Ingress - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License
  1. Create a file called ingress-rbac.yaml with the text below:
     apiVersion: rbac.authorization.k8s.io/v1
     kind: Role
     metadata:
       name: acs:psp
       namespace: alfresco
     rules:
     - apiGroups:
       - policy
       resourceNames:
       - kube-system
       resources:
       - podsecuritypolicies
       verbs:
       - use
     ---
     apiVersion: rbac.authorization.k8s.io/v1
     kind: RoleBinding
     metadata:
       name: acs:psp:default
       namespace: alfresco
     roleRef:
       apiGroup: rbac.authorization.k8s.io
       kind: Role
       name: acs:psp
     subjects:
     - kind: ServiceAccount
       name: default
       namespace: alfresco
     ---
     apiVersion: rbac.authorization.k8s.io/v1
     kind: RoleBinding
     metadata:
       name: acs:psp:acs-ingress
       namespace: alfresco
     roleRef:
       apiGroup: rbac.authorization.k8s.io
       kind: Role
       name: acs:psp
     subjects:
     - kind: ServiceAccount
       name: acs-ingress
       namespace: alfresco
    
  2. Use the kubectl command to create the cluster roles required by the ingress service:
     kubectl apply -f ingress-rbac.yaml -n alfresco
    
  3. Deploy the ingress (replace ACM_CERTIFICATE_ARN and YOUR-DOMAIN-NAME with the ARN of the certificate and hosted zone created earlier in the DNS section):
     helm install acs-ingress ingress-nginx/ingress-nginx --version=3.7.1\
     --set controller.scope.enabled=true \
     --set controller.scope.namespace=alfresco \
     --set rbac.create=true \
     --set controller.config."proxy-body-size"="100m" \
     --set controller.service.targetPorts.https=80 \
     --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol"="http" \
     --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-ports"="https" \
     --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-cert"="ACM_CERTIFICATE_ARN" \
     --set controller.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="acs.YOUR-DOMAIN-NAME" \
     --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-negotiation-policy"="ELBSecurityPolicy-TLS-1-2-2017-01" \
     --set controller.publishService.enabled=true \
     --atomic \
     --namespace alfresco
    
    Note: The command will wait until the deployment is ready.