diff --git a/charts/rabbitmq-old/.helmignore b/charts/rabbitmq-old/.helmignore new file mode 100644 index 0000000000..fb56657ab4 --- /dev/null +++ b/charts/rabbitmq-old/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# img folder +img/ diff --git a/charts/rabbitmq/Chart.lock b/charts/rabbitmq-old/Chart.lock similarity index 100% rename from charts/rabbitmq/Chart.lock rename to charts/rabbitmq-old/Chart.lock diff --git a/charts/rabbitmq-old/Chart.yaml b/charts/rabbitmq-old/Chart.yaml new file mode 100644 index 0000000000..c7bd964638 --- /dev/null +++ b/charts/rabbitmq-old/Chart.yaml @@ -0,0 +1,38 @@ +annotations: + category: Infrastructure + images: | + - name: rabbitmq + image: docker.io/bitnami/rabbitmq:3.12.13-debian-12-r2 + - name: rabbitmq-cluster-operator + image: docker.io/bitnami/rabbitmq-cluster-operator:2.7.0-debian-12-r8 + - name: rmq-default-credential-updater + image: docker.io/bitnami/rmq-default-credential-updater:1.0.4-debian-12-r14 + - name: rmq-messaging-topology-operator + image: docker.io/bitnami/rmq-messaging-topology-operator:1.13.0-debian-12-r7 + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 2.7.0 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: The RabbitMQ Cluster Kubernetes Operator automates provisioning, management, + and operations of RabbitMQ clusters running on Kubernetes. +home: https://bitnami.com +icon: https://bitnami.com/assets/stacks/rabbitmq-cluster-operator/img/rabbitmq-cluster-operator-stack-220x234.png +keywords: +- rabbitmq +- operator +- infrastructure +- message queue +- AMQP +kubeVersion: '>= 1.19.0-0' +maintainers: +- name: VMware, Inc. + url: https://github.com/bitnami/charts +name: rabbitmq-cluster-operator +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq-cluster-operator +version: 3.20.1 diff --git a/charts/rabbitmq-old/README.md b/charts/rabbitmq-old/README.md new file mode 100644 index 0000000000..55704202ca --- /dev/null +++ b/charts/rabbitmq-old/README.md @@ -0,0 +1,632 @@ + + +# Bitnami package for RabbitMQ Cluster Operator + +The RabbitMQ Cluster Kubernetes Operator automates provisioning, management, and operations of RabbitMQ clusters running on Kubernetes. + +[Overview of RabbitMQ Cluster Operator](https://github.com/rabbitmq/cluster-operator) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/rabbitmq-cluster-operator +``` + +Looking to use RabbitMQ Cluster Operator in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + +## Introduction + +Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. + +This chart bootstraps a [RabbitMQ Cluster Operator](https://www.rabbitmq.com/kubernetes/operator/operator-overview.html) Deployment in a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/rabbitmq-cluster-operator +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The command deploy the RabbitMQ Cluster Kubernetes Operator on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Differences between the Bitnami RabbitMQ chart and the Bitnami RabbitMQ Operator chart + +In the Bitnami catalog we offer both the *bitnami/rabbitmq* and *bitnami/rabbitmq-operator* charts. Each solution covers different needs and use cases. + +The *bitnami/rabbitmq* chart deploys a single RabbitMQ installation using a Kubernetes StatefulSet object (together with Services, PVCs, ConfigMaps, etc.). The figure below shows the deployed objects in the cluster after executing *helm install*: + +```text + +--------------+ +-----+ + | | | | + Service | RabbitMQ +<------------+ PVC | +<-------------------+ | | | + | StatefulSet | +-----+ + | | + +-----------+--+ + ^ +------------+ + | | | + +----------------+ Configmaps | + | Secrets | + +------------+ + +``` + +Its lifecycle is managed using Helm and, at the RabbitMQ container level, the following operations are automated: persistence management, configuration based on environment variables and plugin initialization. The StatefulSet do not require any ServiceAccounts with special RBAC privileges so this solution would fit better in more restricted Kubernetes installations. + +The *bitnami/rabbitmq-operator* chart deploys a RabbitMQ Operator installation using a Kubernetes Deployment. The figure below shows the RabbitMQ operator deployment after executing *helm install*: + +```text ++--------------------+ +| | +---------------+ +| RabbitMQ Operator | | | +| | | RBAC | +| Deployment | | Privileges | ++-------+------------+ +-------+-------+ + ^ | + | +-----------------+ | + +---+ Service Account +<----+ + +-----------------+ +``` + +The operator will extend the Kubernetes API with the following object: *RabbitmqCluster*. From that moment, the user will be able to deploy objects of these kinds and the previously deployed Operator will take care of deploying all the required StatefulSets, ConfigMaps and Services for running a RabbitMQ instance. Its lifecycle is managed using *kubectl* on the RabbitmqCluster objects. The following figure shows the deployed objects after deploying a *RabbitmqCluster* object using *kubectl*: + +```text + +--------------------+ + | | +---------------+ + | RabbitMQ Operator | | | + | | | RBAC | + | Deployment | | Privileges | + +-------+------------+ +-------+-------+ + | ^ | + | | +-----------------+ | + | +---+ Service Account +<----+ + | +-----------------+ + | + | + | + | + | ------------------------------------------------------------------------- + | | | + | | +--------------+ +-----+ | + | | | | | | | + |--->| Service | RabbitMQ +<------------+ PVC | | + | <-------------------+ | | | | + | | StatefulSet | +-----+ | + | | | | + | +-----------+--+ | + | ^ +------------+ | + | | | | | + | +----------------+ Configmaps | | + | | Secrets | | + | +------------+ | + | | + | | + ------------------------------------------------------------------------- + +``` + +This solution allows to easily deploy multiple RabbitMQ instances compared to the *bitnami/rabbitmq* chart. As the operator automatically deploys RabbitMQ installations, the RabbitMQ Operator pods will require a ServiceAccount with privileges to create and destroy multiple Kubernetes objects. This may be problematic for Kubernetes clusters with strict role-based access policies. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | + +### Common parameters + +| Name | Description | Value | +| ------------------------ | ---------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled) | `false` | + +### RabbitMQ Cluster Operator Parameters + +| Name | Description | Value | +| ------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------ | +| `rabbitmqImage.registry` | RabbitMQ Image registry | `REGISTRY_NAME` | +| `rabbitmqImage.repository` | RabbitMQ Image repository | `REPOSITORY_NAME/rabbitmq` | +| `rabbitmqImage.digest` | RabbitMQ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `rabbitmqImage.pullSecrets` | RabbitMQ Image pull secrets | `[]` | +| `credentialUpdaterImage.registry` | RabbitMQ Default User Credential Updater image registry | `REGISTRY_NAME` | +| `credentialUpdaterImage.repository` | RabbitMQ Default User Credential Updater image repository | `REPOSITORY_NAME/rmq-default-credential-updater` | +| `credentialUpdaterImage.digest` | RabbitMQ Default User Credential Updater image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `credentialUpdaterImage.pullSecrets` | RabbitMQ Default User Credential Updater image pull secrets | `[]` | +| `clusterOperator.image.registry` | RabbitMQ Cluster Operator image registry | `REGISTRY_NAME` | +| `clusterOperator.image.repository` | RabbitMQ Cluster Operator image repository | `REPOSITORY_NAME/rabbitmq-cluster-operator` | +| `clusterOperator.image.digest` | RabbitMQ Cluster Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `clusterOperator.image.pullPolicy` | RabbitMQ Cluster Operator image pull policy | `IfNotPresent` | +| `clusterOperator.image.pullSecrets` | RabbitMQ Cluster Operator image pull secrets | `[]` | +| `clusterOperator.watchAllNamespaces` | Watch for resources in all namespaces | `true` | +| `clusterOperator.watchNamespaces` | Watch for resources in the given namespaces (ignored if watchAllNamespaces=true) | `[]` | +| `clusterOperator.replicaCount` | Number of RabbitMQ Cluster Operator replicas to deploy | `1` | +| `clusterOperator.schedulerName` | Alternative scheduler | `""` | +| `clusterOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `clusterOperator.terminationGracePeriodSeconds` | In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully | `""` | +| `clusterOperator.livenessProbe.enabled` | Enable livenessProbe on RabbitMQ Cluster Operator nodes | `true` | +| `clusterOperator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `clusterOperator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `clusterOperator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `clusterOperator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `clusterOperator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `clusterOperator.readinessProbe.enabled` | Enable readinessProbe on RabbitMQ Cluster Operator nodes | `true` | +| `clusterOperator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `clusterOperator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `clusterOperator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `clusterOperator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `clusterOperator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `clusterOperator.startupProbe.enabled` | Enable startupProbe on RabbitMQ Cluster Operator nodes | `false` | +| `clusterOperator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `clusterOperator.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | +| `clusterOperator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `clusterOperator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `clusterOperator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `clusterOperator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `clusterOperator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `clusterOperator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `clusterOperator.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if clusterOperator.resources is set (clusterOperator.resources is recommended for production). | `none` | +| `clusterOperator.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `clusterOperator.podSecurityContext.enabled` | Enabled RabbitMQ Cluster Operator pods' Security Context | `true` | +| `clusterOperator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `clusterOperator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `clusterOperator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `clusterOperator.podSecurityContext.fsGroup` | Set RabbitMQ Cluster Operator pod's Security Context fsGroup | `1001` | +| `clusterOperator.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `clusterOperator.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `clusterOperator.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `clusterOperator.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `clusterOperator.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `clusterOperator.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `clusterOperator.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `clusterOperator.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `clusterOperator.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `clusterOperator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `clusterOperator.command` | Override default container command (useful when using custom images) | `[]` | +| `clusterOperator.args` | Override default container args (useful when using custom images) | `[]` | +| `clusterOperator.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `clusterOperator.hostAliases` | RabbitMQ Cluster Operator pods host aliases | `[]` | +| `clusterOperator.podLabels` | Extra labels for RabbitMQ Cluster Operator pods | `{}` | +| `clusterOperator.podAnnotations` | Annotations for RabbitMQ Cluster Operator pods | `{}` | +| `clusterOperator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `clusterOperator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `clusterOperator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `clusterOperator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `clusterOperator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `clusterOperator.affinity` | Affinity for RabbitMQ Cluster Operator pods assignment | `{}` | +| `clusterOperator.nodeSelector` | Node labels for RabbitMQ Cluster Operator pods assignment | `{}` | +| `clusterOperator.tolerations` | Tolerations for RabbitMQ Cluster Operator pods assignment | `[]` | +| `clusterOperator.updateStrategy.type` | RabbitMQ Cluster Operator statefulset strategy type | `RollingUpdate` | +| `clusterOperator.priorityClassName` | RabbitMQ Cluster Operator pods' priorityClassName | `""` | +| `clusterOperator.lifecycleHooks` | for the RabbitMQ Cluster Operator container(s) to automate configuration before or after startup | `{}` | +| `clusterOperator.containerPorts.metrics` | RabbitMQ Cluster Operator container port (used for metrics) | `9782` | +| `clusterOperator.extraEnvVars` | Array with extra environment variables to add to RabbitMQ Cluster Operator nodes | `[]` | +| `clusterOperator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for RabbitMQ Cluster Operator nodes | `""` | +| `clusterOperator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for RabbitMQ Cluster Operator nodes | `""` | +| `clusterOperator.extraVolumes` | Optionally specify extra list of additional volumes for the RabbitMQ Cluster Operator pod(s) | `[]` | +| `clusterOperator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the RabbitMQ Cluster Operator container(s) | `[]` | +| `clusterOperator.sidecars` | Add additional sidecar containers to the RabbitMQ Cluster Operator pod(s) | `[]` | +| `clusterOperator.initContainers` | Add additional init containers to the RabbitMQ Cluster Operator pod(s) | `[]` | +| `clusterOperator.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `clusterOperator.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `clusterOperator.networkPolicy.allowExternal` | Don't require injector label for connections | `true` | +| `clusterOperator.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `clusterOperator.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `clusterOperator.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `clusterOperator.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `clusterOperator.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `clusterOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `clusterOperator.rbac.clusterRole.customRules` | Define custom access rules for the ClusterRole | `[]` | +| `clusterOperator.rbac.clusterRole.extraRules` | Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. | `[]` | +| `clusterOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `clusterOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `clusterOperator.serviceAccount.annotations` | Add annotations | `{}` | +| `clusterOperator.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | + +### RabbitMQ Cluster Operator Metrics parameters + +| Name | Description | Value | +| ---------------------------------------------------------- | ---------------------------------------------------------------------------------- | ------------------------ | +| `clusterOperator.metrics.service.enabled` | Create a service for accessing the metrics endpoint | `false` | +| `clusterOperator.metrics.service.type` | RabbitMQ Cluster Operator metrics service type | `ClusterIP` | +| `clusterOperator.metrics.service.ports.http` | RabbitMQ Cluster Operator metrics service HTTP port | `80` | +| `clusterOperator.metrics.service.nodePorts.http` | Node port for HTTP | `""` | +| `clusterOperator.metrics.service.clusterIP` | RabbitMQ Cluster Operator metrics service Cluster IP | `""` | +| `clusterOperator.metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `clusterOperator.metrics.service.loadBalancerIP` | RabbitMQ Cluster Operator metrics service Load Balancer IP | `""` | +| `clusterOperator.metrics.service.loadBalancerSourceRanges` | RabbitMQ Cluster Operator metrics service Load Balancer sources | `[]` | +| `clusterOperator.metrics.service.externalTrafficPolicy` | RabbitMQ Cluster Operator metrics service external traffic policy | `Cluster` | +| `clusterOperator.metrics.service.annotations` | Additional custom annotations for RabbitMQ Cluster Operator metrics service | `{}` | +| `clusterOperator.metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `clusterOperator.metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `clusterOperator.metrics.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator | `false` | +| `clusterOperator.metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `clusterOperator.metrics.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | +| `clusterOperator.metrics.serviceMonitor.honorLabels` | Honor metrics labels | `false` | +| `clusterOperator.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `clusterOperator.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `clusterOperator.metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` | +| `clusterOperator.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `clusterOperator.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `clusterOperator.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `clusterOperator.metrics.serviceMonitor.path` | Define the path used by ServiceMonitor to scrap metrics | `""` | +| `clusterOperator.metrics.serviceMonitor.params` | Define the HTTP URL parameters used by ServiceMonitor | `{}` | +| `clusterOperator.metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `clusterOperator.metrics.podMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | +| `clusterOperator.metrics.podMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `clusterOperator.metrics.podMonitor.honorLabels` | Honor metrics labels | `false` | +| `clusterOperator.metrics.podMonitor.selector` | Prometheus instance selector labels | `{}` | +| `clusterOperator.metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | +| `clusterOperator.metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `30s` | +| `clusterOperator.metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` | +| `clusterOperator.metrics.podMonitor.path` | Define HTTP path to scrape for metrics. | `""` | +| `clusterOperator.metrics.podMonitor.relabelings` | Specify general relabeling | `[]` | +| `clusterOperator.metrics.podMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `clusterOperator.metrics.podMonitor.params` | Define the HTTP URL parameters used by PodMonitor | `{}` | + +### RabbitMQ Messaging Topology Operator Parameters + +| Name | Description | Value | +| ----------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | +| `msgTopologyOperator.enabled` | Deploy RabbitMQ Messaging Topology Operator as part of the installation | `true` | +| `msgTopologyOperator.image.registry` | RabbitMQ Messaging Topology Operator image registry | `REGISTRY_NAME` | +| `msgTopologyOperator.image.repository` | RabbitMQ Messaging Topology Operator image repository | `REPOSITORY_NAME/rmq-messaging-topology-operator` | +| `msgTopologyOperator.image.digest` | RabbitMQ Messaging Topology Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `msgTopologyOperator.image.pullPolicy` | RabbitMQ Messaging Topology Operator image pull policy | `IfNotPresent` | +| `msgTopologyOperator.image.pullSecrets` | RabbitMQ Messaging Topology Operator image pull secrets | `[]` | +| `msgTopologyOperator.watchAllNamespaces` | Watch for resources in all namespaces | `true` | +| `msgTopologyOperator.watchNamespaces` | Watch for resources in the given namespaces ## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true) | `[]` | +| `msgTopologyOperator.replicaCount` | Number of RabbitMQ Messaging Topology Operator replicas to deploy | `1` | +| `msgTopologyOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `msgTopologyOperator.schedulerName` | Alternative scheduler | `""` | +| `msgTopologyOperator.terminationGracePeriodSeconds` | In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully | `""` | +| `msgTopologyOperator.hostNetwork` | Boolean | `false` | +| `msgTopologyOperator.dnsPolicy` | Alternative DNS policy | `ClusterFirst` | +| `msgTopologyOperator.livenessProbe.enabled` | Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes | `true` | +| `msgTopologyOperator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `msgTopologyOperator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `msgTopologyOperator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `msgTopologyOperator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `msgTopologyOperator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `msgTopologyOperator.readinessProbe.enabled` | Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes | `true` | +| `msgTopologyOperator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `msgTopologyOperator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `msgTopologyOperator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `msgTopologyOperator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `msgTopologyOperator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `msgTopologyOperator.startupProbe.enabled` | Enable startupProbe on RabbitMQ Messaging Topology Operator nodes | `false` | +| `msgTopologyOperator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `msgTopologyOperator.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | +| `msgTopologyOperator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `msgTopologyOperator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `msgTopologyOperator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `msgTopologyOperator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `msgTopologyOperator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `msgTopologyOperator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `msgTopologyOperator.existingWebhookCertSecret` | name of a secret containing the certificates (use it to avoid certManager creating one) | `""` | +| `msgTopologyOperator.existingWebhookCertCABundle` | PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false) | `""` | +| `msgTopologyOperator.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if msgTopologyOperator.resources is set (msgTopologyOperator.resources is recommended for production). | `none` | +| `msgTopologyOperator.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `msgTopologyOperator.podSecurityContext.enabled` | Enabled RabbitMQ Messaging Topology Operator pods' Security Context | `true` | +| `msgTopologyOperator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `msgTopologyOperator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `msgTopologyOperator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `msgTopologyOperator.podSecurityContext.fsGroup` | Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup | `1001` | +| `msgTopologyOperator.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `msgTopologyOperator.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `msgTopologyOperator.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `msgTopologyOperator.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `msgTopologyOperator.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `msgTopologyOperator.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `msgTopologyOperator.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `msgTopologyOperator.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `msgTopologyOperator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `msgTopologyOperator.fullnameOverride` | String to fully override rmqco.msgTopologyOperator.fullname template | `""` | +| `msgTopologyOperator.command` | Override default container command (useful when using custom images) | `[]` | +| `msgTopologyOperator.args` | Override default container args (useful when using custom images) | `[]` | +| `msgTopologyOperator.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `msgTopologyOperator.hostAliases` | RabbitMQ Messaging Topology Operator pods host aliases | `[]` | +| `msgTopologyOperator.podLabels` | Extra labels for RabbitMQ Messaging Topology Operator pods | `{}` | +| `msgTopologyOperator.podAnnotations` | Annotations for RabbitMQ Messaging Topology Operator pods | `{}` | +| `msgTopologyOperator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `msgTopologyOperator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `msgTopologyOperator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `msgTopologyOperator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `msgTopologyOperator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `msgTopologyOperator.affinity` | Affinity for RabbitMQ Messaging Topology Operator pods assignment | `{}` | +| `msgTopologyOperator.nodeSelector` | Node labels for RabbitMQ Messaging Topology Operator pods assignment | `{}` | +| `msgTopologyOperator.tolerations` | Tolerations for RabbitMQ Messaging Topology Operator pods assignment | `[]` | +| `msgTopologyOperator.updateStrategy.type` | RabbitMQ Messaging Topology Operator statefulset strategy type | `RollingUpdate` | +| `msgTopologyOperator.priorityClassName` | RabbitMQ Messaging Topology Operator pods' priorityClassName | `""` | +| `msgTopologyOperator.lifecycleHooks` | for the RabbitMQ Messaging Topology Operator container(s) to automate configuration before or after startup | `{}` | +| `msgTopologyOperator.containerPorts.metrics` | RabbitMQ Messaging Topology Operator container port (used for metrics) | `8080` | +| `msgTopologyOperator.extraEnvVars` | Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes | `[]` | +| `msgTopologyOperator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` | +| `msgTopologyOperator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` | +| `msgTopologyOperator.extraVolumes` | Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s) | `[]` | +| `msgTopologyOperator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s) | `[]` | +| `msgTopologyOperator.sidecars` | Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` | +| `msgTopologyOperator.initContainers` | Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` | +| `msgTopologyOperator.service.type` | RabbitMQ Messaging Topology Operator webhook service type | `ClusterIP` | +| `msgTopologyOperator.service.ports.webhook` | RabbitMQ Messaging Topology Operator webhook service HTTP port | `443` | +| `msgTopologyOperator.service.nodePorts.http` | Node port for HTTP | `""` | +| `msgTopologyOperator.service.clusterIP` | RabbitMQ Messaging Topology Operator webhook service Cluster IP | `""` | +| `msgTopologyOperator.service.loadBalancerIP` | RabbitMQ Messaging Topology Operator webhook service Load Balancer IP | `""` | +| `msgTopologyOperator.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `msgTopologyOperator.service.loadBalancerSourceRanges` | RabbitMQ Messaging Topology Operator webhook service Load Balancer sources | `[]` | +| `msgTopologyOperator.service.externalTrafficPolicy` | RabbitMQ Messaging Topology Operator webhook service external traffic policy | `Cluster` | +| `msgTopologyOperator.service.annotations` | Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service | `{}` | +| `msgTopologyOperator.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `msgTopologyOperator.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `msgTopologyOperator.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `msgTopologyOperator.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `msgTopologyOperator.networkPolicy.allowExternal` | Don't require injector label for connections | `true` | +| `msgTopologyOperator.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `msgTopologyOperator.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `msgTopologyOperator.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `msgTopologyOperator.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `msgTopologyOperator.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `msgTopologyOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `msgTopologyOperator.rbac.clusterRole.customRules` | Define custom access rules for the ClusterRole | `[]` | +| `msgTopologyOperator.rbac.clusterRole.extraRules` | Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. | `[]` | +| `msgTopologyOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `msgTopologyOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `msgTopologyOperator.serviceAccount.annotations` | Add annotations | `{}` | +| `msgTopologyOperator.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | + +### RabbitMQ Messaging Topology Operator parameters + +| Name | Description | Value | +| -------------------------------------------------------------- | ---------------------------------------------------------------------------------- | ------------------------ | +| `msgTopologyOperator.metrics.service.enabled` | Create a service for accessing the metrics endpoint | `false` | +| `msgTopologyOperator.metrics.service.type` | RabbitMQ Cluster Operator metrics service type | `ClusterIP` | +| `msgTopologyOperator.metrics.service.ports.http` | RabbitMQ Cluster Operator metrics service HTTP port | `80` | +| `msgTopologyOperator.metrics.service.nodePorts.http` | Node port for HTTP | `""` | +| `msgTopologyOperator.metrics.service.clusterIP` | RabbitMQ Cluster Operator metrics service Cluster IP | `""` | +| `msgTopologyOperator.metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `msgTopologyOperator.metrics.service.loadBalancerIP` | RabbitMQ Cluster Operator metrics service Load Balancer IP | `""` | +| `msgTopologyOperator.metrics.service.loadBalancerSourceRanges` | RabbitMQ Cluster Operator metrics service Load Balancer sources | `[]` | +| `msgTopologyOperator.metrics.service.externalTrafficPolicy` | RabbitMQ Cluster Operator metrics service external traffic policy | `Cluster` | +| `msgTopologyOperator.metrics.service.annotations` | Additional custom annotations for RabbitMQ Cluster Operator metrics service | `{}` | +| `msgTopologyOperator.metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `msgTopologyOperator.metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `msgTopologyOperator.metrics.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator | `false` | +| `msgTopologyOperator.metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `msgTopologyOperator.metrics.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | +| `msgTopologyOperator.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `msgTopologyOperator.metrics.serviceMonitor.honorLabels` | Honor metrics labels | `false` | +| `msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `msgTopologyOperator.metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` | +| `msgTopologyOperator.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `msgTopologyOperator.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `msgTopologyOperator.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `msgTopologyOperator.metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `msgTopologyOperator.metrics.podMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | +| `msgTopologyOperator.metrics.podMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `msgTopologyOperator.metrics.podMonitor.honorLabels` | Honor metrics labels | `false` | +| `msgTopologyOperator.metrics.podMonitor.selector` | Prometheus instance selector labels | `{}` | +| `msgTopologyOperator.metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | +| `msgTopologyOperator.metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `30s` | +| `msgTopologyOperator.metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` | +| `msgTopologyOperator.metrics.podMonitor.relabelings` | Specify general relabeling | `[]` | +| `msgTopologyOperator.metrics.podMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | + +### cert-manager parameters + +| Name | Description | Value | +| ---------------- | ----------------------------------------------------------------- | ------- | +| `useCertManager` | Deploy cert-manager objects (Issuer and Certificate) for webhooks | `false` | + +The above parameters map to the env variables defined in [bitnami/rabbitmq-cluster-operator](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq-cluster-operator). For more information please refer to the [bitnami/rabbitmq-cluster-operator](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq-cluster-operator) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set livenessProbe.enabled=false \ + oci://REGISTRY_NAME/REPOSITORY_NAME/rabbitmq-cluster-operator +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command disables the Operator liveness probes. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/rabbitmq-cluster-operator +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq-cluster-operator/values.yaml) + +## Configuration and installation details + +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +rabbitmq-cluster-operator: + extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as rabbitmq-cluster-operator (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +### Deploying extra resources + +There are cases where you may want to deploy extra objects, such your custom *RabbitmqCluster* objects. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. + +For instance, to deploy your custom *RabbitmqCluster* definition, you can install the RabbitMQ Cluster Operator using the values below: + +```yaml +extraDeploy: + - apiVersion: rabbitmq.com/v1beta1 + kind: RabbitmqCluster + metadata: + name: rabbitmq-custom-configuration + spec: + replicas: 1 + rabbitmq: + additionalConfig: | + log.console.level = debug +``` + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +### Upgrading CRDs + +By design, the `helm upgrade` command will not upgrade the `CustomResourceDefinition` objects, as stated in their [official documentation](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). This is done to avoid the potential risks of upgrading CRD objects, such as data loss. + +In order to upgrade the CRD objects, perform the following steps: + +- Perform a backup of your running RabbitMQ instances following the [official documentation](https://www.rabbitmq.com/backup.html). + +- Execute the following commands (replace the VERSION placeholder): + +```console +helm fetch bitnami/rabbitmq-cluster-operator --version VERSION +tar xf rabbitmq-cluster-operator-VERSION.tar.gz +kubectl apply -f rabbitmq-cluster-operator/crds +``` + +### To 2.0.0 + +This new version adds the following components: + +- RabbitMQ Messaging Topology Operator: all the settings are inside the `msgTopologyOperator` section. +- RabbitMQ Default User Credential Updater sidecar: this enables Hashicorp Vault integration for all `RabbitMQCluster` instances. +- `cert-manager` subchart: this is necessary for the RabbitMQ Messaging Topology Webhooks to work. + +As a breaking change, all `rabbitmq-cluster-operator` deployment values were moved to the `clusterOperator` section. + +No issues are expected during upgrades. + +### To 1.0.0 + +The CRD was updated according to the latest changes in the upstream project. Thanks to the improvements in the latest changes, the CRD is not templated anymore and can be placed under the `crds` directory following [Helm best practices for CRDS](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/). + +You need to manually delete the old CRD before upgrading the release. + +```console +kubectl delete crd rabbitmqclusters.rabbitmq.com +helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/rabbitmq-cluster-operator +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/rabbitmq-old/charts/common/.helmignore b/charts/rabbitmq-old/charts/common/.helmignore new file mode 100644 index 0000000000..7c7c21d659 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# img folder +img/ diff --git a/charts/rabbitmq-old/charts/common/Chart.yaml b/charts/rabbitmq-old/charts/common/Chart.yaml new file mode 100644 index 0000000000..2acf0cd40a --- /dev/null +++ b/charts/rabbitmq-old/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 2.18.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://bitnami.com +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- name: VMware, Inc. + url: https://github.com/bitnami/charts +name: common +sources: +- https://github.com/bitnami/charts +type: library +version: 2.18.0 diff --git a/charts/rabbitmq-old/charts/common/README.md b/charts/rabbitmq-old/charts/common/README.md new file mode 100644 index 0000000000..0d01a1e064 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/README.md @@ -0,0 +1,235 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 2.x.x + repository: oci://registry-1.docker.io/bitnamicharts +``` + +```console +helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +## Parameters + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +#### Useful links + +- +- +- + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/charts/rabbitmq-old/charts/common/templates/_affinities.tpl b/charts/rabbitmq-old/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000000..e85b1df454 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_affinities.tpl @@ -0,0 +1,139 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_capabilities.tpl b/charts/rabbitmq-old/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000000..115674af87 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_capabilities.tpl @@ -0,0 +1,229 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if PodSecurityPolicy is supported +*/}} +{{- define "common.capabilities.psp.supported" -}} +{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if AdmissionConfiguration is supported +*/}} +{{- define "common.capabilities.admissionConfiguration.supported" -}} +{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for AdmissionConfiguration. +*/}} +{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiserver.config.k8s.io/v1alpha1" -}} +{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiserver.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiserver.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for PodSecurityConfiguration. +*/}} +{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} +{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "pod-security.admission.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_compatibility.tpl b/charts/rabbitmq-old/charts/common/templates/_compatibility.tpl new file mode 100644 index 0000000000..c529f08725 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_compatibility.tpl @@ -0,0 +1,35 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return true if the detected platform is Openshift +Usage: +{{- include "common.compatibility.isOpenshift" . -}} +*/}} +{{- define "common.compatibility.isOpenshift" -}} +{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC +Usage: +{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} +*/}} +{{- define "common.compatibility.renderSecurityContext" -}} +{{- $adaptedContext := .secContext -}} +{{- if .context.Values.global.compatibility -}} + {{- if .context.Values.global.compatibility.openshift -}} + {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} + {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} + {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- omit $adaptedContext "enabled" | toYaml -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_errors.tpl b/charts/rabbitmq-old/charts/common/templates/_errors.tpl new file mode 100644 index 0000000000..07ded6f64d --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_errors.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_images.tpl b/charts/rabbitmq-old/charts/common/templates/_images.tpl new file mode 100644 index 0000000000..1bcb779df5 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_images.tpl @@ -0,0 +1,117 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images.version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} + diff --git a/charts/rabbitmq-old/charts/common/templates/_ingress.tpl b/charts/rabbitmq-old/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000000..efa5b85c72 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_ingress.tpl @@ -0,0 +1,73 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_labels.tpl b/charts/rabbitmq-old/charts/common/templates/_labels.tpl new file mode 100644 index 0000000000..d90a6cdc0c --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_labels.tpl @@ -0,0 +1,46 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Kubernetes standard labels +{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} +*/}} +{{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} +{{- with .context.Chart.AppVersion -}} +{{- $_ := set $default "app.kubernetes.io/version" . -}} +{{- end -}} +{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. +*/}} +{{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_names.tpl b/charts/rabbitmq-old/charts/common/templates/_names.tpl new file mode 100644 index 0000000000..a222924f14 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_names.tpl @@ -0,0 +1,71 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_resources.tpl b/charts/rabbitmq-old/charts/common/templates/_resources.tpl new file mode 100644 index 0000000000..d90f8752db --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "common.resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "common.resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi") + ) + "xlarge" (dict + "requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rabbitmq-old/charts/common/templates/_secrets.tpl b/charts/rabbitmq-old/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000000..84dbe38036 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_secrets.tpl @@ -0,0 +1,182 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. + - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. + - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | b64dec }} + {{- else if not (eq .failOnNew false) }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} + {{- else }} + {{- $password = randAlphaNum $passwordLength }} + {{- end }} +{{- end -}} +{{- if not .skipB64enc }} +{{- $password = $password | b64enc }} +{{- end -}} +{{- if .skipQuote -}} +{{- printf "%s" $password -}} +{{- else -}} +{{- printf "%s" $password | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} +{{- end -}} +{{- if $value -}} +{{- printf "%s" $value -}} +{{- end -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_storage.tpl b/charts/rabbitmq-old/charts/common/templates/_storage.tpl new file mode 100644 index 0000000000..16405a0f8b --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_storage.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_tplvalues.tpl b/charts/rabbitmq-old/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000000..a8ed7637ef --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,38 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_utils.tpl b/charts/rabbitmq-old/charts/common/templates/_utils.tpl new file mode 100644 index 0000000000..bfbddf0547 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_utils.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). +Usage: +{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} +*/}} +{{- define "common.utils.checksumTemplate" -}} +{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} +{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/_warnings.tpl b/charts/rabbitmq-old/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000000..0f763cd827 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/_warnings.tpl @@ -0,0 +1,82 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers +{{- end }} +{{- end -}} + +{{/* +Warning about not setting the resource object in all deployments. +Usage: +{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} +Example: +{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} +The list in the example assumes that the following values exist: + - csiProvider.provider.resources + - server.resources + - volumePermissions.resources + - resources +*/}} +{{- define "common.warnings.resources" -}} +{{- $values := .context.Values -}} +{{- $printMessage := false -}} +{{ $affectedSections := list -}} +{{- range .sections -}} + {{- if eq . "" -}} + {{/* Case where the resources section is at the root (one main deployment in the chart) */}} + {{- if not (index $values "resources") -}} + {{- $affectedSections = append $affectedSections "resources" -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} + {{- $keys := split "." . -}} + {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} + {{- $section := $values -}} + {{- range $keys -}} + {{- $section = index $section . -}} + {{- end -}} + {{- if not (index $section "resources") -}} + {{/* If the section has enabled=false or replicaCount=0, do not include it */}} + {{- if and (hasKey $section "enabled") -}} + {{- if index $section "enabled" -}} + {{/* enabled=true */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else if and (hasKey $section "replicaCount") -}} + {{/* We need a casting to int because number 0 is not treated as an int by default */}} + {{- if (gt (index $section "replicaCount" | int) 0) -}} + {{/* replicaCount > 0 */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Default case, add it to the affected sections */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- if $printMessage }} + +WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: +{{- range $affectedSections }} + - {{ . }} +{{- end }} ++info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +{{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/validations/_cassandra.tpl b/charts/rabbitmq-old/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000000..eda9aada56 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/validations/_mariadb.tpl b/charts/rabbitmq-old/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000000..17d83a2fd4 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/validations/_mongodb.tpl b/charts/rabbitmq-old/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000000..bbb445b861 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,113 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/validations/_mysql.tpl b/charts/rabbitmq-old/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 0000000000..ca3953f868 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/validations/_postgresql.tpl b/charts/rabbitmq-old/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000000..8c9aa570e2 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,134 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/validations/_redis.tpl b/charts/rabbitmq-old/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000000..fc0d208dd4 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/templates/validations/_validations.tpl b/charts/rabbitmq-old/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000000..31ceda871f --- /dev/null +++ b/charts/rabbitmq-old/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,51 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/charts/common/values.yaml b/charts/rabbitmq-old/charts/common/values.yaml new file mode 100644 index 0000000000..9abe0e1540 --- /dev/null +++ b/charts/rabbitmq-old/charts/common/values.yaml @@ -0,0 +1,8 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_bindings.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_bindings.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_bindings.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_bindings.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_exchanges.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_exchanges.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_exchanges.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_exchanges.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_federations.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_federations.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_federations.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_federations.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_operatorpolicies.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_operatorpolicies.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_operatorpolicies.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_operatorpolicies.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_permissions.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_permissions.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_permissions.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_permissions.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_policies.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_policies.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_policies.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_policies.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_queues.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_queues.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_queues.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_queues.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_schemareplications.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_schemareplications.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_schemareplications.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_schemareplications.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_shovels.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_shovels.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_shovels.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_shovels.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_superstreams.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_superstreams.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_superstreams.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_superstreams.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_topicpermissions.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_topicpermissions.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_topicpermissions.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_topicpermissions.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_users.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_users.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_users.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_users.yaml diff --git a/charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_vhosts.yaml b/charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_vhosts.yaml similarity index 100% rename from charts/rabbitmq/crds/messaging-topology-operator/rabbitmq.com_vhosts.yaml rename to charts/rabbitmq-old/crds/messaging-topology-operator/rabbitmq.com_vhosts.yaml diff --git a/charts/rabbitmq/crds/rabbitmq-cluster/rabbitmq.com_rabbitmqclusters.yaml b/charts/rabbitmq-old/crds/rabbitmq-cluster/rabbitmq.com_rabbitmqclusters.yaml similarity index 100% rename from charts/rabbitmq/crds/rabbitmq-cluster/rabbitmq.com_rabbitmqclusters.yaml rename to charts/rabbitmq-old/crds/rabbitmq-cluster/rabbitmq.com_rabbitmqclusters.yaml diff --git a/charts/rabbitmq-old/templates/NOTES.txt b/charts/rabbitmq-old/templates/NOTES.txt new file mode 100644 index 0000000000..60b7c0ab38 --- /dev/null +++ b/charts/rabbitmq-old/templates/NOTES.txt @@ -0,0 +1,51 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +Watch the RabbitMQ Cluster Operator and RabbitMQ Messaging Topology Operator Deployment status using the command: + + kubectl get deploy -w --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }} + +{{- if .Values.clusterOperator.rbac.create }} +{{- if .Values.clusterOperator.watchAllNamespaces }} +WARNING: RabbitMQ Cluster Operator can access all secrets in the cluster. This could pose a security risk if the application gets compromised. + +You can limit allowed namespaces by setting clusterOperator.watchAllNamespaces = false and configuring clusterOperator.watchNamespaces +{{- else }} + +RabbitMQ Cluster Operator can ONLY access resources in the following namespaces: +{{ $namespaces := .Values.clusterOperator.watchAllNamespaces | default (list (include "common.names.namespace" .)) }} +{{- range $namespace := $namespaces }} + - {{ $namespace }} +{{- end }} + +RabbitMQ Cluster Operator won't be able to access resources in other namespaces. You can configure this behavior by setting clusterOperator.watchNamespaces + +{{- end }} +{{- end }} + +{{- if .Values.msgTopologyOperator.rbac.create }} +{{- if .Values.msgTopologyOperator.watchAllNamespaces }} +WARNING: RabbitMQ Messaging Topology Operator can access all secrets in the cluster. This could pose a security risk if the application gets compromised. + +You can limit allowed namespaces by setting msgTopologyOperator.watchAllNamespaces = false and configuring msgTopologyOperator.watchNamespaces +{{- else }} + +RabbitMQ Messaging Topology Operator can ONLY access resources in the following namespaces: +{{ $namespaces := .Values.msgTopologyOperator.watchAllNamespaces | default (list (include "common.names.namespace" .)) }} +{{- range $namespace := $namespaces }} + - {{ $namespace }} +{{- end }} + +RabbitMQ Messaging Topology Operator won't be able to access resources in other namespaces. You can configure this behavior by setting msgTopologyOperator.watchNamespaces + +{{- end }} +{{- end }} + +{{ include "common.warnings.rollingTag" .Values.clusterOperator.image }} +{{ include "common.warnings.rollingTag" .Values.msgTopologyOperator.image }} +{{ include "common.warnings.rollingTag" .Values.credentialUpdaterImage }} +{{ include "common.warnings.rollingTag" .Values.rabbitmqImage }} +{{- include "common.warnings.resources" (dict "sections" (list "clusterOperator" "msgTopologyOperator") "context" $) }} diff --git a/charts/rabbitmq-old/templates/_helpers.tpl b/charts/rabbitmq-old/templates/_helpers.tpl new file mode 100644 index 0000000000..be3043c63c --- /dev/null +++ b/charts/rabbitmq-old/templates/_helpers.tpl @@ -0,0 +1,143 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* +Return the proper RabbitMQ Cluster Operator fullname +Note: We use the regular common function as the chart name already contains the +the rabbitmq-cluster-operator name. +*/}} +{{- define "rmqco.clusterOperator.fullname" -}} +{{- include "common.names.fullname" . -}} +{{- end -}} + +{{/* +Return the proper RabbitMQ Messaging Topology Operator fullname +NOTE: Not using the common function to avoid generating too long names +*/}} +{{- define "rmqco.msgTopologyOperator.fullname" -}} +{{- if .Values.msgTopologyOperator.fullnameOverride -}} + {{- printf "%s" .Values.msgTopologyOperator.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else if .Values.fullnameOverride -}} + {{- printf "%s-%s" .Values.fullnameOverride "messaging-topology-operator" | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- printf "%s-%s" .Release.Name "rabbitmq-messaging-topology-operator" | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper RabbitMQ Messaging Topology Operator fullname adding the installation's namespace. +*/}} +{{- define "rmqco.msgTopologyOperator.fullname.namespace" -}} +{{- printf "%s-%s" (include "rmqco.msgTopologyOperator.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper RabbitMQ Messaging Topology Operator fullname +NOTE: Not using the common function to avoid generating too long names +*/}} +{{- define "rmqco.msgTopologyOperator.webhook.fullname" -}} +{{- if .Values.msgTopologyOperator.fullnameOverride -}} + {{- printf "%s-%s" .Values.msgTopologyOperator.fullnameOverride "webhook" | trunc 63 | trimSuffix "-" -}} +{{- else if .Values.fullnameOverride -}} + {{- printf "%s-%s" .Values.fullnameOverride "messaging-topology-operator-webhook" | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- printf "%s-%s" .Release.Name "rabbitmq-messaging-topology-operator-webhook" | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper RabbitMQ Messaging Topology Operator fullname adding the installation's namespace. +*/}} +{{- define "rmqco.msgTopologyOperator.webhook.fullname.namespace" -}} +{{- printf "%s-%s" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper RabbitMQ Messaging Topology Operator fullname +*/}} +{{- define "rmqco.msgTopologyOperator.webhook.secretName" -}} +{{- if .Values.msgTopologyOperator.existingWebhookCertSecret -}} + {{- .Values.msgTopologyOperator.existingWebhookCertSecret -}} +{{- else }} + {{- include "rmqco.msgTopologyOperator.webhook.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper RabbitMQ Default User Credential updater image name +*/}} +{{- define "rmqco.defaultCredentialUpdater.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.credentialUpdaterImage "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper RabbitMQ Cluster Operator image name +*/}} +{{- define "rmqco.clusterOperator.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.clusterOperator.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper RabbitMQ Cluster Operator image name +*/}} +{{- define "rmqco.msgTopologyOperator.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.msgTopologyOperator.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper RabbitMQ image name +*/}} +{{- define "rmqco.rabbitmq.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.rabbitmqImage "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "rmqco.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.clusterOperator.image .Values.rabbitmqImage) "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names as a comma separated string +*/}} +{{- define "rmqco.imagePullSecrets.string" -}} +{{- $pullSecrets := list }} +{{- if .Values.global }} + {{- range .Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} +{{- end -}} +{{- range (list .Values.clusterOperator.image .Values.rabbitmqImage) -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} +{{- end -}} +{{- if (not (empty $pullSecrets)) }} + {{- printf "%s" (join "," $pullSecrets) -}} +{{- end }} +{{- end }} + +{{/* +Create the name of the service account to use (Cluster Operator) +*/}} +{{- define "rmqco.clusterOperator.serviceAccountName" -}} +{{- if .Values.clusterOperator.serviceAccount.create -}} + {{ default (printf "%s" (include "rmqco.clusterOperator.fullname" .)) .Values.clusterOperator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.clusterOperator.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (Messaging Topology Operator) +*/}} +{{- define "rmqco.msgTopologyOperator.serviceAccountName" -}} +{{- if .Values.msgTopologyOperator.serviceAccount.create -}} + {{ default (printf "%s" (include "rmqco.msgTopologyOperator.fullname" .)) .Values.msgTopologyOperator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.msgTopologyOperator.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/rabbitmq-old/templates/cluster-operator/clusterrole.yaml b/charts/rabbitmq-old/templates/cluster-operator/clusterrole.yaml new file mode 100644 index 0000000000..867dfedb7d --- /dev/null +++ b/charts/rabbitmq-old/templates/cluster-operator/clusterrole.yaml @@ -0,0 +1,168 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.clusterOperator.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "common.names.fullname.namespace" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + {{- if .Values.clusterOperator.rbac.clusterRole.customRules }} + {{- range .Values.clusterOperator.rbac.clusterRole.customRules }} + - apiGroups: {{ .apiGroups | toYaml | nindent 6 }} + resources: {{ .resources | toYaml | nindent 6 }} + verbs: {{ .verbs | toYaml | nindent 6 }} + {{- end }} + {{- else }} + {{- if .Values.clusterOperator.rbac.clusterRole.extraRules }} + {{- range .Values.clusterOperator.rbac.clusterRole.extraRules }} + - apiGroups: {{ .apiGroups | toYaml | nindent 6 }} + resources: {{ .resources | toYaml | nindent 6 }} + verbs: {{ .verbs | toYaml | nindent 6 }} + {{- end }} + {{- end }} + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters/status + verbs: + - get + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - update + - watch + {{- end }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/cluster-operator/clusterrolebinding.yaml b/charts/rabbitmq-old/templates/cluster-operator/clusterrolebinding.yaml new file mode 100644 index 0000000000..a8fc5d9b90 --- /dev/null +++ b/charts/rabbitmq-old/templates/cluster-operator/clusterrolebinding.yaml @@ -0,0 +1,51 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.clusterOperator.rbac.create }} +{{- if .Values.clusterOperator.watchAllNamespaces }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "common.names.fullname.namespace" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "common.names.fullname.namespace" . }} +subjects: + - kind: ServiceAccount + name: {{ template "rmqco.clusterOperator.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} +{{- else }} +{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.clusterOperator.watchNamespaces }} +{{- range $namespace := $watchNamespaces }} +--- +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }} +metadata: + name: {{ printf "%s-%s" (include "rmqco.clusterOperator.fullname" $) $namespace | trunc 63 | trimSuffix "-" }} + namespace: {{ $namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "common.names.fullname.namespace" $ }} +subjects: + - kind: ServiceAccount + name: {{ template "rmqco.clusterOperator.serviceAccountName" $ }} + namespace: {{ include "common.names.namespace" $ | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/cluster-operator/deployment.yaml b/charts/rabbitmq-old/templates/cluster-operator/deployment.yaml new file mode 100644 index 0000000000..2dbc75a3d7 --- /dev/null +++ b/charts/rabbitmq-old/templates/cluster-operator/deployment.yaml @@ -0,0 +1,169 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "rmqco.clusterOperator.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.clusterOperator.replicaCount }} + {{- if .Values.clusterOperator.updateStrategy }} + strategy: {{- toYaml .Values.clusterOperator.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.clusterOperator.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: rabbitmq-operator + template: + metadata: + {{- if .Values.clusterOperator.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + spec: + serviceAccountName: {{ template "rmqco.clusterOperator.serviceAccountName" . }} + {{- include "rmqco.imagePullSecrets" . | nindent 6 }} + {{- if .Values.clusterOperator.schedulerName }} + schedulerName: {{ .Values.clusterOperator.schedulerName | quote }} + {{- end }} + automountServiceAccountToken: {{ .Values.clusterOperator.automountServiceAccountToken }} + {{- if .Values.clusterOperator.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.clusterOperator.podAffinityPreset "component" "rabbitmq-operator" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.clusterOperator.podAntiAffinityPreset "component" "rabbitmq-operator" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.clusterOperator.nodeAffinityPreset.type "key" .Values.clusterOperator.nodeAffinityPreset.key "values" .Values.clusterOperator.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.clusterOperator.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.priorityClassName }} + priorityClassName: {{ .Values.clusterOperator.priorityClassName | quote }} + {{- end }} + {{- if .Values.clusterOperator.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.clusterOperator.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.clusterOperator.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if .Values.clusterOperator.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: rabbitmq-cluster-operator + image: {{ template "rmqco.clusterOperator.image" . }} + imagePullPolicy: {{ .Values.clusterOperator.image.pullPolicy }} + {{- if .Values.clusterOperator.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.clusterOperator.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.clusterOperator.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.command "context" $) | nindent 12 }} + {{- else }} + command: + - /manager + {{- end }} + {{- if .Values.clusterOperator.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.args "context" $) | nindent 12 }} + {{- else }} + args: + - --metrics-bind-address=:{{ .Values.clusterOperator.containerPorts.metrics }} + {{- end }} + env: + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if not .Values.clusterOperator.watchAllNamespaces }} + {{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.clusterOperator.watchNamespaces }} + - name: OPERATOR_SCOPE_NAMESPACE + value: {{ join "," $watchNamespaces | quote }} + {{- end }} + - name: DEFAULT_RABBITMQ_IMAGE + value: {{ include "rmqco.rabbitmq.image" . }} + - name: DEFAULT_USER_UPDATER_IMAGE + value: {{ include "rmqco.defaultCredentialUpdater.image" . }} + {{- if (include "rmqco.imagePullSecrets.string" .) }} + - name: DEFAULT_IMAGE_PULL_SECRETS + value: {{ include "rmqco.imagePullSecrets.string" . | quote }} + {{- end }} + {{- if .Values.clusterOperator.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.clusterOperator.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.clusterOperator.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.clusterOperator.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.clusterOperator.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.clusterOperator.resources }} + resources: {{- toYaml .Values.clusterOperator.resources | nindent 12 }} + {{- else if ne .Values.clusterOperator.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.clusterOperator.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.clusterOperator.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.clusterOperator.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.clusterOperator.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: http + {{- end }} + {{- if .Values.clusterOperator.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.clusterOperator.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.clusterOperator.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: http + {{- end }} + {{- if .Values.clusterOperator.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.clusterOperator.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.clusterOperator.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: http + {{- end }} + {{- end }} + {{- if .Values.clusterOperator.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.clusterOperator.extraVolumeMounts }} + volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.clusterOperator.containerPorts.metrics }} + protocol: TCP + {{- if .Values.clusterOperator.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.extraVolumes }} + volumes: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/rabbitmq-old/templates/cluster-operator/metrics-service.yaml b/charts/rabbitmq-old/templates/cluster-operator/metrics-service.yaml new file mode 100644 index 0000000000..0aa56ba9d0 --- /dev/null +++ b/charts/rabbitmq-old/templates/cluster-operator/metrics-service.yaml @@ -0,0 +1,55 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.clusterOperator.metrics.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ printf "%s-metrics" (include "rmqco.clusterOperator.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- if or .Values.commonAnnotations .Values.clusterOperator.metrics.service.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.clusterOperator.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.clusterOperator.metrics.service.type }} + {{- if (or (eq .Values.clusterOperator.metrics.service.type "LoadBalancer") (eq .Values.clusterOperator.metrics.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.clusterOperator.metrics.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if .Values.clusterOperator.metrics.service.clusterIP }} + clusterIP: {{ .Values.clusterOperator.metrics.service.clusterIP }} + {{- end }} + {{- if eq .Values.clusterOperator.metrics.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.clusterOperator.metrics.service.loadBalancerSourceRanges }} + {{- end }} + {{- if (and (eq .Values.clusterOperator.metrics.service.type "LoadBalancer") (not (empty .Values.clusterOperator.metrics.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.clusterOperator.metrics.service.loadBalancerIP }} + {{- end }} + {{- if .Values.clusterOperator.metrics.service.sessionAffinity }} + sessionAffinity: {{ .Values.clusterOperator.metrics.service.sessionAffinity }} + {{- end }} + {{- if .Values.clusterOperator.metrics.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.metrics.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: http + port: {{ .Values.clusterOperator.metrics.service.ports.http }} + targetPort: http + protocol: TCP + {{- if (and (or (eq .Values.clusterOperator.metrics.service.type "NodePort") (eq .Values.clusterOperator.metrics.service.type "LoadBalancer")) (not (empty .Values.clusterOperator.metrics.service.nodePorts.http))) }} + nodePort: {{ .Values.clusterOperator.metrics.service.nodePorts.http }} + {{- else if eq .Values.clusterOperator.metrics.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.clusterOperator.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.clusterOperator.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator +{{- end }} diff --git a/charts/rabbitmq-old/templates/cluster-operator/networkpolicy.yaml b/charts/rabbitmq-old/templates/cluster-operator/networkpolicy.yaml new file mode 100644 index 0000000000..852438b749 --- /dev/null +++ b/charts/rabbitmq-old/templates/cluster-operator/networkpolicy.yaml @@ -0,0 +1,93 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.clusterOperator.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.clusterOperator.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + policyTypes: + - Ingress + - Egress + {{- if .Values.clusterOperator.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + - ports: + # Allow dns resolution + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow access to kube-apiserver + {{- range $port := .Values.clusterOperator.networkPolicy.kubeAPIServerPorts }} + - port: {{ $port }} + {{- end }} + # RabbitMQCluster instances have the label app.kubernetes.io/component: rabbitmq + - to: + - podSelector: + matchLabels: + app.kubernetes.io/component: rabbitmq + {{- if not .Values.clusterOperator.watchAllNamespaces }} + {{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.clusterOperator.watchNamespaces }} + namespaceSelector: + matchExpressions: + - key: namespace + operator: In + values: + {{- range $namespace := $watchNamespaces }} + - {{ $namespace }} + {{- end }} + {{- end }} + {{- if .Values.clusterOperator.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + {{- if .Values.clusterOperator.metrics.enabled }} + - ports: + - port: {{ .Values.clusterOperator.containerPorts.metrics }} + {{- if not .Values.clusterOperator.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/part-of: rabbitmq + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- if .Values.clusterOperator.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.clusterOperator.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.clusterOperator.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.clusterOperator.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.clusterOperator.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/cluster-operator/podmonitor.yaml b/charts/rabbitmq-old/templates/cluster-operator/podmonitor.yaml new file mode 100644 index 0000000000..b41be0ed52 --- /dev/null +++ b/charts/rabbitmq-old/templates/cluster-operator/podmonitor.yaml @@ -0,0 +1,73 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.clusterOperator.metrics.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + {{- if .Values.clusterOperator.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + name: {{ printf "%s-metrics" (include "rmqco.clusterOperator.fullname" .) }} + namespace: {{ default (include "common.names.namespace" .) .Values.msgTopologyOperator.metrics.podMonitor.namespace | quote }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.clusterOperator.metrics.podMonitor.jobLabel }} + selector: + matchLabels: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.clusterOperator.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + {{- if .Values.clusterOperator.metrics.podMonitor.selector }} + {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.metrics.podMonitor.selector "context" $ ) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: rabbitmq-operator + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + podMetricsEndpoints: + - port: http + {{- if .Values.clusterOperator.metrics.podMonitor.interval }} + interval: {{ .Values.clusterOperator.metrics.podMonitor.interval }} + {{- end }} + {{- if .Values.clusterOperator.metrics.podMonitor.honorLabels }} + honorLabels: {{ .Values.clusterOperator.metrics.podMonitor.honorLabels }} + {{- end }} + {{- if .Values.clusterOperator.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.clusterOperator.metrics.podMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.clusterOperator.metrics.podMonitor.relabelings }} + relabelings: {{ toYaml .Values.clusterOperator.metrics.podMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.metrics.podMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.clusterOperator.metrics.podMonitor.metricRelabelings | nindent 8 }} + {{- end }} + - port: metrics + {{- if .Values.clusterOperator.metrics.podMonitor.path }} + path: {{ .Values.clusterOperator.metrics.podMonitor.path }} + {{- end }} + {{- if .Values.clusterOperator.metrics.podMonitor.params }} + params: {{ toYaml .Values.clusterOperator.metrics.podMonitor.params | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.metrics.podMonitor.interval }} + interval: {{ .Values.clusterOperator.metrics.podMonitor.interval }} + {{- end }} + {{- if .Values.clusterOperator.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.clusterOperator.metrics.podMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.clusterOperator.metrics.podMonitor.honorLabels }} + honorLabels: {{ .Values.clusterOperator.metrics.podMonitor.honorLabels }} + {{- end }} + {{- if .Values.clusterOperator.metrics.podMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.metrics.podMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.metrics.podMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.metrics.podMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/cluster-operator/role.yaml b/charts/rabbitmq-old/templates/cluster-operator/role.yaml new file mode 100644 index 0000000000..d4c656d1a7 --- /dev/null +++ b/charts/rabbitmq-old/templates/cluster-operator/role.yaml @@ -0,0 +1,37 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.clusterOperator.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "rmqco.clusterOperator.