
A helm chart for installing APS

Xenit APS Helm Chart

This is a helm chart for installing Alfresco


You can install this helm chart on you K8s cluster. Keep in mind that you will need to add some --set statements for this to work:

helm install activiti \
  --repo 'https://repo.xenit.eu/public/open-source/helm/charts/'

Or you can use it as a dependency in your requirements.yaml in your own chart.

  - name: activiti
    version: 0.0.1
    repository: https://repo.xenit.eu/public/open-source/helm/charts/

Dev Requirements

Make sure you have the following installed:

Start Helm chart

  • set up the image pull secrets like in the example and add them to the general.imagePullSecrets Example :
apiVersion: v1
kind: Secret
  name: secretName
  namespace: {{ .Release.Namespace | quote }}
type: kubernetes.io/dockerconfigjson
  .dockerconfigjson: {{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" <<registry>> <<username>> <<password>> (printf "%s:%s" .username .password | b64enc) | b64enc }}
  • provide license file for aps activiti:
 kubectl create secret generic activiti-license-secret --from-file=./activiti.li --namespace=$NAMESPACE
  • wait for the ingress controller to be ready you can check by running this command :
    kubectl wait --namespace ingress-nginx   --for=condition=ready pod   --selector=app.kubernetes.io/component=controller  --timeout=90s




  • Required: false
  • Default:
    type: RollingUpdate
      maxSurge: 1
      maxUnavailable: 0
  • Description: You can overwrite here the rollout strategy of deployments. This will be effective on ALL deployments in the helm chart that have strategy type RollingUpdate (default)


  • Required: false
  • Default: None
  • Example:
    annotation1Key: annotation1Value
    annotation2Key: annotation2Value
  • Description: With this list of parameters you can add 1 or multiple annotations to ALL deployments and statefullSets


  • Required: false
  • Default: None
  • Example:
      - name: privateDockerRepo1Secret
      - name: privateDockerRepo2Secret
  • Description: If you use an image that is not public. then you can create dockerconfigjson secrets on your cluster and reference them here. The secrets will be referenced in all Deployments and StatefullSets.


  • Required: false
  • Default: None
  • Description: will set a serviceType on the services that are exposed via an ingress. This might be useful for example when you are working on AWS infra with an AWS ALB which requires NodePort services


  • Required: false
  • Default: None
  • Description: Used in the activiti pod to access the Database and to set the username of the rootuser of the postgresql-activiti (if enabled)
  • Note: If not specified the helm chart will try to reuse the value used in previous deployments. If these are not there a random user will be used.


  • Required: false
  • Default: None
  • Description: Used in the activiti pod to access the Database and to set the password of the rootuser of the postgresql-activiti (if enabled)
  • Note: If not specified the helm chart will try to reuse the value used in previous deployments. If these are not there a random password will be used.


  • Required: false
  • Default: None
  • Description: Used in the activiti-admin pod to access the Database and to set the username of the rootuser of the postgresql-activiti-admin (if enabled)
  • Note: If not specified the helm chart will try to reuse the value used in previous deployments. If these are not there a random user will be used.


  • Required: false
  • Default: None
  • Description: Used in the activiti-admin pod to access the Database and to set the password of the rootuser of the postgresql-activiti-admin (if enabled)
  • Note: If not specified the helm chart will try to reuse the value used in previous deployments. If these are not there a random password will be used.


  • Required: false
  • Default: false
  • Please note that when you enable this you are yourself responsible to provide a secret activiti-db-secret in the namespace that you will install this chart in.
  • Secret data expected:


  • Required: false
  • Default: false
  • Please note that when you enable this you are yourself responsible to provide a secret activiti-db-secret in the namespace that you will install this chart in.
  • Secret data expected:



  • Required: true
  • Default: None
  • Description: The host that points to the alfresco cluster for all services


  • Required: false
  • Default:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-production"
  • Description: Annotations for ingress


  • Required: false
  • Default: None
  • Example:
- path: /service-path
  pathType: Prefix
      name: service-name
        number: service-port
  • Description: used to add more path to ingress under the same host name for new services


  • Required: false
  • Default: true
  • Description: used to add defaultBackend to spec of ingress


  • Required: false
  • Default: nginx-default-service
  • Description: the default service name that ingress will point to


  • Required: false
  • Default: 30403
  • Description: the default service port that ingress will point to


  • Required: false
  • Default: false
  • Description: Enable 403 handler for blocked Paths endpoints


  • Required: false
  • Example:
- /alfresco/s/api/solr
- /alfresco/service/api/solr
- /alfresco/service/api/solr
- /alfresco/wcservice/api/solr
  • Description: List of paths that are blocked



  • Required: false
  • Default: 1
  • Description: The number of pods that will be running


