diff --git a/charts/rabbitmq/.helmignore b/charts/rabbitmq/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/charts/rabbitmq/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rabbitmq/Chart.yaml b/charts/rabbitmq/Chart.yaml deleted file mode 100644 index 38d79f0..0000000 --- a/charts/rabbitmq/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: RabbitMQ -description: Helm chart scaffolding for RabbitMQ applications. -type: Infrastructure -version: 3.5.0 -appVersion: 1.0.0 diff --git a/charts/rabbitmq/README.md b/charts/rabbitmq/README.md deleted file mode 100644 index 14e583f..0000000 --- a/charts/rabbitmq/README.md +++ /dev/null @@ -1,3 +0,0 @@ - - -# RabbitMQ Helm chart \ No newline at end of file diff --git a/charts/rabbitmq/templates/NOTES.txt b/charts/rabbitmq/templates/NOTES.txt deleted file mode 100644 index 95da16e..0000000 --- a/charts/rabbitmq/templates/NOTES.txt +++ /dev/null @@ -1,148 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -{{- $servicePort := or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) | ternary .Values.service.ports.amqp .Values.service.ports.amqpTls -}} -{{- $serviceNodePort := or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) | ternary .Values.service.nodePorts.amqp .Values.service.nodePorts.amqpTls -}} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -{{- else }} - -Credentials: - -{{- if not .Values.loadDefinition.enabled }} - echo "Username : {{ .Values.auth.username }}" - echo "Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "rabbitmq.secretPasswordName" . }} -o jsonpath="{.data.rabbitmq-password}" | base64 -d)" -{{- end }} - echo "ErLang Cookie : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "rabbitmq.secretErlangName" . }} -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 -d)" - -RabbitMQ can be accessed within the cluster on port {{ $serviceNodePort }} at {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - -To access for outside the cluster, perform the following steps: - -{{- if .Values.ingress.enabled }} -{{- if contains "NodePort" .Values.service.type }} - -To Access the RabbitMQ AMQP port: - -1. Obtain the NodePort IP and ports: - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT_AMQP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[?(@.name=='amqp')].nodePort}" services {{ include "common.names.fullname" . }}) - echo "URL : amqp://$NODE_IP:$NODE_PORT_AMQP/" - -{{- else if contains "LoadBalancer" .Values.service.type }} - -To Access the RabbitMQ AMQP port: - -1. Obtain the LoadBalancer IP: - -NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - echo "URL : amqp://$SERVICE_IP:{{ $servicePort }}/" - -{{- else if contains "ClusterIP" .Values.service.type }} - -To Access the RabbitMQ AMQP port: - -1. Create a port-forward to the AMQP port: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ $servicePort }}:{{ $servicePort }} & - echo "URL : amqp://127.0.0.1:{{ $servicePort }}/" - -{{- end }} - -2. Access RabbitMQ using using the obtained URL. - -To Access the RabbitMQ Management interface: - -1. Get the RabbitMQ Management URL and associate its hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "RabbitMQ Management: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - -2. Open a browser and access RabbitMQ Management using the obtained URL. - -{{- else }} -{{- if contains "NodePort" .Values.service.type }} - -Obtain the NodePort IP and ports: - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT_AMQP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[?(@.name=='amqp')].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_PORT_STATS=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[?(@.name=='http-stats')].nodePort}" services {{ include "common.names.fullname" . }}) - -To Access the RabbitMQ AMQP port: - - echo "URL : amqp://$NODE_IP:$NODE_PORT_AMQP/" - -To Access the RabbitMQ Management interface: - - echo "URL : http://$NODE_IP:$NODE_PORT_STATS/" - -{{- else if contains "LoadBalancer" .Values.service.type }} - -Obtain the LoadBalancer IP: - -NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - -To Access the RabbitMQ AMQP port: - - echo "URL : amqp://$SERVICE_IP:{{ $servicePort }}/" - -To Access the RabbitMQ Management interface: - - echo "URL : http://$SERVICE_IP:{{ .Values.service.ports.manager }}/" - -{{- else if contains "ClusterIP" .Values.service.type }} - -To Access the RabbitMQ AMQP port: - - echo "URL : amqp://127.0.0.1:{{ $servicePort }}/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ $servicePort }}:{{ $servicePort }} - -To Access the RabbitMQ Management interface: - - echo "URL : http://127.0.0.1:{{ .Values.service.ports.manager }}/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.manager }}:{{ .Values.service.ports.manager }} - -{{- end }} -{{- end }} - -{{- if .Values.metrics.enabled }} - -To access the RabbitMQ Prometheus metrics, get the RabbitMQ Prometheus URL by running: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.metrics }}:{{ .Values.service.ports.metrics }} & - echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.service.ports.metrics }}/metrics" - -Then, open the obtained URL in a browser. - -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- include "rabbitmq.validateValues" . -}} - -{{- end }} diff --git a/charts/rabbitmq/templates/_helpers.tpl b/charts/rabbitmq/templates/_helpers.tpl deleted file mode 100644 index b780637..0000000 --- a/charts/rabbitmq/templates/_helpers.tpl +++ /dev/null @@ -1,171 +0,0 @@ -{{- define "rabbitmq.