From c14b8fbdbaff21f7dcc79f9ee040f6fe6301b9a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=B6ran=20P=C3=B6hner?=
<10630407+groundhog2k@users.noreply.github.com>
Date: Thu, 25 May 2023 21:26:01 +0200
Subject: [PATCH] Simplify rabbitmq configuration (#1243)
---
charts/rabbitmq/Chart.yaml | 2 +-
charts/rabbitmq/README.md | 30 ++++--------------
charts/rabbitmq/RELEASENOTES.md | 1 +
charts/rabbitmq/templates/_helpers.tpl | 22 +++----------
charts/rabbitmq/templates/certs.yaml | 28 ----------------
charts/rabbitmq/templates/statefulset.yaml | 11 -------
charts/rabbitmq/values.yaml | 37 +++++-----------------
7 files changed, 21 insertions(+), 110 deletions(-)
delete mode 100644 charts/rabbitmq/templates/certs.yaml
diff --git a/charts/rabbitmq/Chart.yaml b/charts/rabbitmq/Chart.yaml
index c3b48af1..d326ed34 100644
--- a/charts/rabbitmq/Chart.yaml
+++ b/charts/rabbitmq/Chart.yaml
@@ -7,6 +7,6 @@ type: application
maintainers:
- name: groundhog2k
-version: "0.6.17"
+version: "0.6.18"
appVersion: "3.11.16"
diff --git a/charts/rabbitmq/README.md b/charts/rabbitmq/README.md
index 4556ee8a..bdefec92 100644
--- a/charts/rabbitmq/README.md
+++ b/charts/rabbitmq/README.md
@@ -1,6 +1,6 @@
# RabbitMQ
-  
+  
## Changelog
@@ -164,8 +164,8 @@ Section to define custom services
|-----|------|---------|-------------|
| clusterDomain | string | `"cluster.local"` | Kubernetes cluster domain (DNS) suffix |
| plugins | list | `[]` | List of additional RabbitMQ plugins that should be activated (see: [RabbitMQ plugins](https://www.rabbitmq.com/plugins.html)) |
-| authentication.user | string | `"guest"` | Initial user name |
-| authentication.password | string | `"guest"` | Initial password |
+| authentication.user | string | `nil` | Initial user name (guest) (Alternative: Set environment variable RABBITMQ_DEFAULT_USER) |
+| authentication.password | string | `nil` | Initial password (guest) (Alternative: set environment variable RABBITMQ_DEFAULT_PASS) |
| authentication.erlangCookie | string | `nil` | Erlang cookie (MANDATORY) (Alternative: Set the environment variable ERLANG_COOKIE) |
| clustering.rebalance | bool | `false` | Enable rebalance queues with master when new replica is created |
| clustering.forceBoot | bool | `false` | Force boot in case cluster peers are not available |
@@ -187,31 +187,12 @@ Section to define custom services
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| options.tcp.port | int | `5672` | AMQP tcp port |
-| options.ssl.enabled | bool | `false` | Enable secure AMQP (amqps) |
+| options.ssl.enabled | bool | `false` | Enable secure AMQP (amqps) (see `values.yaml` for more details) |
| options.ssl.port | int | `5671` | AMQPS tcp port |
| options.ssl.verify | bool | `false` | Enables or disables peer verification |
| options.ssl.failIfNoPeerCert | bool | `false` | Reject TLS connection when client fails to provide a certificate |
| options.ssl.depth | int | `nil` | Client certificate verification depth |
-## RabbitMQ certificate parameters
-
-Section for certificate support
-(cacert,cert,key,password will be used for AMQP-over-SSL (AMPQS) - see: options.ssl)
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| certificates.enabled | bool | `false` | Enable mounting following certificates into folder /ssl |
-| certificates.cacert | string | `nil` | CA certificate(s) in base64 format |
-| certificates.cert | string | `nil` | Server certificate in base64 format |
-| certificates.key | string | `nil` | Private key in base64 format |
-| certificates.password | string | `nil` | Optional private key passwort |
-| certificates.extraCerts | list | `[]` | List of extra certificates that will be mounted to the container into /ssl and can be used for custom/advanced configuration (see: customConfig) |
-| certificates.extraCerts[].name | string | `nil` | Name of the certificate (will be the filename of the mounted certificate - i.e.: /ssl/{name}) |
