Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-05 06:47:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/rabbitmq-cluster-operator] feat: 🔒 Allow limit access to namespaces (#22251)

Browse Source 
* [bitnami/rabbitmq-cluster-operator] feat: 🔒 Allow limit access to namespaces

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* chore: 💡 Improve description of watchNamespaces

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-01-19 11:42:55 +01:00
committed by GitHub
parent e47f292da8
commit 09708d4231
8 changed files with 212 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/rabbitmq-cluster-operator/Chart.yaml
View File

@@ -37,4 +37,4 @@ maintainers:
name: rabbitmq-cluster-operator
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq-cluster-operator
version: 3.12.0
version: 3.13.0

194
bitnami/rabbitmq-cluster-operator/README.md
View File

@@ -172,6 +172,8 @@ This solution allows to easily deploy multiple RabbitMQ instances compared to th
| `clusterOperator.image.digest` | RabbitMQ Cluster Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `clusterOperator.image.pullPolicy` | RabbitMQ Cluster Operator image pull policy | `IfNotPresent` |
| `clusterOperator.image.pullSecrets` | RabbitMQ Cluster Operator image pull secrets | `[]` |
| `clusterOperator.watchAllNamespaces` | Watch for resources in all namespaces | `true` |
| `clusterOperator.watchNamespaces` | Watch for resources in the given namespaces (ignored if watchAllNamespaces=true) | `[]` |
| `clusterOperator.replicaCount` | Number of RabbitMQ Cluster Operator replicas to deploy | `1` |
| `clusterOperator.schedulerName` | Alternative scheduler | `""` |
| `clusterOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
@@ -288,101 +290,103 @@ This solution allows to easily deploy multiple RabbitMQ instances compared to th
### RabbitMQ Messaging Topology Operator Parameters
| Name | Description | Value |
| ----------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------- |
| `msgTopologyOperator.enabled` | Deploy RabbitMQ Messaging Topology Operator as part of the installation | `true` |
| `msgTopologyOperator.image.registry` | RabbitMQ Messaging Topology Operator image registry | `REGISTRY_NAME` |
| `msgTopologyOperator.image.repository` | RabbitMQ Messaging Topology Operator image repository | `REPOSITORY_NAME/rmq-messaging-topology-operator` |
| `msgTopologyOperator.image.digest` | RabbitMQ Messaging Topology Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `msgTopologyOperator.image.pullPolicy` | RabbitMQ Messaging Topology Operator image pull policy | `IfNotPresent` |
| `msgTopologyOperator.image.pullSecrets` | RabbitMQ Messaging Topology Operator image pull secrets | `[]` |
| `msgTopologyOperator.replicaCount` | Number of RabbitMQ Messaging Topology Operator replicas to deploy | `1` |
| `msgTopologyOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `msgTopologyOperator.schedulerName` | Alternative scheduler | `""` |
| `msgTopologyOperator.terminationGracePeriodSeconds` | In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully | `""` |
| `msgTopologyOperator.hostNetwork` | Boolean | `false` |
| `msgTopologyOperator.dnsPolicy` | Alternative DNS policy | `ClusterFirst` |
| `msgTopologyOperator.livenessProbe.enabled` | Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes | `true` |
| `msgTopologyOperator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `msgTopologyOperator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
| `msgTopologyOperator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `msgTopologyOperator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `msgTopologyOperator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `msgTopologyOperator.readinessProbe.enabled` | Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes | `true` |
| `msgTopologyOperator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `msgTopologyOperator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` |
| `msgTopologyOperator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `msgTopologyOperator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `msgTopologyOperator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `msgTopologyOperator.startupProbe.enabled` | Enable startupProbe on RabbitMQ Messaging Topology Operator nodes | `false` |
| `msgTopologyOperator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `msgTopologyOperator.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` |
| `msgTopologyOperator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `msgTopologyOperator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
| `msgTopologyOperator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `msgTopologyOperator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `msgTopologyOperator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `msgTopologyOperator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `msgTopologyOperator.existingWebhookCertSecret` | name of a secret containing the certificates (use it to avoid certManager creating one) | `""` |
| `msgTopologyOperator.existingWebhookCertCABundle` | PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false) | `""` |
| `msgTopologyOperator.resources.limits` | The resources limits for the RabbitMQ Messaging Topology Operator containers | `{}` |
| `msgTopologyOperator.resources.requests` | The requested resources for the RabbitMQ Messaging Topology Operator containers | `{}` |
| `msgTopologyOperator.podSecurityContext.enabled` | Enabled RabbitMQ Messaging Topology Operator pods' Security Context | `true` |
| `msgTopologyOperator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `msgTopologyOperator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `msgTopologyOperator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `msgTopologyOperator.podSecurityContext.fsGroup` | Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup | `1001` |
| `msgTopologyOperator.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `msgTopologyOperator.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `msgTopologyOperator.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `msgTopologyOperator.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `msgTopologyOperator.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `msgTopologyOperator.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `msgTopologyOperator.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `msgTopologyOperator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `msgTopologyOperator.fullnameOverride` | String to fully override rmqco.msgTopologyOperator.fullname template | `""` |
