OPSEXP-2300: align alfresco-sync-service charts to latest conventions

.pre-commit-config.yaml

@@ -15,11 +15,9 @@ repos:
     hooks:
       - id: helm-docs
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: 3.1.29
+    rev: 3.1.51
     hooks:
       - id: checkov
-        additional_dependencies:
-          - "cyclonedx-python-lib==5.2.0" # https://github.com/bridgecrewio/checkov/issues/5841
         files: charts/.*\.yaml$
         verbose: true
         args:

charts/alfresco-sync-service/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: alfresco-common
   repository: https://alfresco.github.io/alfresco-helm-charts/
-  version: 2.1.0
+  version: 3.1.0
 - name: activemq
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 3.3.0
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 12.5.6
-digest: sha256:8531ee83acd36b7cf125b8fa7da8db119d4af04f33d4463d3eb8a7838f9f5f03
-generated: "2023-09-20T17:57:49.465176+02:00"
+digest: sha256:9277a39a6c08dca30ec812d13ff6dc78cd3ea471ca9ee9f2feb487f8e64d8b6b
+generated: "2024-01-04T23:35:01.664108+01:00"

charts/alfresco-sync-service/Chart.yaml

@@ -8,18 +8,20 @@ keywords:
 name: alfresco-sync-service
 sources:
   - https://github.com/Alfresco/acs-deployment
-version: 4.5.1
+version: 5.0.0-alpha.0
 appVersion: 4.0.1
 icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4
 dependencies:
   - name: alfresco-common
-    version: 2.1.0
+    version: 3.1.0
     repository: https://alfresco.github.io/alfresco-helm-charts/
   - name: activemq
     version: 3.3.0
     repository: https://alfresco.github.io/alfresco-helm-charts/
-    condition: activemq.enabled
+    tags:
+      - ci
   - name: postgresql
     version: 12.5.6
     repository: oci://registry-1.docker.io/bitnamicharts
-    condition: postgresql.enabled
+    tags:
+      - ci

charts/alfresco-sync-service/README.md

@@ -1,9 +1,11 @@
 # alfresco-sync-service
 
-![Version: 4.5.1](https://img.shields.io/badge/Version-4.5.1-informational?style=flat-square) ![AppVersion: 4.0.1](https://img.shields.io/badge/AppVersion-4.0.1-informational?style=flat-square)
+![Version: 5.0.0-alpha.0](https://img.shields.io/badge/Version-5.0.0--alpha.0-informational?style=flat-square) ![AppVersion: 4.0.1](https://img.shields.io/badge/AppVersion-4.0.1-informational?style=flat-square)
 
 Alfresco Sync Service
 
+Checkout [alfresco-content-services chart doc](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for an example of how to leverage this chart from an umbrella chart.
+
 ## Source Code
 