  • Required: false
  • Default: docker.io
  • Description: The registry where the docker container can be found in


  • Required: false
  • Default: alfresco/process-services
  • Description: The repository of the docker image that will be used


  • Required: false
  • Default: 24.2.0
  • Description: The tag of the docker image that will be used


  • Required: false
  • Default: IfNotPresent
  • Description: Specify when the pods should pull the image from the repositories


  • Required: false
  • Default:
    failureThreshold: 5
      path: /activiti-app/app/rest/locale
      port: 8080
      scheme: HTTP
    initialDelaySeconds: 25
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
  • Description: Specify the livenessProbe configuration


  • Required: false
  • Default:
    failureThreshold: 5
      path: /activiti-app/app/rest/locale
      port: 8080
      scheme: HTTP
    initialDelaySeconds: 25
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
  • Description: Specify the readinessProbe configuration


  • Required: false
  • Default: RollingUpdate
  • Description: Can be set to Recreate if you want all your pods to be killed before new ones are created


  • Required: false
  • Default:
    ACTIVITI_DATASOURCE_DRIVER: "org.postgresql.Driver"
    ACTIVITI_DATASOURCE_URL: "jdbc:postgresql://postgresql-activiti-service:5432/activiti?characterEncoding=UTF-8"
    ACTIVITI_HIBERNATE_DIALECT: "org.hibernate.dialect.PostgreSQLDialect"
  • Example:
    environmentVariable1Key: environmentVariable1Value
    environmentVariable2Key: environmentVariable2Value
  • Description: With this list of parameters you can add 1 or multiple environment variables that will be passed to the docker container. These will be stored in a config and are hence not safe for sensitive information


  • Required: false
  • Default: None
  • Description: This allows you to add to the activiti-container envFrom section. This was added to allow to integrate secrets that are not added by this helm chart.
  • Example:
- secretRef:
    name: es-secret


  • Required: false
  • Default: None
  • Example:
    annotation1Key: annotation1Value
    annotation2Key: annotation2Value
  • Description: With this list of parameters you can add 1 or multiple annotations to the activiti deployment


  • Required: false
  • Default: None
  • Example:
    annotation1Key: annotation1Value
    annotation2Key: annotation2Value
  • Description: With this list of parameters you can add 1 or multiple annotations to the activiti service


  • Required: false
  • Default: None
  • Description: If your pods need to run with a service account you can specify that here. Please note that you are yourself responsible to create the serviceAccount referenced in the namespace of this helm chart


  • Required: false
  • Default:
        memory: 8Gi
        cpu: 500m
        memory: 8Gi
  • Description: The resources a node requires


  • Required: false
  • Default: None
  • Example:
      - name: privateDockerRepo1Secret
      - name: privateDockerRepo2Secret
  • Description: If you use an image that is not public. then you can create dockerconfigjson secrets on your cluster and reference them here.


  • Required: false
  • Default: None
  • Description: A list of configMaps that need to be mounted as volumes to the activiti pods. Make sure the configMap specified exists. Layout should be as follows:
      - mountPath: >-
        name: ldap1-ad-auth-volume	
        readOnly: true	
      - mountPath: >-	
        name: ldap2-ad-auth-volume	
        readOnly: true	
      - mountPath: >-	
        name: ldap3-ad-auth-volume	
        readOnly: true


  • Required: false
  • Default: None
  • Description: A list of configMaps that need to be mounted as volumes to the alfresco pods. Make sure the configMap specified exists. Layout should be as follows:
      - configMap:
          defaultMode: 420
            - key: ldap-ad-authentication.properties
              path: ldap-ad-authentication.properties
          name: ldap1-ad-auth-config
        name: ldap1-ad-auth-volume
      - configMap:
          defaultMode: 420
            - key: ldap-ad-authentication.properties
              path: ldap-ad-authentication.properties
          name: ldap2-ad-auth-config
        name: ldap2-ad-auth-volume
      - configMap:
          defaultMode: 420
            - key: ldap-ad-authentication.properties
              path: ldap-ad-authentication.properties
          name: ldap3-ad-auth-config
        name: ldap3-ad-auth-volume


  • Required: false
  • Default: false
  • Description: enabling license mounting


  • Required: false
  • Default: /home/alfresco/.activiti/enterprise-license/activiti.lic
  • Description: the path to license file where the activiti-license-secret will be put at , to be picked up by activiti on startup



  • Required: false
  • Default: 1
  • Description: The number of pods that will be running


  • Required: false
  • Default: docker.io
  • Description: The registry where the docker container can be found in


  • Required: false
  • Default: alfresco/process-services-admin
  • Description: The repository of the docker image that will be used


  • Required: false
  • Default: 24.2.0
  • Description: The tag of the docker image that will be used


  • Required: false
  • Default: IfNotPresent
  • Description: Specify when the pods should pull the image from the repositories