| `msgTopologyOperator.command` | Override default container command (useful when using custom images) | `[]` |
| `msgTopologyOperator.args` | Override default container args (useful when using custom images) | `[]` |
| `msgTopologyOperator.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
| `msgTopologyOperator.hostAliases` | RabbitMQ Messaging Topology Operator pods host aliases | `[]` |
| `msgTopologyOperator.podLabels` | Extra labels for RabbitMQ Messaging Topology Operator pods | `{}` |
| `msgTopologyOperator.podAnnotations` | Annotations for RabbitMQ Messaging Topology Operator pods | `{}` |
| `msgTopologyOperator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `msgTopologyOperator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `msgTopologyOperator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `msgTopologyOperator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `msgTopologyOperator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `msgTopologyOperator.affinity` | Affinity for RabbitMQ Messaging Topology Operator pods assignment | `{}` |
| `msgTopologyOperator.nodeSelector` | Node labels for RabbitMQ Messaging Topology Operator pods assignment | `{}` |
| `msgTopologyOperator.tolerations` | Tolerations for RabbitMQ Messaging Topology Operator pods assignment | `[]` |
| `msgTopologyOperator.updateStrategy.type` | RabbitMQ Messaging Topology Operator statefulset strategy type | `RollingUpdate` |
| `msgTopologyOperator.priorityClassName` | RabbitMQ Messaging Topology Operator pods' priorityClassName | `""` |
| `msgTopologyOperator.lifecycleHooks` | for the RabbitMQ Messaging Topology Operator container(s) to automate configuration before or after startup | `{}` |
| `msgTopologyOperator.containerPorts.metrics` | RabbitMQ Messaging Topology Operator container port (used for metrics) | `8080` |
| `msgTopologyOperator.extraEnvVars` | Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes | `[]` |
| `msgTopologyOperator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` |
| `msgTopologyOperator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` |
| `msgTopologyOperator.extraVolumes` | Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s) | `[]` |
| `msgTopologyOperator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s) | `[]` |
| `msgTopologyOperator.sidecars` | Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` |
| `msgTopologyOperator.initContainers` | Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` |
| `msgTopologyOperator.service.type` | RabbitMQ Messaging Topology Operator webhook service type | `ClusterIP` |
| `msgTopologyOperator.service.ports.webhook` | RabbitMQ Messaging Topology Operator webhook service HTTP port | `443` |
| `msgTopologyOperator.service.nodePorts.http` | Node port for HTTP | `""` |
| `msgTopologyOperator.service.clusterIP` | RabbitMQ Messaging Topology Operator webhook service Cluster IP | `""` |
| `msgTopologyOperator.service.loadBalancerIP` | RabbitMQ Messaging Topology Operator webhook service Load Balancer IP | `""` |
| `msgTopologyOperator.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `msgTopologyOperator.service.loadBalancerSourceRanges` | RabbitMQ Messaging Topology Operator webhook service Load Balancer sources | `[]` |
| `msgTopologyOperator.service.externalTrafficPolicy` | RabbitMQ Messaging Topology Operator webhook service external traffic policy | `Cluster` |
| `msgTopologyOperator.service.annotations` | Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service | `{}` |
| `msgTopologyOperator.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `msgTopologyOperator.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `msgTopologyOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `msgTopologyOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `msgTopologyOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `msgTopologyOperator.serviceAccount.annotations` | Add annotations | `{}` |
| `msgTopologyOperator.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` |
| Name | Description | Value |
| ----------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- |
| `msgTopologyOperator.enabled` | Deploy RabbitMQ Messaging Topology Operator as part of the installation | `true` |
| `msgTopologyOperator.image.registry` | RabbitMQ Messaging Topology Operator image registry | `REGISTRY_NAME` |
| `msgTopologyOperator.image.repository` | RabbitMQ Messaging Topology Operator image repository | `REPOSITORY_NAME/rmq-messaging-topology-operator` |
| `msgTopologyOperator.image.digest` | RabbitMQ Messaging Topology Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `msgTopologyOperator.image.pullPolicy` | RabbitMQ Messaging Topology Operator image pull policy | `IfNotPresent` |
| `msgTopologyOperator.image.pullSecrets` | RabbitMQ Messaging Topology Operator image pull secrets | `[]` |
| `msgTopologyOperator.watchAllNamespaces` | Watch for resources in all namespaces | `true` |
| `msgTopologyOperator.watchNamespaces` | Watch for resources in the given namespaces ## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true) | `[]` |
| `msgTopologyOperator.replicaCount` | Number of RabbitMQ Messaging Topology Operator replicas to deploy | `1` |
| `msgTopologyOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `msgTopologyOperator.schedulerName` | Alternative scheduler | `""` |
| `msgTopologyOperator.terminationGracePeriodSeconds` | In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully | `""` |
| `msgTopologyOperator.hostNetwork` | Boolean | `false` |
| `msgTopologyOperator.dnsPolicy` | Alternative DNS policy | `ClusterFirst` |
| `msgTopologyOperator.livenessProbe.enabled` | Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes | `true` |
| `msgTopologyOperator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `msgTopologyOperator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
| `msgTopologyOperator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `msgTopologyOperator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `msgTopologyOperator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `msgTopologyOperator.readinessProbe.enabled` | Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes | `true` |
| `msgTopologyOperator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `msgTopologyOperator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` |