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{- define "rabbitmq.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{- define "rabbitmq.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) }} -{{- end -}} - -{{- define "rabbitmq.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{- define "rabbitmq.secretPasswordName" -}} - {{- if .Values.auth.existingPasswordSecret -}} - {{- printf "%s" (tpl .Values.auth.existingPasswordSecret $) -}} - {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{- define "rabbitmq.secretErlangName" -}} - {{- if .Values.auth.existingErlangSecret -}} - {{- printf "%s" (tpl .Values.auth.existingErlangSecret $) -}} - {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{- define "rabbitmq.tlsSecretName" -}} - {{- if .Values.auth.tls.existingSecret -}} - {{- printf "%s" (tpl .Values.auth.tls.existingSecret $) -}} - {{- else -}} - {{- printf "%s-certs" (include "common.names.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{- define "rabbitmq.createTlsSecret" -}} -{{- if and .Values.auth.tls.enabled (not .Values.auth.tls.existingSecret) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{- define "rabbitmq.plugins" -}} -{{- $plugins := .Values.plugins -}} -{{- if .Values.extraPlugins -}} -{{- $plugins = printf "%s %s" $plugins .Values.extraPlugins -}} -{{- end -}} -{{- if .Values.metrics.enabled -}} -{{- $plugins = printf "%s %s" $plugins .Values.metrics.plugins -}} -{{- end -}} -{{- printf "%s" $plugins | replace " " ", " -}} -{{- end -}} - -{{- define "rabbitmq.toBytes" -}} -{{- $value := int (regexReplaceAll "([0-9]+).*" . "${1}") }} -{{- $unit := regexReplaceAll "[0-9]+(.*)" . "${1}" }} -{{- if eq $unit "Ki" }} - {{- mul $value 1024 }} -{{- else if eq $unit "Mi" }} - {{- mul $value 1024 1024 }} -{{- else if eq $unit "Gi" }} - {{- mul $value 1024 1024 1024 }} -{{- else if eq $unit "Ti" }} - {{- mul $value 1024 1024 1024 1024 }} -{{- else if eq $unit "Pi" }} - {{- mul $value 1024 1024 1024 1024 1024 }} -{{- else if eq $unit "Ei" }} - {{- mul $value 1024 1024 1024 1024 1024 1024 }} -{{- else if eq $unit "K" }} - {{- mul $value 1000 }} -{{- else if eq $unit "M" }} - {{- mul $value 1000 1000 }} -{{- else if eq $unit "G" }} - {{- mul $value 1000 1000 1000 }} -{{- else if eq $unit "T" }} - {{- mul $value 1000 1000 1000 1000 }} -{{- else if eq $unit "P" }} - {{- mul $value 1000 1000 1000 1000 1000 }} -{{- else if eq $unit "E" }} - {{- mul $value 1000 1000 1000 1000 1000 1000 }} -{{- end }} -{{- end -}} - -{{- define "rabbitmq.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "rabbitmq.validateValues.ldap" .) -}} -{{- $messages := append $messages (include "rabbitmq.validateValues.memoryHighWatermark" .) -}} -{{- $messages := append $messages (include "rabbitmq.validateValues.ingress.tls" .) -}} -{{- $messages := append $messages (include "rabbitmq.validateValues.auth.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - - -{{- define "rabbitmq.validateValues.ldap" -}} -{{- if .Values.ldap.enabled }} -{{- $serversListLength := len .Values.ldap.servers }} -{{- $userDnPattern := coalesce .Values.ldap.user_dn_pattern .Values.ldap.userDnPattern }} -{{- if or (and (not (gt $serversListLength 0)) (empty .Values.ldap.uri)) (and (not $userDnPattern) (not .Values.ldap.basedn)) }} -rabbitmq: LDAP - Invalid LDAP configuration. When enabling LDAP support, the parameters "ldap.servers" or "ldap.uri" are mandatory - to configure the connection and "ldap.userDnPattern" or "ldap.basedn" are necessary to lookup the users. Please provide them: - $ helm install {{ .Release.Name }} eu.gcr.io/uc-next/rabbitmq:v3.10 \ - --set ldap.enabled=true \ - --set ldap.servers[0]=my-ldap-server" \ - --set ldap.port="389" \ - --set ldap.userDnPattern="cn=${username},dc=example,dc=org" -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "rabbitmq.validateValues.memoryHighWatermark" -}} -{{- if and (not (eq .Values.memoryHighWatermark.type "absolute")) (not (eq .Values.memoryHighWatermark.type "relative")) }} -rabbitmq: memoryHighWatermark.type - Invalid Memory high watermark type. Valid values are "absolute" and - "relative". Please set a valid mode (--set memoryHighWatermark.type="xxxx") -{{- else if and .Values.memoryHighWatermark.enabled (not .Values.resources.limits.memory) (eq .Values.memoryHighWatermark.type "relative") }} -rabbitmq: memoryHighWatermark - You enabled configuring memory high watermark using a relative limit. However, - no memory limits were defined at POD level. Define your POD limits as shown below: - - $ helm install {{ .Release.Name }} eu.gcr.io/uc-next/rabbitmq:v3.10 \ - --set memoryHighWatermark.enabled=true \ - --set memoryHighWatermark.type="relative" \ - --set memoryHighWatermark.value="0.4" \ - --set