From 9cdc86089d3c9e57f2a8fd59aa2e920fb61908a8 Mon Sep 17 00:00:00 2001 From: vtuson Date: Tue, 3 Apr 2018 18:02:06 +0200 Subject: [PATCH] use default k8s cluster plugin from rabbitmq (#4591) * use default k8s cluster plugin from rabbitmq * changes to reflect pr review comments * remove trailing spaces * futher changes from PR review * doing sed in the copy as it fails in gce due to filesystem permisions when starting the pod --- stable/rabbitmq/Chart.yaml | 2 +- stable/rabbitmq/README.md | 50 +++-- stable/rabbitmq/templates/NOTES.txt | 15 +- stable/rabbitmq/templates/_helpers.tpl | 7 + stable/rabbitmq/templates/configuration.yaml | 19 ++ stable/rabbitmq/templates/deployment.yaml | 96 ---------- stable/rabbitmq/templates/ingress.yaml | 41 ++++ stable/rabbitmq/templates/pvc.yaml | 5 + stable/rabbitmq/templates/role.yaml | 15 ++ stable/rabbitmq/templates/rolebinding.yaml | 18 ++ stable/rabbitmq/templates/secrets.yaml | 12 +- stable/rabbitmq/templates/serviceaccount.yaml | 11 ++ stable/rabbitmq/templates/statefulset.yaml | 150 +++++++++++++++ stable/rabbitmq/templates/svc.yaml | 12 +- stable/rabbitmq/values-production.yaml | 170 +++++++++++++++++ stable/rabbitmq/values.yaml | 179 ++++++++++++------ 16 files changed, 615 insertions(+), 187 deletions(-) create mode 100644 stable/rabbitmq/templates/configuration.yaml delete mode 100644 stable/rabbitmq/templates/deployment.yaml create mode 100644 stable/rabbitmq/templates/ingress.yaml create mode 100644 stable/rabbitmq/templates/role.yaml create mode 100644 stable/rabbitmq/templates/rolebinding.yaml create mode 100644 stable/rabbitmq/templates/serviceaccount.yaml create mode 100644 stable/rabbitmq/templates/statefulset.yaml create mode 100644 stable/rabbitmq/values-production.yaml diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index 754218479f93..5652d4c3abe2 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,5 +1,5 @@ name: rabbitmq -version: 0.6.27 +version: 0.7.1 appVersion: 3.7.4 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/README.md b/stable/rabbitmq/README.md index 0d8291d9234b..9966f49339dd 100644 --- a/stable/rabbitmq/README.md +++ b/stable/rabbitmq/README.md @@ -45,27 +45,43 @@ The following table lists the configurable parameters of the RabbitMQ chart and | Parameter | Description | Default | |-----------------------------|---------------------------------------------------------|----------------------------------------------------------| -| `image` | RabbitMQ image | `bitnami/rabbitmq:{VERSION}` | -| `imagePullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent`. | -| `rabbitmqUsername` | RabbitMQ application username | `user` | -| `rabbitmqPassword` | RabbitMQ application password | _random 10 character long alphanumeric string_ | -| `rabbitmqErlangCookie` | Erlang cookie | _random 32 character long alphanumeric string_ | -| `rabbitmqNodePort` | Node port | `5672` | -| `rabbitmqNodeType` | Node type | `stats` | -| `rabbitmqNodeName` | Node name | `rabbit` | -| `rabbitmqClusterNodeName` | Node name to cluster with. e.g.: `clusternode@hostname` | `nil` | -| `rabbitmqVhost` | RabbitMQ application vhost | `/` | -| `rabbitmqManagerPort` | RabbitMQ Manager port | `15672` | -| `rabbitmqDiskFreeLimit` | Disk free limit | `"6GiB"` | +| `image.registry` | Rabbitmq Image registry | `docker.io` | +| `image.repository` | Rabbitmq Image name | `bitnami/rabbitmq` | +| `image.tag` | Rabbitmq Image tag | `{VERSION}` | +| `image.pullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | +| `image.pullSecrets` | Specify docker-ragistry secret names as an array | `nil` | +| `image.debug` | Specify if debug values should be set | `false` | +| `rbacEnabled` | Specify if rbac is enabled in your cluster | `false` | +| `rabbitmq.username` | RabbitMQ application username | `user` | +| `rabbitmq.password` | RabbitMQ application password | _random 10 character long alphanumeric string_ | +| `rabbitmq.erlangCookie` | Erlang cookie | _random 32 character long alphanumeric string_ | +| `rabbitmq.nodePort` | Node port | `5672` | +| `rabbitmq.managerPort` | RabbitMQ Manager port | `15672` | +| `rabbitmq.diskFreeLimit` | Disk free limit | `"6GiB"` | +| `rabbitmq.plugins` | configuration file for plugins to enable | `[rabbitmq_management,rabbitmq_peer_discovery_k8s].