| `msgTopologyOperator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `msgTopologyOperator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `msgTopologyOperator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `msgTopologyOperator.startupProbe.enabled` | Enable startupProbe on RabbitMQ Messaging Topology Operator nodes | `false` |
| `msgTopologyOperator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `msgTopologyOperator.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` |
| `msgTopologyOperator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `msgTopologyOperator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
| `msgTopologyOperator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `msgTopologyOperator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `msgTopologyOperator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `msgTopologyOperator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `msgTopologyOperator.existingWebhookCertSecret` | name of a secret containing the certificates (use it to avoid certManager creating one) | `""` |
| `msgTopologyOperator.existingWebhookCertCABundle` | PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false) | `""` |
| `msgTopologyOperator.resources.limits` | The resources limits for the RabbitMQ Messaging Topology Operator containers | `{}` |
| `msgTopologyOperator.resources.requests` | The requested resources for the RabbitMQ Messaging Topology Operator containers | `{}` |
| `msgTopologyOperator.podSecurityContext.enabled` | Enabled RabbitMQ Messaging Topology Operator pods' Security Context | `true` |
| `msgTopologyOperator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `msgTopologyOperator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `msgTopologyOperator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `msgTopologyOperator.podSecurityContext.fsGroup` | Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup | `1001` |
| `msgTopologyOperator.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `msgTopologyOperator.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `msgTopologyOperator.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `msgTopologyOperator.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `msgTopologyOperator.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `msgTopologyOperator.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `msgTopologyOperator.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `msgTopologyOperator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `msgTopologyOperator.fullnameOverride` | String to fully override rmqco.msgTopologyOperator.fullname template | `""` |
| `msgTopologyOperator.command` | Override default container command (useful when using custom images) | `[]` |
| `msgTopologyOperator.args` | Override default container args (useful when using custom images) | `[]` |
| `msgTopologyOperator.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
| `msgTopologyOperator.hostAliases` | RabbitMQ Messaging Topology Operator pods host aliases | `[]` |
| `msgTopologyOperator.podLabels` | Extra labels for RabbitMQ Messaging Topology Operator pods | `{}` |
| `msgTopologyOperator.podAnnotations` | Annotations for RabbitMQ Messaging Topology Operator pods | `{}` |
| `msgTopologyOperator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `msgTopologyOperator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `msgTopologyOperator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `msgTopologyOperator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `msgTopologyOperator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `msgTopologyOperator.affinity` | Affinity for RabbitMQ Messaging Topology Operator pods assignment | `{}` |
| `msgTopologyOperator.nodeSelector` | Node labels for RabbitMQ Messaging Topology Operator pods assignment | `{}` |
| `msgTopologyOperator.tolerations` | Tolerations for RabbitMQ Messaging Topology Operator pods assignment | `[]` |
| `msgTopologyOperator.updateStrategy.type` | RabbitMQ Messaging Topology Operator statefulset strategy type | `RollingUpdate` |
| `msgTopologyOperator.priorityClassName` | RabbitMQ Messaging Topology Operator pods' priorityClassName | `""` |
| `msgTopologyOperator.lifecycleHooks` | for the RabbitMQ Messaging Topology Operator container(s) to automate configuration before or after startup | `{}` |
| `msgTopologyOperator.containerPorts.metrics` | RabbitMQ Messaging Topology Operator container port (used for metrics) | `8080` |
| `msgTopologyOperator.extraEnvVars` | Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes | `[]` |
| `msgTopologyOperator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` |
| `msgTopologyOperator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` |
| `msgTopologyOperator.extraVolumes` | Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s) | `[]` |
| `msgTopologyOperator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s) | `[]` |
| `msgTopologyOperator.sidecars` | Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` |
| `msgTopologyOperator.initContainers` | Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` |
| `msgTopologyOperator.service.type` | RabbitMQ Messaging Topology Operator webhook service type | `ClusterIP` |
| `msgTopologyOperator.service.ports.webhook` | RabbitMQ Messaging Topology Operator webhook service HTTP port | `443` |
| `msgTopologyOperator.service.nodePorts.http` | Node port for HTTP | `""` |
| `msgTopologyOperator.service.clusterIP` | RabbitMQ Messaging Topology Operator webhook service Cluster IP | `""` |
| `msgTopologyOperator.service.loadBalancerIP` | RabbitMQ Messaging Topology Operator webhook service Load Balancer IP | `""` |
| `msgTopologyOperator.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `msgTopologyOperator.service.loadBalancerSourceRanges` | RabbitMQ Messaging Topology Operator webhook service Load Balancer sources | `[]` |
| `msgTopologyOperator.service.externalTrafficPolicy` | RabbitMQ Messaging Topology Operator webhook service external traffic policy | `Cluster` |
| `msgTopologyOperator.service.annotations` | Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service | `{}` |
| `msgTopologyOperator.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `msgTopologyOperator.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `msgTopologyOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `msgTopologyOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `msgTopologyOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `msgTopologyOperator.serviceAccount.annotations` | Add annotations | `{}` |
| `msgTopologyOperator.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` |
### RabbitMQ Messaging Topology Operator parameters