resources.limits.memory="2Gi" - - Altenatively, user an absolute value for the memory memory high watermark : - - $ helm install {{ .Release.Name }} eu.gcr.io/uc-next/rabbitmq:v3.10 \ - --set memoryHighWatermark.enabled=true \ - --set memoryHighWatermark.type="absolute" \ - --set memoryHighWatermark.value="512MB" -{{- end -}} -{{- end -}} - -{{- define "rabbitmq.validateValues.ingress.tls" -}} -{{- if and .Values.ingress.enabled .Values.ingress.tls (not (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations ))) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }} -rabbitmq: ingress.tls - You enabled the TLS configuration for the default ingress hostname but - you did not enable any of the available mechanisms to create the TLS secret - to be used by the Ingress Controller. - Please use any of these alternatives: - - Use the `ingress.extraTls` and `ingress.secrets` parameters to provide your custom TLS certificates. - - Rely on cert-manager to create it by setting the corresponding annotations - - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` -{{- end -}} -{{- end -}} - -{{- define "rabbitmq.validateValues.auth.tls" -}} -{{- if and .Values.auth.tls.enabled (not .Values.auth.tls.autoGenerated) (not .Values.auth.tls.existingSecret) (not .Values.auth.tls.caCertificate) (not .Values.auth.tls.serverCertificate) (not .Values.auth.tls.serverKey) }} -rabbitmq: auth.tls - You enabled TLS for RabbitMQ but you did not enable any of the available mechanisms to create the TLS secret. - Please use any of these alternatives: - - Provide an existing secret containing the TLS certificates using `auth.tls.existingSecret` - - Provide the plain text certificates using `auth.tls.caCertificate`, `auth.tls.serverCertificate` and `auth.tls.serverKey`. - - Enable auto-generated certificates using `auth.tls.autoGenerated`. -{{- end -}} -{{- end -}} diff --git a/charts/rabbitmq/templates/config-secret.yaml b/charts/rabbitmq/templates/config-secret.yaml deleted file mode 100644 index 80e93e6..0000000 --- a/charts/rabbitmq/templates/config-secret.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-config" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - rabbitmq.conf: |- - {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | b64enc | nindent 4 }} - {{- if .Values.advancedConfiguration }} - advanced.config: |- - {{- include "common.tplvalues.render" (dict "value" .Values.advancedConfiguration "context" $) | b64enc | nindent 4 }} - {{- end }} diff --git a/charts/rabbitmq/templates/extra-list.yaml b/charts/rabbitmq/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/charts/rabbitmq/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/rabbitmq/templates/ingress.yaml b/charts/rabbitmq/templates/ingress.yaml deleted file mode 100644 index 5cb450b..0000000 --- a/charts/rabbitmq/templates/ingress.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.hostname "context" $ ) }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.service.portNames.manager "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ include "common.tplvalues.render" ( dict "value" .name "context" $ ) }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" $.Values.service.portNames.manager "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.extraRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} - {{- end }} - {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/rabbitmq/templates/networkpolicy.yaml b/charts/rabbitmq/templates/networkpolicy.yaml deleted file mode 100644 index c319ac1..0000000 --- a/charts/rabbitmq/templates/networkpolicy.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.service.ports.epmd }} # EPMD - - port: {{ .Values.service.ports.amqp }} - - port: {{ .Values.service.ports.amqpTls }} - - port: {{ .Values.service.ports.dist }} - - port: {{ .Values.service.ports.manager }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ printf "%s-client" (include "common.names.fullname" .) }}: "true" - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- if .Values.networkPolicy.additionalRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.additionalRules "context" $) | nindent 8 }} - {{- end }} - {{- end }} - # Allow prometheus scrapes - - ports: - - port: {{ .Values.service.ports.metrics }} -{{- end }} diff --git a/charts/rabbitmq/templates/pdb.yaml b/charts/rabbitmq/templates/pdb.yaml deleted file mode 100644 index 827b49b..0000000 --- a/charts/rabbitmq/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/rabbitmq/templates/prometheusrule.yaml b/charts/rabbitmq/templates/prometheusrule.yaml deleted file mode 100644 index fd7208b..0000000 --- a/charts/rabbitmq/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote}} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - groups: - {{- with .Values.metrics.prometheusRule.rules }} - - name: {{ template "common.names.name" $ }} - rules: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/rabbitmq/templates/role.yaml b/charts/rabbitmq/templates/role.yaml deleted file mode 100644 index ab8be2f..0000000 --- a/charts/rabbitmq/templates/role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ printf "%s-endpoint-reader" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create"] -{{- end }} diff --git a/charts/rabbitmq/templates/rolebinding.yaml b/charts/rabbitmq/templates/rolebinding.yaml deleted file mode 100644 index 2500367..0000000 --- a/charts/rabbitmq/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ printf "%s-endpoint-reader" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -subjects: - - kind: ServiceAccount - name: {{ template "rabbitmq.