  • Required: false
  • Default:
    failureThreshold: 5
      path: /activiti-admin/
      port: 8080
      scheme: HTTP
    initialDelaySeconds: 25
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
  • Description: Specify the livenessProbe configuration


  • Required: false
  • Default:
    failureThreshold: 5
      path: /activiti-admin/
      port: 8080
      scheme: HTTP
    initialDelaySeconds: 25
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
  • Description: Specify the readinessProbe configuration


  • Required: false
  • Default: RollingUpdate
  • Description: Can be set to Recreate if you want all your pods to be killed before new ones are created


  • Required: false
  • Default:
    ACTIVITI_ADMIN_DATASOURCE_DRIVER: "org.postgresql.Driver"
    ACTIVITI_ADMIN_DATASOURCE_URL: "jdbc:postgresql://postgresql-activiti-admin-service:5432/activiti-admin?characterEncoding=UTF-8"
    ACTIVITI_ADMIN_HIBERNATE_DIALECT: "org.hibernate.dialect.PostgreSQLDialect"
    ACTIVITI_ADMIN_REST_APP_HOST: 'http://activiti-service'
  • Example:
    environmentVariable1Key: environmentVariable1Value
    environmentVariable2Key: environmentVariable2Value
  • Description: With this list of parameters you can add 1 or multiple environment variables that will be passed to the docker container. These will be stored in a config and are hence not safe for sensitive information


  • Required: false
  • Default: None
  • Description: This allows you to add to the activiti-admin-container envFrom section. This was added to allow to integrate secrets that are not added by this helm chart.
  • Example:
- secretRef:
    name: es-secret


  • Required: false
  • Default: None
  • Example:
    annotation1Key: annotation1Value
    annotation2Key: annotation2Value
  • Description: With this list of parameters you can add 1 or multiple annotations to the activiti-admin deployment


  • Required: false
  • Default: None
  • Example:
    annotation1Key: annotation1Value
    annotation2Key: annotation2Value
  • Description: With this list of parameters you can add 1 or multiple annotations to the activiti-admin service


  • Required: false
  • Default: None
  • Description: If your pods need to run with a service account you can specify that here. Please note that you are yourself responsible to create the serviceAccount referenced in the namespace of this helm chart


  • Required: false
    • Default:
        memory: 2Gi
        cpu: 250m
        memory: 2Gi
  • Description: The resources a node requires


  • Required: false
  • Default: None
  • Example:
      - name: privateDockerRepo1Secret
      - name: privateDockerRepo2Secret
  • Description: If you use an image that is not public. then you can create dockerconfigjson secrets on your cluster and reference them here.


  • Required: false
  • Default: None
  • Description: A list of configMaps that need to be mounted as volumes to the activiti pods. Make sure the configMap specified exists. Layout should be as follows:
      - mountPath: >-
        name: ldap1-ad-auth-volume	
        readOnly: true	
      - mountPath: >-	
        name: ldap2-ad-auth-volume	
        readOnly: true	
      - mountPath: >-	
        name: ldap3-ad-auth-volume	
        readOnly: true


  • Required: false
  • Default: None
  • Description: A list of configMaps that need to be mounted as volumes to the alfresco pods. Make sure the configMap specified exists. Layout should be as follows:
      - configMap:
          defaultMode: 420
            - key: ldap-ad-authentication.properties
              path: ldap-ad-authentication.properties
          name: ldap1-ad-auth-config
        name: ldap1-ad-auth-volume
      - configMap:
          defaultMode: 420
            - key: ldap-ad-authentication.properties
              path: ldap-ad-authentication.properties
          name: ldap2-ad-auth-config
        name: ldap2-ad-auth-volume
      - configMap:
          defaultMode: 420
            - key: ldap-ad-authentication.properties
              path: ldap-ad-authentication.properties
          name: ldap3-ad-auth-config
        name: ldap3-ad-auth-volume

Activiti Postgresql


  • Required: false
  • Default: true
  • Description: Enable or disable the PostgresQl


  • Required: false
  • Default: 1
  • Description: The number of pods that will be running


  • Required: false
  • Default: docker.io
  • Description: The registry where the docker container can be found in


  • Required: false
  • Default: xenit/postgres
  • Description: The repository of the docker image that will be used


  • Required: false
  • Default: latest
  • Description: The tag of the docker image that will be used


  • Required: false
  • Default: IfNotPresent
  • Description: Specify when the pods should pull the image from the repositories


  • Required: false
  • Default: RollingUpdate
  • Description: Can be set to Recreate if you want all your pods to be killed before new ones are created


  • Required: false
  • Default: None
  • Example:
    environmentVariable1Key: environmentVariable1Value
    environmentVariable2Key: environmentVariable2Value
  • Description: With this list of parameters you can add 1 or multiple environment variables that will be passed to the docker container. These will be stored in a config and are hence not safe for sensitive information


