acs-sso-example

An example Chart to demonstrate how to compose your own Alfresco platform with SSO on kubernetes using a nthrid party Keycloak. if you’re familiar with Helm & Kubernetes taking a look at the values.yaml should be enough but the principals are also documented in two differents steps:

• Composing your ACS from individual component charts we provide. Check the step by step documentation
• SSO integration, to add keycloak and configure Alfresco applications accordingly: SSO guide

Note: this chart is just an example that can run on a localhost only. It ships ACS repo, the repository database, the message broker, the Keycloak IdP and front end applications (Share and Content app) & no other component.

:warning: All components have persistence disabled so all data is lost after a deployment is destroyed or rolled back!

Homepage: https://www.alfresco.com

Source Code

• https://github.com/Alfresco/acs-deployment

Requirements

Repository	Name	Version
https://alfresco.github.io/alfresco-helm-charts/	activemq	3.5.4
https://alfresco.github.io/alfresco-helm-charts/	alfresco-content-app(alfresco-adf-app)	0.1.1
https://alfresco.github.io/alfresco-helm-charts/	alfresco-repository	0.6.0
https://alfresco.github.io/alfresco-helm-charts/	alfresco-share	1.0.0
https://codecentric.github.io/helm-charts	keycloakx	2.4.3
oci://registry-1.docker.io/bitnamicharts	repository-database(postgresql)	13.4.0

Values

Key	Type	Default	Description
activemq	object	check values.yaml	Configure the ACS ActiveMQ message broker as per https://github.com/Alfresco/alfresco-helm-charts/tree/activemq-3.4.1/charts/activemq
alfresco-content-app	object	check values.yaml	Configure the Alfresco Conent-app as per https://github.com/Activiti/activiti-cloud-common-chart/tree/8.2.0/charts/common
alfresco-repository	object	check values.yaml	Configure the ACS repository as per https://github.com/Alfresco/alfresco-helm-charts/tree/alfresco-repository-0.1.3/charts/alfresco-repository
alfresco-share	object	check values.yaml	Configure the Alfresco Share as per https://github.com/Alfresco/alfresco-helm-charts/tree/alfresco-share-0.3.0/charts/alfresco-share
global.known_urls	list	["http://localhost"]	list of trusted URLs. URLs a re used to configure Cross-origin protections Also the first entry is considered the main hosting domain of the platform.
keycloakx	object	check values.yaml	Configure the ACS Keycloak Identity provider as per https://github.com/codecentric/helm-charts/tree/keycloakx-2.3.0
keycloakx.admin.password	string	random ascii string	Keycloak admin password. By default generated on first deployment, to get its value use: kubectl get secrets keycloak -o jsonpath='{@.data.KEYCLOAK_ADMIN_PASSWORD}' | base64 -d
keycloakx.admin.realm[0]	object	{"clients":[{"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"enabled":true,"username":"admin"}]}	Alfresco Realm definition
keycloakx.admin.realm[0].users[0].credentials[0].value	string	"secret"	default Alfresco admin password
keycloakx.admin.realm[0].users[0].username	string	"admin"	default Alfresco admin user
keycloakx.admin.username	string	"admin"	Keycloak admin username
repository-database	object	check values.yaml	Configure the ACS repository Postgres database as per https://github.com/bitnami/charts/tree/002c752f871c8fa068a770dc80fec4cf798798ab/bitnami/postgresql