53000000" --namespace {{.NAMESPACE}} + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId=150000000" --set "toId=200000000" --namespace {{.NAMESPACE}} reindex_list: cmds: @@ -193,7 +193,7 @@ tasks: simple_reindex_date: cmds: - | - helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=201711280001" --set "toTime=201712280001" --namespace {{.NAMESPACE}} + helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=201707030001" --set "toTime=201707121301" --namespace {{.NAMESPACE}} simple_reindex_date_metadata-only: cmds: diff --git a/jobs/reindex-list/templates/reindexing-config.yaml b/jobs/reindex-list/templates/reindexing-config.yaml index aec8c2e..1de8cb2 100644 --- a/jobs/reindex-list/templates/reindexing-config.yaml +++ b/jobs/reindex-list/templates/reindexing-config.yaml @@ -6,7 +6,7 @@ data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ - ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-transform-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} {{- if .Values.environment }} diff --git a/jobs/reindex_date/templates/reindexing-config.yaml b/jobs/reindex_date/templates/reindexing-config.yaml index 11199b1..9c1cba6 100644 --- a/jobs/reindex_date/templates/reindexing-config.yaml +++ b/jobs/reindex_date/templates/reindexing-config.yaml @@ -6,7 +6,7 @@ data: ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}" {{ template "alfresco-search-enterprise.config.spring" . }} ALFRESCO_SHAREDFILESTORE_BASEURL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ - ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-alfresco-router/transform/config + ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://alfresco-content-services-transform-router/transform/config ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.pathIndexingEnabled | quote }} SPRING_DATASOURCE_URL: {{ .Values.postgresql.url }} {{- if .Values.environment }} diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index a3547aa..332fb04 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -7,7 +7,12 @@ resources: patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - - path: patch-live-path-indexing.yaml - - path: patch-live-metadata-indexing.yaml - - path: patch-live-content-indexing.yaml + - path: patch-live-indexing-path.yaml + - path: patch-live-indexing-metadata.yaml + - path: patch-live-indexing-mediation.yaml + - path: patch-live-indexing-content.yaml - path: patch-router.yaml + - path: patch-tika.yaml + - path: patch-transform-misc.yaml + - path: patch-transform-libreoffice.yaml + - path: patch-transform-imagemagick.yaml diff --git a/kustomize/base/patch-delete-reindexing-config-map.yaml b/kustomize/base/patch-delete-reindexing-config-map.yaml new file mode 100644 index 0000000..f46c94b --- /dev/null +++ b/kustomize/base/patch-delete-reindexing-config-map.yaml @@ -0,0 +1,5 @@ +$patch: delete +apiVersion: v1 +kind: ConfigMap +metadata: + name: alfresco-content-services-alfresco-search-enterprise-reindexing-configmap diff --git a/kustomize/base/patch-live-content-indexing.yaml b/kustomize/base/patch-live-indexing-content.yaml similarity index 77% rename from kustomize/base/patch-live-content-indexing.yaml rename to kustomize/base/patch-live-indexing-content.yaml index 8d24aa9..f28469f 100644 --- a/kustomize/base/patch-live-content-indexing.yaml +++ b/kustomize/base/patch-live-indexing-content.yaml @@ -18,6 +18,9 @@ spec: value: "60000" # 60 seconds expiry timeout - name: JAVA_OPTS value: "-Dspring.activemq.packages.trustAll=true" - # - name: INPUT_ALFRESCO_CONTENT_BATCH_EVENT_CHANNEL - # value: sjms-batch:contentstore.