-| certificates.extraCerts[].cert | string | `nil` | The certificate content in base64 format |
-| extraSecrets | list | `[]` | A list of additional existing secrets that will be mounted into the container |
-| extraSecrets[].name | string | `nil` | Name of the existing K8s secret |
-| extraSecrets[].mountPath | string | `nil` | Mount path where the secret should be mounted into the container (f.e. /mysecretfolder) |
-
## RabbitMQ plugin base parameters
| Key | Type | Default | Description |
@@ -232,3 +213,6 @@ Section for certificate support
| customAdvancedConfig | string | `nil` | Custom advanced configuration entries for advanced.config (see [RabbitMQ advanced config](https://www.rabbitmq.com/configure.html#advanced-config-file)) |
| extraSecretAdvancedConfigs | string | `nil` | An existing secret with files that will be added to the `advanced.conf` |
| extraEnvSecrets | list | `[]` | A list of existing secrets that will be mounted into the container as environment variables |
+| extraSecrets | list | `[]` | A list of additional existing secrets that will be mounted into the container |
+| extraSecrets[].name | string | `nil` | Name of the existing K8s secret |
+| extraSecrets[].mountPath | string | `nil` | Mount path where the secret should be mounted into the container (f.e. /mysecretfolder) |
diff --git a/charts/rabbitmq/RELEASENOTES.md b/charts/rabbitmq/RELEASENOTES.md
index 94068194..c1b19651 100644
--- a/charts/rabbitmq/RELEASENOTES.md
+++ b/charts/rabbitmq/RELEASENOTES.md
@@ -75,4 +75,5 @@
| 0.6.15 | 3.11.14 | Upgraded to RabbitMQ 3.11.14 |
| 0.6.16 | 3.11.15 | Upgraded to RabbitMQ 3.11.15 |
| 0.6.17 | 3.11.16 | Upgraded to RabbitMQ 3.11.16 |
+| 0.6.18 | 3.11.16 | Simplified configuration options |
| | | |
diff --git a/charts/rabbitmq/templates/_helpers.tpl b/charts/rabbitmq/templates/_helpers.tpl
index cc13e26f..4275b115 100644
--- a/charts/rabbitmq/templates/_helpers.tpl
+++ b/charts/rabbitmq/templates/_helpers.tpl
@@ -137,8 +137,10 @@ Main RabbitMQ options
*/}}
{{- define "rabbitmq.options" -}}
## Initial login user
-default_user = {{ (.Values.authentication).user | default "guest" }}
-default_pass = {{ (.Values.authentication).password | default "guest" }}
+{{- if and (.Values.authentication).user (.Values.authentication).password }}
+default_user = {{ .Values.authentication.user }}
+default_pass = {{ .Values.authentication.password }}
+{{- end }}
loopback_users.guest = false
## RabbitMQ options
listeners.tcp.default = {{ .Values.options.tcp.port }}
@@ -157,22 +159,6 @@ ssl_options.depth = {{ .depth }}
{{- end }}
{{- end }}
{{- end }}
-{{- with .Values.certificates }}
-{{- if .enabled }}
-{{- if .cacert }}
-ssl_options.cacertfile = /ssl/cacert
-{{- end }}
-{{- if .cert }}
-ssl_options.certfile = /ssl/cert
-{{- end }}
-{{- if .key }}
-ssl_options.keyfile = /ssl/key
-{{- end }}
-{{- if .password }}
-ssl_options.password = {{ .password }}
-{{- end }}
-{{- end }}
-{{- end }}
## Memory options
{{- if ((.Values.options).memory).calculationStrategy }}
vm_memory_calculation_strategy = {{ .Values.options.memory.calculationStrategy }}
diff --git a/charts/rabbitmq/templates/certs.yaml b/charts/rabbitmq/templates/certs.yaml
deleted file mode 100644
index aed07bf8..00000000
--- a/charts/rabbitmq/templates/certs.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{- if .Values.certificates.enabled }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "rabbitmq.fullname" . }}-certs
- labels:
- {{- include "rabbitmq.labels" . | nindent 4 }}
-type: Opaque
-data:
- {{- with .Values.certificates -}}
- {{- if .cacert }}
- cacert: |
- {{ .cacert | b64enc }}
- {{- end }}
- {{- if .cert }}
- cert: |
- {{ .cert | b64enc }}
- {{- end }}
- {{- if .key }}
- key: |
- {{ .key | b64enc }}
- {{- end }}
- {{- range $cert := .extraCerts }}
- {{ $cert.name }}: |
- {{ $cert.cert | b64enc }}
- {{- end }}
