Helm chart to install an AAE application.
For all the available values, see the chart README.md.
Install the AAE infrastructure:
HELM_OPTS+=" --set alfresco-deployment-service.enabled=false"
helm upgrade aae alfresco/alfresco-process-infrastructure --version 7.1.0-M10 ${HELM_OPTS[*]} --install --wait
A keycloak security client must be created with the same name of the application before installing the helm chart. By default the runtime bundle api will validate the user token against that client.
The expected client level roles are ACTIVITI_USER
and ACTIVITI_ADMIN
, and of course
users must be associated to either one of the client level roles.
This procedure can be automated via the alfresco-deployment-cli.
Configure access to pull images from quay.io in the namespace where the app is to be installed:
kubectl create secret \
docker-registry quay-registry-secret \
--docker-server=quay.io \
--docker-username="${DOCKER_REGISTRY_USERNAME}" \
--docker-password="${DOCKER_REGISTRY_PASSWORD}" \
--docker-email="none"
Make sure you add the secret of your registry under registryPullSecrets
in values.yaml and review contents.
Helm command to install application chart:
helm upgrade app ./helm/alfresco-process-application --install --set global.gateway.domain=your-domain.com
To deploy Rabbitmq message broker, use values-rabbitmq.yaml
global:
messaging:
broker: rabbitmq
rabbitmq:
enabled: true
kafka:
enabled: false
To deploy Kafka message broker, use values-kafka.yaml
global:
messaging:
broker: kafka
rabbitmq:
enabled: false
kafka:
enabled: true
To connect to external Kafka broker, use global.kafka values:
global:
kafka:
## global.kafka.brokers -- Multiple brokers can be provided in a comma separated list host[:port], e.g. host1,host2:port
brokers: "kafka"
## global.kafka.extraEnv -- extra environment variables string template for Kafka binder parameters,
extraEnv: |
- name: KAFKA_FOO
value: "BAR"
## Disable provided Kafka chart
kafka:
enabled: false
To enable partitioned messaging use the following values-partitioned.yaml
global:
messaging:
partitioned: true
partitionCount: 2
Helper script to launch installation:
HELM_OPTS+=" --debug --dry-run" ./install.sh
Verify the k8s yaml output than launch again without --dry-run
.
Supported optional vars:
- RELEASE_NAME to handle upgrade or a non auto-generated release name
- HELM_OPTS to pass extra options to helm
Adjust as in your local development environment:
export AAE_APPLICATION_CHART_HOME="$HOME/src/Alfresco/alfresco-process-application-deployment"
export ACTIVITI_CLOUD_ACCEPTANCE_TESTS_HOME="$HOME/src/Activiti/activiti-cloud-application/activiti-cloud-acceptance-scenarios"
export APP_NAME="default-app"
export REALM="alfresco"
Define a PROTOCOL (http or https) and DOMAIN for your environment.
export PROTOCOL="http"
export GATEWAY_HOST="localhost"
export SSO_HOST="host.docker.internal"
export CLUSTER="aaedev"
export PROTOCOL="https"
export DOMAIN="${CLUSTER}.envalfresco.com"
export GATEWAY_HOST="${GATEWAY_HOST:-${DOMAIN}}"
export SSO_HOST="${SSO_HOST:-${DOMAIN}}"
export HELM_OPTS="
--debug \
--set global.gateway.http=$(if [[ "${PROTOCOL}" == "http" ]]; then echo true; else echo false; fi) \
--set global.gateway.host=${GATEWAY_HOST} \
--set global.keycloak.host=${SSO_HOST} \
--set global.keycloak.realm=${REALM}
"
Note: This block of steps only relevant if you are using: example-application-project to fetch project files.
1. Once the example-project image is built and push to your choice of registry, make sure you add the registry-secret for that registry on the namespace you going to deploy this app.
2. update values in **values.yaml***
- add repository url for volumeinit to pull the project files image
- In runtime-bundle - update projectName in order to allow PROJECT_MANIFEST_FILE_PATH to point to the correct json file.
Installation step:
Note: make sure your Release name is the same as CLASSPATH_DIRECTORY_NAME passed in build.properties for example-applcation-project.
helm upgrade app ./helm/alfresco-process-application --install --set global.gateway.domain=your-domain.com
export MODELING_URL=${PROTOCOL}://${GATEWAY_HOST}/modeling-service
export GATEWAY_URL=${PROTOCOL}://${GATEWAY_HOST}/${APP_NAME}
export SSO_URL=${PROTOCOL}://${SSO_HOST}/auth
To test, set test then run:
cd ${ACTIVITI_CLOUD_ACCEPTANCE_TESTS_HOME}
mvn -pl 'runtime-acceptance-tests' clean verify serenity:aggregate
export REGISTRY_HOST=registry.your-domain.com
make login
make values-registry.yaml
HELM_OPTS+="-f values-registry.yaml"
then install application
Open GraphiQL UI and login with an admin user like testadmin:password:
open ${GATEWAY_URL}/graphiql
and input the following GraphQL query after running acceptance tests to see process instances:
{
ProcessInstances {
select {
id
status
name
processDefinitionId
processDefinitionKey
processDefinitionVersion
tasks {
id
name
status
assignee
}
variables {
id
name
type
value
}
}
}
}
then input the following GraphQL to create a subscription and run processes to see events arriving via websockets:
subscription {
engineEvents {
serviceName
appName
businessKey
PROCESS_STARTED {
id
timestamp
entity {
id
parentId
name
description
businessKey
initiator
}
}
PROCESS_COMPLETED {
id
timestamp
entity {
id
parentId
name
description
businessKey
initiator
}
}
TASK_CREATED {
id
entity {
id
priority
status
assignee
dueDate
createdDate
claimedDate
description
}
}
TASK_ASSIGNED {
id
entity {
id
priority
status
assignee
dueDate
createdDate
claimedDate
description
}
}
TASK_COMPLETED {
id
entity {
id
priority
status
assignee
dueDate
createdDate
claimedDate
description
}
}
}
}
Running on GH Actions.
For Dependabot PRs to be validated by CI, the label "CI" should be added to the PR.
Requires the following secrets to be set:
Name | Description |
---|---|
BOT_GITHUB_TOKEN | Token to launch other builds on GH |
BOT_GITHUB_USERNAME | Username to issue propagation PRs |
RANCHER2_URL | Rancher URL to perform helm tests |
RANCHER2_ACCESS_KEY | Rancher access key |
RANCHER2_SECRET_KEY | Rancher secret key |
TEAMS_NOTIFICATION_AUTOMATE_BACKEND_WEBHOOK | Token to notify Teams on failure |