298c333ac7
Prepare rabbitmq to be running in non clustered mode, in which
it may be useful to bootstrap cluster with fresh data each time
since we do not use durable queues in openstack that are stored
on filesystem.
The two new data strucutre in rabbitmq Values are added:
users:
auth:
keystone_service:
username: keystone
password: password
path: /keystone
aux_conf:
policies:
- vhost: "keystone"
name: "ha_ttl_keystone"
definition:
ha-mode: "all"
ha-sync-mode: "automatic"
message-ttl: 70000
priority: 0
apply-to: all
pattern: '^(?!amq\.).*'
Change-Id: Ia0dd1a8afe7b6e894bcbeafedf75131de0023df0
356 lines
16 KiB
YAML
356 lines
16 KiB
YAML
{{/*
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
{{- if (.Values.global).subchart_release_name }}
|
|
{{- $_ := set . "deployment_name" .Chart.Name }}
|
|
{{- else }}
|
|
{{- $_ := set . "deployment_name" .Release.Name }}
|
|
{{- end }}
|
|
|
|
{{- define "rabbitmqReadinessProbeTemplate" }}
|
|
exec:
|
|
command:
|
|
- /tmp/rabbitmq-readiness.sh
|
|
{{- end }}
|
|
{{- define "rabbitmqLivenessProbeTemplate" }}
|
|
exec:
|
|
command:
|
|
- /tmp/rabbitmq-liveness.sh
|
|
{{- end }}
|
|
|
|
{{/*
|
|
(aostapenko) rounds cpu limit in any permissible format to integer value (min 1)
|
|
"100m" -> 1
|
|
"1100m" -> 1
|
|
"10900m" -> 10
|
|
0.3 -> 1
|
|
5.4 -> 5
|
|
*/}}
|
|
{{- define "get_erlvm_scheduler_num" -}}
|
|
{{- $val := . | toString -}}
|
|
{{- if regexMatch "^[0-9]*m$" $val -}}
|
|
{{- $val = div (float64 (trimSuffix "m" $val)) 1000 -}}
|
|
{{- end -}}
|
|
{{/* NOTE(aostapenko) String with floating number does not convert well to int */}}
|
|
{{- $val | float64 | int | default 1 -}}
|
|
{{- end -}}
|
|
|
|
{{- if .Values.manifests.statefulset }}
|
|
{{- $envAll := . }}
|
|
|
|
{{- $rcControllerName := printf "%s-%s" $envAll.deployment_name "rabbitmq" }}
|
|
{{ tuple $envAll "rabbitmq" $rcControllerName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
|
|
{{- $protocol := "http" }}
|
|
{{- if $envAll.Values.manifests.certificates }}
|
|
{{- $protocol = "https" }}
|
|
{{- end }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: {{ $rcControllerName | quote }}
|
|
namespace: {{ .Release.Namespace }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: {{ $rcControllerName | quote }}
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ $rcControllerName | quote }}
|
|
namespace: {{ .Release.Namespace }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: {{ $rcControllerName | quote }}
|
|
namespace: {{ .Release.Namespace }}
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
- extensions
|
|
- batch
|
|
- apps
|
|
verbs:
|
|
- get
|
|
- list
|
|
resources:
|
|
- services
|
|
- endpoints
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: {{ $rcControllerName | quote }}
|
|
annotations:
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
|
labels:
|
|
{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
|
spec:
|
|
serviceName: {{ tuple "oslo_messaging" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
|
replicas: {{ $envAll.Values.pod.replicas.server }}
|
|
podManagementPolicy: "Parallel"
|
|
selector:
|
|
matchLabels:
|
|
{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
annotations:
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
secret-rabbit-admin-hash: {{ tuple "secret-rabbit-admin.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
secret-erlang-cookie-hash: {{ tuple "secret-erlang-cookie.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
{{ dict "envAll" $envAll "podName" "rabbitmq" "containerNames" (list "init" "rabbitmq-password" "rabbitmq-cookie" "rabbitmq-perms" "rabbitmq") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
|
spec:
|
|
{{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
|
serviceAccountName: {{ $rcControllerName | quote }}
|
|
affinity:
|
|
{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
|
{{ if $envAll.Values.pod.tolerations.rabbitmq.enabled }}
|
|
{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
|
|
{{ end }}
|
|
nodeSelector:
|
|
{{ $envAll.Values.labels.server.node_selector_key }}: {{ $envAll.Values.labels.server.node_selector_value | quote }}
|
|
initContainers:
|
|
{{ tuple $envAll "rabbitmq" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
|
- name: rabbitmq-password
