From 36d88553ce33fe70e6d539f95a1bc7126462aca7 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Wed, 4 Sep 2024 10:50:54 +0200 Subject: [PATCH] Update RabbitMQ and add configuration for Users and VHosts (#327) Signed-off-by: Andrei Kvapil ## Summary by CodeRabbit - **New Features** - Updated RabbitMQ chart version to 0.4.0 and application version to 3.13.2. - Added new configuration options for users and virtual hosts in the application. - Introduced a new Kubernetes Role for managing access to secrets and services. - Enhanced RabbitMQ configuration for automated user and permission management. - **Documentation** - Improved README with a section on configuration parameters for better user guidance. - **Chores** - Added a new YAML configuration file for comprehensive RabbitMQ cluster management. Signed-off-by: Andrei Kvapil --- packages/apps/rabbitmq/Chart.yaml | 4 +- packages/apps/rabbitmq/README.md | 7 + .../templates/dashboard-resourcemap.yaml | 22 + .../apps/rabbitmq/templates/rabbitmq.yaml | 78 + packages/apps/rabbitmq/values.schema.json | 5 + packages/apps/rabbitmq/values.yaml | 30 + packages/system/rabbitmq-operator/Makefile | 3 + .../templates/cluster-operator.yml | 905 ++++- .../templates/messaging-topology-operator.yml | 2898 +++++++++++++++++ 9 files changed, 3807 insertions(+), 145 deletions(-) create mode 100644 packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml create mode 100644 packages/system/rabbitmq-operator/templates/messaging-topology-operator.yml diff --git a/packages/apps/rabbitmq/Chart.yaml b/packages/apps/rabbitmq/Chart.yaml index a832d662..b8a80a3a 100644 --- a/packages/apps/rabbitmq/Chart.yaml +++ b/packages/apps/rabbitmq/Chart.yaml @@ -16,10 +16,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.0 +version: 0.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "3.12.2" +appVersion: "3.13.2" diff --git a/packages/apps/rabbitmq/README.md b/packages/apps/rabbitmq/README.md index da4a9170..2a0e83c0 100644 --- a/packages/apps/rabbitmq/README.md +++ b/packages/apps/rabbitmq/README.md @@ -19,3 +19,10 @@ The service utilizes official RabbitMQ operator. This ensures the reliability an | `size` | Persistent Volume size | `10Gi` | | `replicas` | Number of RabbitMQ replicas | `3` | | `storageClass` | StorageClass used to store the data | `""` | + +### Configuration parameters + +| Name | Description | Value | +| -------- | --------------------------- | ----- | +| `users` | Users configuration | `{}` | +| `vhosts` | Virtual Hosts configuration | `{}` | diff --git a/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml b/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml new file mode 100644 index 00000000..a85dc212 --- /dev/null +++ b/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }}-dashboard-resources +rules: +- apiGroups: + - "" + resources: + - secrets + resourceNames: + - {{ .Release.Name }}-default-user + {{- range $name, $u := .Values.users }} + - {{ $.Release.Name }}-{{ kebabcase $name }}-credentials + {{- end }} + verbs: ["get", "list", "watch"] +- apiGroups: + - "" + resources: + - services + resourceNames: + - {{ .Release.Name }} + verbs: ["get", "list", "watch"] diff --git a/packages/apps/rabbitmq/templates/rabbitmq.yaml b/packages/apps/rabbitmq/templates/rabbitmq.yaml index 2fe962d4..a48a92f9 100644 --- a/packages/apps/rabbitmq/templates/rabbitmq.yaml +++ b/packages/apps/rabbitmq/templates/rabbitmq.yaml @@ -17,3 +17,81 @@ spec: storageClassName: {{ . }} {{- end }} storage: {{ .Values.size }} + +{{- range $user, $u := .Values.users }} + +{{- $password := $u.password }} +{{- if not $password }} +{{- with (dig "data" "password" "" (lookup "v1" "Secret" $.Release.Namespace (printf "%s-%s-credentials" $.Release.Name (kebabcase $user)))) }} +{{- $password = b64dec . }} +{{- end }} +{{- end }} +{{- if not $password }} +{{- $password = (randAlphaNum 16) }} +{{- end }} + +--- +apiVersion: rabbitmq.com/v1beta1 +kind: User +metadata: + name: {{ $.Release.Name }}-{{ kebabcase $user }} + annotations: + config: '{{ printf "%s %s" $user $password | sha256sum }}' +spec: + importCredentialsSecret: + name: {{ $.Release.Name }}-{{ $user }}-credentials + rabbitmqClusterReference: + name: {{ $.Release.Name }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $.Release.Name }}-{{ kebabcase $user }}-credentials +type: Opaque +stringData: + username: {{ $user }} + password: {{ $password }} +{{- end }} + +{{- range $host, $h := .Values.vhosts }} +--- +apiVersion: rabbitmq.com/v1beta1 +kind: Vhost +metadata: + name: {{ $.Release.Name }}-{{ kebabcase $host }} +spec: + name: {{ $host }} + rabbitmqClusterReference: + name: {{ $.Release.Name }} +{{- range $user := $h.roles.admin }} +--- +apiVersion: rabbitmq.com/v1beta1 +kind: Permission +metadata: + name: {{ $.Release.Name }}-{{ kebabcase $host }}-{{ kebabcase $user }} +spec: + vhost: "{{ $host }}" + user: "{{ $user }}" + permissions: + write: ".*" + configure: ".*" + read: ".*" + rabbitmqClusterReference: + name: {{ $.Release.Name }} +{{- end }} +{{- range $user := $h.roles.readonly }} +--- +apiVersion: rabbitmq.com/v1beta1 +kind: Permission +metadata: + name: {{ $.Release.Name }}-{{ kebabcase $host }}-{{ kebabcase $user }} +spec: + vhost: "{{ $host }}" + user: "{{ $user }}" + permissions: + read: ".*" + rabbitmqClusterReference: + name: {{ $.Release.Name }} +{{- end }} + +{{- end }} diff --git a/packages/apps/rabbitmq/values.schema.json b/packages/apps/rabbitmq/values.schema.json index 3e5ae07d..159a8fa7 100644 --- a/packages/apps/rabbitmq/values.schema.json +++ b/packages/apps/rabbitmq/values.schema.json @@ -21,6 +21,11 @@ "type": "string", "description": "StorageClass used to store the data", "default": "" + }, + "vhosts": { + "type": "object", + "description": "Virtual Hosts configuration", + "default": {} } } } \ No newline at end of file diff --git a/packages/apps/rabbitmq/values.yaml b/packages/apps/rabbitmq/values.yaml index 3c3ead73..539c5ebc 100644 --- a/packages/apps/rabbitmq/values.yaml +++ b/packages/apps/rabbitmq/values.yaml @@ -9,3 +9,33 @@ external: false size: 10Gi replicas: 3 storageClass: "" + +## @section Configuration parameters + +## @param users [object] Users configuration +## Example: +## users: +## user1: +## password: strongpassword +## user2: +## password: hackme +## user3: +## password: testtest +## +users: {} + +## @param vhosts Virtual Hosts configuration +## Example: +## vhosts: +## myapp: +## roles: +## admin: +## - user1 +## - user2 +## readonly: +## - user3 +## test: +## roles: +## admin: +## - user3 +vhosts: {} diff --git a/packages/system/rabbitmq-operator/Makefile b/packages/system/rabbitmq-operator/Makefile index 233cc3d9..12eda697 100644 --- a/packages/system/rabbitmq-operator/Makefile +++ b/packages/system/rabbitmq-operator/Makefile @@ -8,3 +8,6 @@ update: wget -O templates/cluster-operator.yml https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml yq -i 'del(select(.kind=="Namespace"))' templates/cluster-operator.yml sed -i 's/rabbitmq-system/$(NAMESPACE)/g' templates/cluster-operator.yml + wget -O templates/messaging-topology-operator.yml https://github.com/rabbitmq/messaging-topology-operator/releases/latest/download/messaging-topology-operator-with-certmanager.yaml + yq -i 'del(select(.kind=="Namespace"))' templates/messaging-topology-operator.yml + sed -i 's/rabbitmq-system/$(NAMESPACE)/g' templates/messaging-topology-operator.yml