Deploying with Helm

Activiti Enterprise can be deployed using Helm charts.

Prerequisites

A Helm deployment assumes that you have the following:

  • Quay.io credentials to access Activiti Enterprise images.
  • A valid license for Activiti Enterprise.
  • A Kubernetes cluster.
  • A Docker registry for the deployment service.
  • Helm version 2.14.3 installed in the cluster.
  • An ingress bound to an external DNS address.

Deployment steps

Activiti Enterprise deployment can be split into four areas:

  1. Preparing the cluster:
  2. Set variables for the deployment
  3. Configure any optional customizations:
  4. Deploy to the cluster

Set up Quay.io credentials

The resources for an Alfresco Activiti Enterprise deployment are stored in Quay.io. These are password protected images and require a Kubernetes secret to be set up to access them:

Note: Quay.io credentials can be obtained by logging a ticket with Alfresco support.

Generate a Kubernetes secret in the target namespace using your Quay.io credentials using the following command:

kubectl create secret   docker-registry quay-registry-secret     --docker-server=quay.io     --docker-username="${DOCKER_REGISTRY_USERNAME}"     --docker-password="${DOCKER_REGISTRY_PASSWORD}"     --docker-email="none"

Apply a license to the cluster

A license file needs to be applied to use Alfresco Activiti Enterprise. It is created as a secret in Kubernetes and then referenced by the individual services.

A Kubernetes secret can be created with your license file using command line commands or manually via the Kubernetes Dashboard. The secret must be called licenseaps.

For the namespace you are deploying to, run the following command to upload your license file:

kubectl create secret generic licenseaps --from-file=./activiti.lic
--namespace=$DESIREDNAMESPACE

Note: ensure that the Kubernetes secret is added to the correct namespace for your deployment.

Set variables for the deployment

  1. Clone this repository and make it your working directory.

  2. Set the release name and the chart name:

    RELEASE_NAME=infrastructure
    CHART_NAME=alfresco-process-infrastructure
    
  3. The HELM_OPTS variable is used throughout the deployment to include optional customizations to the chart before deploying it.

    Declare HELM_OPTS and set the mandatory variables {HTTP} and {DOMAIN}:

    • {HTTP} must be set as either http or https for the deployment.
    • {DOMAIN} must be the value of the domain to use for the deployment, for example: aae.example.com
    export HELM_OPTS="--debug
        --set global.gateway.http=${HTTP}
        --set global.gateway.domain=${DOMAIN}"
    
  4. Configure the secrets.yaml so that the deployment service can access the Docker registry and Quay for images to create applications:

    1. Edit secrets.yaml with the relevant credentials.

    2. Copy secrets.yaml to the route of the repository.

    3. Use the following command to add secrets.yaml to the deployment:

      HELM_OPTS="${HELM_OPTS} -f secrets.yaml"
      

(Optional) Include Alfresco Content Services (ACS)

Alfresco Content Services (ACS) can be deployed with the infrastructure to use for storing task and process data.

Use the following command to include ACS in the deployment:

HELM_OPTS="${HELM_OPTS} -f values-alfresco-content-services.yaml"

Note: Enabling ACS also deploys the NFS Provisioner.

(Optional) Use external databases

External databases can be used for the deployment service and modeling service by setting custom values in values-external-postgresql.yaml.

Use the following command to include the external database configuration in the deployment:

HELM_OPTS="${HELM_OPTS} -f values-external-postgresql.yaml"

(Optional) Use a custom realm file

A default realm file is included with the deployment, however a custom realm can be used instead. There are a number of mandatory realm configurations that are required by Activiti Enterprise to include when creating a custom realm.

Edit the values.yaml to pull in a custom realm file, or edit the default file alfresco-aps-realm.json provided.

Update the following section in the values.yaml to pull in a custom file:

keycloak:
 service:
 port: 80
  extraArgs: "-Dkeycloak.import=/realm/alfresco-aps-realm.json"

If the name of the default realm, client and resource are updated from alfresco and activiti, set the following in HELM_OPTS:

HELM_OPTS="${HELM_OPTS} 
--set global.keycloak.realm=${REALM} 
--set global.keycloak.client=${CLIENT}
--set global.keycloak.resource=${RESOURCE}"

Deploy to the cluster

Use the following command from the root of repository to deploy into your cluster:

helm repo update
helm dependency update helm/${CHART_NAME}
helm upgrade --install ${HELM_OPTS} ${RELEASE_NAME} helm/${CHART_NAME}

© 2023 Alfresco Software, Inc. All Rights Reserved.