 * <https://github.com/Alfresco/acs-deployment>
@@ -13,29 +15,26 @@ Alfresco Sync Service
 | Repository | Name | Version |
 |------------|------|---------|
 | https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.3.0 |
-| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.1.0 |
+| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.0 |
 | oci://registry-1.docker.io/bitnamicharts | postgresql | 12.5.6 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| activemq.adminUser.password | string | `"admin"` | Password to use to set as the connection user for ActiveMQ |
-| activemq.adminUser.user | string | `"admin"` | User to use to set as the connection user for ActiveMQ |
-| activemq.enabled | bool | `false` | Toggle ActiveMQ chart dependency see [Alfresco ActiveMQ chart documentation](https://github.com/Alfresco/alfresco-helm-charts/tree/main/charts/activemq)) |
-| activemq.nameOverride | string | `"activemq"` |  |
-| activemq.services.broker.ports.external.openwire | int | `61616` |  |
+| affinity | string | `""` |  |
 | database.driver | string | `"org.postgresql.Driver"` | The JDBC Driver to connect to the DB. If different from the default make sure your container image ships it. |
-| database.existingSecretName | string | `nil` | An existing kubernetes secret with DB info (prefered over using values) |
-| database.password | string | `"admin"` | JDBC password to use to connect to the DB |
+| database.existingConfigMap.keys.driver | string | `"DATABASE_DRIVER"` | configmap key where to find the JDBC driver class to use. The configmap may leverage the alfresco-repository.db.cm named template to auto-generate it from the sole url parameter. |
+| database.existingConfigMap.keys.url | string | `"DATABASE_URL"` | configmap key where to find the URL of the database |
+| database.existingConfigMap.name | string | `nil` |  |
+| database.existingSecret.keys.password | string | `"DATABASE_PASSWORD"` | Key within the secret holding the database password |
+| database.existingSecret.keys.username | string | `"DATABASE_USERNAME"` | Key within the secret holding the database username |
+| database.existingSecret.name | string | `nil` | Name of a pre-existing secret containing database credentials |
+| database.password | string | `nil` | JDBC password to use to connect to the DB |
 | database.url | string | `nil` | JDBC url to connect to the external DB |
-| database.user | string | `"alfresco"` | JDBC username to use to connect to the DB |
-| environment.EXTRA_JAVA_OPTS | string | `""` |  |
+| database.username | string | `nil` | JDBC username to use to connect to the DB |
 | environment.JAVA_OPTS | string | `"-Dsync.metrics.reporter.graphite.enabled=false -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80"` |  |
-| global | object | `{"alfrescoRegistryPullSecrets":"quay-registry-secret","messageBroker":{"password":null,"url":null,"user":null},"strategy":{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0}}}` | Global definition of Docker registry pull secret which can be overridden from parent ACS Helm chart(s) |
-| global.messageBroker.password | string | `nil` | Credential to use to authenticate to the broker |
-| global.messageBroker.url | string | `nil` | A failover URI formatted string, see: https://activemq.apache.org/failover-transport-reference |
-| global.messageBroker.user | string | `nil` | Username to authenticate as |
+| global | object | `{"alfrescoRegistryPullSecrets":"quay-registry-secret","strategy":{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0}}}` | Global definition of Docker registry pull secret which can be overridden from parent ACS Helm chart(s) |
 | image.internalPort | int | `9090` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"quay.io/alfresco/service-sync"` |  |
@@ -46,32 +45,43 @@ Alfresco Sync Service
 | livenessProbe.initialDelaySeconds | int | `30` |  |
 | livenessProbe.periodSeconds | int | `30` |  |
 | livenessProbe.timeoutSeconds | int | `10` |  |
-| messageBroker.existingSecretName | string | `nil` | An existing k8s secret with broker details (preferred over using values) |
+| messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | configmap key where to find the URL of the message broker |
+| messageBroker.existingConfigMap.name | string | `nil` | Name of a pre-existing configmap containing message broker details |
+| messageBroker.existingSecret.keys.password | string | `"BROKER_PASSWORD"` | Key within the secret holding the message broker password |
+| messageBroker.existingSecret.keys.username | string | `"BROKER_USERNAME"` | Key within the secret holding the message broker username |
+| messageBroker.existingSecret.name | string | `nil` | Name of a pre-existing secret containing message broker credentials |
 | messageBroker.nameOverride | string | `"activemq"` | A name that will be used as a base to get broker connection details |
 | messageBroker.password | string | `nil` | Credential to use to authenticate to the broker. |
 | messageBroker.url | string | `nil` | A failover URI formatted string, see: https://activemq.apache.org/failover-transport-reference |
-| messageBroker.user | string | `nil` | Username to authenticate as. |
+| messageBroker.username | string | `nil` | Username to authenticate as. |
 | nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
 | podSecurityContext.fsGroup | int | `1000` |  |
 | podSecurityContext.runAsGroup | int | `1000` |  |
 | podSecurityContext.runAsNonRoot | bool | `true` |  |
 | podSecurityContext.runAsUser | int | `33020` |  |
-| postgresql | object | `{"auth":{"database":"alfrescosync","enablePostgresUser":false,"password":"admin","username":"alfresco"},"enabled":false,"nameOverride":"postgresql-syncservice","primary":{"extendedConfiguration":"shared_buffers = 256MB\nmax_connections = 100\nwal_level = minimal\nmax_wal_senders = 0\nmax_replication_slots = 0\neffective_cache_size = 1024GB\nlog_min_messages = LOG\n"},"resources":{"limits":{"cpu":"2","memory":"2Gi"}}}` | Defines properties required by sync service for connecting to the database If you set database.external to true you will have to setup the JDBC driver, user, password and JdbcUrl as `driver`, `user`, `password` & `url` subelements of `database`. Also make sure that the container has the db driver |
-| postgresql.enabled | bool | `false` | Toggle PostgreSQL chart dependency see [PostgreSQL Bitnami charts documentation](https://github.com/bitnami/charts/tree/main/bitnami/postgresql)) |
 | readinessProbe.failureThreshold | int | `12` |  |
 | readinessProbe.initialDelaySeconds | int | `20` |  |
 | readinessProbe.periodSeconds | int | `10` |  |
 | readinessProbe.timeoutSeconds | int | `10` |  |
 | replicaCount | int | `1` |  |
-| repository.host | string | `"alfresco-cs-repository"` | ACS repository host |
-| repository.nameOverride | string | `nil` | A nameOverride use to compute an ACS repository service name |
-| repository.port | int | `80` | ACS repository port |
+| repository.existingConfigMap.keys.host | string | `"REPO_HOST"` | configmap key where to find the URL of the message broker |
+| repository.existingConfigMap.keys.port | string | `"REPO_PORT"` |  |
+| repository.existingConfigMap.keys.scheme | string | `"REPO_SCHEME"` |  |
+| repository.existingConfigMap.name | string | `nil` | Name of a pre-existing configmap containing message broker details |
+| repository.host | string | `nil` | ACS repository host |
+| repository.port | string | `nil` | ACS repository port |
+| repository.scheme | string | `nil` | ACS repository port |
 | resources.limits.cpu | string | `"2"` |  |
 | resources.limits.memory | string | `"2000Mi"` |  |
 | resources.requests.cpu | string | `"0.5"` |  |
 | resources.requests.memory | string | `"800Mi"` |  |
 | service.externalPort | int | `80` |  |
 | service.name | string | `"syncservice"` |  |
 | service.type | string | `"NodePort"` |  |
-
-Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for information on the Helm charts and deployment instructions.
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `"alfresco-sync"` |  |
+| terminationGracePeriodSeconds | int | `60` |  |
+| tolerations | list | `[]` |  |