- {{- end }}
-{{- end }}
diff --git a/charts/rabbitmq/templates/statefulset.yaml b/charts/rabbitmq/templates/statefulset.yaml
index d6b7fcd9..0c3f7eca 100644
--- a/charts/rabbitmq/templates/statefulset.yaml
+++ b/charts/rabbitmq/templates/statefulset.yaml
@@ -22,7 +22,6 @@ spec:
checksum/rabbit-config: {{ include (print $.Template.BasePath "/rabbit-config.yaml") . | sha256sum }}
checksum/plugins-config: {{ include (print $.Template.BasePath "/plugins-config.yaml") . | sha256sum }}
checksum/scripts: {{ include (print $.Template.BasePath "/scripts.yaml") . | sha256sum }}
- checksum/certs: {{ include (print $.Template.BasePath "/certs.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
@@ -231,10 +230,6 @@ spec:
mountPath: /etc/rabbitmq
- name: scripts
mountPath: /scripts
- {{- if .Values.certificates.enabled }}
- - name: certs
- mountPath: /ssl
- {{- end }}
{{- range $secret := .Values.extraSecrets }}
- name: {{ $secret.name }}
mountPath: {{ $secret.mountPath }}
@@ -281,12 +276,6 @@ spec:
- name: plugins
configMap:
name: {{ include "rabbitmq.fullname" . }}-plugins
- {{- if .Values.certificates.enabled }}
- - name: certs
- secret:
- secretName: {{ include "rabbitmq.fullname" . }}-certs
- defaultMode: 0440
- {{- end }}
{{- range $secret := .Values.extraSecrets }}
- name: {{ $secret.name }}
secret:
diff --git a/charts/rabbitmq/values.yaml b/charts/rabbitmq/values.yaml
index ac2eb306..8cbdd6b2 100644
--- a/charts/rabbitmq/values.yaml
+++ b/charts/rabbitmq/values.yaml
@@ -245,16 +245,15 @@ plugins: []
# Default user and erlang cookie
# The erlang cookie is important for clustered or container based usage
# Find more information about it at https://hub.docker.com/_/rabbitmq and https://www.rabbitmq.com/clustering.html#erlang-cookie
-# The erlang cookie is a MANDATORY VALUE
-# Alternative is to set the environment variable ERLANG_COOKIE
+# The erlang cookie is a MANDATORY value
authentication:
- ## Initial user name
- user: "guest"
+ ## Initial user name (alternative: set environment variable RABBITMQ_DEFAULT_USER)
+ user:
- ## Initial password
- password: "guest"
+ ## Initial password (alternative: set environment variable RABBITMQ_DEFAULT_PASS)
+ password:
- ## Erlang cookie (MANDATORY)
+ ## Erlang cookie (MANDATORY) (alternative: set environment variable ERLANG_COOKIE)
erlangCookie:
# RabbitMQ specific configuration options described at https://www.rabbitmq.com/configure.html#config-items
@@ -280,6 +279,8 @@ options:
## AMQP tcp port (default: 5672)
port: 5672
## RabbitMQ AMQP-over-SSL options are described at https://www.rabbitmq.com/ssl.html
+ ## If SSL is enabled certifactes must be provided as extraSecrets: and configured by customConfig: options
+ ## ssl_options.cacertfile, ssl_options.certfile, ssl_options.keyfile, ssl_options.password
ssl:
## Enable secure AMQP (amqps)
enabled: false
@@ -292,28 +293,6 @@ options:
## Client certificate verification depth
depth:
-## Certificate support for RabbitMQ
-certificates:
- ## Enable mounting following certificates into folder /ssl
- enabled: false
- ## Certificates that will be used for AMQP-over-SSL (AMPQS) - see: options.ssl
- ## CA certificate(s) in base64 format
- cacert:
- ## Server certificate in base64 format
- cert:
- ## Private key in base64 format
- key:
- ## Optional private key passwort
- password:
-
- ## A list of extra certificates
- ## All certificates will be mounted to the container into /ssl and can be used for custom/advanced configuration (see: customConfig)
- extraCerts: []
- ## Name of the certificate (will be the filename of the mounted certificate - i.e.: /ssl/{name})
- # - name:
- ## The certificate content in base64 format
- # cert:
-
## A list of additional existing secrets that will be mounted into the container
## The mounted files of the secrets can be used for custom or advanced configuration option (see: customConfig)
extraSecrets: []
--
GitLab