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create +{{- end }} diff --git a/charts/rabbitmq-old/templates/cluster-operator/rolebinding.yaml b/charts/rabbitmq-old/templates/cluster-operator/rolebinding.yaml new file mode 100644 index 0000000000..a95c8176ce --- /dev/null +++ b/charts/rabbitmq-old/templates/cluster-operator/rolebinding.yaml @@ -0,0 +1,26 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.clusterOperator.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "rmqco.clusterOperator.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "rmqco.clusterOperator.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "rmqco.clusterOperator.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/cluster-operator/service-account.yaml b/charts/rabbitmq-old/templates/cluster-operator/service-account.yaml new file mode 100644 index 0000000000..ee15f482e1 --- /dev/null +++ b/charts/rabbitmq-old/templates/cluster-operator/service-account.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.clusterOperator.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "rmqco.clusterOperator.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- if or .Values.commonAnnotations .Values.clusterOperator.serviceAccount.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.clusterOperator.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.clusterOperator.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/cluster-operator/servicemonitor.yaml b/charts/rabbitmq-old/templates/cluster-operator/servicemonitor.yaml new file mode 100644 index 0000000000..d4fab87935 --- /dev/null +++ b/charts/rabbitmq-old/templates/cluster-operator/servicemonitor.yaml @@ -0,0 +1,72 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.clusterOperator.metrics.serviceMonitor.enabled .Values.clusterOperator.metrics.service.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "rmqco.clusterOperator.fullname" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.clusterOperator.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + {{- if .Values.clusterOperator.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + namespace: {{ default (include "common.names.namespace" .) .Values.clusterOperator.metrics.serviceMonitor.namespace | quote }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.clusterOperator.metrics.serviceMonitor.jobLabel }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: rabbitmq-operator + {{- if .Values.clusterOperator.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.metrics.serviceMonitor.selector "context" $ ) | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + endpoints: + - port: http + {{- if .Values.clusterOperator.metrics.serviceMonitor.interval }} + interval: {{ .Values.clusterOperator.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.clusterOperator.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.clusterOperator.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.clusterOperator.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + - port: metrics + {{- if .Values.clusterOperator.metrics.serviceMonitor.path }} + path: {{ .Values.clusterOperator.metrics.serviceMonitor.path }} + {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.params }} + params: {{ toYaml .Values.clusterOperator.metrics.serviceMonitor.params | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.interval }} + interval: {{ .Values.clusterOperator.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.clusterOperator.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/extra-list.yaml b/charts/rabbitmq-old/templates/extra-list.yaml new file mode 100644 index 0000000000..2d35a580e8 --- /dev/null +++ b/charts/rabbitmq-old/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/issuer.yaml b/charts/rabbitmq-old/templates/issuer.yaml new file mode 100644 index 0000000000..fae6ec8ddd --- /dev/null +++ b/charts/rabbitmq-old/templates/issuer.yaml @@ -0,0 +1,16 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.useCertManager }} +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: rabbitmq + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} +spec: + selfSigned: {} +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/certificate.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/certificate.yaml new file mode 100644 index 0000000000..91f7ae7647 --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/certificate.yaml @@ -0,0 +1,29 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (.Values.msgTopologyOperator.enabled) (.Values.useCertManager) (not .Values.msgTopologyOperator.existingWebhookCertSecret) }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + commonName: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + dnsNames: + - {{ printf "%s.%s.svc" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .) }} + - {{ printf "%s.%s.svc.%s" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }} + issuerRef: + kind: Issuer + name: {{ template "common.names.fullname" . }} + secretName: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/clusterrole.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/clusterrole.yaml new file mode 100644 index 0000000000..8ddb943f38 --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/clusterrole.yaml @@ -0,0 +1,334 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.msgTopologyOperator.enabled .Values.msgTopologyOperator.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "rmqco.msgTopologyOperator.fullname.namespace" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + {{- if .Values.msgTopologyOperator.rbac.clusterRole.customRules }} + {{- range .Values.msgTopologyOperator.rbac.clusterRole.customRules }} + - apiGroups: {{ .apiGroups | toYaml | nindent 6 }} + resources: {{ .resources | toYaml | nindent 6 }} + verbs: {{ .verbs | toYaml | nindent 6 }} + {{- end }} + {{- else }} + {{- if .Values.msgTopologyOperator.rbac.clusterRole.extraRules }} + {{- range .Values.msgTopologyOperator.rbac.clusterRole.extraRules }} + - apiGroups: {{ .apiGroups | toYaml | nindent 6 }} + resources: {{ .resources | toYaml | nindent 6 }} + verbs: {{ .verbs | toYaml | nindent 6 }} + {{- end }} + {{- end }} + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - rabbitmq.com + resources: + - bindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - bindings/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - exchanges + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - exchanges/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - federations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - federations/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - permissions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - permissions/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - policies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - policies/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - queues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - queues/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters + verbs: + - get + - list + - watch + - apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters/status + verbs: + - get + - apiGroups: + - rabbitmq.com + resources: + - schemareplications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - schemareplications/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - shovels + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - shovels/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - superstreams + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - superstreams/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - users/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - vhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - vhosts/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - topicpermissions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - topicpermissions/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - operatorpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - operatorpolicies/status + verbs: + - get + {{- end }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/clusterrolebinding.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/clusterrolebinding.yaml new file mode 100644 index 0000000000..b29b1f6bc6 --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/clusterrolebinding.yaml @@ -0,0 +1,51 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.msgTopologyOperator.rbac.create }} +{{- if .Values.msgTopologyOperator.watchAllNamespaces }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "rmqco.msgTopologyOperator.fullname.namespace" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "rmqco.msgTopologyOperator.fullname.namespace" . }} +subjects: + - kind: ServiceAccount + name: {{ template "rmqco.msgTopologyOperator.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} +{{- else }} +{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.msgTopologyOperator.watchNamespaces }} +{{- range $namespace := $watchNamespaces }} +--- +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }} +metadata: + name: {{ printf "%s-%s" (include "rmqco.msgTopologyOperator.fullname" $) $namespace | trunc 63 | trimSuffix "-" }} + namespace: {{ $namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "rmqco.msgTopologyOperator.fullname.namespace" $ }} +subjects: + - kind: ServiceAccount + name: {{ template "rmqco.msgTopologyOperator.serviceAccountName" $ }} + namespace: {{ include "common.names.namespace" $ | quote }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/deployment.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/deployment.yaml new file mode 100644 index 0000000000..ac5fe3f1f3 --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/deployment.yaml @@ -0,0 +1,183 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.msgTopologyOperator.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "rmqco.msgTopologyOperator.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.msgTopologyOperator.replicaCount }} + {{- if .Values.msgTopologyOperator.updateStrategy }} + strategy: {{- toYaml .Values.msgTopologyOperator.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.msgTopologyOperator.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: messaging-topology-operator + template: + metadata: + {{- if .Values.msgTopologyOperator.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + spec: + serviceAccountName: {{ template "rmqco.msgTopologyOperator.serviceAccountName" . }} + {{- include "rmqco.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.msgTopologyOperator.automountServiceAccountToken }} + {{- if .Values.msgTopologyOperator.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.msgTopologyOperator.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.msgTopologyOperator.schedulerName }} + schedulerName: {{ .Values.msgTopologyOperator.schedulerName | quote }} + {{- end }} + {{- if .Values.msgTopologyOperator.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.msgTopologyOperator.podAffinityPreset "component" "messaging-topology-operator" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.msgTopologyOperator.podAntiAffinityPreset "component" "messaging-topology-operator" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.msgTopologyOperator.nodeAffinityPreset.type "key" .Values.msgTopologyOperator.nodeAffinityPreset.key "values" .Values.msgTopologyOperator.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.msgTopologyOperator.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.msgTopologyOperator.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.msgTopologyOperator.priorityClassName }} + priorityClassName: {{ .Values.msgTopologyOperator.priorityClassName | quote }} + {{- end }} + {{- if .Values.msgTopologyOperator.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.msgTopologyOperator.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.msgTopologyOperator.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.msgTopologyOperator.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.msgTopologyOperator.hostNetwork }} + hostNetwork: {{ .Values.msgTopologyOperator.hostNetwork }} + {{- end }} + {{- if .Values.msgTopologyOperator.dnsPolicy }} + dnsPolicy: {{ .Values.msgTopologyOperator.dnsPolicy }} + {{- end }} + initContainers: + {{- if .Values.msgTopologyOperator.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: rabbitmq-cluster-operator + image: {{ template "rmqco.msgTopologyOperator.image" . }} + imagePullPolicy: {{ .Values.msgTopologyOperator.image.pullPolicy }} + {{- if .Values.msgTopologyOperator.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.msgTopologyOperator.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.msgTopologyOperator.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.command "context" $) | nindent 12 }} + {{- else }} + command: + - /manager + {{- end }} + {{- if .Values.msgTopologyOperator.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.args "context" $) | nindent 12 }} + {{- else }} + args: + - --metrics-bind-address=:{{ .Values.msgTopologyOperator.containerPorts.metrics }} + {{- end }} + env: + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if not .Values.msgTopologyOperator.watchAllNamespaces }} + {{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.msgTopologyOperator.watchNamespaces }} + - name: OPERATOR_SCOPE_NAMESPACE + value: {{ join "," $watchNamespaces | quote }} + {{- end }} + {{- if .Values.msgTopologyOperator.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.msgTopologyOperator.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.msgTopologyOperator.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.msgTopologyOperator.resources }} + resources: {{- toYaml .Values.msgTopologyOperator.resources | nindent 12 }} + {{- else if ne .Values.msgTopologyOperator.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.msgTopologyOperator.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http-webhook + containerPort: 9443 + protocol: TCP + - name: http-metrics + containerPort: {{ .Values.msgTopologyOperator.containerPorts.metrics }} + protocol: TCP + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.msgTopologyOperator.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.msgTopologyOperator.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.msgTopologyOperator.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: http-metrics + {{- end }} + {{- if .Values.msgTopologyOperator.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.msgTopologyOperator.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.msgTopologyOperator.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: http-metrics + {{- end }} + {{- if .Values.msgTopologyOperator.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.msgTopologyOperator.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.msgTopologyOperator.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: http-metrics + {{- end }} + {{- end }} + {{- if .Values.msgTopologyOperator.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + {{- if .Values.msgTopologyOperator.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.msgTopologyOperator.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: {{ template "rmqco.msgTopologyOperator.webhook.secretName" . }} + {{- if .Values.msgTopologyOperator.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/metrics-service.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/metrics-service.yaml new file mode 100644 index 0000000000..46c9f009c8 --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/metrics-service.yaml @@ -0,0 +1,58 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.msgTopologyOperator.enabled .Values.msgTopologyOperator.metrics.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + type: metrics + name: {{ printf "%s-metrics" (include "rmqco.msgTopologyOperator.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- if or .Values.commonAnnotations .Values.msgTopologyOperator.metrics.service.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.msgTopologyOperator.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.msgTopologyOperator.metrics.service.type }} + {{- if (or (eq .Values.msgTopologyOperator.metrics.service.type "LoadBalancer") (eq .Values.msgTopologyOperator.metrics.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.msgTopologyOperator.metrics.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.service.clusterIP }} + clusterIP: {{ .Values.msgTopologyOperator.metrics.service.clusterIP }} + {{- end }} + {{- if eq .Values.msgTopologyOperator.metrics.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.msgTopologyOperator.metrics.service.loadBalancerSourceRanges }} + {{- end }} + {{- if (and (eq .Values.msgTopologyOperator.metrics.service.type "LoadBalancer") (not (empty .Values.msgTopologyOperator.metrics.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.msgTopologyOperator.metrics.service.loadBalancerIP }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.service.sessionAffinity }} + sessionAffinity: {{ .Values.msgTopologyOperator.metrics.service.sessionAffinity }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.metrics.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: http + port: {{ .Values.msgTopologyOperator.metrics.service.ports.http }} + targetPort: http-metrics + protocol: TCP + {{- if (and (or (eq .Values.msgTopologyOperator.metrics.service.type "NodePort") (eq .Values.msgTopologyOperator.metrics.service.type "LoadBalancer")) (not (empty .Values.msgTopologyOperator.metrics.service.nodePorts.http))) }} + nodePort: {{ .Values.msgTopologyOperator.metrics.service.nodePorts.http }} + {{- else if eq .Values.msgTopologyOperator.metrics.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.msgTopologyOperator.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/networkpolicy.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/networkpolicy.yaml new file mode 100644 index 0000000000..387d9a9bf5 --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/networkpolicy.yaml @@ -0,0 +1,98 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.msgTopologyOperator.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "rmqco.msgTopologyOperator.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.msgTopologyOperator.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + policyTypes: + - Ingress + - Egress + {{- if .Values.msgTopologyOperator.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + - ports: + # Allow dns resolution + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow rabbitmq api + - port: 15672 + protocol: TCP + # Allow access to kube-apiserver + {{- range $port := .Values.msgTopologyOperator.networkPolicy.kubeAPIServerPorts }} + - port: {{ $port }} + {{- end }} + # RabbitMQCluster instances have the label app.kubernetes.io/component: rabbitmq + - to: + - podSelector: + matchLabels: + app.kubernetes.io/component: rabbitmq + {{- if not .Values.msgTopologyOperator.watchAllNamespaces }} + {{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.msgTopologyOperator.watchNamespaces }} + namespaceSelector: + matchExpressions: + - key: namespace + operator: In + values: + {{- range $namespace := $watchNamespaces }} + - {{ $namespace }} + {{- end }} + {{- end }} + {{- if .Values.msgTopologyOperator.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + {{/* Webhook port is hardcoded in the operator code */}} + - port: 9443 + {{- if .Values.msgTopologyOperator.metrics.enabled }} + - port: {{ .Values.msgTopologyOperator.containerPorts.metrics }} + {{- end }} + {{- if not .Values.msgTopologyOperator.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/part-of: rabbitmq + - podSelector: + matchLabels: + {{ template "rmqco.msgTopologyOperator.fullname" . }}-client: "true" + {{- if .Values.msgTopologyOperator.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.msgTopologyOperator.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.msgTopologyOperator.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.msgTopologyOperator.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.msgTopologyOperator.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/podmonitor.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/podmonitor.yaml new file mode 100644 index 0000000000..c09e50b87c --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/podmonitor.yaml @@ -0,0 +1,53 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.msgTopologyOperator.enabled .Values.msgTopologyOperator.metrics.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ template "rmqco.msgTopologyOperator.fullname" . }} + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.msgTopologyOperator.metrics.podMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + {{- if .Values.msgTopologyOperator.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + namespace: {{ default (include "common.names.namespace" .) .Values.msgTopologyOperator.metrics.podMonitor.namespace | quote }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.msgTopologyOperator.metrics.podMonitor.jobLabel }} + selector: + matchLabels: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.msgTopologyOperator.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + {{- if .Values.msgTopologyOperator.metrics.podMonitor.selector }} + {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.metrics.podMonitor.selector "context" $ ) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: rabbitmq-operator + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + podMetricsEndpoints: + - port: http + {{- if .Values.msgTopologyOperator.metrics.podMonitor.interval }} + interval: {{ .Values.msgTopologyOperator.metrics.podMonitor.interval }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.podMonitor.honorLabels }} + honorLabels: {{ .Values.msgTopologyOperator.metrics.podMonitor.honorLabels }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.msgTopologyOperator.metrics.podMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.podMonitor.relabelings }} + relabelings: {{ toYaml .Values.msgTopologyOperator.metrics.podMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.podMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.msgTopologyOperator.metrics.podMonitor.metricRelabelings | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/role.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/role.yaml new file mode 100644 index 0000000000..427df817be --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/role.yaml @@ -0,0 +1,51 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.msgTopologyOperator.enabled .Values.msgTopologyOperator.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "rmqco.msgTopologyOperator.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/rolebinding.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/rolebinding.yaml new file mode 100644 index 0000000000..995310e046 --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/rolebinding.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.msgTopologyOperator.enabled .Values.msgTopologyOperator.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "rmqco.msgTopologyOperator.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "rmqco.msgTopologyOperator.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "rmqco.msgTopologyOperator.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/service-account.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/service-account.yaml new file mode 100644 index 0000000000..10044f819c --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/service-account.yaml @@ -0,0 +1,22 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.msgTopologyOperator.enabled .Values.msgTopologyOperator.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "rmqco.msgTopologyOperator.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- if or .Values.commonAnnotations .Values.msgTopologyOperator.serviceAccount.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.msgTopologyOperator.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.msgTopologyOperator.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/servicemonitor.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/servicemonitor.yaml new file mode 100644 index 0000000000..05efd2f794 --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/servicemonitor.yaml @@ -0,0 +1,53 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.msgTopologyOperator.enabled .Values.msgTopologyOperator.metrics.serviceMonitor.enabled .Values.msgTopologyOperator.metrics.service.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "rmqco.msgTopologyOperator.fullname" . }} + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.msgTopologyOperator.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + namespace: {{ default (include "common.names.namespace" .) .Values.msgTopologyOperator.metrics.serviceMonitor.namespace | quote }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.msgTopologyOperator.metrics.serviceMonitor.jobLabel }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: messaging-topology-operator + # We need an extra label for the ServiceMonitor to scrape it correctly + type: metrics + {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.metrics.serviceMonitor.selector "context" $ ) | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + endpoints: + - port: http + {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.interval }} + interval: {{ .Values.msgTopologyOperator.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.msgTopologyOperator.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.msgTopologyOperator.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.msgTopologyOperator.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/validating-webhook-configuration.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/validating-webhook-configuration.yaml new file mode 100644 index 0000000000..2130ebace7 --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/validating-webhook-configuration.yaml @@ -0,0 +1,332 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.msgTopologyOperator.enabled }} +{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} +{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} +{{/* + If the user does not have cert-manager and is not providing a secret with the certificates, the chart needs to generate the secret + */}} +{{- $secretName := printf "%s" (include "rmqco.msgTopologyOperator.webhook.fullname" .) }} +{{- $ca := genCA "rmq-msg-topology-ca" 365 }} +{{- $cert := genSignedCert (include "rmqco.msgTopologyOperator.fullname" .) nil (list (printf "%s.%s.svc" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .)) (printf "%s.%s.svc.%s" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain)) 365 $ca }} +{{- if and (not .Values.useCertManager) (not .Values.msgTopologyOperator.existingWebhookCertSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + annotations: + {{- if .Values.useCertManager }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s" (include "common.names.namespace" .) ( include "rmqco.msgTopologyOperator.webhook.secretName" . ) }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname.namespace" . }} +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-binding + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vbinding.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - bindings + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-exchange + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vexchange.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - exchanges + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-federation + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vfederation.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - federations + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-operatorpolicy + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: voperatorpolicy.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - operatorpolicies + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1alpha1-superstream + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vsuperstream.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - superstreams + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-permission + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vpermission.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - permissions + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-policy + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vpolicy.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-queue + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vqueue.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - queues + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-schemareplication + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vschemareplication.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - schemareplications + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-shovel + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vshovel.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - shovels + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-user + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vuser.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-vhost + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vvhost.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - vhosts + sideEffects: None +{{- end }} diff --git a/charts/rabbitmq-old/templates/messaging-topology-operator/webhook-service.yaml b/charts/rabbitmq-old/templates/messaging-topology-operator/webhook-service.yaml new file mode 100644 index 0000000000..d36eaab758 --- /dev/null +++ b/charts/rabbitmq-old/templates/messaging-topology-operator/webhook-service.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.msgTopologyOperator.enabled }} +apiVersion: v1 +kind: Service +metadata: + {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- if or .Values.commonAnnotations .Values.msgTopologyOperator.service.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.msgTopologyOperator.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.msgTopologyOperator.service.type }} + {{- if (or (eq .Values.msgTopologyOperator.service.type "LoadBalancer") (eq .Values.msgTopologyOperator.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.msgTopologyOperator.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if .Values.msgTopologyOperator.service.clusterIP }} + clusterIP: {{ .Values.msgTopologyOperator.service.clusterIP }} + {{- end }} + {{- if eq .Values.msgTopologyOperator.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.msgTopologyOperator.service.loadBalancerSourceRanges }} + {{- end }} + {{- if (and (eq .Values.msgTopologyOperator.service.type "LoadBalancer") (not (empty .Values.msgTopologyOperator.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.msgTopologyOperator.service.loadBalancerIP }} + {{- end }} + {{- if .Values.msgTopologyOperator.service.sessionAffinity }} + sessionAffinity: {{ .Values.msgTopologyOperator.service.sessionAffinity }} + {{- end }} + {{- if .Values.msgTopologyOperator.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: http + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + targetPort: http-webhook + protocol: TCP + {{- if (and (or (eq .Values.msgTopologyOperator.service.type "NodePort") (eq .Values.msgTopologyOperator.service.type "LoadBalancer")) (not (empty .Values.msgTopologyOperator.service.nodePorts.http))) }} + nodePort: {{ .Values.msgTopologyOperator.service.nodePorts.http }} + {{- else if eq .Values.msgTopologyOperator.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.msgTopologyOperator.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.msgTopologyOperator.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator +{{- end }} diff --git a/charts/rabbitmq-old/values.yaml b/charts/rabbitmq-old/values.yaml new file mode 100644 index 0000000000..7c1b1c848b --- /dev/null +++ b/charts/rabbitmq-old/values.yaml @@ -0,0 +1,1221 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: disabled +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## Enable diagnostic mode in the deployment(s)/statefulset(s) +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled) + ## + enabled: false +## @section RabbitMQ Cluster Operator Parameters +## + +## Bitnami RabbitMQ Image +## ref: https://hub.docker.com/r/bitnami/rabbitmq/tags/ +## @param rabbitmqImage.registry [default: REGISTRY_NAME] RabbitMQ Image registry +## @param rabbitmqImage.repository [default: REPOSITORY_NAME/rabbitmq] RabbitMQ Image repository +## @skip rabbitmqImage.tag RabbitMQ Image tag (immutable tags are recommended) +## @param rabbitmqImage.digest RabbitMQ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param rabbitmqImage.pullSecrets RabbitMQ Image pull secrets +## +rabbitmqImage: + registry: docker.io + repository: bitnami/rabbitmq + tag: 3.12.13-debian-12-r2 + digest: "" + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-rabbitmqImage-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] +## Bitnami RabbitMQ Default User Credential Updater Image +## ref: https://hub.docker.com/r/bitnami/rmq-default-credential-updater/tags/ +## @param credentialUpdaterImage.registry [default: REGISTRY_NAME] RabbitMQ Default User Credential Updater image registry +## @param credentialUpdaterImage.repository [default: REPOSITORY_NAME/rmq-default-credential-updater] RabbitMQ Default User Credential Updater image repository +## @skip credentialUpdaterImage.tag RabbitMQ Default User Credential Updater image tag (immutable tags are recommended) +## @param credentialUpdaterImage.digest RabbitMQ Default User Credential Updater image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param credentialUpdaterImage.pullSecrets RabbitMQ Default User Credential Updater image pull secrets +## +credentialUpdaterImage: + registry: docker.io + repository: bitnami/rmq-default-credential-updater + tag: 1.0.4-debian-12-r14 + digest: "" + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-credentialUpdaterImage-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] +clusterOperator: + ## Bitnami RabbitMQ Cluster Operator image + ## ref: https://hub.docker.com/r/bitnami/rabbitmq-cluster-operator/tags/ + ## @param clusterOperator.image.registry [default: REGISTRY_NAME] RabbitMQ Cluster Operator image registry + ## @param clusterOperator.image.repository [default: REPOSITORY_NAME/rabbitmq-cluster-operator] RabbitMQ Cluster Operator image repository + ## @skip clusterOperator.image.tag RabbitMQ Cluster Operator image tag (immutable tags are recommended) + ## @param clusterOperator.image.digest RabbitMQ Cluster Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param clusterOperator.image.pullPolicy RabbitMQ Cluster Operator image pull policy + ## @param clusterOperator.image.pullSecrets RabbitMQ Cluster Operator image pull secrets + ## + image: + registry: docker.io + repository: bitnami/rabbitmq-cluster-operator + tag: 2.7.0-debian-12-r8 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param clusterOperator.watchAllNamespaces Watch for resources in all namespaces + ## + watchAllNamespaces: true + ## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true) + ## + watchNamespaces: [] + ## @param clusterOperator.replicaCount Number of RabbitMQ Cluster Operator replicas to deploy + ## + replicaCount: 1 + ## @param clusterOperator.schedulerName Alternative scheduler + ## + schedulerName: "" + ## @param clusterOperator.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## The value is evaluated as a template + ## + topologySpreadConstraints: [] + ## @param clusterOperator.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## Configure extra options for RabbitMQ Cluster Operator containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param clusterOperator.livenessProbe.enabled Enable livenessProbe on RabbitMQ Cluster Operator nodes + ## @param clusterOperator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param clusterOperator.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param clusterOperator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param clusterOperator.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param clusterOperator.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param clusterOperator.readinessProbe.enabled Enable readinessProbe on RabbitMQ Cluster Operator nodes + ## @param clusterOperator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param clusterOperator.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param clusterOperator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param clusterOperator.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param clusterOperator.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param clusterOperator.startupProbe.enabled Enable startupProbe on RabbitMQ Cluster Operator nodes + ## @param clusterOperator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param clusterOperator.startupProbe.periodSeconds Period seconds for startupProbe + ## @param clusterOperator.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param clusterOperator.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param clusterOperator.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param clusterOperator.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param clusterOperator.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param clusterOperator.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## RabbitMQ Cluster Operator resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param clusterOperator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if clusterOperator.resources is set (clusterOperator.