diff --git a/packages/system/rabbitmq-operator/templates/cluster-operator.yml b/packages/system/rabbitmq-operator/templates/cluster-operator.yml index 2cc2322e..08655a7e 100644 --- a/packages/system/rabbitmq-operator/templates/cluster-operator.yml +++ b/packages/system/rabbitmq-operator/templates/cluster-operator.yml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/component: rabbitmq-operator app.kubernetes.io/name: rabbitmq-cluster-operator @@ -36,13 +36,24 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: RabbitmqCluster is the Schema for the RabbitmqCluster API. Each instance of this object corresponds to a single RabbitMQ cluster. + description: |- + RabbitmqCluster is the Schema for the RabbitmqCluster API. Each instance of this object + corresponds to a single RabbitMQ cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,9 +67,20 @@ spec: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the corresponding weight. @@ -66,16 +88,25 @@ spec: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -87,16 +118,25 @@ spec: matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -117,26 +157,43 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -148,16 +205,25 @@ spec: matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -178,7 +244,16 @@ spec: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: @@ -186,21 +261,31 @@ spec: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -212,26 +297,72 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -243,23 +374,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -268,26 +413,49 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -299,26 +467,72 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -330,17 +544,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -351,7 +577,16 @@ spec: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: @@ -359,21 +594,31 @@ spec: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -385,26 +630,72 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -416,23 +707,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -441,26 +746,49 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -472,26 +800,72 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -503,17 +877,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -523,20 +909,34 @@ spec: type: object delayStartSeconds: default: 30 - description: DelayStartSeconds is the time the init container (`setup-container`) will sleep before terminating. This effectively delays the time between starting the Pod and starting the `rabbitmq` container. RabbitMQ relies on up-to-date DNS entries early during peer discovery. The purpose of this artificial delay is to ensure that DNS entries are up-to-date when booting RabbitMQ. For more information, see https://github.com/kubernetes/kubernetes/issues/92559 If your Kubernetes DNS backend is configured with a low DNS cache value or publishes not ready addresses promptly, you can decrase this value or set it to 0. + description: |- + DelayStartSeconds is the time the init container (`setup-container`) will sleep before terminating. + This effectively delays the time between starting the Pod and starting the `rabbitmq` container. + RabbitMQ relies on up-to-date DNS entries early during peer discovery. + The purpose of this artificial delay is to ensure that DNS entries are up-to-date when booting RabbitMQ. + For more information, see https://github.com/kubernetes/kubernetes/issues/92559 + If your Kubernetes DNS backend is configured with a low DNS cache value or publishes not ready addresses + promptly, you can decrase this value or set it to 0. format: int32 minimum: 0 type: integer image: - description: Image is the name of the RabbitMQ docker image to use for RabbitMQ nodes in the RabbitmqCluster. Must be provided together with ImagePullSecrets in order to use an image in a private registry. + description: |- + Image is the name of the RabbitMQ docker image to use for RabbitMQ nodes in the RabbitmqCluster. + Must be provided together with ImagePullSecrets in order to use an image in a private registry. type: string imagePullSecrets: description: List of Secret resource containing access credentials to the registry for the RabbitMQ image. Required if the docker registry is private. items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -851,6 +1251,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -919,6 +1329,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -985,6 +1405,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1053,6 +1483,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1232,6 +1672,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1282,6 +1730,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1876,6 +2332,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1926,6 +2390,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2527,6 +2999,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2577,6 +3057,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -3460,18 +3948,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3515,6 +3991,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -3703,6 +4181,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -4018,18 +4533,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4073,6 +4576,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -4093,7 +4598,10 @@ spec: - type: integer - type: string default: 10Gi - description: The requested size of the persistent volume attached to each Pod in the RabbitmqCluster. The format of this field matches that defined by kubernetes/apimachinery. See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info on the format of this field. + description: |- + The requested size of the persistent volume attached to each Pod in the RabbitmqCluster. + The format of this field matches that defined by kubernetes/apimachinery. + See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info on the format of this field. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true storageClassName: @@ -4104,7 +4612,10 @@ spec: description: Configuration options for RabbitMQ Pods created in the cluster. properties: additionalConfig: - description: Modify to add to the rabbitmq.conf file in addition to default configurations set by the operator. Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime. For more information on this config, see https://www.rabbitmq.com/configure.html#config-file + description: |- + Modify to add to the rabbitmq.conf file in addition to default configurations set by the operator. + Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime. + For more information on this config, see https://www.rabbitmq.com/configure.html#config-file maxLength: 2000 type: string additionalPlugins: @@ -4117,21 +4628,30 @@ spec: maxItems: 100 type: array advancedConfig: - description: Specify any rabbitmq advanced.config configurations to apply to the cluster. For more information on advanced config, see https://www.rabbitmq.com/configure.html#advanced-config-file + description: |- + Specify any rabbitmq advanced.config configurations to apply to the cluster. + For more information on advanced config, see https://www.rabbitmq.com/configure.html#advanced-config-file maxLength: 100000 type: string envConfig: - description: Modify to add to the rabbitmq-env.conf file. Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime. For more information on env config, see https://www.rabbitmq.com/man/rabbitmq-env.conf.5.html + description: |- + Modify to add to the rabbitmq-env.conf file. Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime. + For more information on env config, see https://www.rabbitmq.com/man/rabbitmq-env.conf.5.html maxLength: 100000 type: string erlangInetConfig: - description: 'Erlang Inet configuration to apply to the Erlang VM running rabbit. See also: https://www.erlang.org/doc/apps/erts/inet_cfg.html' + description: |- + Erlang Inet configuration to apply to the Erlang VM running rabbit. + See also: https://www.erlang.org/doc/apps/erts/inet_cfg.html maxLength: 2000 type: string type: object replicas: default: 1 - description: Replicas is the number of nodes in the RabbitMQ cluster. Each node is deployed as a Replica in a StatefulSet. Only 1, 3, 5 replicas clusters are tested. This value should be an odd number to ensure the resultant cluster can establish exactly one quorum of nodes in the event of a fragmenting network partition. + description: |- + Replicas is the number of nodes in the RabbitMQ cluster. Each node is deployed as a Replica in a StatefulSet. Only 1, 3, 5 replicas clusters are tested. + This value should be an odd number to ensure the resultant cluster can establish exactly one quorum of nodes + in the event of a fragmenting network partition. format: int32 minimum: 0 type: integer @@ -4146,12 +4666,24 @@ spec: description: The desired compute resource requirements of Pods in the cluster. properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -4167,7 +4699,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -4176,50 +4710,89 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object secretBackend: - description: Secret backend configuration for the RabbitmqCluster. Enables to fetch default user credentials and certificates from K8s external secret stores. + description: |- + Secret backend configuration for the RabbitmqCluster. + Enables to fetch default user credentials and certificates from K8s external secret stores. properties: externalSecret: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic vault: - description: VaultSpec will add Vault annotations (see https://www.vaultproject.io/docs/platform/k8s/injector/annotations) to RabbitMQ Pods. It requires a Vault Agent Sidecar Injector (https://www.vaultproject.io/docs/platform/k8s/injector) to be installed in the K8s cluster. The injector is a K8s Mutation Webhook Controller that alters RabbitMQ Pod specifications (based on the added Vault annotations) to include Vault Agent containers that render Vault secrets to the volume. + description: |- + VaultSpec will add Vault annotations (see https://www.vaultproject.io/docs/platform/k8s/injector/annotations) + to RabbitMQ Pods. It requires a Vault Agent Sidecar Injector (https://www.vaultproject.io/docs/platform/k8s/injector) + to be installed in the K8s cluster. The injector is a K8s Mutation Webhook Controller that alters RabbitMQ Pod specifications + (based on the added Vault annotations) to include Vault Agent containers that render Vault secrets to the volume. properties: annotations: additionalProperties: type: string - description: Vault annotations that override the Vault annotations set by the cluster-operator. For a list of valid Vault annotations, see https://www.vaultproject.io/docs/platform/k8s/injector/annotations + description: |- + Vault annotations that override the Vault annotations set by the cluster-operator. + For a list of valid Vault annotations, see https://www.vaultproject.io/docs/platform/k8s/injector/annotations type: object defaultUserPath: - description: Path in Vault to access a KV (Key-Value) secret with the fields username and password for the default user. For example "secret/data/rabbitmq/config". + description: |- + Path in Vault to access a KV (Key-Value) secret with the fields username and password for the default user. + For example "secret/data/rabbitmq/config". type: string defaultUserUpdaterImage: - description: Sidecar container that updates the default user's password in RabbitMQ when it changes in Vault. Additionally, it updates /var/lib/rabbitmq/.rabbitmqadmin.conf (used by rabbitmqadmin CLI). Set to empty string to disable the sidecar container. + description: |- + Sidecar container that updates the default user's password in RabbitMQ when it changes in Vault. + Additionally, it updates /var/lib/rabbitmq/.rabbitmqadmin.conf (used by rabbitmqadmin CLI). + Set to empty string to disable the sidecar container. type: string role: - description: Role in Vault. If vault.defaultUserPath is set, this role must have capability to read the pre-created default user credential in Vault. If vault.tls is set, this role must have capability to create and update certificates in the Vault PKI engine for the domains "" and ".svc". + description: |- + Role in Vault. + If vault.defaultUserPath is set, this role must have capability to read the pre-created default user credential in Vault. + If vault.tls is set, this role must have capability to create and update certificates in the Vault PKI engine for the domains + "" and ".svc". type: string tls: properties: altNames: - description: 'Specifies the requested Subject Alternative Names (SANs), in a comma-delimited list. These will be appended to the SANs added by the cluster-operator. The cluster-operator will add SANs: "-server-.-nodes." for each pod, e.g. "myrabbit-server-0.myrabbit-nodes.default".' + description: |- + Specifies the requested Subject Alternative Names (SANs), in a comma-delimited list. + These will be appended to the SANs added by the cluster-operator. + The cluster-operator will add SANs: + "-server-.-nodes." for each pod, + e.g. "myrabbit-server-0.myrabbit-nodes.default". type: string commonName: - description: Specifies the requested certificate Common Name (CN). Defaults to ..svc if not provided. + description: |- + Specifies the requested certificate Common Name (CN). + Defaults to ..svc if not provided. type: string ipSans: description: Specifies the requested IP Subject Alternative Names, in a comma-delimited list. type: string pkiIssuerPath: - description: Path in Vault PKI engine. For example "pki/issue/hashicorp-com". required + description: |- + Path in Vault PKI engine. + For example "pki/issue/hashicorp-com". + required + type: string + pkiRootPath: + description: Specifies an optional path to retrieve the root CA from vault. Useful if certificates are issued by an intermediate CA type: string type: object type: object @@ -4235,7 +4808,9 @@ spec: description: Annotations to add to the Service. type: object ipFamilyPolicy: - description: 'IPFamilyPolicy represents the dual-stack-ness requested or required by a Service See also: https://pkg.go.dev/k8s.io/api/core/v1#IPFamilyPolicy' + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by a Service + See also: https://pkg.go.dev/k8s.io/api/core/v1#IPFamilyPolicy enum: - SingleStack - PreferDualStack @@ -4243,7 +4818,9 @@ spec: type: string type: default: ClusterIP - description: 'Type of Service to create for the cluster. Must be one of: ClusterIP, LoadBalancer, NodePort. For more info see https://pkg.go.dev/k8s.io/api/core/v1#ServiceType' + description: |- + Type of Service to create for the cluster. Must be one of: ClusterIP, LoadBalancer, NodePort. + For more info