|
|
{{ tuple $envAll "rabbitmq_init" | include "helm-toolkit.snippets.image" | indent 10 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
{{ dict "envAll" $envAll "application" "server" "container" "rabbitmq_password" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
|
command:
|
|
- /tmp/rabbitmq-password-hash.py
|
|
env:
|
|
- name: RABBITMQ_ADMIN_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ printf "%s-%s" $envAll.deployment_name "admin-user" | quote }}
|
|
key: RABBITMQ_ADMIN_USERNAME
|
|
- name: RABBITMQ_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ printf "%s-%s" $envAll.deployment_name "admin-user" | quote }}
|
|
key: RABBITMQ_ADMIN_PASSWORD
|
|
- name: RABBITMQ_DEFINITION_FILE
|
|
value: "{{ index $envAll.Values.conf.rabbitmq "management.load_definitions" }}"
|
|
{{- if .Values.conf.users }}
|
|
- name: RABBITMQ_USERS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ printf "%s-%s" $envAll.deployment_name "users-credentials" | quote }}
|
|
key: RABBITMQ_USERS
|
|
{{- end }}
|
|
{{- if .Values.conf.aux_conf }}
|
|
- name: RABBITMQ_AUXILIARY_CONFIGURATION
|
|
value: {{ toJson $envAll.Values.conf.aux_conf | quote }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: pod-tmp
|
|
mountPath: /tmp
|
|
- name: rabbitmq-data
|
|
mountPath: /var/lib/rabbitmq
|
|
- name: rabbitmq-bin
|
|
mountPath: /tmp/rabbitmq-password-hash.py
|
|
subPath: rabbitmq-password-hash.py
|
|
readOnly: true
|
|
- name: rabbitmq-cookie
|
|
{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.image" | indent 10 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
{{ dict "envAll" $envAll "application" "server" "container" "rabbitmq_cookie" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
|
command:
|
|
- /tmp/rabbitmq-cookie.sh
|
|
volumeMounts:
|
|
- name: pod-tmp
|
|
mountPath: /tmp
|
|
- name: rabbitmq-bin
|
|
mountPath: /tmp/rabbitmq-cookie.sh
|
|
subPath: rabbitmq-cookie.sh
|
|
readOnly: true
|
|
- name: rabbitmq-data
|
|
mountPath: /var/lib/rabbitmq
|
|
- name: rabbitmq-erlang-cookie
|
|
mountPath: /var/run/lib/rabbitmq/.erlang.cookie
|
|
subPath: erlang_cookie
|
|
readOnly: true
|
|
{{- if $envAll.Values.volume.chown_on_start }}
|
|
- name: rabbitmq-perms
|
|
{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.image" | indent 10 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
{{ dict "envAll" $envAll "application" "server" "container" "rabbitmq_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
|
command:
|
|
- chown
|
|
- -R
|
|
- "{{ $envAll.Values.pod.security_context.server.pod.runAsUser }}"
|
|
- /var/lib/rabbitmq
|
|
volumeMounts:
|
|
- name: pod-tmp
|
|
mountPath: /tmp
|
|
- name: rabbitmq-data
|
|
mountPath: /var/lib/rabbitmq
|
|
{{- end }}
|
|
containers:
|
|
- name: rabbitmq
|
|
{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.image" | indent 10 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
{{ dict "envAll" $envAll "application" "server" "container" "rabbitmq" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
|
command:
|
|
- /tmp/rabbitmq-start.sh
|
|
ports:
|
|
- name: {{ printf "%s" $protocol }}
|
|
protocol: TCP
|
|
containerPort: {{ tuple "oslo_messaging" "internal" $protocol . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
{{- if .Values.network.host_namespace }}
|
|
hostPort: {{ tuple "oslo_messaging" "internal" $protocol . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
{{- end }}
|
|
- name: amqp
|
|
protocol: TCP
|
|
containerPort: {{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
{{- if .Values.network.host_namespace }}
|
|
hostPort: {{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
{{- end }}
|
|
- name: clustering
|
|
protocol: TCP
|
|
containerPort: {{ add (tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") 20000 }}
|
|
{{- if .Values.network.host_namespace }}
|
|
hostPort: {{ add (tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") 20000 }}
|
|
{{- end }}
|
|
- name: metrics
|
|
containerPort: {{ tuple "oslo_messaging" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
protocol: TCP
|
|
env:
|
|
- name: MY_POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: MY_POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: RABBITMQ_USE_LONGNAME
|
|
value: "true"
|
|
- name: RABBITMQ_NODENAME
