From 1bc279c85316a831cefc6d3bb4b3c99a717d8499 Mon Sep 17 00:00:00 2001 From: Matthew B <106352182+artntek@users.noreply.github.com> Date: Thu, 30 Oct 2025 15:58:54 -0700 Subject: [PATCH 1/4] initial hacks to make work with rabbitmq cluster operator --- helm/Chart.lock | 7 ++---- helm/Chart.yaml | 13 ---------- helm/templates/NOTES.txt | 43 ---------------------------------- helm/templates/deployment.yaml | 2 +- 4 files changed, 3 insertions(+), 62 deletions(-) diff --git a/helm/Chart.lock b/helm/Chart.lock index 51d87d62..83c3285c 100644 --- a/helm/Chart.lock +++ b/helm/Chart.lock @@ -1,9 +1,6 @@ dependencies: -- name: rabbitmq - repository: https://charts.bitnami.com/bitnami - version: 14.7.0 - name: solr repository: https://charts.bitnami.com/bitnami version: 9.5.5 -digest: sha256:59d67de7ffbf7aad3cddb9ed3c66650858a2a65e16bce5de64ecadc6944ce5ff -generated: "2025-04-23T15:38:10.540938-07:00" +digest: sha256:07fc39bbbeadb46195e79fca6e5dae3c747cbcd8744b3449c0385271913b351b +generated: "2025-10-30T14:22:41.820563-07:00" diff --git a/helm/Chart.yaml b/helm/Chart.yaml index e65546cd..36e771c2 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -31,19 +31,6 @@ appVersion: "3.2.0-SNAPSHOT" # Chart dependencies dependencies: - - name: rabbitmq - condition: rabbitmq.enabled, global.rabbitmq.enabled - repository: https://charts.bitnami.com/bitnami - ## get full list using: $ helm search repo bitnami/rabbitmq --versions - version: 14.7.0 # rabbitmq version 3.13.7 - ## REMEMBER TO CHANGE: .Values.rabbitmq.nameOverride FOR EACH NEW RELEASE! - ## - ## NOTE: each release should be a fresh install (using a new PV/PVC). We ensure this by changing - ## the rabbitmq.nameOverride for each new subchart version. - ## NOTE: If you decide to upgrade instead of using a new PV/PVC, you must upgrade to the latest - ## patch release of each minor (APP) version, before upgrading to the next minor (APP) version; - ## see: https://www.rabbitmq.com/docs/feature-flags#version-compatibility - - name: solr condition: solr.enabled, global.solr.enabled repository: https://charts.bitnami.com/bitnami diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index f25471f3..f477a382 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -4,49 +4,6 @@ APP VERSION: {{ .Chart.AppVersion }} ** Please be patient while the chart is being deployed ** - -RABBITMQ: -========= -Credentials: - Username: {{ .Values.rabbitmq.auth.username }} - To get password: - echo $(kubectl get secret --namespace {{ .Release.Namespace }} {{ .Values.rabbitmq.auth.existingPasswordSecret }} -o jsonpath="{.data.rabbitmq-password}" | base64 -d) - -IMPORTANT NOTE: the credentials are saved in persistent volume claims and will not be changed upon upgrade or re-installation unless the persistent volume claim has been deleted. If this is not the first installation of this chart, the credentials may not be valid. - -This is applicable when no passwords are set and therefore the random password is autogenerated. In case of using a fixed password, you should specify it when upgrading. - -More information about the credentials may be found at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases. - -{{- $rmqMgrPort := .Values.rabbitmq.service.ports.manager }} - -The RabbitMQ Manager API or Web UI can be accessed within the cluster on port {{ $rmqMgrPort }} at -{{ include "idxworker.rabbitmq.hostname" . }} - -Access the web console or API by port-forwarding: - -kubectl -n {{ .Release.Namespace }} port-forward svc/{{ include "idxworker.rabbitmq.hostname" . }} {{ $rmqMgrPort }}:{{ $rmqMgrPort }} & - -...then login to the Rabbitmq web console: http://localhost:{{ $rmqMgrPort }} using the credentials -above, and/or use the API - for example, to see the number of messages on the 'index' queue: - -$ curl -u username:password http://localhost:15672/api/queues/%2f/index | jq | grep "messages\":" - -API documentation is available at: -https://rawcdn.githack.com/rabbitmq/rabbitmq-server/v3.13.1/deps/rabbitmq_management/priv/www/api/index.html - -{{- if .Values.rabbitmq.metrics.enabled }} - -To access the RabbitMQ Prometheus metrics, get the RabbitMQ Prometheus URL by running: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.metrics }}:{{ .Values.service.ports.metrics }} & - echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.service.ports.metrics }}/metrics" - -Then, open the obtained URL in a browser. - -{{- end }} - - SOLR: ===== Solr can be accessed via port {{ .Values.global.solrPort }} on the following DNS name from within diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 59d2a412..2c1c834c 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -134,7 +134,7 @@ spec: valueFrom: secretKeyRef: name: {{ required "rabbitmq.auth.existingPasswordSecret IS REQUIRED" .Values.rabbitmq.auth.existingPasswordSecret }} - key: rabbitmq-password + key: password optional: false {{- if .Values.solr.auth.enabled }} - name: SOLR_ADMIN_PASSWORD From 109dfc99d05635f9f25cc16e6d2d752dd34a6c41 Mon Sep 17 00:00:00 2001 From: Matthew B <106352182+artntek@users.noreply.github.com> Date: Mon, 3 Nov 2025 16:00:22 -0800 Subject: [PATCH 2/4] make passwd key configurable --- helm/config/dataone-indexer.properties | 2 +- helm/templates/deployment.yaml | 4 ++-- helm/values.yaml | 18 ++++++++++-------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/helm/config/dataone-indexer.properties b/helm/config/dataone-indexer.properties index 3099a9b0..5320f9d0 100644 --- a/helm/config/dataone-indexer.properties +++ b/helm/config/dataone-indexer.properties @@ -6,7 +6,7 @@ index.tdb.directory={{ .Values.idxworker.tripleDbDirectory }} #The section for the rabbitMQ configuration index.rabbitmq.hostname={{ include "idxworker.rabbitmq.hostname" . }} index.rabbitmq.hostport={{- include "idxworker.rabbitmq.hostport" . }} -index.rabbitmq.username={{ .Values.rabbitmq.auth.username }} +index.rabbitmq.username={{ .Values.rabbitmq.username }} ## index.rabbitmq.password will be read from RABBITMQ_PASSWORD env var index.rabbitmq.password=${env:RABBITMQ_PASSWORD} #If changing max priority, existing queue must be deleted, and consumers must use the same number diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 2c1c834c..c35c1128 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -133,8 +133,8 @@ spec: - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: - name: {{ required "rabbitmq.auth.existingPasswordSecret IS REQUIRED" .Values.rabbitmq.auth.existingPasswordSecret }} - key: password + name: {{ required "rabbitmq.existingPasswordSecret IS REQUIRED" .Values.rabbitmq.existingPasswordSecret }} + key: {{ .Values.rabbitmq.passwordKey }} optional: false {{- if .Values.solr.auth.enabled }} - name: SOLR_ADMIN_PASSWORD diff --git a/helm/values.yaml b/helm/values.yaml index f10e23be..e21f67a6 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -362,16 +362,18 @@ rabbitmq: # must use the same number. #max.priority: 10 - auth: - ## @param rabbitmq.username the username for rabbitmq access - ## - username: rmq + ## @param rabbitmq.username the username for rabbitmq access + ## + username: rmq - ## @param rabbitmq.existingPasswordSecret the k8s secret holding the rabbitmq password - ## (must be associated with key: 'rabbitmq-password') - ## - existingPasswordSecret: "ssss" + ## @param rabbitmq.existingPasswordSecret the k8s secret holding the rabbitmq password + ## (must be associated with key: 'rabbitmq-password') + ## + existingPasswordSecret: "" + ## @param rabbitmq.passwordKey key associated with the rabbitmq password in the existing secret + ## + passwordKey: "password" ## @section Solr Bitnami Sub-Chart Configuration ## From aa16b3cb1dc0202d73fd7849340d13427f347e7c Mon Sep 17 00:00:00 2001 From: Matthew B <106352182+artntek@users.noreply.github.com> Date: Tue, 11 Nov 2025 11:48:54 -0800 Subject: [PATCH 3/4] use rmq cluster operator instead of