Helm charts to deploy Archivematica on a Kubernetes cluster.
No managed instances are used (MySQL pods are deployed and standard volumes are used for storage) so this should provide a quite generic setup.
We target Archivematica 1.13.x and Archivematica Storage Service 0.19.x.
You need Helm, your K8s orchestrator cli (e.g. the oc cli tool for OpenShift) and optionally Docker if you want to build the images yourself.
- Configure
values.yaml - Configure secrets
- Install the release through Helm:
git clone https://gitlab.cern.ch/digitalmemory/archivematica-helm
cd archivematica-helm
helm install <release-name> am-deploy --values=values.yamlA more detailed walkthrough on how to create projects and deploy on OpenShift can be found here.
Most of the configuration values can be set in values.yaml. Depending on your deployment, you will need to change the hostname for which we'll create a route and user_uid under which the processes will run (note: ranges for allowed user_uids are per-project on CERN OpenShift).
| Value | Description |
|---|---|
| route/hostname | Hostname for the Dashboard |
| route/ss_hostname | Hostname for the Storage Service |
| general/user_uid | Pick this based on your OpenShift project's allowed range |
Example values for hostname on CERN Openshift are <NAME>.web.cern.ch.
Some other values need to be set as secrets in the OpenShift project:
oc create secret generic \
--from-literal="MYSQL_ROOT_PASSWORD=<VALUE>" \
--from-literal="AM_DASHBOARD_USERNAME=<VALUE>" \
--from-literal="AM_DASHBOARD_PASSWORD=<VALUE>" \
--from-literal="AM_DASHBOARD_API_KEY=<VALUE>" \
--from-literal="AM_SS_USERNAME=<VALUE>" \
--from-literal="AM_SS_PASSWORD=<VALUE>" \
--from-literal="AM_SS_API_KEY=<VALUE>" \
--from-literal="DJANGO_SECRET_KEY=<VALUE>" \
archivematica-settings
Set up the credentials to mount EOS:
oc create secret generic
--from-literal="KEYTAB_USER=<USERNAME>"
--from-literal="KEYTAB_PWD=<PASSWORD>"
eos-credentials
Note that two different users are created for the dashboard and the storage service.
You shouldn't need anything different here, as the provided values.yaml is set to use the docker images we build and push to our container registry.
- Archivematica images are unmodified versions from the upstream repositories, which are copied here as git submodules (check the
srcfolders) and pinned to our target versions; - The ClamAV image is a slightly modified version of the base one, we just added permissions on some common folders so the resulting container won't need to run under
root(as we user will be the one set invalues.yaml->general/user_uid); - More images are used (e.g. MySQL, Elastic, ..). For those, we use standard images published on canonical registries.
If you wish to build them yourself, here's a quick overview:
| Service name | Dockerfile | Context |
|---|---|---|
| archivematica-mcp-server | src/archivematica/src/MCPServer.Dockerfile | src/archivematica/src/ |
| archivematica-mcp-client | src/archivematica/src/MCPClient.Dockerfile | src/archivematica/src/ |
| archivematica-dashboard | src/archivematica/src/dashboard.Dockerfile | src/archivematica/src/ |
| archivematica-storage-service | src/archivematica-storage-service/Dockerfile | src/archivematica-storage-service/ |
| am-clamav | images/clamav/Dockerfile | images/clamav |
In this case, replace the image values in the values.yaml.
Pushing to openshift creates the following deployments with the following containers
| Deployment | Replicas | Containers |
|---|---|---|
| archivematica-all | 1 | Storage Service, Dashboard, MCP Server, ClamAV, Fits |
| archivematica-gearmand | 1 | Gearman |
| archivematica-mcp-client | 2+ | MCP Client |
| archivematica-redis | 1 | Redis |
| es | 1 | ELasticsearch |
| mysql | 1 | MySQL |
| redis | 1 | Redis |