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param clusterOperator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param clusterOperator.podSecurityContext.enabled Enabled RabbitMQ Cluster Operator pods' Security Context + ## @param clusterOperator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param clusterOperator.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param clusterOperator.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param clusterOperator.podSecurityContext.fsGroup Set RabbitMQ Cluster Operator pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param clusterOperator.containerSecurityContext.enabled Enabled containers' Security Context + ## @param clusterOperator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param clusterOperator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param clusterOperator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param clusterOperator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param clusterOperator.containerSecurityContext.privileged Set container's Security Context privileged + ## @param clusterOperator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param clusterOperator.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param clusterOperator.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param clusterOperator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## @param clusterOperator.command Override default container command (useful when using custom images) + ## + command: [] + ## @param clusterOperator.args Override default container args (useful when using custom images) + ## + args: [] + ## @param clusterOperator.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: true + ## @param clusterOperator.hostAliases RabbitMQ Cluster Operator pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param clusterOperator.podLabels Extra labels for RabbitMQ Cluster Operator pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param clusterOperator.podAnnotations Annotations for RabbitMQ Cluster Operator pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param clusterOperator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param clusterOperator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param clusterOperator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param clusterOperator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param clusterOperator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param clusterOperator.affinity Affinity for RabbitMQ Cluster Operator pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param clusterOperator.nodeSelector Node labels for RabbitMQ Cluster Operator pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param clusterOperator.tolerations Tolerations for RabbitMQ Cluster Operator pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param clusterOperator.updateStrategy.type RabbitMQ Cluster Operator statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## @param clusterOperator.priorityClassName RabbitMQ Cluster Operator pods' priorityClassName + ## + priorityClassName: "" + ## @param clusterOperator.lifecycleHooks for the RabbitMQ Cluster Operator container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param clusterOperator.containerPorts.metrics RabbitMQ Cluster Operator container port (used for metrics) + ## + containerPorts: + metrics: 9782 + ## @param clusterOperator.extraEnvVars Array with extra environment variables to add to RabbitMQ Cluster Operator nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param clusterOperator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for RabbitMQ Cluster Operator nodes + ## + extraEnvVarsCM: "" + ## @param clusterOperator.extraEnvVarsSecret Name of existing Secret containing extra env vars for RabbitMQ Cluster Operator nodes + ## + extraEnvVarsSecret: "" + ## @param clusterOperator.extraVolumes Optionally specify extra list of additional volumes for the RabbitMQ Cluster Operator pod(s) + ## + extraVolumes: [] + ## @param clusterOperator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the RabbitMQ Cluster Operator container(s) + ## + extraVolumeMounts: [] + ## @param clusterOperator.sidecars Add additional sidecar containers to the RabbitMQ Cluster Operator pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param clusterOperator.initContainers Add additional init containers to the RabbitMQ Cluster Operator pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param clusterOperator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param clusterOperator.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) + ## + kubeAPIServerPorts: [443, 6443, 8443] + ## @param clusterOperator.networkPolicy.allowExternal Don't require injector label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## injector label will have network access to the ports injector is listening + ## on. When true, injector will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param clusterOperator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param clusterOperator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param clusterOperator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param clusterOperator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param clusterOperator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## RBAC configuration + ## + rbac: + ## @param clusterOperator.rbac.create Specifies whether RBAC resources should be created + ## + create: true + ## ClusterRole parameters + ## + clusterRole: + ## @param clusterOperator.rbac.clusterRole.customRules Define custom access rules for the ClusterRole + ## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole + ## e.g: + ## customRules: + ## - apiGroups: A list of API groups (e.g., [""], ["apps"]). + ## - resources: A list of resource names (e.g., ["configmaps", "pods"]). + ## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]). + customRules: [] + ## @param clusterOperator.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. + ## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole + ## e.g: + ## extraRules: + ## - apiGroups: A list of API groups (e.g., [""], ["apps"]). + ## - resources: A list of resource names (e.g., ["configmaps", "pods"]). + ## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]). + extraRules: [] + ## ServiceAccount configuration + ## + serviceAccount: + ## @param clusterOperator.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param clusterOperator.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param clusterOperator.serviceAccount.annotations Add annotations + ## + annotations: {} + ## @param clusterOperator.serviceAccount.automountServiceAccountToken Automount API credentials for a service account. + ## + automountServiceAccountToken: false + ## @section RabbitMQ Cluster Operator Metrics parameters + ## + metrics: + ## Metrics service parameters + ## + service: + ## @param clusterOperator.metrics.service.enabled Create a service for accessing the metrics endpoint + ## + enabled: false + ## @param clusterOperator.metrics.service.type RabbitMQ Cluster Operator metrics service type + ## + type: ClusterIP + ## @param clusterOperator.metrics.service.ports.http RabbitMQ Cluster Operator metrics service HTTP port + ## + ports: + http: 80 + ## Node ports to expose + ## @param clusterOperator.metrics.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param clusterOperator.metrics.service.clusterIP RabbitMQ Cluster Operator metrics service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param clusterOperator.metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param clusterOperator.metrics.service.loadBalancerIP RabbitMQ Cluster Operator metrics service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param clusterOperator.metrics.service.loadBalancerSourceRanges RabbitMQ Cluster Operator metrics service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param clusterOperator.metrics.service.externalTrafficPolicy RabbitMQ Cluster Operator metrics service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param clusterOperator.metrics.service.annotations [object] Additional custom annotations for RabbitMQ Cluster Operator metrics service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.clusterOperator.metrics.service.ports.http }}" + ## @param clusterOperator.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param clusterOperator.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + serviceMonitor: + ## @param clusterOperator.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator + ## + enabled: false + ## @param clusterOperator.metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## e.g: + ## namespace: monitoring + ## + namespace: "" + ## @param clusterOperator.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator + ## + jobLabel: app.kubernetes.io/name + ## @param clusterOperator.metrics.serviceMonitor.honorLabels Honor metrics labels + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + honorLabels: false + ## @param clusterOperator.metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param clusterOperator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param clusterOperator.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used + ## + interval: "" + ## DEPRECATED: Use clusterOperator.metrics.serviceMonitor.labels instead + ## This value will be removed in a future release + ## additionalLabels: {} + + ## @param clusterOperator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param clusterOperator.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param clusterOperator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param clusterOperator.metrics.serviceMonitor.path Define the path used by ServiceMonitor to scrap metrics + ## Could be /metrics for aggregated metrics or /metrics/per-object for more details + ## + path: "" + ## @param clusterOperator.metrics.serviceMonitor.params Define the HTTP URL parameters used by ServiceMonitor + ## + params: {} + podMonitor: + ## @param clusterOperator.metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param clusterOperator.metrics.podMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator + ## + jobLabel: app.kubernetes.io/name + ## @param clusterOperator.metrics.podMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param clusterOperator.metrics.podMonitor.honorLabels Honor metrics labels + ## + honorLabels: false + ## @param clusterOperator.metrics.podMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + selector: {} + ## @param clusterOperator.metrics.podMonitor.interval Specify the interval at which metrics should be scraped + ## + interval: 30s + ## @param clusterOperator.metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## + scrapeTimeout: 30s + ## @param clusterOperator.metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus + ## + additionalLabels: {} + ## @param clusterOperator.metrics.podMonitor.path Define HTTP path to scrape for metrics. + ## + path: "" + ## @param clusterOperator.metrics.podMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param clusterOperator.metrics.podMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param clusterOperator.metrics.podMonitor.params Define the HTTP URL parameters used by PodMonitor + ## + params: {} +## @section RabbitMQ Messaging Topology Operator Parameters +## +msgTopologyOperator: + ## @param msgTopologyOperator.enabled Deploy RabbitMQ Messaging Topology Operator as part of the installation + ## + enabled: true + ## Bitnami RabbitMQ Messaging Topology Operator image + ## ref: https://hub.docker.com/r/bitnami/rmq-messaging-topology-operator/tags/ + ## @param msgTopologyOperator.image.registry [default: REGISTRY_NAME] RabbitMQ Messaging Topology Operator image registry + ## @param msgTopologyOperator.image.repository [default: REPOSITORY_NAME/rmq-messaging-topology-operator] RabbitMQ Messaging Topology Operator image repository + ## @skip msgTopologyOperator.image.tag RabbitMQ Messaging Topology Operator image tag (immutable tags are recommended) + ## @param msgTopologyOperator.image.digest RabbitMQ Messaging Topology Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param msgTopologyOperator.image.pullPolicy RabbitMQ Messaging Topology Operator image pull policy + ## @param msgTopologyOperator.image.pullSecrets RabbitMQ Messaging Topology Operator image pull secrets + ## + image: + registry: docker.io + repository: bitnami/rmq-messaging-topology-operator + tag: 1.13.0-debian-12-r7 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param msgTopologyOperator.watchAllNamespaces Watch for resources in all namespaces + ## + watchAllNamespaces: true + ## @param msgTopologyOperator.watchNamespaces [array] Watch for resources in the given namespaces ## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true) + ## + watchNamespaces: [] + ## @param msgTopologyOperator.replicaCount Number of RabbitMQ Messaging Topology Operator replicas to deploy + ## + replicaCount: 1 + ## @param msgTopologyOperator.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## The value is evaluated as a template + ## + topologySpreadConstraints: [] + ## @param msgTopologyOperator.schedulerName Alternative scheduler + ## + schedulerName: "" + ## @param msgTopologyOperator.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param msgTopologyOperator.hostNetwork Boolean + ## + hostNetwork: "false" + ## @param msgTopologyOperator.dnsPolicy Alternative DNS policy + ## + dnsPolicy: "ClusterFirst" + ## Configure extra options for RabbitMQ Messaging Topology Operator containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param msgTopologyOperator.livenessProbe.enabled Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes + ## @param msgTopologyOperator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param msgTopologyOperator.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param msgTopologyOperator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param msgTopologyOperator.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param msgTopologyOperator.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param msgTopologyOperator.readinessProbe.enabled Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes + ## @param msgTopologyOperator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param msgTopologyOperator.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param msgTopologyOperator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param msgTopologyOperator.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param msgTopologyOperator.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param msgTopologyOperator.startupProbe.enabled Enable startupProbe on RabbitMQ Messaging Topology Operator nodes + ## @param msgTopologyOperator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param msgTopologyOperator.startupProbe.periodSeconds Period seconds for startupProbe + ## @param msgTopologyOperator.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param msgTopologyOperator.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param msgTopologyOperator.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param msgTopologyOperator.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param msgTopologyOperator.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param msgTopologyOperator.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param msgTopologyOperator.existingWebhookCertSecret name of a secret containing the certificates (use it to avoid certManager creating one) + ## + existingWebhookCertSecret: "" + ## @param msgTopologyOperator.existingWebhookCertCABundle PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false) + ## + existingWebhookCertCABundle: "" + ## RabbitMQ Messaging Topology Operator resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param msgTopologyOperator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if msgTopologyOperator.resources is set (msgTopologyOperator.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param msgTopologyOperator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param msgTopologyOperator.podSecurityContext.enabled Enabled RabbitMQ Messaging Topology Operator pods' Security Context + ## @param msgTopologyOperator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param msgTopologyOperator.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param msgTopologyOperator.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param msgTopologyOperator.podSecurityContext.fsGroup Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param msgTopologyOperator.containerSecurityContext.enabled Enabled containers' Security Context + ## @param msgTopologyOperator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param msgTopologyOperator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param msgTopologyOperator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param msgTopologyOperator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param msgTopologyOperator.containerSecurityContext.privileged Set container's Security Context privileged + ## @param msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param msgTopologyOperator.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param msgTopologyOperator.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param msgTopologyOperator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## @param msgTopologyOperator.fullnameOverride String to fully override rmqco.msgTopologyOperator.fullname template + ## + fullnameOverride: "" + ## @param msgTopologyOperator.command Override default container command (useful when using custom images) + ## + command: [] + ## @param msgTopologyOperator.args Override default container args (useful when using custom images) + ## + args: [] + ## @param msgTopologyOperator.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: true + ## @param msgTopologyOperator.hostAliases RabbitMQ Messaging Topology Operator pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param msgTopologyOperator.podLabels Extra labels for RabbitMQ Messaging Topology Operator pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param msgTopologyOperator.podAnnotations Annotations for RabbitMQ Messaging Topology Operator pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param msgTopologyOperator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param msgTopologyOperator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param msgTopologyOperator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param msgTopologyOperator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param msgTopologyOperator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param msgTopologyOperator.affinity Affinity for RabbitMQ Messaging Topology Operator pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param msgTopologyOperator.nodeSelector Node labels for RabbitMQ Messaging Topology Operator pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param msgTopologyOperator.tolerations Tolerations for RabbitMQ Messaging Topology Operator pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param msgTopologyOperator.updateStrategy.type RabbitMQ Messaging Topology Operator statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## @param msgTopologyOperator.priorityClassName RabbitMQ Messaging Topology Operator pods' priorityClassName + ## + priorityClassName: "" + ## @param msgTopologyOperator.lifecycleHooks for the RabbitMQ Messaging Topology Operator container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param msgTopologyOperator.containerPorts.metrics RabbitMQ Messaging Topology Operator container port (used for metrics) + ## + containerPorts: + metrics: 8080 + ## @param msgTopologyOperator.extraEnvVars Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param msgTopologyOperator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes + ## + extraEnvVarsCM: "" + ## @param msgTopologyOperator.extraEnvVarsSecret Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes + ## + extraEnvVarsSecret: "" + ## @param msgTopologyOperator.extraVolumes Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s) + ## + extraVolumes: [] + ## @param msgTopologyOperator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s) + ## + extraVolumeMounts: [] + ## @param msgTopologyOperator.sidecars Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param msgTopologyOperator.initContainers Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Webhook service parameters + ## + service: + ## @param msgTopologyOperator.service.type RabbitMQ Messaging Topology Operator webhook service type + ## + type: ClusterIP + ## @param msgTopologyOperator.service.ports.webhook RabbitMQ Messaging Topology Operator webhook service HTTP port + ## + ports: + webhook: 443 + ## Node ports to expose + ## @param msgTopologyOperator.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param msgTopologyOperator.service.clusterIP RabbitMQ Messaging Topology Operator webhook service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param msgTopologyOperator.service.loadBalancerIP RabbitMQ Messaging Topology Operator webhook service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param msgTopologyOperator.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param msgTopologyOperator.service.loadBalancerSourceRanges RabbitMQ Messaging Topology Operator webhook service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param msgTopologyOperator.service.externalTrafficPolicy RabbitMQ Messaging Topology Operator webhook service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param msgTopologyOperator.service.annotations Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service + ## + annotations: {} + ## @param msgTopologyOperator.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param msgTopologyOperator.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param msgTopologyOperator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param msgTopologyOperator.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) + ## + kubeAPIServerPorts: [443, 6443, 8443] + ## @param msgTopologyOperator.networkPolicy.allowExternal Don't require injector label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## injector label will have network access to the ports injector is listening + ## on. When true, injector will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param msgTopologyOperator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param msgTopologyOperator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param msgTopologyOperator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param msgTopologyOperator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param msgTopologyOperator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## RBAC configuration + ## + rbac: + ## @param msgTopologyOperator.rbac.create Specifies whether RBAC resources should be created + ## + create: true + ## ClusterRole parameters + ## + clusterRole: + ## @param msgTopologyOperator.rbac.clusterRole.customRules Define custom access rules for the ClusterRole + ## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole + ## e.g: + ## customRules: + ## - apiGroups: A list of API groups (e.g., [""], ["apps"]). + ## - resources: A list of resource names (e.g., ["configmaps", "pods"]). + ## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]). + customRules: [] + ## @param msgTopologyOperator.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. + ## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole + ## e.g: + ## extraRules: + ## - apiGroups: A list of API groups (e.g., [""], ["apps"]). + ## - resources: A list of resource names (e.g., ["configmaps", "pods"]). + ## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]). + extraRules: [] + ## ServiceAccount configuration + ## + serviceAccount: + ## @param msgTopologyOperator.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param msgTopologyOperator.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param msgTopologyOperator.serviceAccount.annotations Add annotations + ## + annotations: {} + ## @param msgTopologyOperator.serviceAccount.automountServiceAccountToken Automount API credentials for a service account. + ## + automountServiceAccountToken: false + ## @section RabbitMQ Messaging Topology Operator parameters + ## + metrics: + ## Metrics service parameters + ## + service: + ## @param msgTopologyOperator.metrics.service.enabled Create a service for accessing the metrics endpoint + ## + enabled: false + ## @param msgTopologyOperator.metrics.service.type RabbitMQ Cluster Operator metrics service type + ## + type: ClusterIP + ## @param msgTopologyOperator.metrics.service.ports.http RabbitMQ Cluster Operator metrics service HTTP port + ## + ports: + http: 80 + ## Node ports to expose + ## @param msgTopologyOperator.metrics.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param msgTopologyOperator.metrics.service.clusterIP RabbitMQ Cluster Operator metrics service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param msgTopologyOperator.metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param msgTopologyOperator.metrics.service.loadBalancerIP RabbitMQ Cluster Operator metrics service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param msgTopologyOperator.metrics.service.loadBalancerSourceRanges RabbitMQ Cluster Operator metrics service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param msgTopologyOperator.metrics.service.externalTrafficPolicy RabbitMQ Cluster Operator metrics service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param msgTopologyOperator.metrics.service.annotations [object] Additional custom annotations for RabbitMQ Cluster Operator metrics service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.msgTopologyOperator.metrics.service.ports.http }}" + ## @param msgTopologyOperator.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param msgTopologyOperator.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + serviceMonitor: + ## @param msgTopologyOperator.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator + ## + enabled: false + ## @param msgTopologyOperator.metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## e.g: + ## namespace: monitoring + ## + namespace: "" + ## @param msgTopologyOperator.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator + ## + jobLabel: app.kubernetes.io/name + ## DEPRECATED: Use msgTopologyOperator.metrics.serviceMonitor.labels instead. + ## This value will be removed in a future release + ## additionalLabels: {} + + ## @param msgTopologyOperator.metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param msgTopologyOperator.metrics.serviceMonitor.honorLabels Honor metrics labels + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + honorLabels: false + ## @param msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param msgTopologyOperator.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used + ## + interval: "" + ## @param msgTopologyOperator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param msgTopologyOperator.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param msgTopologyOperator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + podMonitor: + ## @param msgTopologyOperator.metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param msgTopologyOperator.metrics.podMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator + ## + jobLabel: app.kubernetes.io/name + ## @param msgTopologyOperator.metrics.podMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param msgTopologyOperator.metrics.podMonitor.honorLabels Honor metrics labels + ## + honorLabels: false + ## @param msgTopologyOperator.metrics.podMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + selector: {} + ## @param msgTopologyOperator.metrics.podMonitor.interval Specify the interval at which metrics should be scraped + ## + interval: 30s + ## @param msgTopologyOperator.metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## + scrapeTimeout: 30s + ## @param msgTopologyOperator.metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus + ## + additionalLabels: {} + ## @param msgTopologyOperator.metrics.podMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param msgTopologyOperator.metrics.podMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] +## @section cert-manager parameters +## + +## @param useCertManager Deploy cert-manager objects (Issuer and Certificate) for webhooks +## +useCertManager: false diff --git a/charts/rabbitmq/.helmignore b/charts/rabbitmq/.helmignore index fb56657ab4..207983f368 100644 --- a/charts/rabbitmq/.helmignore +++ b/charts/rabbitmq/.helmignore @@ -21,3 +21,5 @@ *.tmproj # img folder img/ +# Changelog +CHANGELOG.md diff --git a/charts/rabbitmq/Chart.yaml b/charts/rabbitmq/Chart.yaml index c7bd964638..911609c2a4 100644 --- a/charts/rabbitmq/Chart.yaml +++ b/charts/rabbitmq/Chart.yaml @@ -1,27 +1,24 @@ annotations: category: Infrastructure images: | - - name: rabbitmq - image: docker.io/bitnami/rabbitmq:3.12.13-debian-12-r2 - name: rabbitmq-cluster-operator - image: docker.io/bitnami/rabbitmq-cluster-operator:2.7.0-debian-12-r8 + image: adeptiainc/adeptia-connect-rabbitmq-cluster-operator:4.6_beta + - name: rabbitmq + image: adeptiainc/adeptia-connect-rabbitmq:4.6_beta - name: rmq-default-credential-updater - image: docker.io/bitnami/rmq-default-credential-updater:1.0.4-debian-12-r14 + image: adeptiainc/adeptia-connect-rabbitmq-default-credential-updater:4.6_beta - name: rmq-messaging-topology-operator - image: docker.io/bitnami/rmq-messaging-topology-operator:1.13.0-debian-12-r7 + image: adeptiainc/adeptia-connect-rabbitmq-messaging-topology-operator:4.6_beta licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.7.0 +appVersion: 2.12.1 dependencies: - name: common - repository: oci://registry-1.docker.io/bitnamicharts - tags: - - bitnami-common + repository: "" version: 2.x.x description: The RabbitMQ Cluster Kubernetes Operator automates provisioning, management, and operations of RabbitMQ clusters running on Kubernetes. -home: https://bitnami.com -icon: https://bitnami.com/assets/stacks/rabbitmq-cluster-operator/img/rabbitmq-cluster-operator-stack-220x234.png +home: https://adeptia.com keywords: - rabbitmq - operator @@ -30,9 +27,9 @@ keywords: - AMQP kubeVersion: '>= 1.19.0-0' maintainers: -- name: VMware, Inc. - url: https://github.com/bitnami/charts +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/adeptia/rabbitmq-cluster-operator-helm name: rabbitmq-cluster-operator sources: -- https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq-cluster-operator -version: 3.20.1 +- https://github.com/adeptia/rabbitmq-cluster-operator-helm +version: 4.6.81 diff --git a/charts/rabbitmq/README.md b/charts/rabbitmq/README.md index 55704202ca..729cc5ca8b 100644 --- a/charts/rabbitmq/README.md +++ b/charts/rabbitmq/README.md @@ -1,28 +1,25 @@ -# Bitnami package for RabbitMQ Cluster Operator +# Package for RabbitMQ Cluster Operator The RabbitMQ Cluster Kubernetes Operator automates provisioning, management, and operations of RabbitMQ clusters running on Kubernetes. [Overview of RabbitMQ Cluster Operator](https://github.com/rabbitmq/cluster-operator) -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. ## TL;DR ```console -helm install my-release oci://registry-1.docker.io/bitnamicharts/rabbitmq-cluster-operator -``` +helm repo add rabbitmq-cluster-operator https://adeptia.github.io/rabbitmq-cluster-operator-helm-package/charts/ -Looking to use RabbitMQ Cluster Operator in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +helm install my-rabbitmq-cluster-operator rabbitmq-cluster-operator/rabbitmq-cluster-operator --version 4.6.81 +``` ## Introduction -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - This chart bootstraps a [RabbitMQ Cluster Operator](https://www.rabbitmq.com/kubernetes/operator/operator-overview.html) Deployment in a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +RabbitMQ charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. ## Prerequisites @@ -38,7 +35,7 @@ To install the chart with the release name `my-release`: helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/rabbitmq-cluster-operator ``` -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Adeptia, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=adeptiacharts`. The command deploy the RabbitMQ Cluster Kubernetes Operator on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -54,31 +51,9 @@ helm delete my-release The command removes all the Kubernetes components associated with the chart and deletes the release. -## Differences between the Bitnami RabbitMQ chart and the Bitnami RabbitMQ Operator chart - -In the Bitnami catalog we offer both the *bitnami/rabbitmq* and *bitnami/rabbitmq-operator* charts. Each solution covers different needs and use cases. - -The *bitnami/rabbitmq* chart deploys a single RabbitMQ installation using a Kubernetes StatefulSet object (together with Services, PVCs, ConfigMaps, etc.). The figure below shows the deployed objects in the cluster after executing *helm install*: - -```text - +--------------+ +-----+ - | | | | - Service | RabbitMQ +<------------+ PVC | -<-------------------+ | | | - | StatefulSet | +-----+ - | | - +-----------+--+ - ^ +------------+ - | | | - +----------------+ Configmaps | - | Secrets | - +------------+ - -``` - -Its lifecycle is managed using Helm and, at the RabbitMQ container level, the following operations are automated: persistence management, configuration based on environment variables and plugin initialization. The StatefulSet do not require any ServiceAccounts with special RBAC privileges so this solution would fit better in more restricted Kubernetes installations. +## RabbitMQ Operator chart -The *bitnami/rabbitmq-operator* chart deploys a RabbitMQ Operator installation using a Kubernetes Deployment. The figure below shows the RabbitMQ operator deployment after executing *helm install*: +The *rabbitmq-operator* chart deploys a RabbitMQ Operator installation using a Kubernetes Deployment. The figure below shows the RabbitMQ operator deployment after executing *helm install*: ```text +--------------------+ @@ -130,18 +105,20 @@ The operator will extend the Kubernetes API with the following object: *Rabbitmq ``` -This solution allows to easily deploy multiple RabbitMQ instances compared to the *bitnami/rabbitmq* chart. As the operator automatically deploys RabbitMQ installations, the RabbitMQ Operator pods will require a ServiceAccount with privileges to create and destroy multiple Kubernetes objects. This may be problematic for Kubernetes clusters with strict role-based access policies. +As the operator automatically deploys RabbitMQ installations, the RabbitMQ Operator pods will require a ServiceAccount with privileges to create and destroy multiple Kubernetes objects. This may be problematic for Kubernetes clusters with strict role-based access policies. ## Parameters ### Global parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | ### Common parameters @@ -158,105 +135,109 @@ This solution allows to easily deploy multiple RabbitMQ instances compared to th ### RabbitMQ Cluster Operator Parameters -| Name | Description | Value | -| ------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------ | -| `rabbitmqImage.registry` | RabbitMQ Image registry | `REGISTRY_NAME` | -| `rabbitmqImage.repository` | RabbitMQ Image repository | `REPOSITORY_NAME/rabbitmq` | -| `rabbitmqImage.digest` | RabbitMQ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `rabbitmqImage.pullSecrets` | RabbitMQ Image pull secrets | `[]` | -| `credentialUpdaterImage.registry` | RabbitMQ Default User Credential Updater image registry | `REGISTRY_NAME` | -| `credentialUpdaterImage.repository` | RabbitMQ Default User Credential Updater image repository | `REPOSITORY_NAME/rmq-default-credential-updater` | -| `credentialUpdaterImage.digest` | RabbitMQ Default User Credential Updater image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `credentialUpdaterImage.pullSecrets` | RabbitMQ Default User Credential Updater image pull secrets | `[]` | -| `clusterOperator.image.registry` | RabbitMQ Cluster Operator image registry | `REGISTRY_NAME` | -| `clusterOperator.image.repository` | RabbitMQ Cluster Operator image repository | `REPOSITORY_NAME/rabbitmq-cluster-operator` | -| `clusterOperator.image.digest` | RabbitMQ Cluster Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `clusterOperator.image.pullPolicy` | RabbitMQ Cluster Operator image pull policy | `IfNotPresent` | -| `clusterOperator.image.pullSecrets` | RabbitMQ Cluster Operator image pull secrets | `[]` | -| `clusterOperator.watchAllNamespaces` | Watch for resources in all namespaces | `true` | -| `clusterOperator.watchNamespaces` | Watch for resources in the given namespaces (ignored if watchAllNamespaces=true) | `[]` | -| `clusterOperator.replicaCount` | Number of RabbitMQ Cluster Operator replicas to deploy | `1` | -| `clusterOperator.schedulerName` | Alternative scheduler | `""` | -| `clusterOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `clusterOperator.terminationGracePeriodSeconds` | In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully | `""` | -| `clusterOperator.livenessProbe.enabled` | Enable livenessProbe on RabbitMQ Cluster Operator nodes | `true` | -| `clusterOperator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `clusterOperator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `clusterOperator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `clusterOperator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `clusterOperator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `clusterOperator.readinessProbe.enabled` | Enable readinessProbe on RabbitMQ Cluster Operator nodes | `true` | -| `clusterOperator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `clusterOperator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | -| `clusterOperator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `clusterOperator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `clusterOperator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `clusterOperator.startupProbe.enabled` | Enable startupProbe on RabbitMQ Cluster Operator nodes | `false` | -| `clusterOperator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `clusterOperator.