36
bitnami/rabbitmq-cluster-operator/templates/NOTES.txt
View File

@@ -8,6 +8,42 @@ Watch the RabbitMQ Cluster Operator and RabbitMQ Messaging Topology Operator Dep
kubectl get deploy -w --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}
{{- if .Values.clusterOperator.rbac.create }}
{{- if .Values.clusterOperator.watchAllNamespaces }}
WARNING: RabbitMQ Cluster Operator can access all secrets in the cluster. This could pose a security risk if the application gets compromised.
You can limit allowed namespaces by setting clusterOperator.watchAllNamespaces = false and configuring clusterOperator.watchNamespaces
{{- else }}
RabbitMQ Cluster Operator can ONLY access resources in the following namespaces:
{{ $namespaces := .Values.clusterOperator.watchAllNamespaces | default (list (include "common.names.namespace" .)) }}
{{- range $namespace := $namespaces }}
- {{ $namespace }}
{{- end }}
RabbitMQ Cluster Operator won't be able to access resources in other namespaces. You can configure this behavior by setting clusterOperator.watchNamespaces
{{- end }}
{{- end }}
{{- if .Values.msgTopologyOperator.rbac.create }}
{{- if .Values.msgTopologyOperator.watchAllNamespaces }}
WARNING: RabbitMQ Messaging Topology Operator can access all secrets in the cluster. This could pose a security risk if the application gets compromised.
You can limit allowed namespaces by setting msgTopologyOperator.watchAllNamespaces = false and configuring msgTopologyOperator.watchNamespaces
{{- else }}
RabbitMQ Messaging Topology Operator can ONLY access resources in the following namespaces:
{{ $namespaces := .Values.msgTopologyOperator.watchAllNamespaces | default (list (include "common.names.namespace" .)) }}
{{- range $namespace := $namespaces }}
- {{ $namespace }}
{{- end }}
RabbitMQ Messaging Topology Operator won't be able to access resources in other namespaces. You can configure this behavior by setting msgTopologyOperator.watchNamespaces
{{- end }}
{{- end }}
{{ include "common.warnings.rollingTag" .Values.clusterOperator.image }}
{{ include "common.warnings.rollingTag" .Values.msgTopologyOperator.image }}
{{ include "common.warnings.rollingTag" .Values.credentialUpdaterImage }}

26
bitnami/rabbitmq-cluster-operator/templates/cluster-operator/clusterrolebinding.yaml
View File

