alfresco-repository
Alfresco content repository Helm chart
Checkout alfresco-content-services chart’s doc for an example of how to leverage this chart from an umbrella chart.
Requirements
| Repository | Name | Version |
|---|---|---|
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 5.0.0 |
| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.5.6 |
Values
| Key | Type | Default | Description |
|---|---|---|---|
| additionalLabels | object | {} | Additional labels to be added to all resources (deployments, statefulsets, services, pods, etc.) Example: Product: k8s Environment: DEV |
| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0] | object | {"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ template \"alfresco-repository.name\" $ }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ $.Release.Name }}"]},{"key":"app.kubernetes.io/component","operator":"In","values":["{{ $.Chart.Name }}"]}]},"topologyKey":"topology.kubernetes.io/zone"},"weight":10} | Prefer scheduling pods in different zones |
| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[1] | object | {"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ template \"alfresco-repository.name\" $ }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ $.Release.Name }}"]},{"key":"app.kubernetes.io/component","operator":"In","values":["{{ $.Chart.Name }}"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":5} | Prefer scheduling pods on different nodes |
| args | list | [] | |
| autoscaling.behavior.scaleDown.policies | list | [{"periodSeconds":60,"type":"Pods","value":1}] | list of available policies for scaling down scale down either by one pod or by destroying 25% of the pods (whichever is smaller) |
| autoscaling.behavior.scaleUp.policies | list | [{"periodSeconds":60,"type":"Percent","value":50},{"periodSeconds":60,"type":"Pods","value":2}] | list of available policies for scaling up scale up either by one pod or by adding 50% more pods (whichever is bigger) |
| autoscaling.behavior.scaleUp.stabilizationWindowSeconds | int | 30 | |
| autoscaling.enabled | bool | false | Toggle repository autoscaling |
| autoscaling.maxReplicas | int | 3 | maximum number of replicas to spin up within the replicatset |
| autoscaling.metrics | list | [{"resource":{"name":"cpu","target":{"averageUtilization":75,"type":"Utilization"}},"type":"Resource"}] | a list of resource the HPA controller should monitor For more details check https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-resource-metrics |
| autoscaling.minReplicas | int | 1 | minimum number of replicas to spin up within the replicatset |
| command | list | [] | |
| configuration.db.driver | string | nil | JDBC driver class of the driver if none is provided the it is guessed from the URL provided |
| configuration.db.existingConfigMap.keys.driver | string | "DATABASE_DRIVER" | configmap key where to find the JDBC driver class to use. The configmap may leverage the alfresco-repository.db.cm named template to auto-generate it from the sole url parameter. |
| configuration.db.existingConfigMap.keys.url | string | "DATABASE_URL" | configmap key where to find the URL of the database |
| configuration.db.existingConfigMap.name | string | nil | |
| configuration.db.existingSecret | object | {"keys":{"password":"DATABASE_PASSWORD","username":"DATABASE_USERNAME"},"name":null} | Existing secret and their keys where to find the database username & password. |
| configuration.db.existingSecret.keys.password | string | "DATABASE_PASSWORD" | Key within the secret holding the database password |
| configuration.db.existingSecret.keys.username | string | "DATABASE_USERNAME" | Key within the secret holding the database username |
| configuration.db.existingSecret.name | string | nil | Name of a pre-existing secret containing database credentials |
| configuration.db.password | string | nil | Password to authentication to the repository database |
| configuration.db.url | string | nil | JDBC url of the database This is a mandatory parameter |
| configuration.db.username | string | nil | Username to authentication to the repository database |
| configuration.hz.port | int | 5701 | Hazelcast listener port Only change it if you use a custom image where the port has been changed from default |
| configuration.imap | object | see below | Basic IMAP capabilities config (limited to enabling/disabling). In order to pass more IMAP properties and configure the subsystem more deeply, please use value environment.CATALINA_OPTS or configuration.repository.existingConfiMap and check the available properties for this subsystem |
| configuration.imap.enabled | bool | false | Enable/Disable Alfresco repository IMAP capabilities |
| configuration.imap.port | int | 1143 | port to use to listen for IMAP clients |
| configuration.imap.protocol | string | "imap" | Protocol to use to talk to IMAP clients (imap or imaps) |
| configuration.imap.service.annotations | string | nil | Use annations to get custom behavior of the loadbalancer exposing the service |
| configuration.messageBroker.existingConfigMap.keys.url | string | "BROKER_URL" | Key within the configmap holding the message broker URL. It MUST be a failover URL as per the spec below: https://activemq.apache.org/failover-transport-reference.html |