` | +| `rabbitmq.configuration` | rabbitmq.conf content | see values.yaml | | `serviceType` | Kubernetes Service type | `ClusterIP` | | `persistence.enabled` | Use a PVC to persist data | `true` | | `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | | `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) | | `persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` | | `persistence.size` | Size of data volume | `8Gi` | +| `resources` | resource needs and limits to apply to the pod | {} | | `nodeSelector` | Node labels for pod assignment | {} | | `affinity` | Affinity settings for pod assignment | {} | | `tolerations` | Toleration labels for pod assignment | [] | +| `ingress.enabled` | enable ingress for management console | `false` | +| `ingress.tls` | enable ingress with tls | `false` | +| `ingress.tlsSecret` | tls type secret to be used | `myTlsSecret` | +| `ingress.annotations` | ingress annotations as an array | [] | +| `livenessProbe.enabled` | would you like a livessProbed to be enabled | `true` | +| `livenessProbe.initialDelaySeconds` | number of seconds | 120 | +| `livenessProbe.timeoutSeconds` | number of seconds | 5 | +| `livenessProbe.failureThreshold` | number of faliures | 6 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | number of seconds | 10 | +| `readinessProbe.timeoutSeconds` | number of seconds | 3 | +| `readinessProbe.periodSeconds ` | number of seconds | 5 | The above parameters map to the env variables defined in [bitnami/rabbitmq](http://github.com/bitnami/bitnami-docker-rabbitmq). For more information please refer to the [bitnami/rabbitmq](http://github.com/bitnami/bitnami-docker-rabbitmq) image documentation. @@ -73,11 +89,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```bash $ helm install --name my-release \ - --set rabbitmqUsername=admin,rabbitmqPassword=secretpassword,rabbitmqErlangCookie=secretcookie \ + --set rabbitmq.username=admin,rabbitmq.password=secretpassword,rabbitmq.erlangCookie=secretcookie \ stable/rabbitmq ``` -The above command sets the RabbitMQ admin username and password to `admin` and `secretpassword` respectively. Additionally, the secure erlang cookie is set to `secretcookie`. +The above command sets the RabbitMQ admin username and password to `admin` and `secretpassword` respectively. Additionally the secure erlang cookie is set to `secretcookie`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, @@ -87,6 +103,12 @@ $ helm install --name my-release -f values.yaml stable/rabbitmq > **Tip**: You can use the default [values.yaml](values.yaml) +## Production configuration +A standard configuration is provided by default that will run on most development environments. To operate this chart in a production environment, we recommend you use the alternative file values-production.yaml provided in this repository. +```bash +$ helm install --name my-release -f values-production.yaml stable/rabbitmq +``` + ## Persistence The [Bitnami RabbitMQ](https://github.com/bitnami/bitnami-docker-rabbitmq) image stores the RabbitMQ data and configurations at the `/bitnami/rabbitmq` path of the container. diff --git a/stable/rabbitmq/templates/NOTES.txt b/stable/rabbitmq/templates/NOTES.txt index f6c45d4a766f..d8385ed50f88 100644 --- a/stable/rabbitmq/templates/NOTES.txt +++ b/stable/rabbitmq/templates/NOTES.txt @@ -3,11 +3,11 @@ Credentials: - echo Username : {{ .Values.rabbitmqUsername }} + echo Username : {{ .Values.rabbitmq.username }} echo Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "rabbitmq.fullname" . }} -o jsonpath="{.data.rabbitmq-password}" | base64 --decode) echo ErLang Cookie : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "rabbitmq.fullname" . }} -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 --decode) - RabbitMQ can be accessed within the cluster on port {{ .Values.rabbitmqNodePort }} at {{ template "rabbitmq.