charts/alfresco-sync-service/README.md.gotmpl

@@ -5,6 +5,8 @@
 
 {{ template "chart.description" . }}
 
+Checkout [alfresco-content-services chart doc](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for an example of how to leverage this chart from an umbrella chart.
+
 {{ template "chart.homepageLine" . }}
 
 {{ template "chart.maintainersSection" . }}
@@ -14,5 +16,3 @@
 {{ template "chart.requirementsSection" . }}
 
 {{ template "chart.valuesSection" . }}
-
-Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for information on the Helm charts and deployment instructions.

charts/alfresco-sync-service/ci/default-values.yaml

@@ -1,10 +1,39 @@
 ---
 repository:
   host: dummy-repo
+  port: 80
 activemq:
-  enabled: true
+  fullnameOverride: mqsync
+  adminUser:
+    user: &mquser admin
+    password: &mqpass admin
 messageBroker:
-  nameOverride: mqsync
+  url: failover:(nio://mqsync-broker:61616)
+  username: *mquser
+  password: *mqpass
 postgresql:
-  enabled: true
-  nameOverride: pgsync
+  fullnameOverride: pgsync
+  auth:
+    enablePostgresUser: false
+    username: &dbuser alfresco
+    password: &dbpass admin
+    database: alfresco-sync
+  primary:
+    extendedConfiguration: |
+      shared_buffers = 256MB
+      max_connections = 100
+      wal_level = minimal
+      max_wal_senders = 0
+      max_replication_slots = 0
+      effective_cache_size = 1024GB
+      log_min_messages = LOG
+  resources:
+    limits:
+      cpu: "2"
+      memory: "2Gi"
+database:
+  url: jdbc:postgresql://pgsync/alfresco-sync
+  username: *dbuser
+  password: *dbpass
+tags:
+  ci: true