| configuration.messageBroker.existingConfigMap.name | string | nil | Name of a pre-existing configmap containing the message broker URL |
| configuration.messageBroker.existingSecret.keys.password | string | "BROKER_PASSWORD" | Key within the secret holding the message broker password |
| configuration.messageBroker.existingSecret.keys.username | string | "BROKER_USERNAME" | Key within the secret holding the message broker username |
| configuration.messageBroker.existingSecret.name | string | nil | Name of a pre-existing secret containing message broker credentials |
| configuration.messageBroker.password | string | nil | Password to authenticate to the message broker |
| configuration.messageBroker.url | string | nil | Message Broker URL |
| configuration.messageBroker.username | string | nil | Username to authenticate to the message broker |
| configuration.repository.existingConfigMap | string | nil | a configmap containing the “alfresco-global.properties” key populated with actual Alfresco repository properties see details |
| configuration.repository.existingSecrets | list | [{"key":"license.lic","name":"repository-secrets","purpose":"acs-license"}] | A list of secrets to make available to the repository as env vars. This list can contain special secrets marked with predefined purpose: acs-license to pass license as a secret or subsystems:: to configure an Alfresco subsystem. See Configuring Alfresco Subsystem for more details. |
| configuration.search.elasticsearchProperties | object | {"createIndexIfNotExists":true,"indexName":"alfresco"} | A map of additional elasticsearch.* properties to be passed as -D arguments to the repository when search.flavor is set to elasticsearch. See more on the docs |
| configuration.search.elasticsearchProperties.createIndexIfNotExists | bool | true | Automatically create the search index if it does not exist at repository startup. Enabled by default for convenience but it is recommended to disable it in production and create the index with the right shards/replicas settings beforehand. See also the indexInit feature in the alfresco-search-enterprise chart. |
| configuration.search.elasticsearchProperties.indexName | string | "alfresco" | Name of the search index to use. |
| configuration.search.existingConfigMap.keys.flavor | string | "SEARCH_FLAVOR" | configmap key where to find the search engine used |
| configuration.search.existingConfigMap.keys.host | string | "SEARCH_HOST" | configmap key where to find the hostname part of the search URL. The configmap may leverage the alfresco-repository.solr.cm named template to auto-generate it from the sole url parameter. |
| configuration.search.existingConfigMap.keys.port | string | "SEARCH_PORT" | configmap key where to find the port part of the search URL. The configmap may leverage the alfresco-repository.solr.cm named template to auto-generate it from the sole url parameter. |
| configuration.search.existingConfigMap.keys.securecomms | string | "SEARCH_SECURECOMMS" | configmap key where to find the search communication security type. The configmap may leverage the alfresco-repository.solr.cm named template to auto-generate it from the sole url parameter. |
| configuration.search.existingConfigMap.keys.solr_base_url | string | "SOLR_BASE_URL" | configmap key where to find the root path to Solr. The configmap may leverage the alfresco-repository.solr.cm named template to auto-generate it from the sole url parameter. Not applicable to Elasticsearch |
| configuration.search.existingConfigMap.keys.url | string | "SEARCH_URL" | Key within the configmap holding the search service URL. |
| configuration.search.existingConfigMap.name | string | nil | Optional configmap containing the search service URL |
| configuration.search.existingSecret.keys.password | string | "ELASTICSEARCH_PASSWORD" | Key within the secret holding the search service password |
| configuration.search.existingSecret.keys.solr-secret | string | "SOLR_SECRET" | Key within the secret holding the index shared secret |
| configuration.search.existingSecret.keys.username | string | "ELASTICSEARCH_USERNAME" | Key within the secret holding the search service username |
| configuration.search.existingSecret.name | string | nil | Optional secret containing search service credentials |
| configuration.search.flavor | string | "noindex" | Can be either solr, elasticsearch or noindex |
| configuration.search.password | string | nil | Password to authenticate to the search service |
| configuration.search.solr-secret | string | nil | Solr inter process shared secret |
| configuration.search.url | string | nil | URL where the search service can be found |
| configuration.search.username | string | nil | Username to authenticate to the search service |
| configuration.smtp | object | see below | Basic SMTP capabilities config (limited to enabling/disabling). In order to pass more SMTP properties and configure the subsystem more deeply, please use value environment.CATALINA_OPTS or configuration.repository.existingConfigMap and check the available properties for this subsystem |
| configuration.smtp.enabled | bool | false | Enable/Disable Alfresco repository SMTP capabilities |
| configuration.smtp.port | int | 1025 | port to use to listen for SMTP clients |