  • Required: false
  • Default: None
  • Description: This allows you to add to the postgresql-container envFrom section. This was added to allow to integrate secrets that are not added by this helm chart.
  • Example:
  - secretRef:
    name: s3-secret


  • Required: false
  • Default: None
  • Example:
    annotation1Key: annotation1Value
    annotation2Key: annotation2Value
  • Description: With this list of parameters you can add 1 or multiple annotations to the PostgresQl deployment


  • Required: false
  • Default: None
  • Example:
    annotation1Key: annotation1Value
    annotation2Key: annotation2Value
  • Description: With this list of parameters you can add 1 or multiple annotations to the PostgresQl service


  • Required: false
  • Default: None
  • Description: If your pods need to run with a service account you can specify that here. Please note that you are yourself responsible to create the serviceAccount referenced in the namespace of this helm chart


  • Required: false
  • Default:
        memory: "1Gi"
        cpu: "1"
  • Description: The resources a node should keep reserved for your pod


  • Required: false
  • Default: None
  • Example:
      - name: privateDockerRepo1Secret
      - name: privateDockerRepo2Secret
  • Description: If you use an image that is not public. then you can create dockerconfigjson secrets on your cluster and reference them here.

Activiti Admin Postgresql


  • Required: false
  • Default: true
  • Description: Enable or disable the PostgresQl


  • Required: false
  • Default: 1
  • Description: The number of pods that will be running


  • Required: false
  • Default: docker.io
  • Description: The registry where the docker container can be found in


  • Required: false
  • Default: xenit/postgres
  • Description: The repository of the docker image that will be used


  • Required: false
  • Default: latest
  • Description: The tag of the docker image that will be used


  • Required: false
  • Default: IfNotPresent
  • Description: Specify when the pods should pull the image from the repositories


  • Required: false
  • Default: RollingUpdate
  • Description: Can be set to Recreate if you want all your pods to be killed before new ones are created


  • Required: false
  • Default: None
  • Example:
    environmentVariable1Key: environmentVariable1Value
    environmentVariable2Key: environmentVariable2Value
  • Description: With this list of parameters you can add 1 or multiple environment variables that will be passed to the docker container. These will be stored in a config and are hence not safe for sensitive information


  • Required: false
  • Default: None
  • Description: This allows you to add to the postgresql-container envFrom section. This was added to allow to integrate secrets that are not added by this helm chart.
  • Example:
  - secretRef:
    name: s3-secret


  • Required: false
  • Default: None
  • Example:
    annotation1Key: annotation1Value
    annotation2Key: annotation2Value
  • Description: With this list of parameters you can add 1 or multiple annotations to the PostgresQl deployment


  • Required: false
  • Default: None
  • Example:
    annotation1Key: annotation1Value
    annotation2Key: annotation2Value
  • Description: With this list of parameters you can add 1 or multiple annotations to the PostgresQl service


  • Required: false
  • Default: None
  • Description: If your pods need to run with a service account you can specify that here. Please note that you are yourself responsible to create the serviceAccount referenced in the namespace of this helm chart


  • Required: false
  • Default:
        memory: "1Gi"
        cpu: "1"
  • Description: The resources a node should keep reserved for your pod


  • Required: false
  • Default: None
  • Example:
      - name: privateDockerRepo1Secret
      - name: privateDockerRepo2Secret
  • Description: If you use an image that is not public. then you can create dockerconfigjson secrets on your cluster and reference them here.

Persistent Storage

postgresql Activiti


  • Required: false
  • Default: true
  • Description: Enable or disable the creation of a PV and PVC for the PostgresQL Activiti pods


  • Required: false
  • Default: scw-bssd
  • Description: Provide what storageClass should be used. For values other then scw-bssd standard or efs-storage-class you will need to make sure that that storage class is created


  • Required: false
  • Default: 2
  • Description: The size in GB of the volume that should be reserved


  • Required: when persistentStorage.postgresqlActiviti.storageClassName is scw-bssd
  • Default: None
  • Description: The volume handle pointing to the AWS EFS location

postgresql Activiti Admin


  • Required: false
  • Default: true
  • Description: Enable or disable the creation of a PV and PVC for the PostgresQL Activiti Admin pods


  • Required: false
  • Default: scw-bssd
  • Description: Provide what storageClass should be used. For values other then scw-bssd standard or efs-storage-class you will need to make sure that that storage class is created


  • Required: false
  • Default: 2
  • Description: The size in GB of the volume that should be reserved


  • Required: when persistentStorage.postgresqlActivitiAdmin.storageClassName is scw-bssd
  • Default: None
  • Description: The volume handle pointing to the AWS EFS location