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + RabbitMQ can be accessed within the cluster on port {{ .Values.rabbitmq.nodePort }} at {{ template "rabbitmq.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local To access for outside the cluster execute the following commands: @@ -34,22 +34,21 @@ To Access the RabbitMQ AMQP port: - echo amqp://$SERVICE_IP:{{ .Values.rabbitmqNodePort }}/ + echo amqp://$SERVICE_IP:{{ .Values.rabbitmq.nodePort }}/ To Access the RabbitMQ Management interface: - echo http://$SERVICE_IP:{{ .Values.rabbitmqManagerPort }}/ + echo http://$SERVICE_IP:{{ .Values.rabbitmq.managerPort }}/ {{- else if contains "ClusterIP" .Values.serviceType }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "rabbitmq.fullname" . }}" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME {{ .Values.rabbitmqNodePort }}:{{ .Values.rabbitmqNodePort }} {{ .Values.rabbitmqManagerPort }}:{{ .Values.rabbitmqManagerPort }} + kubectl port-forward {{ template "rabbitmq.fullname" . }}-0 --namespace {{ .Release.Namespace }} {{ .Values.rabbitmq.nodePort }}:{{ .Values.rabbitmq.nodePort }} {{ .Values.rabbitmq.managerPort }}:{{ .Values.rabbitmq.managerPort }} To Access the RabbitMQ AMQP port: - echo amqp://127.0.0.1:{{ .Values.rabbitmqNodePort }}/ + echo amqp://127.0.0.1:{{ .Values.rabbitmq.nodePort }}/ To Access the RabbitMQ Management interface: - echo URL : http://127.0.0.1:{{ .Values.rabbitmqManagerPort }} + echo URL : http://127.0.0.1:{{ .Values.rabbitmq.managerPort }} {{- end }} diff --git a/stable/rabbitmq/templates/_helpers.tpl b/stable/rabbitmq/templates/_helpers.tpl index 7880a96b8dda..bff1dbccdcc3 100644 --- a/stable/rabbitmq/templates/_helpers.tpl +++ b/stable/rabbitmq/templates/_helpers.tpl @@ -23,3 +23,10 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} {{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "rabbitmq.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} \ No newline at end of file diff --git a/stable/rabbitmq/templates/configuration.yaml b/stable/rabbitmq/templates/configuration.yaml new file mode 100644 index 000000000000..fc8dbffd412f --- /dev/null +++ b/stable/rabbitmq/templates/configuration.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "rabbitmq.fullname" . }}-config + labels: + app: {{ template "rabbitmq.name" . }} + chart: {{ template "rabbitmq.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + enabled_plugins: |- +{{ .Values.rabbitmq.plugins | indent 4 }} + rabbitmq.conf: |- + ##username and password + default_user={{.Values.rabbitmq.username}} + default_pass=CHANGEME +{{ .Values.rabbitmq.configuration | indent 4 }} + + \ No newline at end of file diff --git a/stable/rabbitmq/templates/deployment.yaml b/stable/rabbitmq/templates/deployment.yaml deleted file mode 100644 index 5ac2c0d7415f..000000000000 --- a/stable/rabbitmq/templates/deployment.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ template "rabbitmq.fullname" . }} - labels: - app: {{ template "rabbitmq.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - template: - metadata: - labels: - app: {{ template "rabbitmq.fullname" . }} - spec: -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} - containers: - - name: {{ template "rabbitmq.fullname" . }} - image: "{{ .Values.image }}" - imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} - env: - - name: RABBITMQ_USERNAME - value: {{ default "" .Values.rabbitmqUsername | quote }} - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "rabbitmq.fullname" . }} - key: rabbitmq-password - - name: RABBITMQ_ERL_COOKIE - valueFrom: - secretKeyRef: - name: {{ template "rabbitmq.fullname" . }} - key: rabbitmq-erlang-cookie - - name: RABBITMQ_NODE_PORT_NUMBER - value: {{ default "5672" .Values.rabbitmqNodePort | quote }} - - name: RABBITMQ_NODE_TYPE - value: {{ default "stats" .Values.rabbitmqNodeType | quote }} - - name: RABBITMQ_NODE_NAME - value: {{ printf "%s@%s" (default "rabbit" .Values.rabbitmqNodeName) "localhost" | quote }} - - name: RABBITMQ_CLUSTER_NODE_NAME - value: {{ default "" .Values.rabbitmqClusterNodeName | quote }} - - name: RABBITMQ_VHOST - value: {{ default "/" .Values.rabbitmqVhost | quote }} - - name: RABBITMQ_MANAGER_PORT_NUMBER - value: {{ default "15672" .Values.rabbitmqManagerPort | quote }} - - name: RABBITMQ_DISK_FREE_LIMIT - value: {{ default "\"8GiB\"" .Values.rabbitmqDiskFreeLimit | quote }} - ports: - - name: epmd - containerPort: 4369 - - name: amqp - containerPort: {{ default "5672" .Values.rabbitmqNodePort }} - - name: dist - containerPort: {{ default "5672" .Values.rabbitmqNodePort | add 20000 }} - - name: stats - containerPort: {{ default "15672" .Values.rabbitmqManagerPort }} - livenessProbe: - exec: - command: - - rabbitmqctl - - status - initialDelaySeconds: 120 - timeoutSeconds: 5 - failureThreshold: 6 - readinessProbe: - exec: - command: - - rabbitmqctl - - status - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 5 - volumeMounts: - - name: data - mountPath: /bitnami/rabbitmq - resources: -{{ toYaml .Values.resources | indent 10 }} - volumes: - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "rabbitmq.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end -}} diff --git a/stable/rabbitmq/templates/ingress.yaml b/stable/rabbitmq/templates/ingress.yaml new file mode 100644 index 000000000000..4c0f21ac6b4f --- /dev/null +++ b/stable/rabbitmq/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: "{{ template "rabbitmq.fullname" . }}" + labels: + app: {{ template "rabbitmq.name" . }} + chart: {{ template "rabbitmq.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.ingress.tls }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- if .Values.ingress.hostName }} + - host: {{ .Values.ingress.hostName }} + http: + {{- else }} + - http: + {{- end }} + paths: + - path: {{ default "/" .path }} + backend: + serviceName: {{ template "rabbitmq.fullname" . }} + servicePort: {{ .Values.rabbitmq.managerPort }} +{{- if .Values.ingress.tls }} + tls: + - hosts: + {{- if .Values.ingress.hostName }} + - {{ .Values.ingress.hostName }} + secretName: {{ .Values.ingress.tlsSecret }} + {{- else}} + - secretName: {{ .Values.ingress.tlsSecret }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/rabbitmq/templates/pvc.yaml b/stable/rabbitmq/templates/pvc.yaml index 455e2d80c65b..2d62f9bff4e2 100644 --- a/stable/rabbitmq/templates/pvc.yaml +++ b/stable/rabbitmq/templates/pvc.yaml @@ -3,6 +3,11 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ template "rabbitmq.fullname" . }} + labels: + app: {{ template "rabbitmq.name" . }} + chart: {{ template "rabbitmq.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" spec: accessModes: - {{ .Values.persistence.accessMode | quote }} diff --git a/stable/rabbitmq/templates/role.yaml b/stable/rabbitmq/templates/role.yaml new file mode 100644 index 000000000000..f4bea319cca2 --- /dev/null +++ b/stable/rabbitmq/templates/role.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbacEnabled }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "rabbitmq.fullname" . }}-endpoint-reader + labels: + app: {{ template "rabbitmq.name" . }} + chart: {{ template "rabbitmq.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: +- apiGroups: [""] + resources: ["endpoints"] + verbs: ["get"] +{{- end }} diff --git a/stable/rabbitmq/templates/rolebinding.yaml b/stable/rabbitmq/templates/rolebinding.yaml new file mode 100644 index 000000000000..aa8ad8afd1e8 --- /dev/null +++ b/stable/rabbitmq/templates/rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbacEnabled }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "rabbitmq.fullname" . }}-endpoint-reader + labels: + app: {{ template "rabbitmq.name" . }} + chart: {{ template "rabbitmq.