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ printf "%s-endpoint-reader" (include "common.names.fullname" .) }} -{{- end }} diff --git a/charts/rabbitmq/templates/secrets.yaml b/charts/rabbitmq/templates/secrets.yaml deleted file mode 100644 index bdad125..0000000 --- a/charts/rabbitmq/templates/secrets.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if or (not .Values.auth.existingErlangSecret) (not .Values.auth.existingPasswordSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if (not .Values.auth.existingPasswordSecret ) }} - rabbitmq-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "rabbitmq-password" "length" 16 "providedValues" (list "auth.password") "context" $) }} - {{ end }} - {{- if (not .Values.auth.existingErlangSecret ) }} - rabbitmq-erlang-cookie: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "rabbitmq-erlang-cookie" "length" 32 "providedValues" (list "auth.erlangCookie") "context" $) }} - {{ end }} -{{- end }} -{{- range $key, $value := .Values.extraSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ ternary (printf "%s-%s" (include "common.names.namespace" $) $key) $key $.Values.extraSecretsPrependReleaseName }} - namespace: {{ include "common.names.namespace" $ | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -stringData: {{- include "common.tplvalues.render" (dict "value" $value "context" $) | nindent 2 }} -{{- end }} diff --git a/charts/rabbitmq/templates/serviceaccount.yaml b/charts/rabbitmq/templates/serviceaccount.yaml deleted file mode 100644 index 43c45d1..0000000 --- a/charts/rabbitmq/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "rabbitmq.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -secrets: - - name: {{ include "common.names.fullname" . }} -{{- end }} - diff --git a/charts/rabbitmq/templates/servicemonitor.yaml b/charts/rabbitmq/templates/servicemonitor.yaml deleted file mode 100644 index a96ae90..0000000 --- a/charts/rabbitmq/templates/servicemonitor.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} - endpoints: - - port: metrics - {{- if .Values.metrics.serviceMonitor.path }} - path: {{ .Values.metrics.serviceMonitor.path }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "common.names.namespace" . | quote }} - {{- if .Values.metrics.serviceMonitor.podTargetLabels }} - podTargetLabels: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.podTargetLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.targetLabels }} - targetLabels: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.targetLabels "context" $) | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} -{{- end }} diff --git a/charts/rabbitmq/templates/statefulset.yaml b/charts/rabbitmq/templates/statefulset.yaml deleted file mode 100644 index fe90d80..0000000 --- a/charts/rabbitmq/templates/statefulset.yaml +++ /dev/null @@ -1,384 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.statefulsetLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.statefulsetLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - podManagementPolicy: {{ .Values.podManagementPolicy }} - replicas: {{ .Values.replicaCount }} - {{- if .Values.updateStrategy }} - updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - checksum/config: {{ include (print $.Template.BasePath "/config-secret.yaml") . | sha256sum }} - {{- if or (not .Values.auth.existingErlangSecret) (not .Values.auth.existingPasswordSecret) .Values.extraSecrets }} - checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "rabbitmq.imagePullSecrets" . | nindent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "rabbitmq.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" .) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.dnsPolicy }} - dnsPolicy: {{ .Values.dnsPolicy }} - {{- end }} - {{- if .Values.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dnsConfig "context" .) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "rabbitmq.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p "{{ .Values.persistence.mountPath }}" - chown "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "{{ .Values.persistence.mountPath }}" - find "{{ .Values.persistence.mountPath }}" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: rabbitmq - image: {{ template "rabbitmq.