Seed Information Management

Enterprise Content Management Consultants ECM Experts

Deploying Alfresco Content Services in AWS EKS cluster

By

In our previous blog, we described how to set up an EKS Cluster and other resources such as the EFS volume and Nginx-Ingress service/controller and in this blog we are going to show how to deploy ACS using the default Alfresco Helm charts.  This creates all the required containers (and pods) to support a demo ACS environment which includes postgres container and solr all running on the same worker node.

Creating a Secret Docker Pull registry

In order to be able to use private Enterprise-only Docker images from Quay.io, we need to create a docker registry pull secret. We advise to carry out the steps to get the base64 value for your dockercfg on a local computer as docker is not installed on the bastion server.

Log in to Quay.io with your credentials:

#docker login quay.io

Generate a base64 value for your dockercfg using one of the following methods. This will allow Kubernetes to access Quay.io:

#cat ~/.docker/config.json | base64

Create a file on the Bastion server with the following content

apiVersion: v1
kind: Secret
metadata:
  name: quay-registry-secret
type: kubernetes.io/dockerconfigjson
data:
# Docker registries config json in base64 - to do this, run:
# cat ~/.docker/config.json | base64
  .dockerconfigjson: base64-string from previous command

Deploy the secret into the EKS cluster:

kubectl create -f secrets.yaml –namespace $DESIREDNAMESPACE

Adding the Alfresco Helm Chart Repos

Next step is to add the Alfresco helm charts repos;

#helm repo add alfresco-incubator https://kubernetes-charts.alfresco.com/incubator
#helm repo add alfresco-stable https://kubernetes-charts.alfresco.com/stable

Deploying the Alfresco Helm Chart

And finally, we can deploy the Alfresco helm charts by running the following script. Just to recap, the following are required for deploying the Alfresco helm charts

  • Cluster Namespace (DESIREDNAMESPACE): alfresco-dev
  • ELB DNS (EXTERNALHOST) created by the nginx-ingress
  • EFS volume dns (EFS_Server)
  • Registry Secret name
#!/bin/bash
echo "Setting acs environment variables..."
export DESIREDNAMESPACE="alfresco-dev"
export EXTERNALHOST="xxxxxxxxxxx.ap-southeast-2.elb.amazonaws.com"
export ALF_ADMIN_PWD="$(printf %s 'mypassword' | iconv -t UTF-16LE | openssl md4 | awk '{ print $2}')"
export EFS_SERVER="fs-xxxxxx.efs.ap-southeast-2.amazonaws.com"
export ALF_DB_PWD="alfresco"
echo "Deploying alfresco-content-services charts..."
helm install alfresco-stable/alfresco-content-services \
        --set externalProtocol="https" \
        --set externalHost="$EXTERNALHOST" \
        --set externalPort="443" \
        --set repository.adminPassword="$ALF_ADMIN_PWD" \
        --set alfresco-infrastructure.persistence.efs.enabled=true \
        --set alfresco-infrastructure.persistence.efs.dns="$EFS_SERVER" \
        --set alfresco-search.resources.requests.memory="2500Mi",
              alfresco-search.resources.limits.memory="2500Mi" \
        --set alfresco-search.environment.SOLR_JAVA_MEM="-Xms2000M -Xmx2000M" \
        --set persistence.repository.data.subPath="$DESIREDNAMESPACE/alfresco-content-services
              /repository-data" \
        --set persistence.solr.data.subPath="$DESIREDNAMESPACE/alfresco-content-services/solr-data" \
        --set postgresql.postgresPassword="$ALF_DB_PWD" \
        --set postgresql.persistence.subPath="$DESIREDNAMESPACE/alfresco-content-services
              /database-data" \
        --set registryPullSecrets=quay-registry-secret \
        --namespace="$DESIREDNAMESPACE"
echo "Deploying alfresco-content-services charts... Done"
Checking and monitoring the deploy

The following command can be used to check the status of deployed pods

kubectl get pods –namespace alfresco-dev

We can use the following command to tail the alfresco log

Kubectl log –f alf-repo-pod-name – namespace alfresco -dev

Accessing ACS

Assuming that the setup succeeded, ACS can be accessed using the following url;

  • Share: https://$aws-elb-dns/share
  • Alfresco: https://$aws-elb-dns /alfresco
  • Api-Explorer: https://$aws-elb-dns /api-explorer

Conclusion

In this blog we updated the default helm charts from Alfresco to deploy within the cluster we created in the previous blog.  Using EKS Kubernetes we deployed the helm charts which resulted in a fully functioning ACS environment on a single worker node.  Separate containers (pods) were created to manage the content services and transformation services and wired together using an activeMq container.  A Solr 6 container was created for search services.  This is accessed by the alfresco content service containers using a service configured in the helm charts.  A PostgresSQL container was created to manage the DB and the contentstore is accessed via an  EFS volume (similar to the concept of a NAS) to store the content for the repository.  In our next blog we will explore the changes required to use AWS S3 to store content and an RDS instance to manage the Alfresco DB.