|
|
value: "rabbit@$(MY_POD_NAME).{{ tuple "oslo_messaging" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
|
|
- name: K8S_SERVICE_NAME
|
|
value: {{ tuple "oslo_messaging" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
|
- name: K8S_HOSTNAME_SUFFIX
|
|
value: ".{{ tuple "oslo_messaging" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
|
|
- name: RABBITMQ_ERLANG_COOKIE
|
|
value: "{{ $envAll.Values.endpoints.oslo_messaging.auth.erlang_cookie }}"
|
|
- name: PORT_HTTP
|
|
value: "{{ tuple "oslo_messaging" "internal" $protocol . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
|
- name: PORT_AMPQ
|
|
value: "{{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
|
- name: PORT_CLUSTERING
|
|
value: "{{ add (tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") 20000 }}"
|
|
{{- if ne (.Values.conf.feature_flags | default "") "default" }}
|
|
- name: RABBITMQ_FEATURE_FLAGS
|
|
value: "{{ .Values.conf.feature_flags }}"
|
|
{{- end }}
|
|
{{ dict "envAll" $envAll "component" "rabbitmq" "container" "rabbitmq" "type" "readiness" "probeTemplate" (include "rabbitmqReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
|
|
{{ dict "envAll" $envAll "component" "rabbitmq" "container" "rabbitmq" "type" "liveness" "probeTemplate" (include "rabbitmqLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
|
|
lifecycle:
|
|
preStop:
|
|
exec:
|
|
command:
|
|
- rabbitmqctl
|
|
- stop_app
|
|
volumeMounts:
|
|
- name: pod-tmp
|
|
mountPath: /tmp
|
|
- name: rabbitmq-data
|
|
mountPath: /var/lib/rabbitmq
|
|
- name: rabbitmq-bin
|
|
mountPath: /tmp/rabbitmq-start.sh
|
|
subPath: rabbitmq-start.sh
|
|
readOnly: true
|
|
- name: rabbitmq-bin
|
|
mountPath: /tmp/rabbitmq-readiness.sh
|
|
subPath: rabbitmq-readiness.sh
|
|
readOnly: true
|
|
- name: rabbitmq-bin
|
|
mountPath: /tmp/rabbitmq-liveness.sh
|
|
subPath: rabbitmq-liveness.sh
|
|
readOnly: true
|
|
- name: rabbitmq-etc
|
|
mountPath: /etc/rabbitmq/enabled_plugins
|
|
subPath: enabled_plugins
|
|
readOnly: true
|
|
- name: rabbitmq-etc
|
|
mountPath: /etc/rabbitmq/rabbitmq.conf
|
|
subPath: rabbitmq.conf
|
|
readOnly: true
|
|
{{- if .Values.conf.rabbit_advanced_config.enabled }}
|
|
- name: rabbitmq-etc
|
|
mountPath: /etc/rabbitmq/advanced.config
|
|
subPath: advanced.config
|
|
readOnly: true
|
|
{{- end }}
|
|
- name: rabbitmq-etc
|
|
mountPath: /etc/rabbitmq/rabbitmq-env.conf
|
|
subPath: rabbitmq-env.conf
|
|
readOnly: true
|
|
{{- if .Values.manifests.config_ipv6 }}
|
|
- name: rabbitmq-etc
|
|
mountPath: /etc/rabbitmq/erl_inetrc
|
|
subPath: erl_inetrc
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if not .Values.conf.prometheus_exporter.rabbitmq_mgmt_metrics_collector_disabled }}
|
|
- name: rabbitmq-etc
|
|
mountPath: /etc/rabbitmq/conf.d/management_agent.disable_metrics_collector.conf
|
|
subPath: management_agent.disable_metrics_collector.conf
|
|
readOnly: true
|
|
{{- end }}
|
|
{{ dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.oslo_messaging.server.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
|
volumes:
|
|
- name: pod-tmp
|
|
emptyDir: {}
|
|
- name: rabbitmq-bin
|
|
configMap:
|
|
name: {{ printf "%s-%s" $envAll.deployment_name "rabbitmq-bin" | quote }}
|
|
defaultMode: 0555
|
|
- name: rabbitmq-etc
|
|
configMap:
|
|
name: {{ printf "%s-%s" $envAll.deployment_name "rabbitmq-etc" | quote }}
|
|
defaultMode: 0444
|
|
- name: rabbitmq-erlang-cookie
|
|
secret:
|
|
secretName: {{ printf "%s-%s" $envAll.deployment_name "erlang-cookie" | quote }}
|
|
defaultMode: 0444
|
|
{{ dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.oslo_messaging.server.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
|
{{- if not $envAll.Values.volume.enabled }}
|
|
- name: rabbitmq-data
|
|
{{- if .Values.volume.use_local_path.enabled }}
|
|
hostPath:
|
|
path: {{ .Values.volume.use_local_path.host_path }}
|
|
type: DirectoryOrCreate
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if $envAll.Values.volume.enabled }}
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: rabbitmq-data
|
|
spec:
|
|
accessModes: ["ReadWriteOnce"]
|
|
resources:
|
|
requests:
|
|
storage: {{ $envAll.Values.volume.size }}
|
|
storageClassName: {{ $envAll.Values.volume.class_name }}
|
|
{{- end }}
|
|
{{ end }}
|