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- else }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -ec - - | - if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then - /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t {{ .Values.terminationGracePeriodSeconds | quote }} -d {{ ternary "true" "false" .Values.image.debug | quote }} - else - rabbitmqctl stop_app - fi - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: K8S_SERVICE_NAME - value: {{ printf "%s-headless" (include "common.names.fullname" .) }} - - name: K8S_ADDRESS_TYPE - value: {{ .Values.clustering.addressType }} - - name: RABBITMQ_FORCE_BOOT - value: {{ ternary "yes" "no" .Values.clustering.forceBoot | quote }} - {{- if (eq "hostname" .Values.clustering.addressType) }} - - name: RABBITMQ_NODE_NAME - value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" - - name: K8S_HOSTNAME_SUFFIX - value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" - {{- else }} - - name: RABBITMQ_NODE_NAME - value: "rabbit@$(MY_POD_NAME)" - {{- end }} - - name: RABBITMQ_MNESIA_DIR - value: "{{ .Values.persistence.mountPath }}/$(RABBITMQ_NODE_NAME)" - - name: RABBITMQ_LDAP_ENABLE - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: RABBITMQ_LDAP_TLS - value: {{ ternary "yes" "no" .Values.ldap.tls.enabled | quote }} - - name: RABBITMQ_LDAP_SERVERS - value: {{ .Values.ldap.servers | join "," | quote }} - - name: RABBITMQ_LDAP_SERVERS_PORT - value: {{ .Values.ldap.port | quote }} - - name: RABBITMQ_LDAP_USER_DN_PATTERN - value: {{ .Values.ldap.user_dn_pattern }} - {{- end }} - - name: RABBITMQ_LOGS - value: {{ .Values.logs | quote }} - - name: RABBITMQ_ULIMIT_NOFILES - value: {{ .Values.ulimitNofiles | quote }} - {{- if and .Values.maxAvailableSchedulers }} - - name: RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS - value: {{ printf "+S %s:%s" (toString .Values.maxAvailableSchedulers) (toString .Values.onlineSchedulers) -}} - {{- end }} - - name: RABBITMQ_USE_LONGNAME - value: "true" - - name: RABBITMQ_ERL_COOKIE - valueFrom: - secretKeyRef: - name: {{ template "rabbitmq.secretErlangName" . }} - key: rabbitmq-erlang-cookie - {{- if and .Values.clustering.rebalance (gt (.Values.replicaCount | int) 1) }} - - name: RABBITMQ_CLUSTER_REBALANCE - value: "true" - {{- end }} - - name: RABBITMQ_LOAD_DEFINITIONS - value: {{ ternary "yes" "no" .Values.loadDefinition.enabled | quote }} - - name: RABBITMQ_DEFINITIONS_FILE - value: {{ .Values.loadDefinition.file | quote }} - - name: RABBITMQ_SECURE_PASSWORD - value: "yes" - - name: RABBITMQ_USERNAME - value: {{ .Values.auth.username | quote }} - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "rabbitmq.secretPasswordName" . }} - key: rabbitmq-password - - name: RABBITMQ_PLUGINS - value: {{ include "rabbitmq.plugins" . | quote }} - {{- if .Values.communityPlugins }} - - name: RABBITMQ_COMMUNITY_PLUGINS - value: {{ .Values.communityPlugins | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: amqp - containerPort: {{ .Values.containerPorts.amqp }} - - name: dist - containerPort: {{ .Values.containerPorts.dist }} - - name: stats - containerPort: {{ .Values.containerPorts.manager }} - - name: epmd - containerPort: {{ .Values.containerPorts.epmd }} - {{- if .Values.metrics.enabled }} - - name: metrics - containerPort: {{ .Values.containerPorts.metrics }} - {{- end }} - {{- if .Values.auth.tls.enabled }} - - name: amqp-ssl - containerPort: {{ .Values.containerPorts.amqpTls }} - {{- end }} - {{- if .Values.extraContainerPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - rabbitmq-diagnostics -q ping - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: {{ternary "amqp-ssl" "amqp" .Values.auth.tls.enabled }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: configuration - mountPath: /bitnami/rabbitmq/conf - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.auth.tls.enabled }} - - name: certs - mountPath: /opt/bitnami/rabbitmq/certs - {{- end }} - {{- if and .Values.ldap.tls.enabled .Values.ldap.tls.certificatesSecret }} - - name: ldap-certs - mountPath: {{ .Values.ldap.tls.certificatesMountPath }} - {{- end }} - {{- if .Values.loadDefinition.enabled }} - - name: load-definition-volume - mountPath: /app - readOnly: true - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.auth.tls.enabled }} - - name: certs - secret: - secretName: {{ template "rabbitmq.tlsSecretName" . }} - items: - - key: {{ ternary "tls.crt" "ca.crt" .Values.auth.tls.existingSecretFullChain }} - path: ca_certificate.pem - - key: tls.crt - path: server_certificate.pem - - key: tls.key - path: server_key.pem - {{- end }} - {{- if and .Values.ldap.tls.enabled .Values.ldap.tls.certificatesSecret }} - - name: ldap-certs - secret: - secretName: {{ .Values.ldap.tls.certificatesSecret }} - {{- end }} - - name: configuration - secret: - secretName: {{ printf "%s-config" (include "common.names.fullname" .) }} - items: - - key: rabbitmq.conf - path: rabbitmq.conf - {{- if .Values.advancedConfiguration }} - - key: advanced.config - path: advanced.config - {{- end }} - {{- if .Values.loadDefinition.enabled }} - - name: load-definition-volume - secret: - secretName: {{ tpl .Values.loadDefinition.existingSecret . | quote }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: data - emptyDir: {} - {{- else if .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - {{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} - {{- end }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - {{- if .Values.persistence.annotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- if .Values.