| configuration.smtp.service.annotations | string | nil | Use annations to get custom behavior of the loadbalancer exposing the service |
| environment.CATALINA_OPTS | string | nil | Java or Tomcat system properties. These properties must be provided as a single string following the pattern “-Dproperty=value -Dmoreprop=morevalue”. They override the content of the global properties file but you should prefer providing configuration.repository.existingConfigMap. |
| environment.JAVA_OPTS | string | "-XX:MaxRAMPercentage=80" | Set JVM options |
| extraInitContainers | list | [] | |
| extraSideContainers | list | [] | |
| extraVolumeMounts | list | [] | |
| extraVolumes | list | [] | |
| fullnameOverride | string | "" | |
| global.additionalLabels | object | {} | Global additional labels that can be set at parent/umbrella chart level These will be merged with chart-level additionalLabels, with chart-level taking precedence |
| global.alfrescoRegistryPullSecrets | string | "quay-registry-secret" | |
| global.known_urls | string | nil | a fallback for .Values.known_urls that can be shared between charts |
| image.port | int | 8080 | |
| image.pullPolicy | string | "IfNotPresent" | |
| image.repository | string | "quay.io/alfresco/alfresco-content-repository" | |
| image.tag | string | "26.1.0" | |
| imagePullSecrets | list | [] | |
| ingress.annotations.”nginx.ingress.kubernetes.io/affinity” | string | "cookie" | |
| ingress.annotations.”nginx.ingress.kubernetes.io/proxy-body-size” | string | "5g" | File uploads are limited to 5g |
| ingress.annotations.”nginx.ingress.kubernetes.io/proxy-read-timeout” | string | "20m" | File uploads will timeout after 20 minutes |
| ingress.annotations.”nginx.ingress.kubernetes.io/session-cookie-hash” | string | "sha1" | |
| ingress.annotations.”nginx.ingress.kubernetes.io/session-cookie-name” | string | "alfrescoRepo" | |
| ingress.className | string | "nginx" | supported ingress class |
| ingress.enabled | bool | true | Toggle ingress |
| ingress.hosts[0].paths[0].path | string | "/" | |
| ingress.hosts[0].paths[0].pathType | string | "Prefix" | |
| ingress.hosts[0].paths[1].path | string | "/api-explorer" | |
| ingress.hosts[0].paths[1].pathType | string | "Prefix" | |
| ingress.hosts[0].paths[2] | object | {"path":"/alfresco/s/prometheus","pathType":"Prefix","serviceName":"blocked-prometheus"} | Block direct access to prometheus endpoint |
| ingress.tls | list | [] | |
| initContainers.waitDbReady.image.pullPolicy | string | "IfNotPresent" | |
| initContainers.waitDbReady.image.repository | string | "busybox" | |
| initContainers.waitDbReady.image.tag | string | "1.37" | |
| initContainers.waitDbReady.resources.limits.cpu | string | "250m" | |
| initContainers.waitDbReady.resources.limits.memory | string | "20Mi" | |
| livenessProbe.httpGet.path | string | "/alfresco/api/-default-/public/alfresco/versions/1/probes/-live-" | |
| livenessProbe.httpGet.port | string | "http" | |
| livenessProbe.periodSeconds | int | 20 | |
| livenessProbe.timeoutSeconds | int | 3 | |
| nameOverride | string | "" | |
| nodeSelector | object | {} | |
| persistence.accessModes | list | ["ReadWriteMany"] | Specify a storageClass for dynamic provisioning |
| persistence.baseSize | string | "20Gi" | |
| persistence.data.mountPath | string | "/usr/local/tomcat/alf_data" | |
| persistence.data.subPath | string | "alfresco-content-services/repository-data" | |
| persistence.enabled | bool | false | Persist Contentsotre data |
| persistence.existingClaim | string | nil | Use pre-provisioned pv through its claim (e.g. static provisioning) |
| persistence.storageClass | string | nil | Bind PVC based on storageClass (e.g. dynamic provisioning) |
| podAnnotations | object | {} | |
| podSecurityContext.fsGroup | int | 1000 | |
| podSecurityContext.runAsGroup | int | 1000 | |
| podSecurityContext.runAsNonRoot | bool | true | |
| podSecurityContext.runAsUser | int | 33000 | |
| readinessProbe.httpGet.path | string | "/alfresco/api/-default-/public/alfresco/versions/1/probes/-ready-" | |
| readinessProbe.httpGet.port | string | "http" | |
| readinessProbe.periodSeconds | int | 20 | |
| readinessProbe.timeoutSeconds | int | 3 | |
| replicaCount | int | 1 | |
| resources.limits.cpu | string | "4" | |
| resources.limits.memory | string | "8Gi" | |
| resources.requests.cpu | string | "2" | |
| resources.requests.memory | string | "2Gi" | |
| securityContext | object | {} | |
| service.name | string | "repository" | |
| service.port | int | 80 | |
| service.type | string | "ClusterIP" | |
| serviceAccount.annotations | object | {} | |
| serviceAccount.create | bool | true | |
| serviceAccount.name | string | "alfresco-repo-sa" | |
| startupProbe.failureThreshold | int | 9 | |
| startupProbe.httpGet.path | string | "/alfresco/api/-default-/public/alfresco/versions/1/probes/-live-" | |
| startupProbe.httpGet.port | string | "http" | |
| startupProbe.periodSeconds | int | 20 | |
| startupProbe.timeoutSeconds | int | 3 | |
| strategy.rollingUpdate.maxSurge | int | 1 | |
| strategy.rollingUpdate.maxUnavailable | int | 0 | |
| strategy.type | string | "RollingUpdate" | |
| tags.ci | bool | false | A chart tag used for Hyland’s CI purpose. Do not set it to true. |
| terminationGracePeriod | int | 60 | How long to wait for tomcat to complete shutdown before killing it |
| tolerations | list | [] |