see https://pkg.go.dev/k8s.io/api/core/v1#ServiceType enum: - ClusterIP - LoadBalancer @@ -4251,11 +4828,18 @@ spec: type: string type: object skipPostDeploySteps: - description: If unset, or set to false, the cluster will run `rabbitmq-queues rebalance all` whenever the cluster is updated. Set to true to prevent the operator rebalancing queue leaders after a cluster update. Has no effect if the cluster only consists of one node. For more information, see https://www.rabbitmq.com/rabbitmq-queues.8.html#rebalance + description: |- + If unset, or set to false, the cluster will run `rabbitmq-queues rebalance all` whenever the cluster is updated. + Set to true to prevent the operator rebalancing queue leaders after a cluster update. + Has no effect if the cluster only consists of one node. + For more information, see https://www.rabbitmq.com/rabbitmq-queues.8.html#rebalance type: boolean terminationGracePeriodSeconds: default: 604800 - description: 'TerminationGracePeriodSeconds is the timeout that each rabbitmqcluster pod will have to terminate gracefully. It defaults to 604800 seconds ( a week long) to ensure that the container preStop lifecycle hook can finish running. For more information, see: https://github.com/rabbitmq/cluster-operator/blob/main/docs/design/20200520-graceful-pod-termination.md' + description: |- + TerminationGracePeriodSeconds is the timeout that each rabbitmqcluster pod will have to terminate gracefully. + It defaults to 604800 seconds ( a week long) to ensure that the container preStop lifecycle hook can finish running. + For more information, see: https://github.com/rabbitmq/cluster-operator/blob/main/docs/design/20200520-graceful-pod-termination.md format: int64 minimum: 0 type: integer @@ -4263,35 +4847,60 @@ spec: description: TLS-related configuration for the RabbitMQ cluster. properties: caSecretName: - description: Name of a Secret in the same Namespace as the RabbitmqCluster, containing the Certificate Authority's public certificate for TLS. The Secret must store this as ca.crt. This Secret can be created by running `kubectl create secret generic ca-secret --from-file=ca.crt=path/to/ca.cert` Used for mTLS, and TLS for rabbitmq_web_stomp and rabbitmq_web_mqtt. + description: |- + Name of a Secret in the same Namespace as the RabbitmqCluster, containing the Certificate Authority's public certificate for TLS. + The Secret must store this as ca.crt. + This Secret can be created by running `kubectl create secret generic ca-secret --from-file=ca.crt=path/to/ca.cert` + Used for mTLS, and TLS for rabbitmq_web_stomp and rabbitmq_web_mqtt. type: string disableNonTLSListeners: - description: 'When set to true, the RabbitmqCluster disables non-TLS listeners for RabbitMQ, management plugin and for any enabled plugins in the following list: stomp, mqtt, web_stomp, web_mqtt. Only TLS-enabled clients will be able to connect.' + description: |- + When set to true, the RabbitmqCluster disables non-TLS listeners for RabbitMQ, management plugin and for any enabled plugins in the following list: stomp, mqtt, web_stomp, web_mqtt. + Only TLS-enabled clients will be able to connect. type: boolean secretName: - description: Name of a Secret in the same Namespace as the RabbitmqCluster, containing the server's private key & public certificate for TLS. The Secret must store these as tls.key and tls.crt, respectively. This Secret can be created by running `kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key` + description: |- + Name of a Secret in the same Namespace as the RabbitmqCluster, containing the server's private key & public certificate for TLS. + The Secret must store these as tls.key and tls.crt, respectively. + This Secret can be created by running `kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key` type: string type: object tolerations: description: Tolerations is the list of Toleration resources attached to each Pod in the RabbitmqCluster. items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array @@ -4300,10 +4909,16 @@ spec: description: Status presents the observed state of RabbitmqCluster properties: binding: - description: 'Binding exposes a secret containing the binding information for this RabbitmqCluster. It implements the service binding Provisioned Service duck type. See: https://github.com/servicebinding/spec#provisioned-service' + description: |- + Binding exposes a secret containing the binding information for this + RabbitmqCluster. It implements the service binding Provisioned Service + duck type. See: https://github.com/servicebinding/spec#provisioned-service properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4336,7 +4951,9 @@ spec: description: Identifying information on internal resources properties: secretReference: - description: Reference to the Kubernetes Secret containing the credentials of the default user. + description: |- + Reference to the Kubernetes Secret containing the credentials of the default + user. properties: keys: additionalProperties: @@ -4369,7 +4986,9 @@ spec: type: object type: object observedGeneration: - description: observedGeneration is the most recent successful generation observed for this RabbitmqCluster. It corresponds to the RabbitmqCluster's generation, which is updated on mutation by the API Server. + description: |- + observedGeneration is the most recent successful generation observed for this RabbitmqCluster. It corresponds to the + RabbitmqCluster's generation, which is updated on mutation by the API Server. format: int64 type: integer required: @@ -4644,7 +5263,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: rabbitmqoperator/cluster-operator:2.6.0 + image: rabbitmqoperator/cluster-operator:2.9.0 name: operator ports: - containerPort: 9782 diff --git a/packages/system/rabbitmq-operator/templates/messaging-topology-operator.yml b/packages/system/rabbitmq-operator/templates/messaging-topology-operator.yml new file mode 100644 index 00000000..695b65c4 --- /dev/null +++ b/packages/system/rabbitmq-operator/templates/messaging-topology-operator.yml @@ -0,0 +1,2898 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: bindings.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Binding + listKind: BindingList + plural: bindings + singular: binding + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Binding is the Schema for the bindings API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BindingSpec defines the desired state of Binding + properties: + arguments: + description: Cannot be updated + type: object + x-kubernetes-preserve-unknown-fields: true + destination: + description: Cannot be updated + type: string + destinationType: + description: Cannot be updated + enum: + - exchange + - queue + type: string + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the binding will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + routingKey: + description: Cannot be updated + type: string + source: + description: Cannot be updated + type: string + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - rabbitmqClusterReference + type: object + status: + description: BindingStatus defines the observed state of Binding + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Binding. It corresponds to the + Binding's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: exchanges.