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} - {{- end -}} - {{- end }} diff --git a/charts/rabbitmq/templates/svc-headless.yaml b/charts/rabbitmq/templates/svc-headless.yaml deleted file mode 100644 index 430befe..0000000 --- a/charts/rabbitmq/templates/svc-headless.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-headless - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotationsHeadless .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end -}} - {{- if .Values.service.annotationsHeadless }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotationsHeadless "context" $) | nindent 4 }} - {{- end -}} - {{- end }} -spec: - clusterIP: None - ports: - - name: {{ .Values.service.portNames.epmd }} - port: {{ .Values.service.ports.epmd }} - targetPort: epmd - {{- if or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) }} - - name: {{ .Values.service.portNames.amqp }} - port: {{ .Values.service.ports.amqp }} - targetPort: amqp - {{- end }} - {{- if .Values.auth.tls.enabled }} - - name: {{ .Values.service.portNames.amqpTls }} - port: {{ .Values.service.ports.amqpTls }} - targetPort: amqp-tls - {{- end }} - - name: {{ .Values.service.portNames.dist }} - port: {{ .Values.service.ports.dist }} - targetPort: dist - {{- if .Values.service.managerPortEnabled }} - - name: {{ .Values.service.portNames.manager }} - port: {{ .Values.service.ports.manager }} - targetPort: stats - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - publishNotReadyAddresses: true diff --git a/charts/rabbitmq/templates/svc.yaml b/charts/rabbitmq/templates/svc.yaml deleted file mode 100644 index ba6e796..0000000 --- a/charts/rabbitmq/templates/svc.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.service.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.labels "context" $) | nindent 4 }} - {{- end }} - {{- if or (.Values.service.annotations) (.Values.commonAnnotations) }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end -}} - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end -}} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if not (empty .Values.service.clusterIP) }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if eq .Values.service.type "LoadBalancer" }} - {{- if not (empty .Values.service.loadBalancerIP) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} - ports: - {{- if or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) }} - - name: {{ .Values.service.portNames.amqp }} - port: {{ .Values.service.ports.amqp }} - targetPort: amqp - {{- if (eq .Values.service.type "ClusterIP") }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.amqp)) }} - nodePort: {{ .Values.service.nodePorts.amqp }} - {{- end }} - {{- end }} - {{- if .Values.auth.tls.enabled }} - - name: {{ .Values.service.portNames.amqpTls }} - port: {{ .Values.service.ports.amqpTls }} - targetPort: amqp-ssl - {{- if (eq .Values.service.type "ClusterIP") }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.amqpTls)) }} - nodePort: {{ .Values.service.nodePorts.amqpTls }} - {{- end }} - {{- end }} - {{- if .Values.service.epmdPortEnabled }} - - name: {{ .Values.service.portNames.epmd }} - port: {{ .Values.service.ports.epmd }} - targetPort: epmd - {{- if (eq .Values.service.type "ClusterIP") }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.epmd)) }} - nodePort: {{ .Values.service.nodePorts.epmd }} - {{- end }} - {{- end }} - {{- if .Values.service.distPortEnabled }} - - name: {{ .Values.service.portNames.dist }} - port: {{ .Values.service.ports.dist }} - targetPort: dist - {{- if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.dist)) }} - nodePort: {{ .Values.service.nodePorts.dist }} - {{- end }} - {{- end }} - {{- if .Values.service.managerPortEnabled }} - - name: {{ .Values.service.portNames.manager }} - port: {{ .Values.service.ports.manager }} - targetPort: stats - {{- if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.manager)) }} - nodePort: {{ .Values.service.nodePorts.manager }} - {{- end }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: {{ .Values.service.portNames.metrics }} - port: {{ .Values.service.ports.metrics }} - targetPort: metrics - {{- if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.metrics)) }} - nodePort: {{ .Values.service.nodePorts.metrics }} - {{- end }} - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/rabbitmq/templates/tls-secrets.yaml b/charts/rabbitmq/templates/tls-secrets.yaml deleted file mode 100644 index 8ffa41b..0000000 --- a/charts/rabbitmq/templates/tls-secrets.