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | -| `clusterOperator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `clusterOperator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `clusterOperator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `clusterOperator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `clusterOperator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `clusterOperator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `clusterOperator.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if clusterOperator.resources is set (clusterOperator.resources is recommended for production). | `none` | -| `clusterOperator.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `clusterOperator.podSecurityContext.enabled` | Enabled RabbitMQ Cluster Operator pods' Security Context | `true` | -| `clusterOperator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `clusterOperator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `clusterOperator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `clusterOperator.podSecurityContext.fsGroup` | Set RabbitMQ Cluster Operator pod's Security Context fsGroup | `1001` | -| `clusterOperator.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `clusterOperator.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `clusterOperator.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `clusterOperator.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `clusterOperator.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `clusterOperator.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `clusterOperator.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `clusterOperator.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `clusterOperator.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `clusterOperator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `clusterOperator.command` | Override default container command (useful when using custom images) | `[]` | -| `clusterOperator.args` | Override default container args (useful when using custom images) | `[]` | -| `clusterOperator.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `clusterOperator.hostAliases` | RabbitMQ Cluster Operator pods host aliases | `[]` | -| `clusterOperator.podLabels` | Extra labels for RabbitMQ Cluster Operator pods | `{}` | -| `clusterOperator.podAnnotations` | Annotations for RabbitMQ Cluster Operator pods | `{}` | -| `clusterOperator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `clusterOperator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `clusterOperator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `clusterOperator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `clusterOperator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `clusterOperator.affinity` | Affinity for RabbitMQ Cluster Operator pods assignment | `{}` | -| `clusterOperator.nodeSelector` | Node labels for RabbitMQ Cluster Operator pods assignment | `{}` | -| `clusterOperator.tolerations` | Tolerations for RabbitMQ Cluster Operator pods assignment | `[]` | -| `clusterOperator.updateStrategy.type` | RabbitMQ Cluster Operator statefulset strategy type | `RollingUpdate` | -| `clusterOperator.priorityClassName` | RabbitMQ Cluster Operator pods' priorityClassName | `""` | -| `clusterOperator.lifecycleHooks` | for the RabbitMQ Cluster Operator container(s) to automate configuration before or after startup | `{}` | -| `clusterOperator.containerPorts.metrics` | RabbitMQ Cluster Operator container port (used for metrics) | `9782` | -| `clusterOperator.extraEnvVars` | Array with extra environment variables to add to RabbitMQ Cluster Operator nodes | `[]` | -| `clusterOperator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for RabbitMQ Cluster Operator nodes | `""` | -| `clusterOperator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for RabbitMQ Cluster Operator nodes | `""` | -| `clusterOperator.extraVolumes` | Optionally specify extra list of additional volumes for the RabbitMQ Cluster Operator pod(s) | `[]` | -| `clusterOperator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the RabbitMQ Cluster Operator container(s) | `[]` | -| `clusterOperator.sidecars` | Add additional sidecar containers to the RabbitMQ Cluster Operator pod(s) | `[]` | -| `clusterOperator.initContainers` | Add additional init containers to the RabbitMQ Cluster Operator pod(s) | `[]` | -| `clusterOperator.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `clusterOperator.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `clusterOperator.networkPolicy.allowExternal` | Don't require injector label for connections | `true` | -| `clusterOperator.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `clusterOperator.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `clusterOperator.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `clusterOperator.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `clusterOperator.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `clusterOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `clusterOperator.rbac.clusterRole.customRules` | Define custom access rules for the ClusterRole | `[]` | -| `clusterOperator.rbac.clusterRole.extraRules` | Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. | `[]` | -| `clusterOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `clusterOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `clusterOperator.serviceAccount.annotations` | Add annotations | `{}` | -| `clusterOperator.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | +| Name | Description | Value | +| ------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------ | +| `rabbitmqImage.registry` | RabbitMQ Image registry | `REGISTRY_NAME` | +| `rabbitmqImage.repository` | RabbitMQ Image repository | `REPOSITORY_NAME/rabbitmq` | +| `rabbitmqImage.digest` | RabbitMQ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `rabbitmqImage.pullSecrets` | RabbitMQ Image pull secrets | `[]` | +| `credentialUpdaterImage.registry` | RabbitMQ Default User Credential Updater image registry | `REGISTRY_NAME` | +| `credentialUpdaterImage.repository` | RabbitMQ Default User Credential Updater image repository | `REPOSITORY_NAME/rmq-default-credential-updater` | +| `credentialUpdaterImage.digest` | RabbitMQ Default User Credential Updater image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `credentialUpdaterImage.pullSecrets` | RabbitMQ Default User Credential Updater image pull secrets | `[]` | +| `clusterOperator.image.registry` | RabbitMQ Cluster Operator image registry | `REGISTRY_NAME` | +| `clusterOperator.image.repository` | RabbitMQ Cluster Operator image repository | `REPOSITORY_NAME/rabbitmq-cluster-operator` | +| `clusterOperator.image.digest` | RabbitMQ Cluster Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `clusterOperator.image.pullPolicy` | RabbitMQ Cluster Operator image pull policy | `IfNotPresent` | +| `clusterOperator.image.pullSecrets` | RabbitMQ Cluster Operator image pull secrets | `[]` | +| `clusterOperator.revisionHistoryLimit` | sets number of replicaset to keep in k8s | `10` | +| `clusterOperator.watchAllNamespaces` | Watch for resources in all namespaces | `true` | +| `clusterOperator.watchNamespaces` | Watch for resources in the given namespaces (ignored if watchAllNamespaces=true) | `[]` | +| `clusterOperator.replicaCount` | Number of RabbitMQ Cluster Operator replicas to deploy | `1` | +| `clusterOperator.schedulerName` | Alternative scheduler | `""` | +| `clusterOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `clusterOperator.terminationGracePeriodSeconds` | In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully | `""` | +| `clusterOperator.livenessProbe.enabled` | Enable livenessProbe on RabbitMQ Cluster Operator nodes | `true` | +| `clusterOperator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `clusterOperator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `clusterOperator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `clusterOperator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `clusterOperator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `clusterOperator.readinessProbe.enabled` | Enable readinessProbe on RabbitMQ Cluster Operator nodes | `true` | +| `clusterOperator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `clusterOperator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `clusterOperator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `clusterOperator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `clusterOperator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `clusterOperator.startupProbe.enabled` | Enable startupProbe on RabbitMQ Cluster Operator nodes | `false` | +| `clusterOperator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `clusterOperator.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | +| `clusterOperator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `clusterOperator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `clusterOperator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `clusterOperator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `clusterOperator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `clusterOperator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `clusterOperator.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if clusterOperator.resources is set (clusterOperator.resources is recommended for production). | `nano` | +| `clusterOperator.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `clusterOperator.pdb.create` | Enable a Pod Disruption Budget creation | `true` | +| `clusterOperator.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `clusterOperator.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `clusterOperator.podSecurityContext.enabled` | Enabled RabbitMQ Cluster Operator pods' Security Context | `true` | +| `clusterOperator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `clusterOperator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `clusterOperator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `clusterOperator.podSecurityContext.fsGroup` | Set RabbitMQ Cluster Operator pod's Security Context fsGroup | `1001` | +| `clusterOperator.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `clusterOperator.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `clusterOperator.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `clusterOperator.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `clusterOperator.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `clusterOperator.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `clusterOperator.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `clusterOperator.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `clusterOperator.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `clusterOperator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `clusterOperator.command` | Override default container command (useful when using custom images) | `[]` | +| `clusterOperator.args` | Override default container args (useful when using custom images) | `[]` | +| `clusterOperator.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `clusterOperator.hostAliases` | RabbitMQ Cluster Operator pods host aliases | `[]` | +| `clusterOperator.podLabels` | Extra labels for RabbitMQ Cluster Operator pods | `{}` | +| `clusterOperator.podAnnotations` | Annotations for RabbitMQ Cluster Operator pods | `{}` | +| `clusterOperator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `clusterOperator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `clusterOperator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `clusterOperator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `clusterOperator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `clusterOperator.affinity` | Affinity for RabbitMQ Cluster Operator pods assignment | `{}` | +| `clusterOperator.nodeSelector` | Node labels for RabbitMQ Cluster Operator pods assignment | `{}` | +| `clusterOperator.tolerations` | Tolerations for RabbitMQ Cluster Operator pods assignment | `[]` | +| `clusterOperator.updateStrategy.type` | RabbitMQ Cluster Operator statefulset strategy type | `RollingUpdate` | +| `clusterOperator.priorityClassName` | RabbitMQ Cluster Operator pods' priorityClassName | `""` | +| `clusterOperator.lifecycleHooks` | for the RabbitMQ Cluster Operator container(s) to automate configuration before or after startup | `{}` | +| `clusterOperator.containerPorts.metrics` | RabbitMQ Cluster Operator container port (used for metrics) | `9782` | +| `clusterOperator.extraEnvVars` | Array with extra environment variables to add to RabbitMQ Cluster Operator nodes | `[]` | +| `clusterOperator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for RabbitMQ Cluster Operator nodes | `""` | +| `clusterOperator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for RabbitMQ Cluster Operator nodes | `""` | +| `clusterOperator.extraVolumes` | Optionally specify extra list of additional volumes for the RabbitMQ Cluster Operator pod(s) | `[]` | +| `clusterOperator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the RabbitMQ Cluster Operator container(s) | `[]` | +| `clusterOperator.sidecars` | Add additional sidecar containers to the RabbitMQ Cluster Operator pod(s) | `[]` | +| `clusterOperator.initContainers` | Add additional init containers to the RabbitMQ Cluster Operator pod(s) | `[]` | +| `clusterOperator.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `clusterOperator.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `clusterOperator.networkPolicy.allowExternal` | Don't require injector label for connections | `true` | +| `clusterOperator.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `clusterOperator.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `clusterOperator.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `clusterOperator.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `clusterOperator.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `clusterOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `clusterOperator.rbac.clusterRole.customRules` | Define custom access rules for the ClusterRole | `[]` | +| `clusterOperator.rbac.clusterRole.extraRules` | Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. | `[]` | +| `clusterOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `clusterOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `clusterOperator.serviceAccount.annotations` | Add annotations | `{}` | +| `clusterOperator.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | ### RabbitMQ Cluster Operator Metrics parameters @@ -301,114 +282,119 @@ This solution allows to easily deploy multiple RabbitMQ instances compared to th ### RabbitMQ Messaging Topology Operator Parameters -| Name | Description | Value | -| ----------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | -| `msgTopologyOperator.enabled` | Deploy RabbitMQ Messaging Topology Operator as part of the installation | `true` | -| `msgTopologyOperator.image.registry` | RabbitMQ Messaging Topology Operator image registry | `REGISTRY_NAME` | -| `msgTopologyOperator.image.repository` | RabbitMQ Messaging Topology Operator image repository | `REPOSITORY_NAME/rmq-messaging-topology-operator` | -| `msgTopologyOperator.image.digest` | RabbitMQ Messaging Topology Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `msgTopologyOperator.image.pullPolicy` | RabbitMQ Messaging Topology Operator image pull policy | `IfNotPresent` | -| `msgTopologyOperator.image.pullSecrets` | RabbitMQ Messaging Topology Operator image pull secrets | `[]` | -| `msgTopologyOperator.watchAllNamespaces` | Watch for resources in all namespaces | `true` | -| `msgTopologyOperator.watchNamespaces` | Watch for resources in the given namespaces ## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true) | `[]` | -| `msgTopologyOperator.replicaCount` | Number of RabbitMQ Messaging Topology Operator replicas to deploy | `1` | -| `msgTopologyOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `msgTopologyOperator.schedulerName` | Alternative scheduler | `""` | -| `msgTopologyOperator.terminationGracePeriodSeconds` | In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully | `""` | -| `msgTopologyOperator.hostNetwork` | Boolean | `false` | -| `msgTopologyOperator.dnsPolicy` | Alternative DNS policy | `ClusterFirst` | -| `msgTopologyOperator.livenessProbe.enabled` | Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes | `true` | -| `msgTopologyOperator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `msgTopologyOperator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `msgTopologyOperator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `msgTopologyOperator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `msgTopologyOperator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `msgTopologyOperator.readinessProbe.enabled` | Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes | `true` | -| `msgTopologyOperator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `msgTopologyOperator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | -| `msgTopologyOperator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `msgTopologyOperator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `msgTopologyOperator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `msgTopologyOperator.startupProbe.enabled` | Enable startupProbe on RabbitMQ Messaging Topology Operator nodes | `false` | -| `msgTopologyOperator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `msgTopologyOperator.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | -| `msgTopologyOperator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `msgTopologyOperator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `msgTopologyOperator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `msgTopologyOperator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `msgTopologyOperator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `msgTopologyOperator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `msgTopologyOperator.existingWebhookCertSecret` | name of a secret containing the certificates (use it to avoid certManager creating one) | `""` | -| `msgTopologyOperator.existingWebhookCertCABundle` | PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false) | `""` | -| `msgTopologyOperator.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if msgTopologyOperator.resources is set (msgTopologyOperator.resources is recommended for production). | `none` | -| `msgTopologyOperator.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `msgTopologyOperator.podSecurityContext.enabled` | Enabled RabbitMQ Messaging Topology Operator pods' Security Context | `true` | -| `msgTopologyOperator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `msgTopologyOperator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `msgTopologyOperator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `msgTopologyOperator.podSecurityContext.fsGroup` | Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup | `1001` | -| `msgTopologyOperator.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `msgTopologyOperator.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `msgTopologyOperator.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `msgTopologyOperator.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `msgTopologyOperator.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `msgTopologyOperator.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | -| `msgTopologyOperator.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `msgTopologyOperator.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `msgTopologyOperator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `msgTopologyOperator.fullnameOverride` | String to fully override rmqco.msgTopologyOperator.fullname template | `""` | -| `msgTopologyOperator.command` | Override default container command (useful when using custom images) | `[]` | -| `msgTopologyOperator.args` | Override default container args (useful when using custom images) | `[]` | -| `msgTopologyOperator.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `msgTopologyOperator.hostAliases` | RabbitMQ Messaging Topology Operator pods host aliases | `[]` | -| `msgTopologyOperator.podLabels` | Extra labels for RabbitMQ Messaging Topology Operator pods | `{}` | -| `msgTopologyOperator.podAnnotations` | Annotations for RabbitMQ Messaging Topology Operator pods | `{}` | -| `msgTopologyOperator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `msgTopologyOperator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `msgTopologyOperator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `msgTopologyOperator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `msgTopologyOperator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `msgTopologyOperator.affinity` | Affinity for RabbitMQ Messaging Topology Operator pods assignment | `{}` | -| `msgTopologyOperator.nodeSelector` | Node labels for RabbitMQ Messaging Topology Operator pods assignment | `{}` | -| `msgTopologyOperator.tolerations` | Tolerations for RabbitMQ Messaging Topology Operator pods assignment | `[]` | -| `msgTopologyOperator.updateStrategy.type` | RabbitMQ Messaging Topology Operator statefulset strategy type | `RollingUpdate` | -| `msgTopologyOperator.priorityClassName` | RabbitMQ Messaging Topology Operator pods' priorityClassName | `""` | -| `msgTopologyOperator.lifecycleHooks` | for the RabbitMQ Messaging Topology Operator container(s) to automate configuration before or after startup | `{}` | -| `msgTopologyOperator.containerPorts.metrics` | RabbitMQ Messaging Topology Operator container port (used for metrics) | `8080` | -| `msgTopologyOperator.extraEnvVars` | Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes | `[]` | -| `msgTopologyOperator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` | -| `msgTopologyOperator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` | -| `msgTopologyOperator.extraVolumes` | Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s) | `[]` | -| `msgTopologyOperator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s) | `[]` | -| `msgTopologyOperator.sidecars` | Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` | -| `msgTopologyOperator.initContainers` | Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` | -| `msgTopologyOperator.service.type` | RabbitMQ Messaging Topology Operator webhook service type | `ClusterIP` | -| `msgTopologyOperator.service.ports.webhook` | RabbitMQ Messaging Topology Operator webhook service HTTP port | `443` | -| `msgTopologyOperator.service.nodePorts.http` | Node port for HTTP | `""` | -| `msgTopologyOperator.service.clusterIP` | RabbitMQ Messaging Topology Operator webhook service Cluster IP | `""` | -| `msgTopologyOperator.service.loadBalancerIP` | RabbitMQ Messaging Topology Operator webhook service Load Balancer IP | `""` | -| `msgTopologyOperator.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `msgTopologyOperator.service.loadBalancerSourceRanges` | RabbitMQ Messaging Topology Operator webhook service Load Balancer sources | `[]` | -| `msgTopologyOperator.service.externalTrafficPolicy` | RabbitMQ Messaging Topology Operator webhook service external traffic policy | `Cluster` | -| `msgTopologyOperator.service.annotations` | Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service | `{}` | -| `msgTopologyOperator.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `msgTopologyOperator.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `msgTopologyOperator.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `msgTopologyOperator.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `msgTopologyOperator.networkPolicy.allowExternal` | Don't require injector label for connections | `true` | -| `msgTopologyOperator.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `msgTopologyOperator.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `msgTopologyOperator.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `msgTopologyOperator.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `msgTopologyOperator.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `msgTopologyOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `msgTopologyOperator.rbac.clusterRole.customRules` | Define custom access rules for the ClusterRole | `[]` | -| `msgTopologyOperator.rbac.clusterRole.extraRules` | Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. | `[]` | -| `msgTopologyOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `msgTopologyOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `msgTopologyOperator.serviceAccount.annotations` | Add annotations | `{}` | -| `msgTopologyOperator.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | +| Name | Description | Value | +| ----------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | +| `msgTopologyOperator.enabled` | Deploy RabbitMQ Messaging Topology Operator as part of the installation | `true` | +| `msgTopologyOperator.image.registry` | RabbitMQ Messaging Topology Operator image registry | `REGISTRY_NAME` | +| `msgTopologyOperator.image.repository` | RabbitMQ Messaging Topology Operator image repository | `REPOSITORY_NAME/rmq-messaging-topology-operator` | +| `msgTopologyOperator.image.digest` | RabbitMQ Messaging Topology Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `msgTopologyOperator.image.pullPolicy` | RabbitMQ Messaging Topology Operator image pull policy | `IfNotPresent` | +| `msgTopologyOperator.image.pullSecrets` | RabbitMQ Messaging Topology Operator image pull secrets | `[]` | +| `msgTopologyOperator.revisionHistoryLimit` | sets number of replicaset to keep in k8s | `10` | +| `msgTopologyOperator.watchAllNamespaces` | Watch for resources in all namespaces | `true` | +| `msgTopologyOperator.watchNamespaces` | Watch for resources in the given namespaces ## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true) | `[]` | +| `msgTopologyOperator.replicaCount` | Number of RabbitMQ Messaging Topology Operator replicas to deploy | `1` | +| `msgTopologyOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `msgTopologyOperator.schedulerName` | Alternative scheduler | `""` | +| `msgTopologyOperator.terminationGracePeriodSeconds` | In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully | `""` | +| `msgTopologyOperator.hostNetwork` | Boolean | `false` | +| `msgTopologyOperator.dnsPolicy` | Alternative DNS policy | `ClusterFirst` | +| `msgTopologyOperator.livenessProbe.enabled` | Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes | `true` | +| `msgTopologyOperator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `msgTopologyOperator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `msgTopologyOperator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `msgTopologyOperator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `msgTopologyOperator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `msgTopologyOperator.readinessProbe.enabled` | Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes | `true` | +| `msgTopologyOperator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `msgTopologyOperator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `msgTopologyOperator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `msgTopologyOperator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `msgTopologyOperator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `msgTopologyOperator.startupProbe.enabled` | Enable startupProbe on RabbitMQ Messaging Topology Operator nodes | `false` | +| `msgTopologyOperator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `msgTopologyOperator.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | +| `msgTopologyOperator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `msgTopologyOperator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `msgTopologyOperator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `msgTopologyOperator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `msgTopologyOperator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `msgTopologyOperator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `msgTopologyOperator.skipCreateAdmissionWebhookConfig` | skip creation of ValidationWebhookConfiguration | `false` | +| `msgTopologyOperator.existingWebhookCertSecret` | name of a secret containing the certificates (use it to avoid certManager creating one) | `""` | +| `msgTopologyOperator.existingWebhookCertCABundle` | PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false) | `""` | +| `msgTopologyOperator.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if msgTopologyOperator.resources is set (msgTopologyOperator.resources is recommended for production). | `nano` | +| `msgTopologyOperator.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `msgTopologyOperator.pdb.create` | Enable a Pod Disruption Budget creation | `true` | +| `msgTopologyOperator.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `msgTopologyOperator.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `msgTopologyOperator.podSecurityContext.enabled` | Enabled RabbitMQ Messaging Topology Operator pods' Security Context | `true` | +| `msgTopologyOperator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `msgTopologyOperator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `msgTopologyOperator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `msgTopologyOperator.podSecurityContext.fsGroup` | Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup | `1001` | +| `msgTopologyOperator.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `msgTopologyOperator.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `msgTopologyOperator.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `msgTopologyOperator.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `msgTopologyOperator.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `msgTopologyOperator.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `msgTopologyOperator.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `msgTopologyOperator.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `msgTopologyOperator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `msgTopologyOperator.fullnameOverride` | String to fully override rmqco.msgTopologyOperator.fullname template | `""` | +| `msgTopologyOperator.command` | Override default container command (useful when using custom images) | `[]` | +| `msgTopologyOperator.args` | Override default container args (useful when using custom images) | `[]` | +| `msgTopologyOperator.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `msgTopologyOperator.hostAliases` | RabbitMQ Messaging Topology Operator pods host aliases | `[]` | +| `msgTopologyOperator.podLabels` | Extra labels for RabbitMQ Messaging Topology Operator pods | `{}` | +| `msgTopologyOperator.podAnnotations` | Annotations for RabbitMQ Messaging Topology Operator pods | `{}` | +| `msgTopologyOperator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `msgTopologyOperator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `msgTopologyOperator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `msgTopologyOperator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `msgTopologyOperator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `msgTopologyOperator.affinity` | Affinity for RabbitMQ Messaging Topology Operator pods assignment | `{}` | +| `msgTopologyOperator.nodeSelector` | Node labels for RabbitMQ Messaging Topology Operator pods assignment | `{}` | +| `msgTopologyOperator.tolerations` | Tolerations for RabbitMQ Messaging Topology Operator pods assignment | `[]` | +| `msgTopologyOperator.updateStrategy.type` | RabbitMQ Messaging Topology Operator statefulset strategy type | `RollingUpdate` | +| `msgTopologyOperator.priorityClassName` | RabbitMQ Messaging Topology Operator pods' priorityClassName | `""` | +| `msgTopologyOperator.lifecycleHooks` | for the RabbitMQ Messaging Topology Operator container(s) to automate configuration before or after startup | `{}` | +| `msgTopologyOperator.containerPorts.metrics` | RabbitMQ Messaging Topology Operator container port (used for metrics) | `8080` | +| `msgTopologyOperator.extraEnvVars` | Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes | `[]` | +| `msgTopologyOperator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` | +| `msgTopologyOperator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` | +| `msgTopologyOperator.extraVolumes` | Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s) | `[]` | +| `msgTopologyOperator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s) | `[]` | +| `msgTopologyOperator.sidecars` | Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` | +| `msgTopologyOperator.initContainers` | Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` | +| `msgTopologyOperator.service.type` | RabbitMQ Messaging Topology Operator webhook service type | `ClusterIP` | +| `msgTopologyOperator.service.ports.webhook` | RabbitMQ Messaging Topology Operator webhook service HTTP port | `443` | +| `msgTopologyOperator.service.nodePorts.http` | Node port for HTTP | `""` | +| `msgTopologyOperator.service.clusterIP` | RabbitMQ Messaging Topology Operator webhook service Cluster IP | `""` | +| `msgTopologyOperator.service.loadBalancerIP` | RabbitMQ Messaging Topology Operator webhook service Load Balancer IP | `""` | +| `msgTopologyOperator.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `msgTopologyOperator.service.loadBalancerSourceRanges` | RabbitMQ Messaging Topology Operator webhook service Load Balancer sources | `[]` | +| `msgTopologyOperator.service.externalTrafficPolicy` | RabbitMQ Messaging Topology Operator webhook service external traffic policy | `Cluster` | +| `msgTopologyOperator.service.annotations` | Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service | `{}` | +| `msgTopologyOperator.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `msgTopologyOperator.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `msgTopologyOperator.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `msgTopologyOperator.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `msgTopologyOperator.networkPolicy.allowExternal` | Don't require injector label for connections | `true` | +| `msgTopologyOperator.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `msgTopologyOperator.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `msgTopologyOperator.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `msgTopologyOperator.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `msgTopologyOperator.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `msgTopologyOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `msgTopologyOperator.rbac.clusterRole.customRules` | Define custom access rules for the ClusterRole | `[]` | +| `msgTopologyOperator.rbac.clusterRole.extraRules` | Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. | `[]` | +| `msgTopologyOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `msgTopologyOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `msgTopologyOperator.serviceAccount.annotations` | Add annotations | `{}` | +| `msgTopologyOperator.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | ### RabbitMQ Messaging Topology Operator parameters @@ -453,8 +439,6 @@ This solution allows to easily deploy multiple RabbitMQ instances compared to th | ---------------- | ----------------------------------------------------------------- | ------- | | `useCertManager` | Deploy cert-manager objects (Issuer and Certificate) for webhooks | `false` | -The above parameters map to the env variables defined in [bitnami/rabbitmq-cluster-operator](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq-cluster-operator). For more information please refer to the [bitnami/rabbitmq-cluster-operator](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq-cluster-operator) image documentation. - Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console @@ -463,161 +447,9 @@ helm install my-release \ oci://REGISTRY_NAME/REPOSITORY_NAME/rabbitmq-cluster-operator ``` -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The above command disables the Operator liveness probes. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/rabbitmq-cluster-operator -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq-cluster-operator/values.yaml) - -## Configuration and installation details - -### Resource requests and limits - -Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. - -To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). - -### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Additional environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -rabbitmq-cluster-operator: - extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Sidecars - -If additional containers are needed in the same pod as rabbitmq-cluster-operator (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. - -```yaml -sidecars: -- name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: - -```yaml -service: - extraPorts: - - name: extraPort - port: 11311 - targetPort: 11311 -``` - -> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. - -If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). - -### Pod affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -### Deploying extra resources - -There are cases where you may want to deploy extra objects, such your custom *RabbitmqCluster* objects. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. - -For instance, to deploy your custom *RabbitmqCluster* definition, you can install the RabbitMQ Cluster Operator using the values below: - -```yaml -extraDeploy: - - apiVersion: rabbitmq.com/v1beta1 - kind: RabbitmqCluster - metadata: - name: rabbitmq-custom-configuration - spec: - replicas: 1 - rabbitmq: - additionalConfig: | - log.console.level = debug -``` - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### Upgrading CRDs - -By design, the `helm upgrade` command will not upgrade the `CustomResourceDefinition` objects, as stated in their [official documentation](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). This is done to avoid the potential risks of upgrading CRD objects, such as data loss. - -In order to upgrade the CRD objects, perform the following steps: - -- Perform a backup of your running RabbitMQ instances following the [official documentation](https://www.rabbitmq.com/backup.html). - -- Execute the following commands (replace the VERSION placeholder): - -```console -helm fetch bitnami/rabbitmq-cluster-operator --version VERSION -tar xf rabbitmq-cluster-operator-VERSION.tar.gz -kubectl apply -f rabbitmq-cluster-operator/crds -``` - -### To 2.0.0 - -This new version adds the following components: - -- RabbitMQ Messaging Topology Operator: all the settings are inside the `msgTopologyOperator` section. -- RabbitMQ Default User Credential Updater sidecar: this enables Hashicorp Vault integration for all `RabbitMQCluster` instances. -- `cert-manager` subchart: this is necessary for the RabbitMQ Messaging Topology Webhooks to work. - -As a breaking change, all `rabbitmq-cluster-operator` deployment values were moved to the `clusterOperator` section. - -No issues are expected during upgrades. - -### To 1.0.0 - -The CRD was updated according to the latest changes in the upstream project. Thanks to the improvements in the latest changes, the CRD is not templated anymore and can be placed under the `crds` directory following [Helm best practices for CRDS](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/). - -You need to manually delete the old CRD before upgrading the release. - -```console -kubectl delete crd rabbitmqclusters.rabbitmq.com -helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/rabbitmq-cluster-operator -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -629,4 +461,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +limitations under the License. diff --git a/charts/rabbitmq/charts/common/.helmignore b/charts/rabbitmq/charts/common/.helmignore index 7c7c21d659..d0e10845d2 100644 --- a/charts/rabbitmq/charts/common/.helmignore +++ b/charts/rabbitmq/charts/common/.helmignore @@ -22,3 +22,5 @@ .vscode/ # img folder img/ +# Changelog +CHANGELOG.md diff --git a/charts/rabbitmq/charts/common/Chart.yaml b/charts/rabbitmq/charts/common/Chart.yaml index 2acf0cd40a..44f9e0fe5a 100644 --- a/charts/rabbitmq/charts/common/Chart.yaml +++ b/charts/rabbitmq/charts/common/Chart.yaml @@ -2,11 +2,11 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.18.0 +appVersion: 2.30.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com -icon: https://bitnami.com/downloads/logos/bitnami-mark.png +icon: https://dyltqmyl993wv.cloudfront.net/downloads/logos/bitnami-mark.png keywords: - common - helper @@ -14,10 +14,10 @@ keywords: - function - bitnami maintainers: -- name: VMware, Inc. +- name: Broadcom, Inc. All Rights Reserved. url: https://github.com/bitnami/charts name: common sources: -- https://github.com/bitnami/charts +- https://github.com/bitnami/charts/tree/main/bitnami/common type: library -version: 2.18.0 +version: 2.13.3 diff --git a/charts/rabbitmq/charts/common/README.md b/charts/rabbitmq/charts/common/README.md index 0d01a1e064..0e5f649928 100644 --- a/charts/rabbitmq/charts/common/README.md +++ b/charts/rabbitmq/charts/common/README.md @@ -24,7 +24,7 @@ data: myvalue: "Hello World" ``` -Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Introduction @@ -61,7 +61,7 @@ tag: pullPolicy: type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + description: Specify a imagePullPolicy.' pullSecrets: type: array @@ -214,13 +214,13 @@ helm install test mychart --set path.to.value00="",path.to.value01="" #### Useful links -- +- - - ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_bindings.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_bindings.yaml new file mode 100644 index 0000000000..268a2e795b --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_bindings.yaml @@ -0,0 +1,146 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_bindings.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: bindings.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Binding + listKind: BindingList + plural: bindings + singular: binding + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Binding is the Schema for the bindings API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BindingSpec defines the desired state of Binding + properties: + arguments: + description: Cannot be updated + type: object + x-kubernetes-preserve-unknown-fields: true + destination: + description: Cannot be updated + type: string + destinationType: + description: Cannot be updated + enum: + - exchange + - queue + type: string + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the binding will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + routingKey: + description: Cannot be updated + type: string + source: + description: Cannot be updated + type: string + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - rabbitmqClusterReference + type: object + status: + description: BindingStatus defines the observed state of Binding + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Binding. It corresponds to the + Binding's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_exchanges.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_exchanges.yaml new file mode 100644 index 0000000000..b2becf3b44 --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_exchanges.yaml @@ -0,0 +1,144 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_exchanges.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: exchanges.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Exchange + listKind: ExchangeList + plural: exchanges + singular: exchange + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Exchange is the Schema for the exchanges API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ExchangeSpec defines the desired state of Exchange + properties: + arguments: + type: object + x-kubernetes-preserve-unknown-fields: true + autoDelete: + description: Cannot be updated + type: boolean + durable: + description: Cannot be updated + type: boolean + name: + description: Required property; cannot be updated + type: string + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the exchange will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + type: + default: direct + description: Cannot be updated + type: string + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - name + - rabbitmqClusterReference + type: object + status: + description: ExchangeStatus defines the observed state of Exchange + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Exchange. It corresponds to the + Exchange's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_federations.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_federations.yaml new file mode 100644 index 0000000000..0fa71cb4d0 --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_federations.yaml @@ -0,0 +1,204 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_federations.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: federations.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Federation + listKind: FederationList + plural: federations + singular: federation + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Federation is the Schema for the federations API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + FederationSpec defines the desired state of Federation + For how to configure federation upstreams, see: https://www.rabbitmq.com/federation-reference.html. + properties: + ackMode: + enum: + - on-confirm + - on-publish + - no-ack + type: string + deletionPolicy: + default: delete + description: |- + DeletionPolicy defines the behavior of federation in the RabbitMQ cluster when the corresponding custom resource is deleted. + Can be set to 'delete' or 'retain'. Default is 'delete'. + enum: + - delete + - retain + type: string + exchange: + type: string + expires: + type: integer + maxHops: + type: integer + messageTTL: + type: integer + name: + description: Required property; cannot be updated + type: string + prefetch-count: + type: integer + queue: + type: string + queueType: + description: |- + The queue type of the internal upstream queue used by exchange federation. + Defaults to classic (a single replica queue type). Set to quorum to use a replicated queue type. + Changing the queue type will delete and recreate the upstream queue by default. + This may lead to messages getting lost or not routed anywhere during the re-declaration. + To avoid that, set resource-cleanup-mode key to never. + This requires manually deleting the old upstream queue so that it can be recreated with the new type. + enum: + - classic + - quorum + type: string + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that this federation upstream will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + reconnectDelay: + type: integer + resourceCleanupMode: + description: |- + Whether to delete the internal upstream queue when federation links stop. + By default, the internal upstream queue is deleted immediately when a federation link stops. + Set to never to keep the upstream queue around and collect messages even when changing federation configuration. + enum: + - default + - never + type: string + trustUserId: + type: boolean + uriSecret: + description: |- + Secret contains the AMQP URI(s) for the upstream. + The Secret must contain the key `uri` or operator will error. + `uri` should be one or multiple uris separated by ','. + Required property. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - name + - rabbitmqClusterReference + - uriSecret + type: object + status: + description: FederationStatus defines the observed state of Federation + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Federation. It corresponds to the + Federation's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_operatorpolicies.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_operatorpolicies.yaml new file mode 100644 index 0000000000..5d3e8ab50a --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_operatorpolicies.yaml @@ -0,0 +1,161 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_operatorpolicies.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: operatorpolicies.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: OperatorPolicy + listKind: OperatorPolicyList + plural: operatorpolicies + singular: operatorpolicy + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: OperatorPolicy is the Schema for the operator policies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + OperatorPolicySpec defines the desired state of OperatorPolicy + https://www.rabbitmq.com/parameters.html#operator-policies + properties: + applyTo: + default: queues + description: |- + What this operator policy applies to: 'queues', 'classic_queues', 'quorum_queues', 'streams'. + Default to 'queues'. + enum: + - queues + - classic_queues + - quorum_queues + - streams + type: string + definition: + description: OperatorPolicy definition. Required property. + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Required property; cannot be updated + type: string + pattern: + description: |- + Regular expression pattern used to match queues, e.g. "^my-queue$". + Required property. + type: string + priority: + default: 0 + description: |- + Default to '0'. + In the event that more than one operator policy can match a given queue, the operator policy with the greatest priority applies. + type: integer + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the operator policy will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - definition + - name + - pattern + - rabbitmqClusterReference + type: object + status: + description: OperatorPolicyStatus defines the observed state of OperatorPolicy + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this OperatorPolicy. It corresponds to the + OperatorPolicy's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_permissions.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_permissions.yaml new file mode 100644 index 0000000000..fbb0525d6a --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_permissions.yaml @@ -0,0 +1,161 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_permissions.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: permissions.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Permission + listKind: PermissionList + plural: permissions + singular: permission + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Permission is the Schema for the permissions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PermissionSpec defines the desired state of Permission + properties: + permissions: + description: |- + Permissions to grant to the user in the specific vhost; required property. + See RabbitMQ doc for more information: https://www.rabbitmq.com/access-control.html#user-management + properties: + configure: + type: string + read: + type: string + write: + type: string + type: object + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that both the provided user and vhost are. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + user: + description: Name of an existing user; must provide user or userReference, + else create/update will fail; cannot be updated + type: string + userReference: + description: Reference to an existing user.rabbitmq.com object; must + provide user or userReference, else create/update will fail; cannot + be updated + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + vhost: + description: Name of an existing vhost; required property; cannot + be updated + type: string + required: + - permissions + - rabbitmqClusterReference + - vhost + type: object + status: + description: PermissionStatus defines the observed state of Permission + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Permission. It corresponds to the + Permission's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_policies.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_policies.yaml new file mode 100644 index 0000000000..bc8ee3f320 --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_policies.yaml @@ -0,0 +1,163 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_policies.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: policies.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Policy + listKind: PolicyList + plural: policies + singular: policy + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Policy is the Schema for the policies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PolicySpec defines the desired state of Policy + https://www.rabbitmq.com/parameters.html#policies + properties: + applyTo: + default: all + description: |- + What this policy applies to: 'queues', 'classic_queues', 'quorum_queues', 'streams', 'exchanges', or 'all'. + Default to 'all'. + enum: + - queues + - classic_queues + - quorum_queues + - streams + - exchanges + - all + type: string + definition: + description: Policy definition. Required property. + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Required property; cannot be updated + type: string + pattern: + description: |- + Regular expression pattern used to match queues and exchanges, e.g. "^amq.". + Required property. + type: string + priority: + default: 0 + description: |- + Default to '0'. + In the event that more than one policy can match a given exchange or queue, the policy with the greatest priority applies. + type: integer + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the policy will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - definition + - name + - pattern + - rabbitmqClusterReference + type: object + status: + description: PolicyStatus defines the observed state of Policy + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Policy. It corresponds to the + Policy's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_queues.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_queues.yaml new file mode 100644 index 0000000000..93e2ad99db --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_queues.yaml @@ -0,0 +1,162 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_queues.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: queues.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Queue + listKind: QueueList + plural: queues + singular: queue + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Queue is the Schema for the queues API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: QueueSpec defines the desired state of Queue + properties: + arguments: + description: |- + Queue arguments in the format of KEY: VALUE. e.g. x-delivery-limit: 10000. + Configuring queues through arguments is not recommended because they cannot be updated once set; we recommend configuring queues through policies instead. + type: object + x-kubernetes-preserve-unknown-fields: true + autoDelete: + description: when set to true, queues that have had at least one consumer + before are deleted after the last consumer unsubscribes. + type: boolean + deleteIfEmpty: + description: when set to true, queues are deleted only if empty. + type: boolean + deleteIfUnused: + description: when set to true, queues are delete only if they have + no consumer. + type: boolean + deletionPolicy: + default: delete + description: |- + DeletionPolicy defines the behavior of queue in the RabbitMQ cluster when the corresponding custom resource is deleted. + Can be set to 'delete' or 'retain'. Default is 'delete'. + enum: + - delete + - retain + type: string + durable: + description: When set to false queues does not survive server restart. + type: boolean + name: + description: Name of the queue; required property. + type: string + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the queue will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + type: + type: string + vhost: + default: / + description: Default to vhost '/' + type: string + required: + - name + - rabbitmqClusterReference + type: object + status: + description: QueueStatus defines the observed state of Queue + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Queue. It corresponds to the + Queue's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_schemareplications.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_schemareplications.yaml new file mode 100644 index 0000000000..a71f22aeef --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_schemareplications.yaml @@ -0,0 +1,162 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_schemareplications.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: schemareplications.rabbitmq.com +spec: + group: rabbitmq.com + names: + kind: SchemaReplication + listKind: SchemaReplicationList + plural: schemareplications + singular: schemareplication + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: |- + SchemaReplication is the Schema for the schemareplications API + This feature requires Tanzu RabbitMQ with schema replication plugin. + For more information, see: https://tanzu.vmware.com/rabbitmq and https://www.rabbitmq.com/definitions-standby.html. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SchemaReplicationSpec defines the desired state of SchemaReplication + properties: + endpoints: + description: |- + endpoints should be one or multiple endpoints separated by ','. + Must provide either spec.endpoints or endpoints in spec.upstreamSecret. + When endpoints are provided in both spec.endpoints and spec.upstreamSecret, spec.endpoints takes + precedence. + type: string + rabbitmqClusterReference: + description: Reference to the RabbitmqCluster that schema replication + would be set for. Must be an existing cluster. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + secretBackend: + description: Set to fetch user credentials from K8s external secret + stores to be used for schema replication. + properties: + vault: + properties: + secretPath: + description: |- + Path in Vault to access a KV (Key-Value) secret with the fields username and password to be used for replication. + For example "secret/data/rabbitmq/config". + Optional; if not provided, username and password will come from upstreamSecret instead. + Have to set either secretBackend.vault.secretPath or upstreamSecret, but not both. + type: string + type: object + type: object + upstreamSecret: + description: |- + Defines a Secret which contains credentials to be used for schema replication. + The Secret must contain the keys `username` and `password` in its Data field, or operator will error. + Have to set either secretBackend.vault.secretPath or spec.upstreamSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - rabbitmqClusterReference + type: object + status: + description: SchemaReplicationStatus defines the observed state of SchemaReplication + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Queue. It corresponds to the + Queue's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_shovels.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_shovels.yaml new file mode 100644 index 0000000000..2669554dab --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_shovels.yaml @@ -0,0 +1,243 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_shovels.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: shovels.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Shovel + listKind: ShovelList + plural: shovels + singular: shovel + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Shovel is the Schema for the shovels API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ShovelSpec defines the desired state of Shovel + For how to configure Shovel, see: https://www.rabbitmq.com/shovel.html. + properties: + ackMode: + enum: + - on-confirm + - on-publish + - no-ack + type: string + addForwardHeaders: + type: boolean + deleteAfter: + type: string + deletionPolicy: + default: delete + description: |- + DeletionPolicy defines the behavior of shovel in the RabbitMQ cluster when the corresponding custom resource is deleted. + Can be set to 'delete' or 'retain'. Default is 'delete'. + enum: + - delete + - retain + type: string + destAddForwardHeaders: + type: boolean + destAddTimestampHeader: + type: boolean + destAddress: + description: amqp10 configuration; required if destProtocol is amqp10 + type: string + destApplicationProperties: + description: amqp10 configuration + type: object + x-kubernetes-preserve-unknown-fields: true + destExchange: + description: amqp091 configuration + type: string + destExchangeKey: + description: amqp091 configuration + type: string + destMessageAnnotations: + description: amqp10 configuration + type: object + x-kubernetes-preserve-unknown-fields: true + destProperties: + description: amqp10 configuration + type: object + x-kubernetes-preserve-unknown-fields: true + destProtocol: + enum: + - amqp091 + - amqp10 + type: string + destPublishProperties: + description: amqp091 configuration + type: object + x-kubernetes-preserve-unknown-fields: true + destQueue: + description: amqp091 configuration + type: string + destQueueArgs: + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Required property; cannot be updated + type: string + prefetchCount: + type: integer + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that this Shovel will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + reconnectDelay: + type: integer + srcAddress: + description: amqp10 configuration; required if srcProtocol is amqp10 + type: string + srcConsumerArgs: + description: amqp091 configuration + type: object + x-kubernetes-preserve-unknown-fields: true + srcDeleteAfter: + type: string + srcExchange: + description: amqp091 configuration + type: string + srcExchangeKey: + description: amqp091 configuration + type: string + srcPrefetchCount: + type: integer + srcProtocol: + enum: + - amqp091 + - amqp10 + type: string + srcQueue: + description: amqp091 configuration + type: string + srcQueueArgs: + type: object + x-kubernetes-preserve-unknown-fields: true + uriSecret: + description: |- + Secret contains the AMQP URI(s) to configure Shovel destination and source. + The Secret must contain the key `destUri` and `srcUri` or operator will error. + Both fields should be one or multiple uris separated by ','. + Required property. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - name + - rabbitmqClusterReference + - uriSecret + type: object + status: + description: ShovelStatus defines the observed state of Shovel + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Shovel. It corresponds to the + Shovel's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_superstreams.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_superstreams.yaml new file mode 100644 index 0000000000..4316e605bd --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_superstreams.yaml @@ -0,0 +1,150 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_superstreams.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: superstreams.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: SuperStream + listKind: SuperStreamList + plural: superstreams + singular: superstream + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SuperStream is the Schema for the queues API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SuperStreamSpec defines the desired state of SuperStream + properties: + name: + description: Name of the queue; required property. + type: string + partitions: + default: 3 + description: |- + Number of partitions to create within this super stream. + Defaults to '3'. + type: integer + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the SuperStream will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + routingKeys: + description: |- + Routing keys to use for each of the partitions in the SuperStream + If unset, the routing keys for the partitions will be set to the index of the partitions + items: + type: string + type: array + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - name + - rabbitmqClusterReference + type: object + status: + description: SuperStreamStatus defines the observed state of SuperStream + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this SuperStream. It corresponds to the + SuperStream's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + partitions: + description: Partitions are a list of the stream queue names which + form the partitions of this SuperStream. + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_topicpermissions.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_topicpermissions.yaml new file mode 100644 index 0000000000..9ce5f12230 --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_topicpermissions.yaml @@ -0,0 +1,162 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_topicpermissions.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: topicpermissions.rabbitmq.com +spec: + group: rabbitmq.com + names: + kind: TopicPermission + listKind: TopicPermissionList + plural: topicpermissions + singular: topicpermission + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: TopicPermission is the Schema for the topicpermissions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TopicPermissionSpec defines the desired state of TopicPermission + properties: + permissions: + description: Permissions to grant to the user to a topic exchange; + required property. + properties: + exchange: + description: Name of a topic exchange; required property; cannot + be updated. + type: string + read: + type: string + write: + type: string + required: + - exchange + type: object + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that both the provided user and vhost are. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + user: + description: Name of an existing user; must provide user or userReference, + else create/update will fail; cannot be updated. + type: string + userReference: + description: Reference to an existing user.rabbitmq.com object; must + provide user or userReference, else create/update will fail; cannot + be updated. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + vhost: + description: Name of an existing vhost; required property; cannot + be updated. + type: string + required: + - permissions + - rabbitmqClusterReference + - vhost + type: object + status: + description: TopicPermissionStatus defines the observed state of TopicPermission + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this TopicPermission. It corresponds to the + TopicPermission's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_users.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_users.yaml new file mode 100644 index 0000000000..2f9b2c9cf2 --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_users.yaml @@ -0,0 +1,201 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_users.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: users.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: User + listKind: UserList + plural: users + singular: user + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: User is the Schema for the users API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec configures the desired state of the User object. + properties: + importCredentialsSecret: + description: |- + Defines a Secret containing the credentials for the User. If this field is omitted, random a username and + password will be generated. The Secret must have the following keys in its Data field: + + * `username` – Must be present or the import will fail. + * `passwordHash` – The SHA-512 hash of the password. If the hash is an empty string, a passwordless user + will be created. For more information, see https://www.rabbitmq.com/docs/passwords. + * `password` – Plain-text password. Will be used only if the `passwordHash` key is missing. + + Note that this import only occurs at creation time, and is ignored once a password has been set on a User. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + limits: + description: |- + Limits to apply to a user to restrict the number of connections and channels + the user can create. These limits can be used as guard rails in environments + where applications cannot be trusted and monitored in detail, for example, + when RabbitMQ clusters are offered as a service. See https://www.rabbitmq.com/docs/user-limits. + properties: + channels: + description: Limits how many AMQP 0.9.1 channels the user can + open. + format: int32 + type: integer + connections: + description: Limits how many connections the user can open. + format: int32 + type: integer + type: object + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the user will be created for. This cluster must + exist for the User object to be created. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + tags: + description: |- + List of permissions tags to associate with the user. This determines the level of + access to the RabbitMQ management UI granted to the user. Omitting this field will + lead to a user than can still connect to the cluster through messaging protocols, + but cannot perform any management actions. + For more information, see https://www.rabbitmq.com/management.html#permissions. + items: + description: |- + UserTag defines the level of access to the management UI allocated to the user. + For more information, see https://www.rabbitmq.com/management.html#permissions. + enum: + - management + - policymaker + - monitoring + - administrator + type: string + type: array + required: + - rabbitmqClusterReference + type: object + status: + description: Status exposes the observed state of the User object. + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + credentials: + description: Provides a reference to a Secret object containing the + user credentials. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this User. It corresponds to the + User's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + username: + description: Provide rabbitmq Username + type: string + required: + - username + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_vhosts.yaml b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_vhosts.yaml new file mode 100644 index 0000000000..47cdc2eec3 --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/messaging-topology-operator/rabbitmq.com_vhosts.yaml @@ -0,0 +1,164 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/messaging-topology-operator/v{version}/config/crd/bases/rabbitmq.com_vhosts.yaml +# Version: 1.17.4 +# VersionOf: rmq-messaging-topology-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: vhosts.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Vhost + listKind: VhostList + plural: vhosts + singular: vhost + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Vhost is the Schema for the vhosts API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: VhostSpec defines the desired state of Vhost + properties: + defaultQueueType: + description: |- + Default queue type for this vhost; can be set to quorum, classic or stream. + Supported in RabbitMQ 3.11.12 or above. + enum: + - quorum + - classic + - stream + type: string + deletionPolicy: + default: delete + description: |- + DeletionPolicy defines the behavior of vhost in the RabbitMQ cluster when the corresponding custom resource is deleted. + Can be set to 'delete' or 'retain'. Default is 'delete'. + enum: + - delete + - retain + type: string + limits: + description: |- + Limits defines limits to be applied to the vhost. + Supported limits include max-connections and max-queues. + See https://www.rabbitmq.com/docs/vhosts#limits + properties: + connections: + format: int32 + type: integer + queues: + format: int32 + type: integer + type: object + name: + description: Name of the vhost; see https://www.rabbitmq.com/vhosts.html. + type: string + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the vhost will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + tags: + items: + type: string + type: array + tracing: + type: boolean + required: + - name + - rabbitmqClusterReference + type: object + status: + description: VhostStatus defines the observed state of Vhost + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource + status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Vhost. It corresponds to the + Vhost's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/crds/rabbitmq-cluster/rabbitmq.com_rabbitmqclusters.yaml b/charts/rabbitmq/charts/common/crds/rabbitmq-cluster/rabbitmq.com_rabbitmqclusters.yaml new file mode 100644 index 0000000000..069c89f11d --- /dev/null +++ b/charts/rabbitmq/charts/common/crds/rabbitmq-cluster/rabbitmq.com_rabbitmqclusters.yaml @@ -0,0 +1,5352 @@ +# Source: https://raw.githubusercontent.com/rabbitmq/cluster-operator/v{version}/config/crd/bases/rabbitmq.com_rabbitmqclusters.yaml +# Version: 2.16.1 +# RabbitMQ Cluster Operator +# +# Copyright 2020 VMware, Inc. All Rights Reserved. +# +# This product is licensed to you under the Mozilla Public license, Version 2.0 (the "License"). You may not use this product except in compliance with the Mozilla Public License. +# +# This product may include a number of subcomponents with separate copyright notices and license terms. Your use of these subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE file. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.18.0 + name: rabbitmqclusters.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - all + - rabbitmq + kind: RabbitmqCluster + listKind: RabbitmqClusterList + plural: rabbitmqclusters + shortNames: + - rmq + singular: rabbitmqcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type == 'AllReplicasReady')].status + name: AllReplicasReady + type: string + - jsonPath: .status.conditions[?