From 977f5c84fd114076db1e9ae1b8eaa033bd53b821 Mon Sep 17 00:00:00 2001 From: Alex Chapellon Date: Fri, 5 Jan 2024 09:57:09 +0100 Subject: [PATCH] OPSEXP-2299: improve share chart (#178) Co-authored-by: Giovanni Toraldo <71768+gionn@users.noreply.github.com> --- charts/alfresco-share/Chart.lock | 6 +- charts/alfresco-share/Chart.yaml | 4 +- charts/alfresco-share/README.md | 12 +-- charts/alfresco-share/README.md.gotmpl | 18 +++++ .../{config-share.yaml => configmap.yaml} | 2 +- ...{deployment-share.yaml => deployment.yaml} | 29 +++++-- .../{service-share.yaml => service.yaml} | 0 charts/alfresco-share/tests/cm_test.yaml | 5 +- .../alfresco-share/tests/deployment_test.yaml | 78 +++++++++++++++---- charts/alfresco-share/values.yaml | 4 +- 10 files changed, 118 insertions(+), 40 deletions(-) create mode 100644 charts/alfresco-share/README.md.gotmpl rename charts/alfresco-share/templates/{config-share.yaml => configmap.yaml} (82%) rename charts/alfresco-share/templates/{deployment-share.yaml => deployment.yaml} (81%) rename charts/alfresco-share/templates/{service-share.yaml => service.yaml} (100%) diff --git a/charts/alfresco-share/Chart.lock b/charts/alfresco-share/Chart.lock index c9fb9fbd..69749c36 100644 --- a/charts/alfresco-share/Chart.lock +++ b/charts/alfresco-share/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: alfresco-common repository: https://alfresco.github.io/alfresco-helm-charts - version: 2.1.0 -digest: sha256:7b25dfc5901d3d91815a1eebbc3ebed8da816d82dfe8cd8e5eafbdf873e80823 -generated: "2023-08-18T17:03:27.771096+02:00" + version: 3.1.0 +digest: sha256:39e5517de068e0f04c3f34ed2bf61b2dcc815872fab46313ca3faad23607ecc3 +generated: "2024-01-03T18:25:21.23216+01:00" diff --git a/charts/alfresco-share/Chart.yaml b/charts/alfresco-share/Chart.yaml index 941b67b1..1486a8fb 100644 --- a/charts/alfresco-share/Chart.yaml +++ b/charts/alfresco-share/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: alfresco-share description: Alfresco Share Helm chart for Kubernetes type: application -version: 0.2.1 +version: 0.3.0 appVersion: 23.1.1 dependencies: - repository: https://alfresco.github.io/alfresco-helm-charts - version: 2.1.0 + version: 3.1.0 name: alfresco-common diff --git a/charts/alfresco-share/README.md b/charts/alfresco-share/README.md index a66fcd4c..b113f5da 100644 --- a/charts/alfresco-share/README.md +++ b/charts/alfresco-share/README.md @@ -1,20 +1,22 @@ # alfresco-share -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.1.1](https://img.shields.io/badge/AppVersion-23.1.1-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.1.1](https://img.shields.io/badge/AppVersion-23.1.1-informational?style=flat-square) Alfresco Share Helm chart for Kubernetes +Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for an example of how to leverage this chart from an umbrella chart. + ## Requirements | Repository | Name | Version | |------------|------|---------| -| https://alfresco.github.io/alfresco-helm-charts | alfresco-common | 2.1.0 | +| https://alfresco.github.io/alfresco-helm-charts | alfresco-common | 3.1.0 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | | +| affinity | string | `""` | string representation of the YAML affinity rules (can use templates) | | args | list | `[]` | | | command | list | `[]` | | | environment.CATALINA_OPTS | string | `"-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80"` | | @@ -47,6 +49,7 @@ Alfresco Share Helm chart for Kubernetes | nameOverride | string | `""` | Define a partially static name | | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | | podSecurityContext.runAsNonRoot | bool | `true` | | | readinessProbe.initialDelaySeconds | int | `15` | | | readinessProbe.periodSeconds | int | `30` | | @@ -73,6 +76,3 @@ Alfresco Share Helm chart for Kubernetes | strategy.rollingUpdate.maxUnavailable | int | `0` | | | strategy.type | string | `"RollingUpdate"` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/alfresco-share/README.md.gotmpl b/charts/alfresco-share/README.md.gotmpl new file mode 100644 index 00000000..0ad8b9e6 --- /dev/null +++ b/charts/alfresco-share/README.md.gotmpl @@ -0,0 +1,18 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for an example of how to leverage this chart from an umbrella chart. + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/alfresco-share/templates/config-share.yaml b/charts/alfresco-share/templates/configmap.yaml similarity index 82% rename from charts/alfresco-share/templates/config-share.yaml rename to charts/alfresco-share/templates/configmap.yaml index b0ae10c0..e6fbc02c 100644 --- a/charts/alfresco-share/templates/config-share.yaml +++ b/charts/alfresco-share/templates/configmap.