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ include "common.names.namespace" $ | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} -{{- $ca := genCA "rabbitmq-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} -{{- if (include "rabbitmq.createTlsSecret" . ) }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-certs - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - {{- if or (not .Values.auth.tls.autoGenerated ) (and .Values.auth.tls.caCertificate .Values.auth.tls.serverCertificate .Values.auth.tls.serverKey) }} - ca.crt: {{ required "A valid .Values.auth.tls.caCertificate entry required!" .Values.auth.tls.caCertificate | b64enc | quote }} - tls.crt: {{ required "A valid .Values.auth.tls.serverCertificate entry required!" .Values.auth.tls.serverCertificate| b64enc | quote }} - tls.key: {{ required "A valid .Values.auth.tls.serverKey entry required!" .Values.auth.tls.serverKey | b64enc | quote }} - {{- else }} - {{- $ca := genCA "rabbitmq-internal-ca" 365 }} - {{- $fullname := include "common.names.fullname" . }} - {{- $releaseNamespace := .Release.Namespace }} - {{- $clusterDomain := .Values.clusterDomain }} - {{- $serviceName := include "common.names.fullname" . }} - {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }} - {{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/rabbitmq/values.yaml b/charts/rabbitmq/values.yaml deleted file mode 100644 index 019d310..0000000 --- a/charts/rabbitmq/values.yaml +++ /dev/null @@ -1,395 +0,0 @@ -global: - imageRegistry: "" - imagePullSecrets: [] - storageClass: "" -image: - registry: eu.gcr.io - repository: uc-next/rabbitmq - tag: v3.10 - debug: false - pullPolicy: IfNotPresent - pullSecrets: [] - -nameOverride: "" -fullnameOverride: "" -namespaceOverride: "" -kubeVersion: "" -clusterDomain: cluster.local -extraDeploy: [] -commonAnnotations: {} -commonLabels: {} -diagnosticMode: - enabled: false - command: - - sleep - args: - - infinity -hostAliases: [] -dnsPolicy: "" -dnsConfig: {} -auth: - username: user - password: "" - existingPasswordSecret: "" - erlangCookie: "" - existingErlangSecret: "" - tls: - enabled: false - autoGenerated: false - failIfNoPeerCert: true - sslOptionsVerify: verify_peer - caCertificate: |- - serverCertificate: |- - serverKey: |- - existingSecret: "" - existingSecretFullChain: false - -logs: "-" -ulimitNofiles: "65536" -maxAvailableSchedulers: "" -onlineSchedulers: "" - -memoryHighWatermark: - enabled: false - type: "relative" - value: 0.4 - -plugins: "rabbitmq_management rabbitmq_peer_discovery_k8s" -communityPlugins: "" -extraPlugins: "rabbitmq_auth_backend_ldap" -clustering: - enabled: true - addressType: hostname - rebalance: false - forceBoot: false - partitionHandling: autoheal -loadDefinition: - enabled: false - file: "/app/load_definition.json" - existingSecret: "" -command: [] -args: [] -lifecycleHooks: {} -terminationGracePeriodSeconds: 120 -extraEnvVars: [] -extraEnvVarsCM: "" -extraEnvVarsSecret: "" -containerPorts: - amqp: 5672 - amqpTls: 5671 - dist: 25672 - manager: 15672 - epmd: 4369 - metrics: 9419 -extraContainerPorts: [] -configuration: |- - default_user = {{ .Values.auth.username }} - default_pass = CHANGEME - {{- if .Values.clustering.enabled }} - ## Clustering - ## - cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s - cluster_formation.k8s.host = kubernetes.default - cluster_formation.node_cleanup.interval = 10 - cluster_formation.node_cleanup.only_log_warning = true - cluster_partition_handling = {{ .Values.clustering.partitionHandling }} - {{- end }} - {{- if .Values.loadDefinition.enabled }} - load_definitions = {{ .Values.loadDefinition.file }} - {{- end }} - # queue master locator - queue_master_locator = min-masters - # enable guest user - loopback_users.guest = false - {{ tpl .Values.extraConfiguration . }} - {{- if .Values.auth.tls.enabled }} - ssl_options.verify = {{ .Values.auth.tls.sslOptionsVerify }} - listeners.ssl.default = {{ .Values.service.ports.amqpTls }} - ssl_options.fail_if_no_peer_cert = {{ .Values.auth.tls.failIfNoPeerCert }} - ssl_options.cacertfile = /opt/rabbitmq/certs/ca_certificate.pem - ssl_options.certfile = /opt/rabbitmq/certs/server_certificate.pem - ssl_options.keyfile = /opt/rabbitmq/certs/server_key.pem - {{- end }} - {{- if .Values.ldap.enabled }} - auth_backends.1.authn = ldap - auth_backends.1.authz = {{ ternary "ldap" "internal" .Values.ldap.authorisationEnabled }} - auth_backends.2 = internal - {{- $host := list }} - {{- $port := ternary 636 389 .Values.ldap.tls.enabled }} - {{- if .Values.ldap.uri }} - {{- $hostPort := get (urlParse .Values.ldap.uri) "host" }} - {{- $host = list (index (splitList ":" $hostPort) 0) -}} - {{- if (contains ":" $hostPort) }} - {{- $port = index (splitList ":" $hostPort) 1 -}} - {{- end }} - {{- end }} - {{- range $index, $server := concat $host .Values.ldap.servers }} - auth_ldap.servers.{{ add $index 1 }} = {{ $server }} - {{- end }} - auth_ldap.port = {{ coalesce .Values.ldap.port $port }} - {{- if or .Values.ldap.user_dn_pattern .Values.ldap.userDnPattern }} - auth_ldap.user_dn_pattern = {{ coalesce .Values.ldap.user_dn_pattern .Values.ldap.userDnPattern }} - {{- end }} - {{- if .Values.ldap.basedn }} - auth_ldap.dn_lookup_base = {{ .Values.ldap.basedn }} - {{- end }} - {{- if .Values.ldap.uidField }} - auth_ldap.dn_lookup_attribute = {{ .Values.ldap.uidField }} - {{- end }} - {{- if .Values.ldap.binddn }} - auth_ldap.dn_lookup_bind.user_dn = {{ .Values.ldap.binddn }} - auth_ldap.dn_lookup_bind.password = {{ required "'ldap.bindpw' is required when 'ldap.binddn' is defined" .Values.ldap.bindpw }} - {{- end }} - {{- if .Values.ldap.tls.enabled }} - auth_ldap.use_ssl = {{ not .Values.ldap.tls.startTls }} - auth_ldap.use_starttls = {{ .Values.ldap.tls.startTls }} - {{- if .Values.ldap.tls.CAFilename }} - auth_ldap.ssl_options.cacertfile = {{ .Values.ldap.tls.certificatesMountPath }}/{{ .Values.ldap.tls.CAFilename }} - {{- end }} - {{- if .Values.ldap.tls.certFilename }} - auth_ldap.ssl_options.certfile = {{ .Values.ldap.tls.certificatesMountPath }}/{{ .Values.ldap.tls.certFilename }} - auth_ldap.ssl_options.keyfile = {{ .Values.ldap.tls.certificatesMountPath }}/{{ required "'ldap.tls.certKeyFilename' is required when 'ldap.tls.certFilename' is defined" .Values.ldap.tls.certKeyFilename }} - {{- end }} - {{- if .Values.ldap.tls.skipVerify }} - auth_ldap.ssl_options.verify = verify_none - auth_ldap.ssl_options.fail_if_no_peer_cert = false - {{- else if .Values.ldap.tls.verify }} - auth_ldap.ssl_options.verify = {{ .Values.ldap.tls.verify }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.enabled }} - ## Prometheus metrics - ## - prometheus.tcp.port = 9419 - {{- end }} - {{- if .Values.memoryHighWatermark.enabled }} - ## Memory Threshold - ## - total_memory_available_override_value = {{ include "rabbitmq.toBytes" .Values.resources.limits.memory }} - vm_memory_high_watermark.{{ .Values.memoryHighWatermark.type }} = {{ .Values.memoryHighWatermark.value }} - {{- end }} - -extraConfiguration: |- - #default_vhost = {{ .Release.Namespace }}-vhost - #disk_free_limit.absolute = 50MB - -advancedConfiguration: |- -ldap: - enabled: false - uri: "" - servers: [] - port: "" - - userDnPattern: "" - binddn: "" - bindpw: "" - basedn: "" - uidField: "" - authorisationEnabled: false - tls: - enabled: false - startTls: false - skipVerify: false - verify: "verify_peer" - certificatesMountPath: /opt/rabbitmq/ldap/certs - certificatesSecret: "" - CAFilename: "" - certFilename: "" - certKeyFilename: "" - -extraVolumeMounts: [] -extraVolumes: [] -extraSecrets: {} -extraSecretsPrependReleaseName: false -replicaCount: 1 -schedulerName: "" -podManagementPolicy: OrderedReady -podLabels: {} -podAnnotations: {} -updateStrategy: - type: RollingUpdate -statefulsetLabels: {} -priorityClassName: "" -podAffinityPreset: "" -podAntiAffinityPreset: soft - -nodeAffinityPreset: - type: "" - key: "" - values: [] - -affinity: {} -nodeSelector: {} -tolerations: [] -topologySpreadConstraints: [] - -podSecurityContext: - enabled: true - fsGroup: 1001 - -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - -resources: - limits: {} - requests: {} - -livenessProbe: - enabled: true - initialDelaySeconds: 120 - timeoutSeconds: 20 - periodSeconds: 30 - failureThreshold: 6 - successThreshold: 1 -readinessProbe: - enabled: true - initialDelaySeconds: 10 - timeoutSeconds: 20 - periodSeconds: 30 - failureThreshold: 3 - successThreshold: 1 - -startupProbe: - enabled: false - initialDelaySeconds: 10 - timeoutSeconds: 20 - periodSeconds: 30 - failureThreshold: 3 - successThreshold: 1 - -customLivenessProbe: {} -customReadinessProbe: {} -customStartupProbe: {} -initContainers: [] -sidecars: [] - -pdb: - create: false - minAvailable: 1 - maxUnavailable: "" - -serviceAccount: - create: true - name: "" - automountServiceAccountToken: true - annotations: {} - -rbac: - create: true -persistence: - enabled: true - storageClass: "" - selector: {} - accessModes: - - ReadWriteOnce - existingClaim: "" - mountPath: /rabbitmq/mnesia - subPath: "" - size: 8Gi - annotations: {} - -service: - type: ClusterIP - portEnabled: true - distPortEnabled: true - managerPortEnabled: true - epmdPortEnabled: true - ports: - amqp: 5672 - amqpTls: 5671 - dist: 25672 - manager: 15672 - metrics: 9419 - epmd: 4369 - - portNames: - amqp: "amqp" - amqpTls: "amqp-ssl" - dist: "dist" - manager: "http-stats" - metrics: "metrics" - epmd: "epmd" - - nodePorts: - amqp: "" - amqpTls: "" - dist: "" - manager: "" - epmd: "" - metrics: "" - extraPorts: [] - loadBalancerSourceRanges: [] - externalIPs: [] - externalTrafficPolicy: Cluster - loadBalancerIP: "" - clusterIP: "" - labels: {} - annotations: {} - annotationsHeadless: {} - sessionAffinity: None - sessionAffinityConfig: {} - -ingress: - enabled: false - path: / - pathType: ImplementationSpecific - hostname: rabbitmq.local - annotations: {} - tls: false - selfSigned: false - extraHosts: [] - extraPaths: [] - extraRules: [] - extraTls: [] - - secrets: [] - ingressClassName: "" - -networkPolicy: - enabled: false - allowExternal: true - additionalRules: [] - -metrics: - enabled: false - plugins: "rabbitmq_prometheus" - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.service.ports.metrics }}" - serviceMonitor: - enabled: false - namespace: "" - interval: 30s - scrapeTimeout: "" - jobLabel: "" - relabelings: [] - metricRelabelings: [] - honorLabels: false - targetLabels: {} - podTargetLabels: {} - path: "" - selector: {} - labels: {} - annotations: {} - - prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - - rules: [] - -volumePermissions: - enabled: false - image: - registry: eu.gcr.io - repository: uc-next/rabbitmq - tag: shel - pullPolicy: IfNotPresent - pullSecrets: [] - resources: - limits: {} - requests: {}