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +subjects: +- kind: ServiceAccount + name: rabbitmq +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "rabbitmq.fullname" . }}-endpoint-reader +{{- end }} diff --git a/stable/rabbitmq/templates/secrets.yaml b/stable/rabbitmq/templates/secrets.yaml index 4ae5fd0d19c7..b5362f142f34 100644 --- a/stable/rabbitmq/templates/secrets.yaml +++ b/stable/rabbitmq/templates/secrets.yaml @@ -3,19 +3,19 @@ kind: Secret metadata: name: {{ template "rabbitmq.fullname" . }} labels: - app: {{ template "rabbitmq.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: {{ template "rabbitmq.name" . }} + chart: {{ template "rabbitmq.chart" . }} release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" type: Opaque data: - {{ if .Values.rabbitmqPassword }} - rabbitmq-password: {{ .Values.rabbitmqPassword | b64enc | quote }} + {{ if .Values.rabbitmq.password }} + rabbitmq-password: {{ .Values.rabbitmq.password | b64enc | quote }} {{ else }} rabbitmq-password: {{ randAlphaNum 10 | b64enc | quote }} {{ end }} - {{ if .Values.rabbitmqErlangCookie }} - rabbitmq-erlang-cookie: {{ .Values.rabbitmqErlangCookie | b64enc | quote }} + {{ if .Values.rabbitmq.erlangCookie }} + rabbitmq-erlang-cookie: {{ .Values.rabbitmq.erlangCookie | b64enc | quote }} {{ else }} rabbitmq-erlang-cookie: {{ randAlphaNum 32 | b64enc | quote }} {{ end }} diff --git a/stable/rabbitmq/templates/serviceaccount.yaml b/stable/rabbitmq/templates/serviceaccount.yaml new file mode 100644 index 000000000000..19b4911abeae --- /dev/null +++ b/stable/rabbitmq/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbacEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "rabbitmq.fullname" . }} + labels: + app: {{ template "rabbitmq.name" . }} + chart: {{ template "rabbitmq.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- end }} diff --git a/stable/rabbitmq/templates/statefulset.yaml b/stable/rabbitmq/templates/statefulset.yaml new file mode 100644 index 000000000000..30008dccb441 --- /dev/null +++ b/stable/rabbitmq/templates/statefulset.yaml @@ -0,0 +1,150 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "rabbitmq.fullname" . }} + labels: + app: {{ template "rabbitmq.name" . }} + chart: {{ template "rabbitmq.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + serviceName: {{ template "rabbitmq.fullname" . }} + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "rabbitmq.name" . }} + template: + metadata: + labels: + app: {{ template "rabbitmq.name" . }} + spec: + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- if .Values.rbacEnabled}} + serviceAccountName: {{ template "rabbitmq.fullname" . }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: 10 + containers: + - name: {{ template "rabbitmq.fullname" . }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - bash + - -ec + - | + #create the var/lib/rabbitmq directory under the bitnami folder + mkdir -p /opt/bitnami/rabbitmq/var/lib/rabbitmq/ + + #persist the erlang cookie in both places for server and cli tools + echo $RABBITMQ_ERL_COOKIE > /opt/bitnami/rabbitmq/var/lib/rabbitmq/.erlang.cookie + cp /opt/bitnami/rabbitmq/var/lib/rabbitmq/.erlang.cookie /root + + #change permision so only the user has access to the cookie file + chmod 400 /root/.erlang.cookie + chmod 400 /opt/bitnami/rabbitmq/var/lib/rabbitmq/.erlang.cookie + + #copy the mounted configuration to both places + cp /opt/bitnami/rabbitmq/conf/* /opt/bitnami/rabbitmq/etc/rabbitmq + + #replace the default password that is generated + sed -i "s/CHANGEME/$RABBITMQ_PASSWORD/g" /opt/bitnami/rabbitmq/etc/rabbitmq/rabbitmq.conf + + exec rabbitmq-server + {{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- end }} + volumeMounts: + - name: config-volume + mountPath: /opt/bitnami/rabbitmq/conf + - name: data + mountPath: /bitnami/rabbitmq + ports: + - name: epmd + containerPort: 4369 + - name: amqp + containerPort: {{ .Values.rabbitmq.nodePort }} + - name: dist + containerPort: {{ .Values.rabbitmq.nodePort | add 20000 }} + - name: stats + containerPort: {{ .Values.rabbitmq.managerPort }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - rabbitmqctl + - status + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - rabbitmqctl + - status + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + {{- end }} + env: + {{- if .Values.image.debug}} + - name: BASH_DEBUG + value: 1 + - name: NAMI_DEBUG + value: 1 + {{- end }} + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: RABBITMQ_USE_LONGNAME + value: "true" + - name: RABBITMQ_NODENAME + value: "rabbit@$(MY_POD_IP)" + - name: K8S_SERVICE_NAME + value: "{{ template "rabbitmq.fullname" . }}" + - name: RABBITMQ_ERL_COOKIE + valueFrom: + secretKeyRef: + name: {{ template "rabbitmq.fullname" . }} + key: rabbitmq-erlang-cookie + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "rabbitmq.fullname" . }} + key: rabbitmq-password + volumes: + - name: config-volume + configMap: + name: {{ template "rabbitmq.fullname" . }}-config + items: + - key: rabbitmq.conf + path: rabbitmq.conf + - key: enabled_plugins + path: enabled_plugins + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "rabbitmq.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end -}} + \ No newline at end of file diff --git a/stable/rabbitmq/templates/svc.yaml b/stable/rabbitmq/templates/svc.yaml index a429c288c5fe..f0fe9696dec5 100644 --- a/stable/rabbitmq/templates/svc.yaml +++ b/stable/rabbitmq/templates/svc.yaml @@ -3,8 +3,8 @@ kind: Service metadata: name: {{ template "rabbitmq.fullname" . }} labels: - app: {{ template "rabbitmq.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: {{ template "rabbitmq.name" . }} + chart: {{ template "rabbitmq.chart" . }} release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" spec: @@ -14,13 +14,13 @@ spec: port: 4369 targetPort: epmd - name: amqp - port: {{ default "5672" .Values.rabbitmqNodePort }} + port: {{ .Values.rabbitmq.nodePort }} targetPort: amqp - name: dist - port: {{ default "5672" .Values.rabbitmqNodePort | add 20000 }} + port: {{ .Values.rabbitmq.nodePort | add 20000 }} targetPort: dist - name: stats - port: {{ default "15672" .Values.rabbitmqManagerPort }} + port: {{ .Values.rabbitmq.managerPort }} targetPort: stats selector: - app: {{ template "rabbitmq.fullname" . }} + app: {{ template "rabbitmq.name" . }} diff --git a/stable/rabbitmq/values-production.yaml b/stable/rabbitmq/values-production.yaml new file mode 100644 index 000000000000..2e1ffd25dc82 --- /dev/null +++ b/stable/rabbitmq/values-production.yaml @@ -0,0 +1,170 @@ +## Bitnami RabbitMQ image version +## ref: https://hub.docker.com/r/bitnami/rabbitmq/tags/ +## +image: + registry: docker.io + repository: bitnami/rabbitmq + tag: 3.7.4-r1 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + + ## set to true if you would like to see extra information on logs + ## it turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + + +## does your cluster have rbac enabled? +rbacEnabled: true + +## section of specific values for rabbitmq +rabbitmq: + ## RabbitMQ application username + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq/blob/master/README.md#creating-a-database-user-on-first-run + ## + username: user + + ## RabbitMQ application password + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq/blob/master/README.md#creating-a-database-user-on-first-run + ## + # password: + + ## Erlang cookie to determine whether different nodes are allowed to communicate with each other + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + # erlangCookie: + + ## Node port + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + nodePort: 5672 + + ## Node name to cluster with. e.g.: `clusternode@hostname` + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + # rabbitmqClusterNodeName: + + ## RabbitMQ Manager port + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + managerPort: 15672 + + ## RabbitMQ Disk free