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "alfresco-share.fullname" . }}-configmap + name: {{ template "alfresco-share.fullname" . }} labels: {{- include "alfresco-share.labels" . | nindent 4 }} data: diff --git a/charts/alfresco-share/templates/deployment-share.yaml b/charts/alfresco-share/templates/deployment.yaml similarity index 81% rename from charts/alfresco-share/templates/deployment-share.yaml rename to charts/alfresco-share/templates/deployment.yaml index 5681f2e0..9e571384 100644 --- a/charts/alfresco-share/templates/deployment-share.yaml +++ b/charts/alfresco-share/templates/deployment.yaml @@ -19,22 +19,23 @@ spec: template: metadata: annotations: - {{- if not .Values.repository.existingConfigMap }} - checksum/config: {{ include (print $.Template.BasePath "/config-share.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "alfresco-share.selectorLabels" . | nindent 8 }} + {{- include "alfresco-share.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "alfresco-share.serviceAccountName" . }} {{- include "component-pod-security-context" .Values | indent 4 }} - {{- include "alfresco-content-services.imagePullSecrets" . | indent 6 }} - nodeSelector: - {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- include "alfresco-common.imagePullSecrets" . | indent 6 }} containers: - name: alfresco-share image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- include "component-security-context" .Values | indent 8 }} + {{- include "alfresco-common.component-security-context" .Values | indent 8 }} {{- if .Values.command }} command: {{- toYaml .Values.command | nindent 12 }} @@ -50,7 +51,7 @@ spec: protocol: TCP resources: {{- toYaml .Values.resources | nindent 12 }} - {{- $repo_details_cm := .Values.repository.existingConfigMap.name | default (print (include "alfresco-share.fullname" .) "-configmap") }} + {{- $repo_details_cm := coalesce .Values.repository.existingConfigMap.name (include "alfresco-share.fullname" .) }} env: - name: CSRF_FILTER_REFERER value: {{ include "alfresco-common.csrf.referer" . }} @@ -98,3 +99,15 @@ spec: {{- toYaml .Values.extraInitContainers | nindent 8 }} volumes: {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/alfresco-share/templates/service-share.yaml b/charts/alfresco-share/templates/service.yaml similarity index 100% rename from charts/alfresco-share/templates/service-share.yaml rename to charts/alfresco-share/templates/service.yaml diff --git a/charts/alfresco-share/tests/cm_test.yaml b/charts/alfresco-share/tests/cm_test.yaml index 2873e4e2..ae217694 100644 --- a/charts/alfresco-share/tests/cm_test.yaml +++ b/charts/alfresco-share/tests/cm_test.yaml @@ -1,7 +1,7 @@ --- suite: test Alfresco Share ingress templates: - - config-share.yaml + - configmap.yaml tests: - it: should not render a configmap set: @@ -11,7 +11,6 @@ tests: asserts: - hasDocuments: count: 0 - template: config-share.yaml - it: | should render custom repo & CSRF config. @@ -25,8 +24,6 @@ tests: - equal: path: data.REPO_HOST value: release-service.cluster.local - template: config-share.yaml - equal: path: data.REPO_PORT value: "80" - template: config-share.yaml diff --git a/charts/alfresco-share/tests/deployment_test.yaml b/charts/alfresco-share/tests/deployment_test.yaml index 9b8f4fff..e6500c26 100644 --- a/charts/alfresco-share/tests/deployment_test.yaml +++ b/charts/alfresco-share/tests/deployment_test.yaml @@ -1,15 +1,75 @@ --- suite: test Alfresco Share deployment templates: - - deployment-share.yaml - - config-share.yaml + - deployment.yaml tests: - it: should have basic metadata in place in deployment asserts: - equal: path: metadata.name value: RELEASE-NAME-alfresco-share - template: deployment-share.yaml + - isNull: + path: spec.template.spec.nodeSelector + - isNull: + path: spec.template.spec.affinity + - isNull: + path: spec.template.spec.tolerations + + - it: should have customized metadata in place in deployment + set: + nameOverride: share-ui + nodeSelector: + disktype: ssd + tolerations: + - key: "skipme" + operator: "Exists" + effect: "NoSchedule" + affinity: |- + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + podLabels: + env: qa + podAnnotations: + some.annotations.for.stuff: something + some.annotations.for.otherstuff: somethingelse + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-share-ui + - contains: + path: >- + spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms + content: + matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - contains: + path: spec.template.spec.tolerations + content: + key: "skipme" + operator: "Exists" + effect: "NoSchedule" + - isSubset: + path: spec.template.metadata.labels + content: + env: qa + - isSubset: + path: spec.template.metadata.annotations + content: + some.annotations.for.stuff: something + some.annotations.for.otherstuff: somethingelse + - isSubset: + path: spec.template.spec.nodeSelector + content: + disktype: ssd - it: should leverage provided existing configmap set: @@ -20,7 +80,6 @@ tests: - equal: path: spec.template.spec.containers[0].env[5].valueFrom.configMapKeyRef.name value: myns/mycm - template: deployment-share.yaml - it: Fail due to broken input set: @@ -30,7 +89,6 @@ tests: - failedTemplate: errorMessage: >- provided known_urls MUST start with a scheme (http :// or https://) - template: deployment-share.yaml - it: | should render custom CSRF config. referers MUST be a regex with pipes escaped (due to the way vars are substitued in Share pods @@ -45,30 +103,24 @@ tests: path: spec.template.spec.containers[0].env[0].value value: >- https://ecm.domain.tld/myapp/callback/.*\|https://ecm.domain.tld/alfresco/.*\|http://app.domain.local:8000/.* - template: deployment-share.yaml - equal: path: spec.template.spec.containers[0].env[1].value value: https://ecm.domain.tld,https://ecm.domain.tld,http://app.domain.local:8000 - template: deployment-share.yaml - equal: path: spec.template.spec.containers[0].env[2].value value: https://ecm.domain.tld - template: deployment-share.yaml - it: should render a default Xorigin restriction config asserts: - equal: path: spec.template.spec.containers[0].env[0].value value: http://localhost/.*\|https://localhost/.* - template: deployment-share.yaml - equal: path: spec.template.spec.containers[0].env[1].value value: http://localhost,https://localhost - template: deployment-share.yaml - equal: path: spec.template.spec.containers[0].env[2].value value: http://localhost - template: deployment-share.yaml - it: should render extra configs set: @@ -88,18 +140,15 @@ tests: name: share-config configMap: name: anotherns/morecm - template: deployment-share.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: mountPath: >- /usr/local/tomcat/shared/classes/Alfresco/web-extension/share-config-custom.xml name: share-config - template: deployment-share.yaml - lengthEqual: path: spec.template.spec.containers count: 2 - template: deployment-share.yaml - it: should render cpu and memory limits asserts: @@ -112,4 +161,3 @@ tests: limits: cpu: "4" memory: "2000Mi" - template: deployment-share.yaml diff --git a/charts/alfresco-share/values.yaml b/charts/alfresco-share/values.yaml index 5191eeca..cb6027da 100644 --- a/charts/alfresco-share/values.yaml +++ b/charts/alfresco-share/values.yaml @@ -44,6 +44,7 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: share-sa podAnnotations: {} +podLabels: {} podSecurityContext: runAsNonRoot: true securityContext: @@ -82,7 +83,8 @@ resources: memory: "2000Mi" nodeSelector: {} tolerations: [] -affinity: {} +# -- string representation of the YAML affinity rules (can use templates) +affinity: "" environment: CATALINA_OPTS: >- -XX:MinRAMPercentage=50