@@ -4,6 +4,7 @@ SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.clusterOperator.rbac.create }}
{{- if .Values.clusterOperator.watchAllNamespaces }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
@@ -22,4 +23,29 @@ subjects:
- kind: ServiceAccount
name: {{ template "rmqco.clusterOperator.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- else }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.clusterOperator.watchNamespaces }}
{{- range $namespace := $watchNamespaces }}
---
kind: RoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }}
metadata:
name: {{ printf "%s-%s" (include "rmqco.clusterOperator.fullname" $) $namespace | trunc 63 | trimSuffix "-" }}
namespace: {{ $namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: rabbitmq-operator
app.kubernetes.io/part-of: rabbitmq
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "common.names.fullname.namespace" $ }}
subjects:
- kind: ServiceAccount
name: {{ template "rmqco.clusterOperator.serviceAccountName" $ }}
namespace: {{ include "common.names.namespace" $ | quote }}
{{- end }}
{{- end }}
{{- end }}

5
bitnami/rabbitmq-cluster-operator/templates/cluster-operator/deployment.yaml
View File

@@ -95,6 +95,11 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if not .Values.clusterOperator.watchAllNamespaces }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.clusterOperator.watchNamespaces }}
- name: OPERATOR_SCOPE_NAMESPACE
value: {{ join "," $watchNamespaces | quote }}
{{- end }}
- name: DEFAULT_RABBITMQ_IMAGE
value: {{ include "rmqco.rabbitmq.image" . }}
- name: DEFAULT_USER_UPDATER_IMAGE

32
bitnami/rabbitmq-cluster-operator/templates/messaging-topology-operator/clusterrolebinding.yaml
View File

@@ -3,13 +3,12 @@ Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.msgTopologyOperator.enabled .Values.msgTopologyOperator.rbac.create }}
{{- if .Values.msgTopologyOperator.rbac.create }}
{{- if .Values.msgTopologyOperator.watchAllNamespaces }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: messaging-topology-operator
app.kubernetes.io/part-of: rabbitmq
name: {{ template "rmqco.msgTopologyOperator.fullname.namespace" . }}
@@ -24,4 +23,29 @@ subjects:
- kind: ServiceAccount
name: {{ template "rmqco.msgTopologyOperator.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- else }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.msgTopologyOperator.watchNamespaces }}
{{- range $namespace := $watchNamespaces }}
---
kind: RoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }}
metadata:
name: {{ printf "%s-%s" (include "rmqco.msgTopologyOperator.fullname" $) $namespace | trunc 63 | trimSuffix "-" }}
namespace: {{ $namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: messaging-topology-operator
app.kubernetes.io/part-of: rabbitmq
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "rmqco.msgTopologyOperator.fullname.namespace" $ }}
subjects:
- kind: ServiceAccount
name: {{ template "rmqco.msgTopologyOperator.serviceAccountName" $ }}
namespace: {{ include "common.names.namespace" $ | quote }}
{{- end }}
{{- end }}
{{- end }}

5
bitnami/rabbitmq-cluster-operator/templates/messaging-topology-operator/deployment.yaml
View File

@@ -104,6 +104,11 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if not .Values.msgTopologyOperator.watchAllNamespaces }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.msgTopologyOperator.watchNamespaces }}
- name: OPERATOR_SCOPE_NAMESPACE
value: {{ join "," $watchNamespaces | quote }}
{{- end }}
{{- if .Values.msgTopologyOperator.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraEnvVars "context" $) | nindent 12 }}
{{- end }}

12
bitnami/rabbitmq-cluster-operator/values.yaml
View File

@@ -127,6 +127,12 @@ clusterOperator:
##
pullSecrets: []
## @param clusterOperator.watchAllNamespaces Watch for resources in all namespaces
##
watchAllNamespaces: true
## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true)
##
watchNamespaces: []
## @param clusterOperator.replicaCount Number of RabbitMQ Cluster Operator replicas to deploy
##
replicaCount: 1
@@ -586,6 +592,12 @@ msgTopologyOperator:
##
pullSecrets: []
## @param msgTopologyOperator.watchAllNamespaces Watch for resources in all namespaces
##
watchAllNamespaces: true
## @param msgTopologyOperator.watchNamespaces [array] Watch for resources in the given namespaces ## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true)
##
watchNamespaces: []
## @param msgTopologyOperator.replicaCount Number of RabbitMQ Messaging Topology Operator replicas to deploy
##
replicaCount: 1