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/base/patch-live-mediation-indexing.yaml b/kustomize/base/patch-live-indexing-mediation.yaml similarity index 73% rename from kustomize/base/patch-live-mediation-indexing.yaml rename to kustomize/base/patch-live-indexing-mediation.yaml index d91f4df..b5dfe50 100644 --- a/kustomize/base/patch-live-mediation-indexing.yaml +++ b/kustomize/base/patch-live-indexing-mediation.yaml @@ -4,9 +4,6 @@ metadata: name: alfresco-search-enterprise-mediation spec: serviceName: alfresco-search-enterprise-mediation - selector: - matchLabels: - app: alfresco-search-enterprise-mediation strategy: type: Recreate template: @@ -24,5 +21,8 @@ spec: value: "60000" # 60 seconds expiry timeout - name: JAVA_OPTS value: "-Dspring.activemq.packages.trustAll=true" - # - name: INPUT_ALFRESCO_MEDIATION_BATCH_EVENT_CHANNEL - # value: sjms-batch:mediation.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&consumerCount=20 + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/base/patch-live-metadata-indexing.yaml b/kustomize/base/patch-live-indexing-metadata.yaml similarity index 77% rename from kustomize/base/patch-live-metadata-indexing.yaml rename to kustomize/base/patch-live-indexing-metadata.yaml index 3d93309..ae99a76 100644 --- a/kustomize/base/patch-live-metadata-indexing.yaml +++ b/kustomize/base/patch-live-indexing-metadata.yaml @@ -18,5 +18,8 @@ spec: value: "60000" # 60 seconds expiry timeout - name: JAVA_OPTS value: "-Dspring.activemq.packages.trustAll=true" - # - name: INPUT_ALFRESCO_METADATA_BATCH_EVENT_CHANNEL - # value: sjms-batch:metadata.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 + - name: ALFRESCO_SHAREDFILESTORE_BASEURL + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/preprod/patch-live-indexing-path.yaml b/kustomize/base/patch-live-indexing-path.yaml similarity index 53% rename from kustomize/preprod/patch-live-indexing-path.yaml rename to kustomize/base/patch-live-indexing-path.yaml index d4f1798..5690f65 100644 --- a/kustomize/preprod/patch-live-indexing-path.yaml +++ b/kustomize/base/patch-live-indexing-path.yaml @@ -8,5 +8,10 @@ spec: containers: - name: alfresco-search-enterprise-path env: + - name: JAVA_OPTS + value: "-Dspring.activemq.packages.trustAll=true" - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/base/patch-live-path-indexing.yaml b/kustomize/base/patch-live-path-indexing.yaml deleted file mode 100644 index 14baae9..0000000 --- a/kustomize/base/patch-live-path-indexing.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-path -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-path - env: - # - name: SPRING_ACTIVEMQ_POOL_ENABLED - # value: "true" - # - name: SPRING_ACTIVEMQ_POOL_MAXCONNECTIONS - # value: "100" - # - name: SPRING_ACTIVEMQ_POOL_IDLE_TIMEOUT - # value: "30000" # 30 seconds idle timeout - # - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT - # value: "60000" # 60 seconds expiry timeout - - name: JAVA_OPTS - value: "-Dspring.activemq.packages.trustAll=true" - # - name: INPUT_ALFRESCO_PATH_BATCH_EVENT_CHANNEL - # value: sjms-batch:path.event?completionTimeout=1000&completionSize=10&aggregationStrategy=#eventAggregator&?consumerCount=20 diff --git a/kustomize/base/patch-router.yaml b/kustomize/base/patch-router.yaml index ac1e81e..d557fc5 100644 --- a/kustomize/base/patch-router.yaml +++ b/kustomize/base/patch-router.yaml @@ -16,3 +16,8 @@ spec: value: "30000" # 30 seconds idle timeout - name: SPRING_ACTIVEMQ_POOL_EXPIRY_TIMEOUT value: "60000" # 60 seconds expiry timeout + - name: FILE_STORE_URL + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/preprod/patch-tika.yaml b/kustomize/base/patch-tika.yaml similarity index 56% rename from kustomize/preprod/patch-tika.yaml rename to kustomize/base/patch-tika.yaml index 547125a..0d2c6ce 100644 --- a/kustomize/preprod/patch-tika.yaml +++ b/kustomize/base/patch-tika.yaml @@ -9,4 +9,7 @@ spec: - name: alfresco-transform-service env: - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/preprod/patch-transform-imagemagick.yaml b/kustomize/base/patch-transform-imagemagick.yaml similarity index 57% rename from kustomize/preprod/patch-transform-imagemagick.yaml rename to kustomize/base/patch-transform-imagemagick.yaml index 3819ee0..cf9a79c 100644 --- a/kustomize/preprod/patch-transform-imagemagick.yaml +++ b/kustomize/base/patch-transform-imagemagick.yaml @@ -9,4 +9,8 @@ spec: - name: alfresco-transform-service env: - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API + diff --git a/kustomize/preprod/patch-transform-libreoffice.yaml b/kustomize/base/patch-transform-libreoffice.yaml similarity index 57% rename from kustomize/preprod/patch-transform-libreoffice.yaml rename to kustomize/base/patch-transform-libreoffice.yaml index c3ffa1f..1b87228 100644 --- a/kustomize/preprod/patch-transform-libreoffice.yaml +++ b/kustomize/base/patch-transform-libreoffice.yaml @@ -9,4 +9,7 @@ spec: - name: alfresco-transform-service env: - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/preprod/patch-transform-misc.yaml b/kustomize/base/patch-transform-misc.yaml similarity index 57% rename from kustomize/preprod/patch-transform-misc.yaml rename to kustomize/base/patch-transform-misc.yaml index 58b0f3c..c7b5611 100644 --- a/kustomize/preprod/patch-transform-misc.yaml +++ b/kustomize/base/patch-transform-misc.yaml @@ -9,4 +9,7 @@ spec: - name: alfresco-transform-service env: - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file + valueFrom: + configMapKeyRef: + name: alfresco-infrastructure + key: SFS_URL_API diff --git a/kustomize/base/values703.yaml b/kustomize/base/values703.yaml index d37ff22..abb37a1 100644 --- a/kustomize/base/values703.yaml +++ b/kustomize/base/values703.yaml @@ -142,7 +142,7 @@ alfresco-repository: # image: set by environment values file configuration: repository: - existingConfigMap: repository + existingConfigMap: alf-prop-config-map existingSecrets: - name: alfresco-license key: Alfresco-ent73-NOMSNationalOffenderManagementService-Expires10.03.2025.lic @@ -181,7 +181,7 @@ alfresco-repository: persistence: # -- Persist repository data enabled: false - baseSize: 20Gi + baseSize: 100Gi # -- Specify a storageClass for dynamic provisioning accessModes: - ReadWriteOnce diff --git a/kustomize/preprod/alf-prop-config-map.yaml b/kustomize/preprod/alf-prop-config-map.yaml new file mode 100644 index 0000000..8e9a9e6 --- /dev/null +++ b/kustomize/preprod/alf-prop-config-map.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alf-prop-config-map +data: + alfresco-global.properties: | + deployment.method=HELM_CHART + alfresco.cluster.enabled=true + alfresco.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + alfresco.protocol=https + alfresco.port=443 + aos.baseUrlOverwrite=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/alfresco/aos + csrf.filter.origin=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + csrf.filter.referer=https://hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk/.* + share.protocol=https + share.host=hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk + share.port=443 + local.transform.service.enabled=true + transform.service.enabled=false + localTransform.core-aio.url= + localTransform.pdfrenderer.url=http://alfresco-content-services-pdfrenderer + localTransform.imagemagick.url=http://alfresco-content-services-imagemagick + localTransform.libreoffice.url=http://alfresco-content-services-libreoffice + localTransform.tika.url=http://alfresco-content-services-tika + localTransform.misc.url=http://alfresco-content-services-transform-misc + events.subsystem.autoStart=false + + #Zaizi additions + zaizi.noms.root.folder=NOMS + zaizi.noms.crn.pattern=([A-Z])([0-9]{3})([0-9]{3}) + zaizi.noms.invalidCharacters=\\/:*\"\"<>|?!