(@.type == 'ReconcileSuccess')].status + name: ReconcileSuccess + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + RabbitmqCluster is the Schema for the RabbitmqCluster API. Each instance of this object + corresponds to a single RabbitMQ cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec is the desired state of the RabbitmqCluster Custom Resource. + properties: + affinity: + description: Affinity scheduling rules to be applied on created Pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + autoEnableAllFeatureFlags: + description: |- + Set to true to automatically enable all feature flags after each upgrade + For more information, see https://www.rabbitmq.com/docs/feature-flags + type: boolean + delayStartSeconds: + default: 30 + description: |- + DelayStartSeconds is the time the init container (`setup-container`) will sleep before terminating. + This effectively delays the time between starting the Pod and starting the `rabbitmq` container. + RabbitMQ relies on up-to-date DNS entries early during peer discovery. + The purpose of this artificial delay is to ensure that DNS entries are up-to-date when booting RabbitMQ. + For more information, see https://github.com/kubernetes/kubernetes/issues/92559 + If your Kubernetes DNS backend is configured with a low DNS cache value or publishes not ready addresses + promptly, you can decrase this value or set it to 0. + format: int32 + minimum: 0 + type: integer + image: + description: |- + Image is the name of the RabbitMQ docker image to use for RabbitMQ nodes in the RabbitmqCluster. + Must be provided together with ImagePullSecrets in order to use an image in a private registry. + type: string + imagePullSecrets: + description: List of Secret resource containing access credentials to the registry for the RabbitMQ image. Required if the docker registry is private. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + override: + properties: + service: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + allocateLoadBalancerNodePorts: + type: boolean + clusterIP: + type: string + clusterIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + internalTrafficPolicy: + type: string + ipFamilies: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + trafficDistribution: + type: string + type: + type: string + type: object + type: object + statefulSet: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + minReadySeconds: + format: int32 + type: integer + persistentVolumeClaimRetentionPolicy: + properties: + whenDeleted: + type: string + whenScaled: + type: string + type: object + podManagementPolicy: + type: string + replicas: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + serviceName: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + items: + properties: + name: + type: string + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxChangePolicy: + type: string + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + partition: + format: int32 + type: integer + type: object + type: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: array + type: object + type: object + type: object + persistence: + default: + storage: 10Gi + description: The desired persistent storage configuration for each Pod in the cluster. + properties: + storage: + anyOf: + - type: integer + - type: string + default: 10Gi + description: |- + The requested size of the persistent volume attached to each Pod in the RabbitmqCluster. + The format of this field matches that defined by kubernetes/apimachinery. + See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info on the format of this field. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClassName: + description: The name of the StorageClass to claim a PersistentVolume from. + type: string + type: object + rabbitmq: + description: Configuration options for RabbitMQ Pods created in the cluster. + properties: + additionalConfig: + description: |- + Modify to add to the rabbitmq.conf file in addition to default configurations set by the operator. + Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime. + For more information on this config, see https://www.rabbitmq.com/configure.html#config-file + maxLength: 100000 + type: string + additionalPlugins: + description: 'List of plugins to enable in addition to essential plugins: rabbitmq_management, rabbitmq_prometheus, and rabbitmq_peer_discovery_k8s.' + items: + description: A Plugin to enable on the RabbitmqCluster. + maxLength: 100 + pattern: ^\w+$ + type: string + maxItems: 100 + type: array + advancedConfig: + description: |- + Specify any rabbitmq advanced.config configurations to apply to the cluster. + For more information on advanced config, see https://www.rabbitmq.com/configure.html#advanced-config-file + maxLength: 100000 + type: string + envConfig: + description: |- + Modify to add to the rabbitmq-env.conf file. Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime. + For more information on env config, see https://www.rabbitmq.com/man/rabbitmq-env.conf.5.html + maxLength: 100000 + type: string + erlangInetConfig: + description: |- + Erlang Inet configuration to apply to the Erlang VM running rabbit. + See also: https://www.erlang.org/doc/apps/erts/inet_cfg.html + maxLength: 2000 + type: string + type: object + replicas: + default: 1 + description: |- + Replicas is the number of nodes in the RabbitMQ cluster. Each node is deployed as a Replica in a StatefulSet. Only 1, 3, 5 replicas clusters are tested. + This value should be an odd number to ensure the resultant cluster can establish exactly one quorum of nodes + in the event of a fragmenting network partition. + format: int32 + minimum: 0 + type: integer + resources: + default: + limits: + cpu: 2000m + memory: 2Gi + requests: + cpu: 1000m + memory: 2Gi + description: The desired compute resource requirements of Pods in the cluster. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretBackend: + description: |- + Secret backend configuration for the RabbitmqCluster. + Enables to fetch default user credentials and certificates from K8s external secret stores. + properties: + externalSecret: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + vault: + description: |- + VaultSpec will add Vault annotations (see https://www.vaultproject.io/docs/platform/k8s/injector/annotations) + to RabbitMQ Pods. It requires a Vault Agent Sidecar Injector (https://www.vaultproject.io/docs/platform/k8s/injector) + to be installed in the K8s cluster. The injector is a K8s Mutation Webhook Controller that alters RabbitMQ Pod specifications + (based on the added Vault annotations) to include Vault Agent containers that render Vault secrets to the volume. + properties: + annotations: + additionalProperties: + type: string + description: |- + Vault annotations that override the Vault annotations set by the cluster-operator. + For a list of valid Vault annotations, see https://www.vaultproject.io/docs/platform/k8s/injector/annotations + type: object + defaultUserPath: + description: |- + Path in Vault to access a KV (Key-Value) secret with the fields username and password for the default user. + For example "secret/data/rabbitmq/config". + type: string + defaultUserUpdaterImage: + description: |- + Sidecar container that updates the default user's password in RabbitMQ when it changes in Vault. + Additionally, it updates /var/lib/rabbitmq/.rabbitmqadmin.conf (used by rabbitmqadmin CLI). + Set to empty string to disable the sidecar container. + type: string + role: + description: |- + Role in Vault. + If vault.defaultUserPath is set, this role must have capability to read the pre-created default user credential in Vault. + If vault.tls is set, this role must have capability to create and update certificates in the Vault PKI engine for the domains + "" and ".svc". + type: string + tls: + properties: + altNames: + description: |- + Specifies the requested Subject Alternative Names (SANs), in a comma-delimited list. + These will be appended to the SANs added by the cluster-operator. + The cluster-operator will add SANs: + "-server-.-nodes." for each pod, + e.g. "myrabbit-server-0.myrabbit-nodes.default". + type: string + commonName: + description: |- + Specifies the requested certificate Common Name (CN). + Defaults to ..svc if not provided. + type: string + ipSans: + description: Specifies the requested IP Subject Alternative Names, in a comma-delimited list. + type: string + pkiIssuerPath: + description: |- + Path in Vault PKI engine. + For example "pki/issue/hashicorp-com". + required + type: string + pkiRootPath: + description: Specifies an optional path to retrieve the root CA from vault. Useful if certificates are issued by an intermediate CA + type: string + type: object + type: object + type: object + service: + default: + type: ClusterIP + description: The desired state of the Kubernetes Service to create for the cluster. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to add to the Service. + type: object + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by a Service + See also: https://pkg.go.dev/k8s.io/api/core/v1#IPFamilyPolicy + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + type: string + labels: + additionalProperties: + type: string + type: object + type: + default: ClusterIP + description: |- + Type of Service to create for the cluster. Must be one of: ClusterIP, LoadBalancer, NodePort. + For more info see https://pkg.go.dev/k8s.io/api/core/v1#ServiceType + enum: + - ClusterIP + - LoadBalancer + - NodePort + type: string + type: object + skipPostDeploySteps: + description: |- + If unset, or set to false, the cluster will run `rabbitmq-queues rebalance all` whenever the cluster is updated. + Set to true to prevent the operator rebalancing queue leaders after a cluster update. + Has no effect if the cluster only consists of one node. + For more information, see https://www.rabbitmq.com/rabbitmq-queues.8.html#rebalance + type: boolean + terminationGracePeriodSeconds: + default: 604800 + description: |- + TerminationGracePeriodSeconds is the timeout that each rabbitmqcluster pod will have to terminate gracefully. + It defaults to 604800 seconds ( a week long) to ensure that the container preStop lifecycle hook can finish running. + For more information, see: https://github.com/rabbitmq/cluster-operator/blob/main/docs/design/20200520-graceful-pod-termination.md + format: int64 + minimum: 0 + type: integer + tls: + description: TLS-related configuration for the RabbitMQ cluster. + properties: + caSecretName: + description: |- + Name of a Secret in the same Namespace as the RabbitmqCluster, containing the Certificate Authority's public certificate for TLS. + The Secret must store this as ca.crt. + This Secret can be created by running `kubectl create secret generic ca-secret --from-file=ca.crt=path/to/ca.crt` + Used for mTLS, and TLS for rabbitmq_web_stomp and rabbitmq_web_mqtt. + type: string + disableNonTLSListeners: + description: |- + When set to true, the RabbitmqCluster disables non-TLS listeners for RabbitMQ, management plugin and for any enabled plugins in the following list: stomp, mqtt, web_stomp, web_mqtt. + Only TLS-enabled clients will be able to connect. + type: boolean + secretName: + description: |- + Name of a Secret in the same Namespace as the RabbitmqCluster, containing the server's private key & public certificate for TLS. + The Secret must store these as tls.key and tls.crt, respectively. + This Secret can be created by running `kubectl create secret tls tls-secret --cert=path/to/tls.crt --key=path/to/tls.key` + type: string + type: object + tolerations: + description: Tolerations is the list of Toleration resources attached to each Pod in the RabbitmqCluster. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + status: + description: Status presents the observed state of RabbitmqCluster + properties: + binding: + description: |- + Binding exposes a secret containing the binding information for this + RabbitmqCluster. It implements the service binding Provisioned Service + duck type. See: https://github.com/servicebinding/spec#provisioned-service + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + conditions: + description: Set of Conditions describing the current state of the RabbitmqCluster + items: + properties: + lastTransitionTime: + description: The last time this Condition type changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of RabbitmqCluster status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + defaultUser: + description: Identifying information on internal resources + properties: + secretReference: + description: |- + Reference to the Kubernetes Secret containing the credentials of the default + user. + properties: + keys: + additionalProperties: + type: string + description: Key-value pairs in the Secret corresponding to `username`, `password`, `host`, and `port` + type: object + name: + description: Name of the Secret containing the default user credentials + type: string + namespace: + description: Namespace of the Secret containing the default user credentials + type: string + required: + - keys + - name + - namespace + type: object + serviceReference: + description: Reference to the Kubernetes Service serving the cluster. + properties: + name: + description: Name of the Service serving the cluster + type: string + namespace: + description: Namespace of the Service serving the cluster + type: string + required: + - name + - namespace + type: object + type: object + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this RabbitmqCluster. It corresponds to the + RabbitmqCluster's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rabbitmq/charts/common/templates/_affinities.tpl b/charts/rabbitmq/charts/common/templates/_affinities.tpl index e85b1df454..d387dbe632 100644 --- a/charts/rabbitmq/charts/common/templates/_affinities.tpl +++ b/charts/rabbitmq/charts/common/templates/_affinities.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -60,13 +60,14 @@ Return a topologyKey definition {{/* Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "extraNamespaces" (list "namespace1" "namespace2") "context" $) -}} */}} {{- define "common.affinities.pods.soft" -}} {{- $component := default "" .component -}} {{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} {{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +{{- $extraNamespaces := default (list) .extraNamespaces -}} preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: @@ -77,6 +78,13 @@ preferredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if $extraNamespaces }} + namespaces: + - {{ .context.Release.Namespace }} + {{- with $extraNamespaces }} + {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} weight: 1 {{- range $extraPodAffinityTerms }} @@ -96,13 +104,14 @@ preferredDuringSchedulingIgnoredDuringExecution: {{/* Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "extraNamespaces" (list "namespace1" "namespace2") "context" $) -}} */}} {{- define "common.affinities.pods.hard" -}} {{- $component := default "" .component -}} {{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} {{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +{{- $extraNamespaces := default (list) .extraNamespaces -}} requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} @@ -112,6 +121,13 @@ requiredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if $extraNamespaces }} + namespaces: + - {{ .context.Release.Namespace }} + {{- with $extraNamespaces }} + {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} {{- range $extraPodAffinityTerms }} - labelSelector: diff --git a/charts/rabbitmq/charts/common/templates/_capabilities.tpl b/charts/rabbitmq/charts/common/templates/_capabilities.tpl index 115674af87..6423fb1163 100644 --- a/charts/rabbitmq/charts/common/templates/_capabilities.tpl +++ b/charts/rabbitmq/charts/common/templates/_capabilities.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -9,14 +9,20 @@ SPDX-License-Identifier: APACHE-2.0 Return the target Kubernetes version */}} {{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- default (default .Capabilities.KubeVersion.Version .Values.kubeVersion) ((.Values.global).kubeVersion) -}} +{{- end -}} + +{{/* +Return true if the apiVersion is supported +Usage: +{{ include "common.capabilities.apiVersions.has" (dict "version" "batch/v1" "context" $) }} +*/}} +{{- define "common.capabilities.apiVersions.has" -}} +{{- $providedAPIVersions := default .context.Values.apiVersions ((.context.Values.global).apiVersions) -}} +{{- if and (empty $providedAPIVersions) (.context.Capabilities.APIVersions.Has .version) -}} + {{- true -}} +{{- else if has .version $providedAPIVersions -}} + {{- true -}} {{- end -}} {{- end -}} @@ -24,7 +30,8 @@ Return the target Kubernetes version Return the appropriate apiVersion for poddisruptionbudget. */}} {{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} {{- print "policy/v1beta1" -}} {{- else -}} {{- print "policy/v1" -}} @@ -35,18 +42,32 @@ Return the appropriate apiVersion for poddisruptionbudget. Return the appropriate apiVersion for networkpolicy. */}} {{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}} {{- print "extensions/v1beta1" -}} {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for job. +*/}} +{{- define "common.capabilities.job.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for cronjob. */}} {{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} {{- print "batch/v1beta1" -}} {{- else -}} {{- print "batch/v1" -}} @@ -57,7 +78,8 @@ Return the appropriate apiVersion for cronjob. Return the appropriate apiVersion for daemonset. */}} {{- define "common.capabilities.daemonset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} {{- print "extensions/v1beta1" -}} {{- else -}} {{- print "apps/v1" -}} @@ -68,7 +90,8 @@ Return the appropriate apiVersion for daemonset. Return the appropriate apiVersion for deployment. */}} {{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} {{- print "extensions/v1beta1" -}} {{- else -}} {{- print "apps/v1" -}} @@ -79,7 +102,8 @@ Return the appropriate apiVersion for deployment. Return the appropriate apiVersion for statefulset. */}} {{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} {{- print "apps/v1beta1" -}} {{- else -}} {{- print "apps/v1" -}} @@ -90,30 +114,24 @@ Return the appropriate apiVersion for statefulset. Return the appropriate apiVersion for ingress. */}} {{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if (.Values.ingress).apiVersion -}} {{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} {{- print "networking.k8s.io/v1beta1" -}} {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} {{- end -}} {{/* Return the appropriate apiVersion for RBAC resources. */}} {{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}} {{- print "rbac.authorization.k8s.io/v1beta1" -}} {{- else -}} {{- print "rbac.authorization.k8s.io/v1" -}} @@ -124,7 +142,8 @@ Return the appropriate apiVersion for RBAC resources. Return the appropriate apiVersion for CRDs. */}} {{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} {{- print "apiextensions.k8s.io/v1beta1" -}} {{- else -}} {{- print "apiextensions.k8s.io/v1" -}} @@ -135,7 +154,8 @@ Return the appropriate apiVersion for CRDs. Return the appropriate apiVersion for APIService. */}} {{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}} {{- print "apiregistration.k8s.io/v1beta1" -}} {{- else -}} {{- print "apiregistration.k8s.io/v1" -}} @@ -146,7 +166,8 @@ Return the appropriate apiVersion for APIService. Return the appropriate apiVersion for Horizontal Pod Autoscaler. */}} {{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} {{- if .beta2 -}} {{- print "autoscaling/v2beta2" -}} {{- else -}} @@ -161,14 +182,13 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. Return the appropriate apiVersion for Vertical Pod Autoscaler. */}} {{- define "common.capabilities.vpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.11-0" $kubeVersion) -}} +{{- print "autoscaling/v1beta1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "autoscaling/v1beta2" -}} {{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} +{{- print "autoscaling/v1" -}} {{- end -}} {{- end -}} @@ -176,7 +196,8 @@ Return the appropriate apiVersion for Vertical Pod Autoscaler. Returns true if PodSecurityPolicy is supported */}} {{- define "common.capabilities.psp.supported" -}} -{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if or (empty $kubeVersion) (semverCompare "<1.25-0" $kubeVersion) -}} {{- true -}} {{- end -}} {{- end -}} @@ -185,7 +206,8 @@ Returns true if PodSecurityPolicy is supported Returns true if AdmissionConfiguration is supported */}} {{- define "common.capabilities.admissionConfiguration.supported" -}} -{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}} {{- true -}} {{- end -}} {{- end -}} @@ -194,9 +216,10 @@ Returns true if AdmissionConfiguration is supported Return the appropriate apiVersion for AdmissionConfiguration. */}} {{- define "common.capabilities.admissionConfiguration.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} {{- print "apiserver.config.k8s.io/v1alpha1" -}} -{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} {{- print "apiserver.config.k8s.io/v1beta1" -}} {{- else -}} {{- print "apiserver.config.k8s.io/v1" -}} @@ -207,9 +230,10 @@ Return the appropriate apiVersion for AdmissionConfiguration. Return the appropriate apiVersion for PodSecurityConfiguration. */}} {{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} {{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} -{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} {{- print "pod-security.admission.config.k8s.io/v1beta1" -}} {{- else -}} {{- print "pod-security.admission.config.k8s.io/v1" -}} diff --git a/charts/rabbitmq/charts/common/templates/_compatibility.tpl b/charts/rabbitmq/charts/common/templates/_compatibility.tpl index c529f08725..19c26dbd5c 100644 --- a/charts/rabbitmq/charts/common/templates/_compatibility.tpl +++ b/charts/rabbitmq/charts/common/templates/_compatibility.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -23,13 +23,24 @@ Usage: */}} {{- define "common.compatibility.renderSecurityContext" -}} {{- $adaptedContext := .secContext -}} -{{- if .context.Values.global.compatibility -}} - {{- if .context.Values.global.compatibility.openshift -}} - {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} - {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} - {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} + +{{- if (((.context.Values.global).compatibility).openshift) -}} + {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} + {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} + {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} + {{- if not .secContext.seLinuxOptions -}} + {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} {{- end -}} {{- end -}} {{- end -}} +{{/* Remove empty seLinuxOptions object if global.compatibility.omitEmptySeLinuxOptions is set to true */}} +{{- if and (((.context.Values.global).compatibility).omitEmptySeLinuxOptions) (not .secContext.seLinuxOptions) -}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} +{{- end -}} +{{/* Remove fields that are disregarded when running the container in privileged mode */}} +{{- if $adaptedContext.privileged -}} + {{- $adaptedContext = omit $adaptedContext "capabilities" -}} +{{- end -}} {{- omit $adaptedContext "enabled" | toYaml -}} {{- end -}} diff --git a/charts/rabbitmq/charts/common/templates/_errors.tpl b/charts/rabbitmq/charts/common/templates/_errors.tpl index 07ded6f64d..93f3ffc9be 100644 --- a/charts/rabbitmq/charts/common/templates/_errors.tpl +++ b/charts/rabbitmq/charts/common/templates/_errors.tpl @@ -1,11 +1,11 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} {{/* -Through error when upgrading using empty passwords values that must not be empty. +Throw error when upgrading using empty passwords values that must not be empty. Usage: {{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} @@ -26,3 +26,60 @@ Required password params: {{- printf $errorString $validationErrors | fail -}} {{- end -}} {{- end -}} + +{{/* +Throw error when original container images are replaced. +The error can be bypassed by setting the "global.security.allowInsecureImages" to true. In this case, +a warning message will be shown instead. + +Usage: +{{ include "common.errors.insecureImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} +*/}} +{{- define "common.errors.insecureImages" -}} +{{- $relocatedImages := list -}} +{{- $replacedImages := list -}} +{{- $retaggedImages := list -}} +{{- $globalRegistry := ((.context.Values.global).imageRegistry) -}} +{{- $originalImages := .context.Chart.Annotations.images -}} +{{- range .images -}} + {{- $registryName := default .registry $globalRegistry -}} + {{- $fullImageNameNoTag := printf "%s/%s" $registryName .repository -}} + {{- $fullImageName := printf "%s:%s" $fullImageNameNoTag .tag -}} + {{- if not (contains $fullImageNameNoTag $originalImages) -}} + {{- if not (contains $registryName $originalImages) -}} + {{- $relocatedImages = append $relocatedImages $fullImageName -}} + {{- else if not (contains .repository $originalImages) -}} + {{- $replacedImages = append $replacedImages $fullImageName -}} + {{- end -}} + {{- end -}} + {{- if not (contains (printf "%s:%s" .repository .tag) $originalImages) -}} + {{- $retaggedImages = append $retaggedImages $fullImageName -}} + {{- end -}} +{{- end -}} + +{{- if and (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) (((.context.Values.global).security).allowInsecureImages) -}} + {{- print "\n\nâš  SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}} +{{- else if (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) -}} + {{- $errorString := "Original containers have been substituted for unrecognized ones. Deploying this chart with non-standard containers is likely to cause degraded security and performance, broken chart features, and missing environment variables." -}} + {{- $errorString = print $errorString "\n\nUnrecognized images:" -}} + {{- range (concat $relocatedImages $replacedImages) -}} + {{- $errorString = print $errorString "\n - " . -}} + {{- end -}} + {{- if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) -}} + {{- $errorString = print "\n\nâš  ERROR: " $errorString -}} + {{- $errorString = print $errorString "\n\nIf you are sure you want to proceed with non-standard containers, you can skip container image verification by setting the global parameter 'global.security.allowInsecureImages' to true." -}} + {{- $errorString = print $errorString "\nFurther information can be obtained at https://github.com/bitnami/charts/issues/30850" -}} + {{- print $errorString | fail -}} + {{- else if gt (len $replacedImages) 0 -}} + {{- $errorString = print "\n\nâš  WARNING: " $errorString -}} + {{- print $errorString -}} + {{- end -}} +{{- else if gt (len $retaggedImages) 0 -}} + {{- $warnString := "\n\nâš  WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Tanzu Application Catalog containers. Substituting original image tags could cause unexpected behavior." -}} + {{- $warnString = print $warnString "\n\nRetagged images:" -}} + {{- range $retaggedImages -}} + {{- $warnString = print $warnString "\n - " . -}} + {{- end -}} + {{- print $warnString -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rabbitmq/charts/common/templates/_images.tpl b/charts/rabbitmq/charts/common/templates/_images.tpl index 1bcb779df5..76bb7ce447 100644 --- a/charts/rabbitmq/charts/common/templates/_images.tpl +++ b/charts/rabbitmq/charts/common/templates/_images.tpl @@ -1,22 +1,24 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} {{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +Return the proper image name. +If image tag and digest are not defined, termination fallbacks to chart appVersion. +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global "chart" .Chart ) }} */}} {{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} +{{- $registryName := default .imageRoot.registry ((.global).imageRegistry) -}} {{- $repositoryName := .imageRoot.repository -}} {{- $separator := ":" -}} {{- $termination := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} + +{{- if not .imageRoot.tag }} + {{- if .chart }} + {{- $termination = .chart.AppVersion | toString -}} + {{- end -}} {{- end -}} {{- if .imageRoot.digest }} {{- $separator = "@" -}} @@ -36,14 +38,12 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- define "common.images.pullSecrets" -}} {{- $pullSecrets := list }} - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end }} - {{- end -}} + {{- range ((.global).imagePullSecrets) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} {{- end -}} {{- range .images -}} @@ -56,7 +56,7 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- end -}} {{- end -}} - {{- if (not (empty $pullSecrets)) }} + {{- if (not (empty $pullSecrets)) -}} imagePullSecrets: {{- range $pullSecrets | uniq }} - name: {{ . }} @@ -72,13 +72,11 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- $pullSecrets := list }} {{- $context := .context }} - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} + {{- range (($context.Values.global).imagePullSecrets) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} {{- end -}} {{- end -}} @@ -92,7 +90,7 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- end -}} {{- end -}} - {{- if (not (empty $pullSecrets)) }} + {{- if (not (empty $pullSecrets)) -}} imagePullSecrets: {{- range $pullSecrets | uniq }} - name: {{ . }} diff --git a/charts/rabbitmq/charts/common/templates/_ingress.tpl b/charts/rabbitmq/charts/common/templates/_ingress.tpl index efa5b85c72..7d2b87985c 100644 --- a/charts/rabbitmq/charts/common/templates/_ingress.tpl +++ b/charts/rabbitmq/charts/common/templates/_ingress.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/charts/common/templates/_labels.tpl b/charts/rabbitmq/charts/common/templates/_labels.tpl index d90a6cdc0c..0a0cc5488f 100644 --- a/charts/rabbitmq/charts/common/templates/_labels.tpl +++ b/charts/rabbitmq/charts/common/templates/_labels.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/charts/common/templates/_names.tpl b/charts/rabbitmq/charts/common/templates/_names.tpl index a222924f14..ba83956852 100644 --- a/charts/rabbitmq/charts/common/templates/_names.tpl +++ b/charts/rabbitmq/charts/common/templates/_names.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/charts/common/templates/_resources.tpl b/charts/rabbitmq/charts/common/templates/_resources.tpl index d90f8752db..d8a43e1c2d 100644 --- a/charts/rabbitmq/charts/common/templates/_resources.tpl +++ b/charts/rabbitmq/charts/common/templates/_resources.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -11,35 +11,35 @@ These presets are for basic testing and not meant to be used in production {{ include "common.resources.preset" (dict "type" "nano") -}} */}} {{- define "common.resources.preset" -}} -{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} {{- $presets := dict "nano" (dict "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") ) "micro" (dict "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") ) "small" (dict "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") ) "medium" (dict "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") ) "large" (dict "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") ) "xlarge" (dict - "requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi") + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") ) "2xlarge" (dict - "requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi") + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") ) }} {{- if hasKey $presets .type -}} @@ -47,4 +47,4 @@ These presets are for basic testing and not meant to be used in production {{- else -}} {{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/rabbitmq/charts/common/templates/_secrets.tpl b/charts/rabbitmq/charts/common/templates/_secrets.tpl index 84dbe38036..bfef46978d 100644 --- a/charts/rabbitmq/charts/common/templates/_secrets.tpl +++ b/charts/rabbitmq/charts/common/templates/_secrets.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -67,7 +67,7 @@ Params: Generate secret password or retrieve one if already created. Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "honorProvidedValues" false "context" $) }} Params: - secret - String - Required - Name of the 'Secret' resource where the password is stored. @@ -80,12 +80,15 @@ Params: - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. + - honorProvidedValues - Boolean - Optional - Default to false. If set to true, the values in providedValues have higher priority than an existing secret The order in which this function returns a secret password: - 1. Already existing 'Secret' resource + 1. Password provided via the values.yaml if honorProvidedValues = true + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 2. Already existing 'Secret' resource (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml + 3. Password provided via the values.yaml if honorProvidedValues = false (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password + 4. Randomly generated secret password (A new random secret password with the length specified in the 'length' parameter will be generated and returned) */}} @@ -103,30 +106,37 @@ The order in which this function returns a secret password: {{- $password = index $secretData .key | b64dec }} {{- else if not (eq .failOnNew false) }} {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} {{- end -}} +{{- end }} - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} +{{- if and $providedPasswordValue .honorProvidedValues }} + {{- $password = $providedPasswordValue | toString }} +{{- end }} - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} +{{- if not $password }} + {{- if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} {{- else }} - {{- $password = randAlphaNum $passwordLength }} - {{- end }} + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- if not (eq .failOnNew false) }} + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + {{- end }} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} + {{- else }} + {{- $password = randAlphaNum $passwordLength }} + {{- end }} + {{- end -}} {{- end -}} {{- if not .skipB64enc }} {{- $password = $password | b64enc }} diff --git a/charts/rabbitmq/charts/common/templates/_storage.tpl b/charts/rabbitmq/charts/common/templates/_storage.tpl index 16405a0f8b..aa75856c07 100644 --- a/charts/rabbitmq/charts/common/templates/_storage.tpl +++ b/charts/rabbitmq/charts/common/templates/_storage.tpl @@ -1,28 +1,21 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} + {{/* Return the proper Storage Class {{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} */}} {{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - +{{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} {{- if $storageClass -}} {{- if (eq "-" $storageClass) -}} {{- printf "storageClassName: \"\"" -}} - {{- else }} + {{- else -}} {{- printf "storageClassName: %s" $storageClass -}} {{- end -}} {{- end -}} - {{- end -}} diff --git a/charts/rabbitmq/charts/common/templates/_tplvalues.tpl b/charts/rabbitmq/charts/common/templates/_tplvalues.tpl index a8ed7637ef..a04f4c1eb3 100644 --- a/charts/rabbitmq/charts/common/templates/_tplvalues.tpl +++ b/charts/rabbitmq/charts/common/templates/_tplvalues.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -36,3 +36,17 @@ Usage: {{- end -}} {{ $dst | toYaml }} {{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with https://masterminds.github.io/sprig/dicts.html#mergeoverwrite-mustmergeoverwrite +Usage: +{{ include "common.tplvalues.merge-overwrite" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge-overwrite" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | mergeOverwrite $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/charts/rabbitmq/charts/common/templates/_utils.tpl b/charts/rabbitmq/charts/common/templates/_utils.tpl index bfbddf0547..d53c74aa2e 100644 --- a/charts/rabbitmq/charts/common/templates/_utils.tpl +++ b/charts/rabbitmq/charts/common/templates/_utils.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/charts/common/templates/_warnings.tpl b/charts/rabbitmq/charts/common/templates/_warnings.tpl index 0f763cd827..634f320f9f 100644 --- a/charts/rabbitmq/charts/common/templates/_warnings.tpl +++ b/charts/rabbitmq/charts/common/templates/_warnings.tpl @@ -13,70 +13,7 @@ Usage: {{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ {{- end }} -{{- end -}} -{{/* -Warning about not setting the resource object in all deployments. -Usage: -{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} -Example: -{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} -The list in the example assumes that the following values exist: - - csiProvider.provider.resources - - server.resources - - volumePermissions.resources - - resources -*/}} -{{- define "common.warnings.resources" -}} -{{- $values := .context.Values -}} -{{- $printMessage := false -}} -{{ $affectedSections := list -}} -{{- range .sections -}} - {{- if eq . "" -}} - {{/* Case where the resources section is at the root (one main deployment in the chart) */}} - {{- if not (index $values "resources") -}} - {{- $affectedSections = append $affectedSections "resources" -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} - {{- $keys := split "." . -}} - {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} - {{- $section := $values -}} - {{- range $keys -}} - {{- $section = index $section . -}} - {{- end -}} - {{- if not (index $section "resources") -}} - {{/* If the section has enabled=false or replicaCount=0, do not include it */}} - {{- if and (hasKey $section "enabled") -}} - {{- if index $section "enabled" -}} - {{/* enabled=true */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else if and (hasKey $section "replicaCount") -}} - {{/* We need a casting to int because number 0 is not treated as an int by default */}} - {{- if (gt (index $section "replicaCount" | int) 0) -}} - {{/* replicaCount > 0 */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Default case, add it to the affected sections */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: -{{- range $affectedSections }} - - {{ . }} -{{- end }} -+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -{{- end -}} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rabbitmq/charts/common/templates/validations/_cassandra.tpl b/charts/rabbitmq/charts/common/templates/validations/_cassandra.tpl index eda9aada56..f8fd213bcc 100644 --- a/charts/rabbitmq/charts/common/templates/validations/_cassandra.tpl +++ b/charts/rabbitmq/charts/common/templates/validations/_cassandra.tpl @@ -1,35 +1,9 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - {{/* Auxiliary function to get the right value for existingSecret. diff --git a/charts/rabbitmq/charts/common/templates/validations/_mariadb.tpl b/charts/rabbitmq/charts/common/templates/validations/_mariadb.tpl index 17d83a2fd4..6ea8c0f45b 100644 --- a/charts/rabbitmq/charts/common/templates/validations/_mariadb.tpl +++ b/charts/rabbitmq/charts/common/templates/validations/_mariadb.