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Exchange + listKind: ExchangeList + plural: exchanges + singular: exchange + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Exchange is the Schema for the exchanges API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ExchangeSpec defines the desired state of Exchange + properties: + arguments: + type: object + x-kubernetes-preserve-unknown-fields: true + autoDelete: + description: Cannot be updated + type: boolean + durable: + description: Cannot be updated + type: boolean + name: + description: Required property; cannot be updated + type: string + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the exchange will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + type: + default: direct + description: Cannot be updated + type: string + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - name + - rabbitmqClusterReference + type: object + status: + description: ExchangeStatus defines the observed state of Exchange + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Exchange. It corresponds to the + Exchange's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: federations.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Federation + listKind: FederationList + plural: federations + singular: federation + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Federation is the Schema for the federations API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + FederationSpec defines the desired state of Federation + For how to configure federation upstreams, see: https://www.rabbitmq.com/federation-reference.html. + properties: + ackMode: + enum: + - on-confirm + - on-publish + - no-ack + type: string + exchange: + type: string + expires: + type: integer + maxHops: + type: integer + messageTTL: + type: integer + name: + description: Required property; cannot be updated + type: string + prefetch-count: + type: integer + queue: + type: string + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that this federation upstream will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + reconnectDelay: + type: integer + trustUserId: + type: boolean + uriSecret: + description: |- + Secret contains the AMQP URI(s) for the upstream. + The Secret must contain the key `uri` or operator will error. + `uri` should be one or multiple uris separated by ','. + Required property. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - name + - rabbitmqClusterReference + - uriSecret + type: object + status: + description: FederationStatus defines the observed state of Federation + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Federation. It corresponds to the + Federation's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: operatorpolicies.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: OperatorPolicy + listKind: OperatorPolicyList + plural: operatorpolicies + singular: operatorpolicy + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: OperatorPolicy is the Schema for the operator policies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + OperatorPolicySpec defines the desired state of OperatorPolicy + https://www.rabbitmq.com/parameters.html#operator-policies + properties: + applyTo: + default: queues + description: |- + What this operator policy applies to: 'queues', 'classic_queues', 'quorum_queues', 'streams'. + Default to 'queues'. + enum: + - queues + - classic_queues + - quorum_queues + - streams + type: string + definition: + description: OperatorPolicy definition. Required property. + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Required property; cannot be updated + type: string + pattern: + description: |- + Regular expression pattern used to match queues, e.g. "^my-queue$". + Required property. + type: string + priority: + default: 0 + description: |- + Default to '0'. + In the event that more than one operator policy can match a given queue, the operator policy with the greatest priority applies. + type: integer + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the operator policy will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - definition + - name + - pattern + - rabbitmqClusterReference + type: object + status: + description: OperatorPolicyStatus defines the observed state of OperatorPolicy + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this OperatorPolicy. It corresponds to the + OperatorPolicy's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: permissions.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Permission + listKind: PermissionList + plural: permissions + singular: permission + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Permission is the Schema for the permissions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PermissionSpec defines the desired state of Permission + properties: + permissions: + description: |- + Permissions to grant to the user in the specific vhost; required property. + See RabbitMQ doc for more information: https://www.rabbitmq.com/access-control.html#user-management + properties: + configure: + type: string + read: + type: string + write: + type: string + type: object + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that both the provided user and vhost are. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + user: + description: Name of an existing user; must provide user or userReference, else create/update will fail; cannot be updated + type: string + userReference: + description: Reference to an existing user.rabbitmq.com object; must provide user or userReference, else create/update will fail; cannot be updated + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + vhost: + description: Name of an existing vhost; required property; cannot be updated + type: string + required: + - permissions + - rabbitmqClusterReference + - vhost + type: object + status: + description: PermissionStatus defines the observed state of Permission + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Permission. It corresponds to the + Permission's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: policies.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Policy + listKind: PolicyList + plural: policies + singular: policy + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Policy is the Schema for the policies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PolicySpec defines the desired state of Policy + https://www.rabbitmq.com/parameters.html#policies + properties: + applyTo: + default: all + description: |- + What this policy applies to: 'queues', 'classic_queues', 'quorum_queues', 'streams', 'exchanges', or 'all'. + Default to 'all'. + enum: + - queues + - classic_queues + - quorum_queues + - streams + - exchanges + - all + type: string + definition: + description: Policy definition. Required property. + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Required property; cannot be updated + type: string + pattern: + description: |- + Regular expression pattern used to match queues and exchanges, e.g. "^amq.". + Required property. + type: string + priority: + default: 0 + description: |- + Default to '0'. + In the event that more than one policy can match a given exchange or queue, the policy with the greatest priority applies. + type: integer + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the policy will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - definition + - name + - pattern + - rabbitmqClusterReference + type: object + status: + description: PolicyStatus defines the observed state of Policy + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Policy. It corresponds to the + Policy's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: queues.