$#%^& + + spg.ndelius.users=N00 + spg.crc.users=C01,C02,C03,C04,C05,C06,C07,C08,C09,C10,C11,C12,C13,C14,C15,C16,C17,C18,C19,C20,C21,C22,C23 + + # The User to Schema Cache + cache.spgUserToSchemaVersionCache.tx.maxItems=100 + cache.spgUserToSchemaVersionCache.tx.statsEnabled=${caches.tx.statsEnabled} + cache.spgUserToSchemaVersionCache.maxItems=500 + cache.spgUserToSchemaVersionCache.timeToLiveSeconds=0 + cache.spgUserToSchemaVersionCache.maxIdleSeconds=0 + cache.spgUserToSchemaVersionCache.cluster.type=local + cache.spgUserToSchemaVersionCache.backup-count=1 + cache.spgUserToSchemaVersionCache.eviction-policy=LRU + cache.spgUserToSchemaVersionCache.eviction-percentage=25 + cache.spgUserToSchemaVersionCache.merge-policy=hz.ADD_NEW_ENTRY + cache.spgUserToSchemaVersionCache.readBackupData=false + cache.spgUserToSchemaVersionCache.cluster.type=invalidating + + # Notify when a messaging to be sent to MPX taking morethan specified time. Value is in milliseconds. + message.mpx.log.messageSendingTakenMorethan=1000 + + zaizi.noms.mpx.schema.version=0-9-9 + zaizi.noms.mpx.schema.date=2016-09-05 + messaging.events.nspg.schema=classpath:SPG-XML_Message_Root-V0-9-9.xsd + + zaizi.noms.mpx.schema2.version=0-9-10 + zaizi.noms.mpx.schema2.date=2017-03-30 + messaging.events.nspg2.schema=classpath:SPG-XML_Message_Root-V0-9-10-2.xsd + + zaizi.noms.mpx.schema.911.version=0-9-11 + zaizi.noms.mpx.schema.911.date=2017-09-04 + messaging.events.nspg.911.schema=classpath:SPG-XML_Message_Root-V0-9-11.xsd + + zaizi.noms.mpx.schema.912.version=0-9-12 + zaizi.noms.mpx.schema.912.date=2017-12-05 + messaging.events.nspg.912.schema=classpath:SPG-XML_Message_Root-V0-9-12.xsd + + zaizi.noms.mpx.schema.913.version=0-9-13 + zaizi.noms.mpx.schema.913.date=2018-02-08 + messaging.events.nspg.913.schema=classpath:SPG-XML_Message_Root-V0-9-13.xsd + + zaizi.noms.mpx.schema.914.version=0-9-14 + zaizi.noms.mpx.schema.914.date=2019-10-21 + messaging.events.nspg.914.schema=classpath:SPG-XML_Message_Root-V0-9-14.xsd + + # NSPG Administration Groups Patch + patch.nspg.administration.deferred=false + patch.nspg.administration.roles.cronExpression=0 0 0 ? 1 1 2030 + patch.nspg.administration.roles.startDelay=0 diff --git a/kustomize/preprod/kustomization.yaml b/kustomize/preprod/kustomization.yaml index 9625ecc..2630a5e 100644 --- a/kustomize/preprod/kustomization.yaml +++ b/kustomize/preprod/kustomization.yaml @@ -3,18 +3,10 @@ kind: Kustomization resources: - ../base + - alf-prop-config-map.yaml patches: - path: patch-ingress-repository.yaml - path: patch-ingress-share.yaml - # - path: patch-live-indexing-path.yaml - # - path: patch-live-indexing-content.yaml - # - path: patch-live-indexing-mediation.yaml - # - path: patch-live-indexing-metadata.yaml - - path: patch-router.yaml - - path: patch-tika.yaml - - path: patch-transform-misc.yaml - - path: patch-transform-libreoffice.yaml - - path: patch-transform-imagemagick.yaml - path: patch-infra-config-map.yaml diff --git a/kustomize/preprod/patch-infra-config-map.yaml b/kustomize/preprod/patch-infra-config-map.yaml index 3ec98b6..1deb375 100644 --- a/kustomize/preprod/patch-infra-config-map.yaml +++ b/kustomize/preprod/patch-infra-config-map.yaml @@ -3,4 +3,5 @@ kind: ConfigMap metadata: name: alfresco-infrastructure data: - SFS_URL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ + SFS_URL: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/ + SFS_URL_API: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-ingress-repository.yaml b/kustomize/preprod/patch-ingress-repository.yaml index 34b3ff0..7ff5f4e 100644 --- a/kustomize/preprod/patch-ingress-repository.yaml +++ b/kustomize/preprod/patch-ingress-repository.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-alfresco-repository annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-repository-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" spec: rules: - host: hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/preprod/patch-ingress-share.yaml b/kustomize/preprod/patch-ingress-share.yaml index 2f22313..d896720 100644 --- a/kustomize/preprod/patch-ingress-share.yaml +++ b/kustomize/preprod/patch-ingress-share.yaml @@ -4,7 +4,7 @@ metadata: name: alfresco-content-services-share annotations: external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-share-hmpps-delius-alfresco-preprod-green - nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder" + nginx.ingress.kubernetes.io/whitelist-source-range: "3.10.104.193,3.11.26.150,18.130.189.137,35.178.209.113,3.8.51.207,35.177.252.54,35.176.93.186/32,35.177.125.252/32,35.177.137.160/32,81.134.202.29/32,51.149.250.0/24,51.149.251.0/24,213.121.161.112/28,217.33.148.210/32,13.43.9.198/32,13.42.163.245/32,18.132.208.127/32,51.149.249.0/29,51.149.249.32/29,194.33.192.0/25,194.33.193.0/25,194.33.196.0/25,194.33.197.0/25,195.59.75.0/24,194.33.248.0/29,194.33.249.0/29,62.25.106.209/32,195.92.40.49/32,62.25.109.197/32,195.92.38.16/28,212.137.36.230/32,78.33.10.50/31,78.33.10.52/30,78.33.10.56/30,78.33.10.60/32,78.33.32.99/32,78.33.32.100/30,78.33.32.104/30,78.33.32.108/32,83.98.63.176/29,194.75.210.216/29,217.138.45.109/32,217.138.45.110/32" spec: rules: - host: share.hmpps-delius-alfresco-preprod.apps.live.cloud-platform.service.justice.gov.uk diff --git a/kustomize/preprod/patch-live-indexing-content.yaml b/kustomize/preprod/patch-live-indexing-content.yaml deleted file mode 100644 index 7c071b1..0000000 --- a/kustomize/preprod/patch-live-indexing-content.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-content -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-content - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-mediation.yaml b/kustomize/preprod/patch-live-indexing-mediation.yaml deleted file mode 100644 index 2696c33..0000000 --- a/kustomize/preprod/patch-live-indexing-mediation.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: alfresco-search-enterprise-mediation -spec: - serviceName: alfresco-search-enterprise-mediation - selector: - matchLabels: - app: alfresco-search-enterprise-mediation - template: - spec: - containers: - - name: alfresco-search-enterprise-mediation - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-live-indexing-metadata.yaml b/kustomize/preprod/patch-live-indexing-metadata.yaml deleted file mode 100644 index 107f989..0000000 --- a/kustomize/preprod/patch-live-indexing-metadata.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-alfresco-search-enterprise-metadata -spec: - template: - spec: - containers: - - name: alfresco-search-enterprise-metadata - env: - - name: ALFRESCO_SHAREDFILESTORE_BASEURL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file/ diff --git a/kustomize/preprod/patch-router.yaml b/kustomize/preprod/patch-router.yaml deleted file mode 100644 index 5fccf66..0000000 --- a/kustomize/preprod/patch-router.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alfresco-content-services-transform-router -spec: - template: - spec: - containers: - - name: alfresco-transform-service - env: - - name: FILE_STORE_URL - value: https://alf-sfs.preprod.delius-core.hmpps-preproduction.modernisation-platform.service.justice.gov.uk/alfresco/api/-default-/private/sfs/versions/1/file diff --git a/kustomize/preprod/values.yaml b/kustomize/preprod/values.yaml index 2babfb0..087760a 100644 --- a/kustomize/preprod/values.yaml +++ b/kustomize/preprod/values.yaml @@ -29,16 +29,28 @@ share: replicaCount: 1 image: repository: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/hmpps-migration/alfresco-share - tag: release_7.3.2_elasticsearch-r5.0.2-share-latest + tag: release_7.3.2_elasticsearch-r5.0.2-chart-7.0.3-share-latest externalProtocol: https externalPort: 443 +alfresco-search-enterprise: + liveIndexing: + # set in value-versions yaml + content: + replicaCount: 4 + metadata: + replicaCount: 2 + mediation: + replicaCount: 2 alfresco-transform-service: tika: - replicaCount: 4 + replicaCount: 6 resources: + requests: + cpu: "0.5" + memory: "2048Mi" limits: - cpu: 2 - memory: 4Gi + cpu: "2" + memory: "4096Mi" transformrouter: replicaCount: 8 resources: diff --git a/tools/utils/Dockerfile b/tools/utils/Dockerfile index f6ae61f..e859b34 100644 --- a/tools/utils/Dockerfile +++ b/tools/utils/Dockerfile @@ -1,7 +1,7 @@ FROM debian:bookworm-slim # Install utils -RUN apt-get update && apt-get install -y curl jq +RUN apt-get update && apt-get install -y curl jq awscli # Create a non-root user and set the home directory RUN useradd -u 999 -ms /bin/bash job