limit + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## ref: https://www.rabbitmq.com/disk-alarms.html + ## + diskFreeLimit: '"6GiB"' + + ## Plugins to enable + plugins: |- + [rabbitmq_management,rabbitmq_peer_discovery_k8s]. + + ## Configution file content + configuration: |- + ## Clustering + cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s + cluster_formation.k8s.host = kubernetes.default.svc.cluster.local + cluster_formation.k8s.address_type = ip + cluster_formation.node_cleanup.interval = 10 + cluster_formation.node_cleanup.only_log_warning = false + cluster_partition_handling = autoheal + ## queue master locator + queue_master_locator=min-masters + ## enable guest user + loopback_users.guest = false +## Kubernetes service type +serviceType: ClusterIP + +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + ## rabbitmq data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + + # If you change this value, you might have to adjust `rabbitmq.diskFreeLimit` as well. + size: 8Gi + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 100m + +## Replica count, set to 3 to provide a default available cluster +replicas: 3 + +## Node labels and tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature +nodeSelector: + beta.kubernetes.io/arch: amd64 +tolerations: [] +affinity: {} + +## Configure the ingress resource that allows you to access the +## Wordpress installation. Set up the URL +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## Set to true to enable ingress record generation + enabled: false + + ## The list of hostnames to be covered with this ingress record. + ## Most likely this will be just one host, but in the event more hosts are needed, this is an array + ## hostName: foo.bar.com + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend wordpress service will be connected at port 443 + tls: true + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: myTlsSecret + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + #The following settings are to configure the frequency of the lifeness and readiness probes +livenessProbe: + enabled: true + initialDelaySeconds: 120 + timeoutSeconds: 5 + failureThreshold: 6 + +readinessProbe: + enabled: true + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 5 diff --git a/stable/rabbitmq/values.yaml b/stable/rabbitmq/values.yaml index b4d344607465..02c26484f352 100644 --- a/stable/rabbitmq/values.yaml +++ b/stable/rabbitmq/values.yaml @@ -1,70 +1,92 @@ ## Bitnami RabbitMQ image version ## ref: https://hub.docker.com/r/bitnami/rabbitmq/tags/ ## -image: bitnami/rabbitmq:3.7.4-r1 - -## Specify a imagePullPolicy -## 'Always' if imageTag is 'latest', else set to 'IfNotPresent' -## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images -## -# imagePullPolicy: - -## RabbitMQ application username -## ref: https://github.com/bitnami/bitnami-docker-rabbitmq/blob/master/README.md#creating-a-database-user-on-first-run -## -rabbitmqUsername: user - -## RabbitMQ application password -## ref: https://github.com/bitnami/bitnami-docker-rabbitmq/blob/master/README.md#creating-a-database-user-on-first-run -## -# rabbitmqPassword: +image: + registry: docker.io + repository: bitnami/rabbitmq + tag: 3.7.4 + + ## set to true if you would like to see extra information on logs + ## it turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName -## Erlang cookie to determine whether different nodes are allowed to communicate with each other -## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables -## -# rabbitmqErlangCookie: +## does your cluster have rbac enabled? assume no by default +rbacEnabled: false -## Node port -## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables -## -rabbitmqNodePort: 5672 +## section of specific values for rabbitmq +rabbitmq: + ## RabbitMQ application username + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq/blob/master/README.md#creating-a-database-user-on-first-run + ## + username: user -## Node Type -## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables -## -rabbitmqNodeType: stats + ## RabbitMQ application password + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq/blob/master/README.md#creating-a-database-user-on-first-run + ## + # password: -## Node Name -## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables -## -rabbitmqNodeName: rabbit + ## Erlang cookie to determine whether different nodes are allowed to communicate with each other + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + # erlangCookie: -## Node name to cluster with. e.g.: `clusternode@hostname` -## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables -## -# rabbitmqClusterNodeName: + ## Node port + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + nodePort: 5672 -## RabbitMQ application vhost -## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables -## -rabbitmqVhost: / + ## Node name to cluster with. e.g.: `clusternode@hostname` + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + # rabbitmqClusterNodeName: -## RabbitMQ Manager port -## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables -## -rabbitmqManagerPort: 15672 + ## RabbitMQ Manager port + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + managerPort: 15672 -## RabbitMQ Disk free limit -## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables -## ref: https://www.rabbitmq.com/disk-alarms.html -## -rabbitmqDiskFreeLimit: '"6GiB"' + ## RabbitMQ Disk free limit + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## ref: https://www.rabbitmq.com/disk-alarms.html + ## + diskFreeLimit: '"6GiB"' + + ## Plugins to enable + plugins: |- + [rabbitmq_management,rabbitmq_peer_discovery_k8s]. + + ## Configution file content + configuration: |- + ## Clustering + cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s + cluster_formation.k8s.host = kubernetes.default.svc.cluster.local + cluster_formation.k8s.address_type = ip + cluster_formation.node_cleanup.interval = 10 + cluster_formation.node_cleanup.only_log_warning = false + cluster_partition_handling = autoheal + ## queue master locator + queue_master_locator=min-masters + ## enable guest user + loopback_users.guest = false ## Kubernetes service type serviceType: ClusterIP persistence: - enabled: true + enabled: false ## A manually managed Persistent Volume and Claim ## Requires persistence.enabled: true @@ -81,16 +103,16 @@ persistence: # storageClass: "-" accessMode: ReadWriteOnce - # If you change this value, you might have to adjust `rabbitmqDiskFreeLimit` as well. + # If you change this value, you might have to adjust `rabbitmq.diskFreeLimit` as well. size: 8Gi ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## -resources: - requests: - memory: 256Mi - cpu: 100m +resources: {} + +## Replica count, set to 1 to provide a default available cluster +replicas: 1 ## Node labels and tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector @@ -98,3 +120,48 @@ resources: nodeSelector: {} tolerations: [] affinity: {} + + +## Configure the ingress resource that allows you to access the +## Wordpress installation. Set up the URL +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## Set to true to enable ingress record generation + enabled: false + + ## The list of hostnames to be covered with this ingress record. + ## Most likely this will be just one host, but in the event more hosts are needed, this is an array + ## hostName: foo.bar.com + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend wordpress service will be connected at port 443 + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: myTlsSecret + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + +## The following settings are to configure the frequency of the lifeness and readiness probes +livenessProbe: + enabled: true + initialDelaySeconds: 120 + timeoutSeconds: 5 + failureThreshold: 6 + +readinessProbe: + enabled: true + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 5