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Queue + listKind: QueueList + plural: queues + singular: queue + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Queue is the Schema for the queues API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: QueueSpec defines the desired state of Queue + properties: + arguments: + description: |- + Queue arguments in the format of KEY: VALUE. e.g. x-delivery-limit: 10000. + Configuring queues through arguments is not recommended because they cannot be updated once set; we recommend configuring queues through policies instead. + type: object + x-kubernetes-preserve-unknown-fields: true + autoDelete: + description: when set to true, queues that have had at least one consumer before are deleted after the last consumer unsubscribes. + type: boolean + deleteIfEmpty: + description: when set to true, queues are deleted only if empty. + type: boolean + deleteIfUnused: + description: when set to true, queues are delete only if they have no consumer. + type: boolean + durable: + description: When set to false queues does not survive server restart. + type: boolean + name: + description: Name of the queue; required property. + type: string + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the queue will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + type: + type: string + vhost: + default: / + description: Default to vhost '/' + type: string + required: + - name + - rabbitmqClusterReference + type: object + status: + description: QueueStatus defines the observed state of Queue + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Queue. It corresponds to the + Queue's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: schemareplications.rabbitmq.com +spec: + group: rabbitmq.com + names: + kind: SchemaReplication + listKind: SchemaReplicationList + plural: schemareplications + singular: schemareplication + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: |- + SchemaReplication is the Schema for the schemareplications API + This feature requires Tanzu RabbitMQ with schema replication plugin. + For more information, see: https://tanzu.vmware.com/rabbitmq and https://www.rabbitmq.com/definitions-standby.html. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SchemaReplicationSpec defines the desired state of SchemaReplication + properties: + endpoints: + description: |- + endpoints should be one or multiple endpoints separated by ','. + Must provide either spec.endpoints or endpoints in spec.upstreamSecret. + When endpoints are provided in both spec.endpoints and spec.upstreamSecret, spec.endpoints takes + precedence. + type: string + rabbitmqClusterReference: + description: Reference to the RabbitmqCluster that schema replication would be set for. Must be an existing cluster. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + secretBackend: + description: Set to fetch user credentials from K8s external secret stores to be used for schema replication. + properties: + vault: + properties: + secretPath: + description: |- + Path in Vault to access a KV (Key-Value) secret with the fields username and password to be used for replication. + For example "secret/data/rabbitmq/config". + Optional; if not provided, username and password will come from upstreamSecret instead. + Have to set either secretBackend.vault.secretPath or upstreamSecret, but not both. + type: string + type: object + type: object + upstreamSecret: + description: |- + Defines a Secret which contains credentials to be used for schema replication. + The Secret must contain the keys `username` and `password` in its Data field, or operator will error. + Have to set either secretBackend.vault.secretPath or spec.upstreamSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + required: + - rabbitmqClusterReference + type: object + status: + description: SchemaReplicationStatus defines the observed state of SchemaReplication + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Queue. It corresponds to the + Queue's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: shovels.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Shovel + listKind: ShovelList + plural: shovels + singular: shovel + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Shovel is the Schema for the shovels API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ShovelSpec defines the desired state of Shovel + For how to configure Shovel, see: https://www.rabbitmq.com/shovel.html. + properties: + ackMode: + enum: + - on-confirm + - on-publish + - no-ack + type: string + addForwardHeaders: + type: boolean + deleteAfter: + type: string + destAddForwardHeaders: + type: boolean + destAddTimestampHeader: + type: boolean + destAddress: + description: amqp10 configuration; required if destProtocol is amqp10 + type: string + destApplicationProperties: + description: amqp10 configuration + type: object + x-kubernetes-preserve-unknown-fields: true + destExchange: + description: amqp091 configuration + type: string + destExchangeKey: + description: amqp091 configuration + type: string + destMessageAnnotations: + description: amqp10 configuration + type: object + x-kubernetes-preserve-unknown-fields: true + destProperties: + description: amqp10 configuration + type: object + x-kubernetes-preserve-unknown-fields: true + destProtocol: + enum: + - amqp091 + - amqp10 + type: string + destPublishProperties: + description: amqp091 configuration + type: object + x-kubernetes-preserve-unknown-fields: true + destQueue: + description: amqp091 configuration + type: string + name: + description: Required property; cannot be updated + type: string + prefetchCount: + type: integer + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that this Shovel will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + reconnectDelay: + type: integer + srcAddress: + description: amqp10 configuration; required if srcProtocol is amqp10 + type: string + srcConsumerArgs: + description: amqp091 configuration + type: object + x-kubernetes-preserve-unknown-fields: true + srcDeleteAfter: + type: string + srcExchange: + description: amqp091 configuration + type: string + srcExchangeKey: + description: amqp091 configuration + type: string + srcPrefetchCount: + type: integer + srcProtocol: + enum: + - amqp091 + - amqp10 + type: string + srcQueue: + description: amqp091 configuration + type: string + uriSecret: + description: |- + Secret contains the AMQP URI(s) to configure Shovel destination and source. + The Secret must contain the key `destUri` and `srcUri` or operator will error. + Both fields should be one or multiple uris separated by ','. + Required property. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - name + - rabbitmqClusterReference + - uriSecret + type: object + status: + description: ShovelStatus defines the observed state of Shovel + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Shovel. It corresponds to the + Shovel's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: superstreams.