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/charts/common/templates/validations/_mongodb.tpl b/charts/rabbitmq/charts/common/templates/validations/_mongodb.tpl index bbb445b861..e678a6de82 100644 --- a/charts/rabbitmq/charts/common/templates/validations/_mongodb.tpl +++ b/charts/rabbitmq/charts/common/templates/validations/_mongodb.tpl @@ -1,55 +1,9 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - {{/* Auxiliary function to get the right value for existingSecret. diff --git a/charts/rabbitmq/charts/common/templates/validations/_mysql.tpl b/charts/rabbitmq/charts/common/templates/validations/_mysql.tpl index ca3953f868..fbb65c338e 100644 --- a/charts/rabbitmq/charts/common/templates/validations/_mysql.tpl +++ b/charts/rabbitmq/charts/common/templates/validations/_mysql.tpl @@ -1,50 +1,9 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - {{/* Auxiliary function to get the right value for existingSecret. diff --git a/charts/rabbitmq/charts/common/templates/validations/_postgresql.tpl b/charts/rabbitmq/charts/common/templates/validations/_postgresql.tpl index 8c9aa570e2..51d47162e7 100644 --- a/charts/rabbitmq/charts/common/templates/validations/_postgresql.tpl +++ b/charts/rabbitmq/charts/common/templates/validations/_postgresql.tpl @@ -1,38 +1,9 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - {{/* Auxiliary function to decide whether evaluate global values. diff --git a/charts/rabbitmq/charts/common/templates/validations/_redis.tpl b/charts/rabbitmq/charts/common/templates/validations/_redis.tpl index fc0d208dd4..9fedfef9d1 100644 --- a/charts/rabbitmq/charts/common/templates/validations/_redis.tpl +++ b/charts/rabbitmq/charts/common/templates/validations/_redis.tpl @@ -1,43 +1,10 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - {{/* Auxiliary function to get the right value for enabled redis. diff --git a/charts/rabbitmq/charts/common/templates/validations/_validations.tpl b/charts/rabbitmq/charts/common/templates/validations/_validations.tpl index 31ceda871f..7cdee61700 100644 --- a/charts/rabbitmq/charts/common/templates/validations/_validations.tpl +++ b/charts/rabbitmq/charts/common/templates/validations/_validations.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/charts/common/values.yaml b/charts/rabbitmq/charts/common/values.yaml index 9abe0e1540..de2cac57d0 100644 --- a/charts/rabbitmq/charts/common/values.yaml +++ b/charts/rabbitmq/charts/common/values.yaml @@ -1,4 +1,4 @@ -# Copyright VMware, Inc. +# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 ## bitnami/common diff --git a/charts/rabbitmq/templates/NOTES.txt b/charts/rabbitmq/templates/NOTES.txt index 60b7c0ab38..982afee6d0 100644 --- a/charts/rabbitmq/templates/NOTES.txt +++ b/charts/rabbitmq/templates/NOTES.txt @@ -43,9 +43,3 @@ RabbitMQ Messaging Topology Operator won't be able to access resources in other {{- end }} {{- end }} - -{{ include "common.warnings.rollingTag" .Values.clusterOperator.image }} -{{ include "common.warnings.rollingTag" .Values.msgTopologyOperator.image }} -{{ include "common.warnings.rollingTag" .Values.credentialUpdaterImage }} -{{ include "common.warnings.rollingTag" .Values.rabbitmqImage }} -{{- include "common.warnings.resources" (dict "sections" (list "clusterOperator" "msgTopologyOperator") "context" $) }} diff --git a/charts/rabbitmq/templates/_helpers.tpl b/charts/rabbitmq/templates/_helpers.tpl index be3043c63c..799b0baf65 100644 --- a/charts/rabbitmq/templates/_helpers.tpl +++ b/charts/rabbitmq/templates/_helpers.tpl @@ -1,5 +1,5 @@ {{/* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/cluster-operator/deployment.yaml b/charts/rabbitmq/templates/cluster-operator/deployment.yaml index 2dbc75a3d7..7dc16370f9 100644 --- a/charts/rabbitmq/templates/cluster-operator/deployment.yaml +++ b/charts/rabbitmq/templates/cluster-operator/deployment.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -16,6 +16,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.clusterOperator.replicaCount }} + revisionHistoryLimit: {{ .Values.clusterOperator.revisionHistoryLimit }} {{- if .Values.clusterOperator.updateStrategy }} strategy: {{- toYaml .Values.clusterOperator.updateStrategy | nindent 4 }} {{- end }} @@ -95,7 +96,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - {{- if not .Values.clusterOperator.watchAllNamespaces }} + {{- if not .Values.clusterOperator.watchAllNamespaces }} {{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.clusterOperator.watchNamespaces }} - name: OPERATOR_SCOPE_NAMESPACE value: {{ join "," $watchNamespaces | quote }} @@ -130,8 +131,7 @@ spec: livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.clusterOperator.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.clusterOperator.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics + tcpSocket: port: http {{- end }} {{- if .Values.clusterOperator.customReadinessProbe }} diff --git a/charts/rabbitmq/templates/cluster-operator/metrics-service.yaml b/charts/rabbitmq/templates/cluster-operator/metrics-service.yaml index 0aa56ba9d0..597b3896ca 100644 --- a/charts/rabbitmq/templates/cluster-operator/metrics-service.yaml +++ b/charts/rabbitmq/templates/cluster-operator/metrics-service.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/cluster-operator/networkpolicy.yaml b/charts/rabbitmq/templates/cluster-operator/networkpolicy.yaml index 852438b749..890194f17a 100644 --- a/charts/rabbitmq/templates/cluster-operator/networkpolicy.yaml +++ b/charts/rabbitmq/templates/cluster-operator/networkpolicy.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/cluster-operator/podmonitor.yaml b/charts/rabbitmq/templates/cluster-operator/podmonitor.yaml index b41be0ed52..f880bff48f 100644 --- a/charts/rabbitmq/templates/cluster-operator/podmonitor.yaml +++ b/charts/rabbitmq/templates/cluster-operator/podmonitor.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/cluster-operator/role.yaml b/charts/rabbitmq/templates/cluster-operator/role.yaml index d4c656d1a7..71c6dd55f1 100644 --- a/charts/rabbitmq/templates/cluster-operator/role.yaml +++ b/charts/rabbitmq/templates/cluster-operator/role.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/cluster-operator/rolebinding.yaml b/charts/rabbitmq/templates/cluster-operator/rolebinding.yaml index a95c8176ce..b903ea8ea3 100644 --- a/charts/rabbitmq/templates/cluster-operator/rolebinding.yaml +++ b/charts/rabbitmq/templates/cluster-operator/rolebinding.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/cluster-operator/service-account.yaml b/charts/rabbitmq/templates/cluster-operator/service-account.yaml index ee15f482e1..848c678888 100644 --- a/charts/rabbitmq/templates/cluster-operator/service-account.yaml +++ b/charts/rabbitmq/templates/cluster-operator/service-account.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/cluster-operator/servicemonitor.yaml b/charts/rabbitmq/templates/cluster-operator/servicemonitor.yaml index d4fab87935..11adb4523a 100644 --- a/charts/rabbitmq/templates/cluster-operator/servicemonitor.yaml +++ b/charts/rabbitmq/templates/cluster-operator/servicemonitor.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -32,22 +32,6 @@ spec: - {{ include "common.names.namespace" . | quote }} endpoints: - port: http - {{- if .Values.clusterOperator.metrics.serviceMonitor.interval }} - interval: {{ .Values.clusterOperator.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.clusterOperator.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.clusterOperator.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.clusterOperator.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{ toYaml .Values.clusterOperator.metrics.serviceMonitor.metricRelabelings | nindent 8 }} - {{- end }} - {{- if .Values.clusterOperator.metrics.serviceMonitor.relabelings }} - relabelings: {{ toYaml .Values.clusterOperator.metrics.serviceMonitor.relabelings | nindent 8 }} - {{- end }} - - port: metrics {{- if .Values.clusterOperator.metrics.serviceMonitor.path }} path: {{ .Values.clusterOperator.metrics.serviceMonitor.path }} {{- end }} @@ -57,12 +41,12 @@ spec: {{- if .Values.clusterOperator.metrics.serviceMonitor.interval }} interval: {{ .Values.clusterOperator.metrics.serviceMonitor.interval }} {{- end }} - {{- if .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} {{- if .Values.clusterOperator.metrics.serviceMonitor.honorLabels }} honorLabels: {{ .Values.clusterOperator.metrics.serviceMonitor.honorLabels }} {{- end }} + {{- if .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} {{- if .Values.clusterOperator.metrics.serviceMonitor.relabelings }} relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} {{- end }} diff --git a/charts/rabbitmq/templates/extra-list.yaml b/charts/rabbitmq/templates/extra-list.yaml index 2d35a580e8..329f5c653a 100644 --- a/charts/rabbitmq/templates/extra-list.yaml +++ b/charts/rabbitmq/templates/extra-list.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/issuer.yaml b/charts/rabbitmq/templates/issuer.yaml index fae6ec8ddd..c85ca339fb 100644 --- a/charts/rabbitmq/templates/issuer.yaml +++ b/charts/rabbitmq/templates/issuer.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/messaging-topology-operator/certificate.yaml b/charts/rabbitmq/templates/messaging-topology-operator/certificate.yaml index 91f7ae7647..76a05c3faa 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/certificate.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/certificate.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/messaging-topology-operator/deployment.yaml b/charts/rabbitmq/templates/messaging-topology-operator/deployment.yaml index ac5fe3f1f3..85b3d44e2d 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/deployment.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/deployment.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -19,6 +19,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.msgTopologyOperator.replicaCount }} + revisionHistoryLimit: {{ .Values.msgTopologyOperator.revisionHistoryLimit }} {{- if .Values.msgTopologyOperator.updateStrategy }} strategy: {{- toYaml .Values.msgTopologyOperator.updateStrategy | nindent 4 }} {{- end }} @@ -104,7 +105,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - {{- if not .Values.msgTopologyOperator.watchAllNamespaces }} + {{- if not .Values.msgTopologyOperator.watchAllNamespaces }} {{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.msgTopologyOperator.watchNamespaces }} - name: OPERATOR_SCOPE_NAMESPACE value: {{ join "," $watchNamespaces | quote }} @@ -127,7 +128,7 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.msgTopologyOperator.resourcesPreset) | nindent 12 }} {{- end }} ports: - - name: http-webhook + - name: https-webhook containerPort: 9443 protocol: TCP - name: http-metrics @@ -138,8 +139,7 @@ spec: livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.msgTopologyOperator.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.msgTopologyOperator.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics + tcpSocket: port: http-metrics {{- end }} {{- if .Values.msgTopologyOperator.customReadinessProbe }} diff --git a/charts/rabbitmq/templates/messaging-topology-operator/metrics-service.yaml b/charts/rabbitmq/templates/messaging-topology-operator/metrics-service.yaml index 46c9f009c8..f57e04f93f 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/metrics-service.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/metrics-service.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/messaging-topology-operator/networkpolicy.yaml b/charts/rabbitmq/templates/messaging-topology-operator/networkpolicy.yaml index 387d9a9bf5..b228558445 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/networkpolicy.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/networkpolicy.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/messaging-topology-operator/podmonitor.yaml b/charts/rabbitmq/templates/messaging-topology-operator/podmonitor.yaml index c09e50b87c..7f09169c32 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/podmonitor.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/podmonitor.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -29,7 +29,7 @@ spec: {{- if .Values.msgTopologyOperator.metrics.podMonitor.selector }} {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.metrics.podMonitor.selector "context" $ ) | nindent 6 }} {{- end }} - app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/component: messaging-topology-operator namespaceSelector: matchNames: - {{ include "common.names.namespace" . | quote }} diff --git a/charts/rabbitmq/templates/messaging-topology-operator/role.yaml b/charts/rabbitmq/templates/messaging-topology-operator/role.yaml index 427df817be..aeffa65e37 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/role.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/role.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/messaging-topology-operator/rolebinding.yaml b/charts/rabbitmq/templates/messaging-topology-operator/rolebinding.yaml index 995310e046..3432b5f8db 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/rolebinding.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/rolebinding.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/messaging-topology-operator/service-account.yaml b/charts/rabbitmq/templates/messaging-topology-operator/service-account.yaml index 10044f819c..52c72ab617 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/service-account.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/service-account.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/messaging-topology-operator/servicemonitor.yaml b/charts/rabbitmq/templates/messaging-topology-operator/servicemonitor.yaml index 05efd2f794..b2a1c843de 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/servicemonitor.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/servicemonitor.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} diff --git a/charts/rabbitmq/templates/messaging-topology-operator/validating-webhook-configuration-custom.yaml b/charts/rabbitmq/templates/messaging-topology-operator/validating-webhook-configuration-custom.yaml new file mode 100644 index 0000000000..c9ff7d05a5 --- /dev/null +++ b/charts/rabbitmq/templates/messaging-topology-operator/validating-webhook-configuration-custom.yaml @@ -0,0 +1,319 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.msgTopologyOperator.customWebhookConfiguration.enabled }} +{{- if .Values.msgTopologyOperator.enabled }} +{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} +{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} +{{/* + If the user does not have cert-manager and is not providing a secret with the certificates, the chart needs to generate the secret + */}} +{{- $secretName := printf "%s" (include "rmqco.msgTopologyOperator.webhook.fullname" .) }} +{{- $ca := genCA "rmq-msg-topology-ca" 365 }} +{{- $cert := genSignedCert (include "rmqco.msgTopologyOperator.fullname" .) nil (list (printf "%s.%s.svc" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .)) (printf "%s.%s.svc.%s" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain)) 365 $ca }} +{{- if and (not .Values.useCertManager) (not .Values.msgTopologyOperator.existingWebhookCertSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +--- +apiVersion: {{ .Values.msgTopologyOperator.customWebhookConfiguration.apiVersion }} +kind: Webhook +metadata: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname.namespace" . }} +spec: + validatingWebhookConfiguration: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 7 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + annotations: + {{- if .Values.useCertManager }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s" (include "common.names.namespace" .) ( include "rmqco.msgTopologyOperator.webhook.secretName" . ) }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 7 }} + {{- end }} + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname.namespace" . }} + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-binding + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vbinding.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - bindings + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-exchange + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vexchange.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - exchanges + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-federation + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vfederation.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - federations + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1alpha1-superstream + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vsuperstream.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - superstreams + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-permission + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vpermission.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - permissions + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-policy + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vpolicy.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-queue + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vqueue.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - queues + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-schemareplication + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vschemareplication.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - schemareplications + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-shovel + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vshovel.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - shovels + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-user + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vuser.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.useCertManager }} + caBundle: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" (default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle) "context" $) }} + {{- end }} + service: + name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + path: /validate-rabbitmq-com-v1beta1-vhost + port: {{ .Values.msgTopologyOperator.service.ports.webhook }} + failurePolicy: Fail + name: vvhost.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - vhosts + sideEffects: None +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rabbitmq/templates/messaging-topology-operator/validating-webhook-configuration.yaml b/charts/rabbitmq/templates/messaging-topology-operator/validating-webhook-configuration.yaml index 2130ebace7..357a42baf6 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/validating-webhook-configuration.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/validating-webhook-configuration.yaml @@ -2,7 +2,7 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} - +{{- if not .Values.msgTopologyOperator.customWebhookConfiguration.enabled }} {{- if .Values.msgTopologyOperator.enabled }} {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} @@ -116,27 +116,6 @@ webhooks: resources: - federations sideEffects: None - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - path: /validate-rabbitmq-com-v1beta1-operatorpolicy - port: {{ .Values.msgTopologyOperator.service.ports.webhook }} - failurePolicy: Fail - name: voperatorpolicy.kb.io - rules: - - apiGroups: - - rabbitmq.com - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - operatorpolicies - sideEffects: None - admissionReviewVersions: - v1 clientConfig: @@ -330,3 +309,4 @@ webhooks: - vhosts sideEffects: None {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rabbitmq/templates/messaging-topology-operator/webhook-service.yaml b/charts/rabbitmq/templates/messaging-topology-operator/webhook-service.yaml index d36eaab758..90acccfefc 100644 --- a/charts/rabbitmq/templates/messaging-topology-operator/webhook-service.yaml +++ b/charts/rabbitmq/templates/messaging-topology-operator/webhook-service.yaml @@ -1,5 +1,5 @@ {{- /* -Copyright VMware, Inc. +Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} @@ -39,9 +39,9 @@ spec: sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.service.sessionAffinityConfig "context" $) | nindent 4 }} {{- end }} ports: - - name: http + - name: https port: {{ .Values.msgTopologyOperator.service.ports.webhook }} - targetPort: http-webhook + targetPort: https-webhook protocol: TCP {{- if (and (or (eq .Values.msgTopologyOperator.service.type "NodePort") (eq .Values.msgTopologyOperator.service.type "LoadBalancer")) (not (empty .Values.msgTopologyOperator.service.nodePorts.http))) }} nodePort: {{ .Values.msgTopologyOperator.service.nodePorts.http }} diff --git a/charts/rabbitmq/values.yaml b/charts/rabbitmq/values.yaml index 7c1b1c848b..8ccdda9484 100644 --- a/charts/rabbitmq/values.yaml +++ b/charts/rabbitmq/values.yaml @@ -1,4 +1,4 @@ -# Copyright VMware, Inc. +# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 ## @section Global parameters @@ -9,7 +9,8 @@ ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) +## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) +## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead ## global: imageRegistry: "" @@ -18,7 +19,13 @@ global: ## - myRegistryKeySecretName ## imagePullSecrets: [] + defaultStorageClass: "" storageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: false ## Compatibility adaptations for Kubernetes platforms ## compatibility: @@ -27,7 +34,7 @@ global: openshift: ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) ## - adaptSecurityContext: disabled + adaptSecurityContext: auto ## @section Common parameters ## @@ -61,8 +68,6 @@ diagnosticMode: ## @section RabbitMQ Cluster Operator Parameters ## -## Bitnami RabbitMQ Image -## ref: https://hub.docker.com/r/bitnami/rabbitmq/tags/ ## @param rabbitmqImage.registry [default: REGISTRY_NAME] RabbitMQ Image registry ## @param rabbitmqImage.repository [default: REPOSITORY_NAME/rabbitmq] RabbitMQ Image repository ## @skip rabbitmqImage.tag RabbitMQ Image tag (immutable tags are recommended) @@ -71,8 +76,8 @@ diagnosticMode: ## rabbitmqImage: registry: docker.io - repository: bitnami/rabbitmq - tag: 3.12.13-debian-12-r2 + repository: adeptiainc/adeptia-connect-rabbitmq + tag: "4.6_beta" digest: "" ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -82,8 +87,6 @@ rabbitmqImage: ## - myRegistryKeySecretName ## pullSecrets: [] -## Bitnami RabbitMQ Default User Credential Updater Image -## ref: https://hub.docker.com/r/bitnami/rmq-default-credential-updater/tags/ ## @param credentialUpdaterImage.registry [default: REGISTRY_NAME] RabbitMQ Default User Credential Updater image registry ## @param credentialUpdaterImage.repository [default: REPOSITORY_NAME/rmq-default-credential-updater] RabbitMQ Default User Credential Updater image repository ## @skip credentialUpdaterImage.tag RabbitMQ Default User Credential Updater image tag (immutable tags are recommended) @@ -92,8 +95,8 @@ rabbitmqImage: ## credentialUpdaterImage: registry: docker.io - repository: bitnami/rmq-default-credential-updater - tag: 1.0.4-debian-12-r14 + repository: adeptiainc/adeptia-connect-rabbitmq-default-credential-updater + tag: "4.6_beta" digest: "" ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -104,8 +107,6 @@ credentialUpdaterImage: ## pullSecrets: [] clusterOperator: - ## Bitnami RabbitMQ Cluster Operator image - ## ref: https://hub.docker.com/r/bitnami/rabbitmq-cluster-operator/tags/ ## @param clusterOperator.image.registry [default: REGISTRY_NAME] RabbitMQ Cluster Operator image registry ## @param clusterOperator.image.repository [default: REPOSITORY_NAME/rabbitmq-cluster-operator] RabbitMQ Cluster Operator image repository ## @skip clusterOperator.image.tag RabbitMQ Cluster Operator image tag (immutable tags are recommended) @@ -115,11 +116,10 @@ clusterOperator: ## image: registry: docker.io - repository: bitnami/rabbitmq-cluster-operator - tag: 2.7.0-debian-12-r8 + repository: adeptiainc/adeptia-connect-rabbitmq-cluster-operator + tag: "4.6_beta" digest: "" ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent @@ -131,6 +131,9 @@ clusterOperator: ## - myRegistryKeySecretName ## pullSecrets: [] + ## @param clusterOperator.revisionHistoryLimit sets number of replicaset to keep in k8s + ## + revisionHistoryLimit: 10 ## @param clusterOperator.watchAllNamespaces Watch for resources in all namespaces ## watchAllNamespaces: true @@ -207,10 +210,9 @@ clusterOperator: customStartupProbe: {} ## RabbitMQ Cluster Operator resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param clusterOperator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if clusterOperator.resources is set (clusterOperator.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## @param clusterOperator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if clusterOperator.resources is set (clusterOperator.resources is recommended for production). ## - resourcesPreset: "none" + resourcesPreset: "nano" ## @param clusterOperator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: @@ -222,6 +224,16 @@ clusterOperator: ## memory: 1024Mi ## resources: {} + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## @param clusterOperator.pdb.create Enable a Pod Disruption Budget creation + ## @param clusterOperator.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param clusterOperator.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param clusterOperator.podSecurityContext.enabled Enabled RabbitMQ Cluster Operator pods' Security Context @@ -251,7 +263,7 @@ clusterOperator: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true @@ -437,6 +449,7 @@ clusterOperator: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} + ## RBAC configuration ## rbac: @@ -454,14 +467,6 @@ clusterOperator: ## - resources: A list of resource names (e.g., ["configmaps", "pods"]). ## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]). customRules: [] - ## @param clusterOperator.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. - ## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole - ## e.g: - ## extraRules: - ## - apiGroups: A list of API groups (e.g., [""], ["apps"]). - ## - resources: A list of resource names (e.g., ["configmaps", "pods"]). - ## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]). - extraRules: [] ## ServiceAccount configuration ## serviceAccount: @@ -471,7 +476,7 @@ clusterOperator: ## @param clusterOperator.serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## - name: "" + name: "adeptia-rabbitmq-cluster-operator" ## @param clusterOperator.serviceAccount.annotations Add annotations ## annotations: {} @@ -556,7 +561,6 @@ clusterOperator: ## honorLabels: false ## @param clusterOperator.metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## e.g: ## selector: ## prometheus: my-prometheus @@ -605,7 +609,6 @@ clusterOperator: ## honorLabels: false ## @param clusterOperator.metrics.podMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration selector: {} ## @param clusterOperator.metrics.podMonitor.interval Specify the interval at which metrics should be scraped ## @@ -633,9 +636,12 @@ clusterOperator: msgTopologyOperator: ## @param msgTopologyOperator.enabled Deploy RabbitMQ Messaging Topology Operator as part of the installation ## + customWebhookConfiguration: + #set customWebhookConfiguration.enabled value to true if you want to define custom webhook configuration + enabled: false + #enter the apiVersion of custom webhook configuration + apiVersion: enabled: true - ## Bitnami RabbitMQ Messaging Topology Operator image - ## ref: https://hub.docker.com/r/bitnami/rmq-messaging-topology-operator/tags/ ## @param msgTopologyOperator.image.registry [default: REGISTRY_NAME] RabbitMQ Messaging Topology Operator image registry ## @param msgTopologyOperator.image.repository [default: REPOSITORY_NAME/rmq-messaging-topology-operator] RabbitMQ Messaging Topology Operator image repository ## @skip msgTopologyOperator.image.tag RabbitMQ Messaging Topology Operator image tag (immutable tags are recommended) @@ -645,11 +651,10 @@ msgTopologyOperator: ## image: registry: docker.io - repository: bitnami/rmq-messaging-topology-operator - tag: 1.13.0-debian-12-r7 + repository: adeptiainc/adeptia-connect-rabbitmq-messaging-topology-operator + tag: "4.6_beta" digest: "" ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent @@ -661,6 +666,9 @@ msgTopologyOperator: ## - myRegistryKeySecretName ## pullSecrets: [] + ## @param msgTopologyOperator.revisionHistoryLimit sets number of replicaset to keep in k8s + ## + revisionHistoryLimit: 10 ## @param msgTopologyOperator.watchAllNamespaces Watch for resources in all namespaces ## watchAllNamespaces: true @@ -741,6 +749,9 @@ msgTopologyOperator: ## @param msgTopologyOperator.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} + ## @param msgTopologyOperator.skipCreateAdmissionWebhookConfig skip creation of ValidationWebhookConfiguration + ## + skipCreateAdmissionWebhookConfig: false ## @param msgTopologyOperator.existingWebhookCertSecret name of a secret containing the certificates (use it to avoid certManager creating one) ## existingWebhookCertSecret: "" @@ -749,10 +760,9 @@ msgTopologyOperator: existingWebhookCertCABundle: "" ## RabbitMQ Messaging Topology Operator resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param msgTopologyOperator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if msgTopologyOperator.resources is set (msgTopologyOperator.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## @param msgTopologyOperator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if msgTopologyOperator.resources is set (msgTopologyOperator.resources is recommended for production). ## - resourcesPreset: "none" + resourcesPreset: "nano" ## @param msgTopologyOperator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: @@ -764,6 +774,16 @@ msgTopologyOperator: ## memory: 1024Mi ## resources: {} + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## @param msgTopologyOperator.pdb.create Enable a Pod Disruption Budget creation + ## @param msgTopologyOperator.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param msgTopologyOperator.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param msgTopologyOperator.podSecurityContext.enabled Enabled RabbitMQ Messaging Topology Operator pods' Security Context @@ -793,7 +813,7 @@ msgTopologyOperator: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true @@ -924,59 +944,6 @@ msgTopologyOperator: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## Webhook service parameters - ## - service: - ## @param msgTopologyOperator.service.type RabbitMQ Messaging Topology Operator webhook service type - ## - type: ClusterIP - ## @param msgTopologyOperator.service.ports.webhook RabbitMQ Messaging Topology Operator webhook service HTTP port - ## - ports: - webhook: 443 - ## Node ports to expose - ## @param msgTopologyOperator.service.nodePorts.http Node port for HTTP - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: "" - ## @param msgTopologyOperator.service.clusterIP RabbitMQ Messaging Topology Operator webhook service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param msgTopologyOperator.service.loadBalancerIP RabbitMQ Messaging Topology Operator webhook service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param msgTopologyOperator.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param msgTopologyOperator.service.loadBalancerSourceRanges RabbitMQ Messaging Topology Operator webhook service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param msgTopologyOperator.service.externalTrafficPolicy RabbitMQ Messaging Topology Operator webhook service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param msgTopologyOperator.service.annotations Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service - ## - annotations: {} - ## @param msgTopologyOperator.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param msgTopologyOperator.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -1035,6 +1002,60 @@ msgTopologyOperator: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} + + ## Webhook service parameters + ## + service: + ## @param msgTopologyOperator.service.type RabbitMQ Messaging Topology Operator webhook service type + ## + type: ClusterIP + ## @param msgTopologyOperator.service.ports.webhook RabbitMQ Messaging Topology Operator webhook service HTTP port + ## + ports: + webhook: 443 + ## Node ports to expose + ## @param msgTopologyOperator.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param msgTopologyOperator.service.clusterIP RabbitMQ Messaging Topology Operator webhook service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param msgTopologyOperator.service.loadBalancerIP RabbitMQ Messaging Topology Operator webhook service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param msgTopologyOperator.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param msgTopologyOperator.service.loadBalancerSourceRanges RabbitMQ Messaging Topology Operator webhook service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param msgTopologyOperator.service.externalTrafficPolicy RabbitMQ Messaging Topology Operator webhook service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param msgTopologyOperator.service.annotations Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service + ## + annotations: {} + ## @param msgTopologyOperator.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param msgTopologyOperator.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} ## RBAC configuration ## rbac: @@ -1044,7 +1065,7 @@ msgTopologyOperator: ## ClusterRole parameters ## clusterRole: - ## @param msgTopologyOperator.rbac.clusterRole.customRules Define custom access rules for the ClusterRole + ## @param clusterOperator.rbac.clusterRole.customRules Define custom access rules for the ClusterRole ## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole ## e.g: ## customRules: @@ -1052,14 +1073,6 @@ msgTopologyOperator: ## - resources: A list of resource names (e.g., ["configmaps", "pods"]). ## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]). customRules: [] - ## @param msgTopologyOperator.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. - ## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole - ## e.g: - ## extraRules: - ## - apiGroups: A list of API groups (e.g., [""], ["apps"]). - ## - resources: A list of resource names (e.g., ["configmaps", "pods"]). - ## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]). - extraRules: [] ## ServiceAccount configuration ## serviceAccount: @@ -1069,7 +1082,7 @@ msgTopologyOperator: ## @param msgTopologyOperator.serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## - name: "" + name: "adeptia-rabbitmq-messaging-topology-operator" ## @param msgTopologyOperator.serviceAccount.annotations Add annotations ## annotations: {} @@ -1154,7 +1167,6 @@ msgTopologyOperator: ## additionalLabels: {} ## @param msgTopologyOperator.metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## e.g: ## selector: ## prometheus: my-prometheus @@ -1196,7 +1208,6 @@ msgTopologyOperator: ## honorLabels: false ## @param msgTopologyOperator.metrics.podMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration selector: {} ## @param msgTopologyOperator.metrics.podMonitor.interval Specify the interval at which metrics should be scraped ## diff --git a/rabbitmq-cluster-operator-4.4.34.tgz b/rabbitmq-cluster-operator-4.4.34.tgz new file mode 100644 index 0000000000..1de0e41f8a Binary files /dev/null and b/rabbitmq-cluster-operator-4.4.34.tgz differ diff --git a/rabbitmq-cluster-operator-4.6.81.tgz b/rabbitmq-cluster-operator-4.6.81.tgz new file mode 100644 index 0000000000..d5cac43aaa Binary files /dev/null and b/rabbitmq-cluster-operator-4.6.81.tgz differ diff --git a/values/rabbitmq/rabbitmq.gotmpl b/values/rabbitmq/rabbitmq.gotmpl index ce8352b785..df11c9cb0b 100644 --- a/values/rabbitmq/rabbitmq.gotmpl +++ b/values/rabbitmq/rabbitmq.gotmpl @@ -20,7 +20,4 @@ global: {{- with $v.otomi | get "globalPullSecret" nil }} imagePullSecrets: - otomi-pullsecret-global -{{- end }} -{{- if $v.otomi.linodeLkeImageRepository }} - imageRegistry: "{{$v.otomi.linodeLkeImageRepository }}/docker" {{- end }} \ No newline at end of file