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: SuperStream + listKind: SuperStreamList + plural: superstreams + singular: superstream + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SuperStream is the Schema for the queues API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SuperStreamSpec defines the desired state of SuperStream + properties: + name: + description: Name of the queue; required property. + type: string + partitions: + default: 3 + description: |- + Number of partitions to create within this super stream. + Defaults to '3'. + type: integer + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the SuperStream will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + routingKeys: + description: |- + Routing keys to use for each of the partitions in the SuperStream + If unset, the routing keys for the partitions will be set to the index of the partitions + items: + type: string + type: array + vhost: + default: / + description: Default to vhost '/'; cannot be updated + type: string + required: + - name + - rabbitmqClusterReference + type: object + status: + description: SuperStreamStatus defines the observed state of SuperStream + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this SuperStream. It corresponds to the + SuperStream's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + partitions: + description: Partitions are a list of the stream queue names which form the partitions of this SuperStream. + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: topicpermissions.rabbitmq.com +spec: + group: rabbitmq.com + names: + kind: TopicPermission + listKind: TopicPermissionList + plural: topicpermissions + singular: topicpermission + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: TopicPermission is the Schema for the topicpermissions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TopicPermissionSpec defines the desired state of TopicPermission + properties: + permissions: + description: Permissions to grant to the user to a topic exchange; required property. + properties: + exchange: + description: Name of a topic exchange; required property; cannot be updated. + type: string + read: + type: string + write: + type: string + type: object + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that both the provided user and vhost are. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + user: + description: Name of an existing user; must provide user or userReference, else create/update will fail; cannot be updated. + type: string + userReference: + description: Reference to an existing user.rabbitmq.com object; must provide user or userReference, else create/update will fail; cannot be updated. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + vhost: + description: Name of an existing vhost; required property; cannot be updated. + type: string + required: + - permissions + - rabbitmqClusterReference + - vhost + type: object + status: + description: TopicPermissionStatus defines the observed state of TopicPermission + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this TopicPermission. It corresponds to the + TopicPermission's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: users.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: User + listKind: UserList + plural: users + singular: user + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: User is the Schema for the users API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec configures the desired state of the User object. + properties: + importCredentialsSecret: + description: |- + Defines a Secret used to pre-define the username and password set for this User. User objects created + with this field set will not have randomly-generated credentials, and will instead import + the username/password values from this Secret. + The Secret must contain the keys `username` and `password` in its Data field, or the import will fail. + Note that this import only occurs at creation time, and is ignored once a password has been set + on a User. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the user will be created for. This cluster must + exist for the User object to be created. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + tags: + description: |- + List of permissions tags to associate with the user. This determines the level of + access to the RabbitMQ management UI granted to the user. Omitting this field will + lead to a user than can still connect to the cluster through messaging protocols, + but cannot perform any management actions. + For more information, see https://www.rabbitmq.com/management.html#permissions. + items: + description: |- + UserTag defines the level of access to the management UI allocated to the user. + For more information, see https://www.rabbitmq.com/management.html#permissions. + enum: + - management + - policymaker + - monitoring + - administrator + type: string + type: array + required: + - rabbitmqClusterReference + type: object + status: + description: Status exposes the observed state of the User object. + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + credentials: + description: Provides a reference to a Secret object containing the user credentials. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this User. It corresponds to the + User's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + username: + description: Provide rabbitmq Username + type: string + required: + - username + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: vhosts.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - rabbitmq + kind: Vhost + listKind: VhostList + plural: vhosts + singular: vhost + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Vhost is the Schema for the vhosts API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: VhostSpec defines the desired state of Vhost + properties: + defaultQueueType: + description: |- + Default queue type for this vhost; can be set to quorum, classic or stream. + Supported in RabbitMQ 3.11.12 or above. + enum: + - quorum + - classic + - stream + type: string + name: + description: Name of the vhost; see https://www.rabbitmq.com/vhosts.html. + type: string + rabbitmqClusterReference: + description: |- + Reference to the RabbitmqCluster that the vhost will be created in. + Required property. + properties: + connectionSecret: + description: |- + Secret contains the http management uri for the RabbitMQ cluster. + The Secret must contain the key `uri`, `username` and `password` or operator will error. + Have to set either name or connectionSecret, but not both. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + The name of the RabbitMQ cluster to reference. + Have to set either name or connectionSecret, but not both. + type: string + namespace: + description: |- + The namespace of the RabbitMQ cluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + tags: + items: + type: string + type: array + tracing: + type: boolean + required: + - name + - rabbitmqClusterReference + type: object + status: + description: VhostStatus defines the observed state of Vhost + properties: + conditions: + items: + properties: + lastTransitionTime: + description: The last time this Condition status changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of the custom resource status addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this Vhost. It corresponds to the + Vhost's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: messaging-topology-operator + namespace: cozy-rabbitmq-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/name: rabbitmq-cluster-operator + app.kubernetes.io/part-of: rabbitmq + name: messaging-topology-leader-election-role + namespace: cozy-rabbitmq-operator +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: messaging-topology-manager-role +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - rabbitmq.com + resources: + - bindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - bindings/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - bindings/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - exchanges + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - exchanges/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - exchanges/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - federations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - federations/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - federations/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - operatorpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - operatorpolicies/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - operatorpolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - permissions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - permissions/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - permissions/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - policies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - policies/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - policies/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - queues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - queues/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - queues/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters + verbs: + - get + - list + - watch + - apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters/status + verbs: + - get + - apiGroups: + - rabbitmq.com + resources: + - schemareplications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - schemareplications/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - schemareplications/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - shovels + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - shovels/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - shovels/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - superstreams + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - superstreams/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - superstreams/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - topicpermissions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - topicpermissions/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - topicpermissions/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - users/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - users/status + verbs: + - get + - patch + - update + - apiGroups: + - rabbitmq.com + resources: + - vhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rabbitmq.com + resources: + - vhosts/finalizers + verbs: + - update + - apiGroups: + - rabbitmq.com + resources: + - vhosts/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: messaging-topology-leader-election-rolebinding + namespace: cozy-rabbitmq-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: messaging-topology-leader-election-role +subjects: + - kind: ServiceAccount + name: messaging-topology-operator + namespace: cozy-rabbitmq-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: messaging-topology-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: messaging-topology-manager-role +subjects: + - kind: ServiceAccount + name: messaging-topology-operator + namespace: cozy-rabbitmq-operator +--- +apiVersion: v1 +kind: Service +metadata: + name: webhook-service + namespace: cozy-rabbitmq-operator +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + app.kubernetes.io/name: messaging-topology-operator +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/name: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + name: messaging-topology-operator + namespace: cozy-rabbitmq-operator +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: messaging-topology-operator + template: + metadata: + labels: + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/name: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + spec: + containers: + - command: + - /manager + env: + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: rabbitmqoperator/messaging-topology-operator:1.14.2 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + resources: + limits: + cpu: 300m + memory: 500Mi + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + serviceAccountName: messaging-topology-operator + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: serving-cert + namespace: cozy-rabbitmq-operator +spec: + dnsNames: + - webhook-service.cozy-rabbitmq-operator.svc + - webhook-service.cozy-rabbitmq-operator.svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: cozy-rabbitmq-operator +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: cozy-rabbitmq-operator/serving-cert + name: topology.rabbitmq.com +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-binding + failurePolicy: Fail + name: vbinding.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - bindings + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-exchange + failurePolicy: Fail + name: vexchange.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - exchanges + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-federation + failurePolicy: Fail + name: vfederation.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - federations + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-operatorpolicy + failurePolicy: Fail + name: voperatorpolicy.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - operatorpolicies + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-permission + failurePolicy: Fail + name: vpermission.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - permissions + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-policy + failurePolicy: Fail + name: vpolicy.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-queue + failurePolicy: Fail + name: vqueue.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - queues + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-schemareplication + failurePolicy: Fail + name: vschemareplication.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - schemareplications + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-shovel + failurePolicy: Fail + name: vshovel.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - shovels + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-topicpermission + failurePolicy: Fail + name: vtopicpermission.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - topicpermissions + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-user + failurePolicy: Fail + name: vuser.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1beta1-vhost + failurePolicy: Fail + name: vvhost.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - vhosts + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: cozy-rabbitmq-operator + path: /validate-rabbitmq-com-v1alpha1-superstream + failurePolicy: Fail + name: vsuperstream.kb.io + rules: + - apiGroups: + - rabbitmq.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - superstreams + sideEffects: None