bitnami subchart --- helm/config/dataone-indexer.properties | 4 +- helm/templates/_helpers.tpl | 48 ++++++--- helm/templates/deployment.yaml | 4 +- helm/templates/rabbitmq.yaml | 34 +++++++ helm/values.yaml | 134 +++++++++++++++---------- 5 files changed, 156 insertions(+), 68 deletions(-) create mode 100644 helm/templates/rabbitmq.yaml diff --git a/helm/config/dataone-indexer.properties b/helm/config/dataone-indexer.properties index 5320f9d0..3b754cd1 100644 --- a/helm/config/dataone-indexer.properties +++ b/helm/config/dataone-indexer.properties @@ -5,8 +5,8 @@ index.tdb.directory={{ .Values.idxworker.tripleDbDirectory }} #The section for the rabbitMQ configuration index.rabbitmq.hostname={{ include "idxworker.rabbitmq.hostname" . }} -index.rabbitmq.hostport={{- include "idxworker.rabbitmq.hostport" . }} -index.rabbitmq.username={{ .Values.rabbitmq.username }} +index.rabbitmq.hostport={{ include "idxworker.rabbitmq.hostport" . }} +index.rabbitmq.username={{ include "idxworker.rabbitmq.user" . }} ## index.rabbitmq.password will be read from RABBITMQ_PASSWORD env var index.rabbitmq.password=${env:RABBITMQ_PASSWORD} #If changing max priority, existing queue must be deleted, and consumers must use the same number diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 2e192591..62495621 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -111,26 +111,48 @@ Either use the value set in .Values.persistence.claimName, or if blank, autopopu {{- end }} {{/* -Check if RabbitMQ SubChart is enabled +Create a default fully qualified app name for the embedded RabbitMQ Cluster Operator Deployment. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "idxworker.rmq.fullname" -}} +{{- $name := default "rmq" .Values.rabbitmq.nameOverride }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +If RabbitMQ Secret Name not defined, infer from bundled RMQ Cluster Operator, or error out. */}} -{{- define "rmq.enabled" -}} -{{ $rmqEnabled := (or (((.Values.global).rabbitmq).enabled) ((.Values.rabbitmq).enabled)) }} -{{ end }} +{{- define "idxworker.rabbitmq.secret.name" }} +{{- $rmqSecret := .Values.idxworker.rabbitmqSecret }} +{{- if and ((.Values.rabbitmq).enabled) (not $rmqSecret) }} +{{- $rmqSecret = printf "%s-default-user" (include "idxworker.rmq.fullname" .) }} +{{- end }} +{{- required "idxworker.rabbitmqSecret REQUIRED if not using bundled RMQ Operator" $rmqSecret }} +{{- end }} + +{{/* +If RabbitMQ username not defined, infer from bundled RMQ Cluster Operator secret, or error out. +*/}} +{{- define "idxworker.rabbitmq.user" }} +{{- $rmqUser := .Values.idxworker.rabbitmqUsername }} +{{- if and ((.Values.rabbitmq).enabled) (not $rmqUser) }} +{{- $key := .Values.idxworker.rabbitmqUserKey | default "username" }} +{{- $secrets := (include "idxworker.rabbitmq.secret.name" .) }} +{{- $secretData := (lookup "v1" "Secret" .Release.Namespace $secrets).data | default dict -}} +{{- $rmqUser = ((get $secretData $key) | b64dec) }} +{{- end }} +{{- required "idxworker.rabbitmqUsername REQUIRED if not using bundled RMQ Operator" $rmqUser }} +{{- end }} {{/* set RabbitMQ HostName */}} {{- define "idxworker.rabbitmq.hostname" }} {{- $rmqHost := .Values.idxworker.rabbitmqHostname }} -{{- if and (include "rmq.enabled" .) (not $rmqHost) }} -{{- if .Values.rabbitmq.fullnameOverride }} -{{- $rmqHost = printf "%s-headless" (.Values.rabbitmq.fullnameOverride | trunc 63 | trimSuffix "-") }} -{{- else }} -{{- $rmqName := (required ".Values.rabbitmq.nameOverride REQUIRED in indexer chart" .Values.rabbitmq.nameOverride) }} -{{- $rmqHost = printf "%s-%s-headless" .Release.Name ($rmqName | trunc 63 | trimSuffix "-") }} -{{- end }} +{{- if and ((.Values.rabbitmq).enabled) (not $rmqHost) }} +{{- $rmqHost = (include "idxworker.rmq.fullname" .) }} {{- end }} -{{- $rmqHost }} +{{- required "idxworker.rabbitmqHostname REQUIRED if not using bundled RMQ Operator" $rmqHost }} {{- end }} {{/* @@ -138,7 +160,7 @@ set RabbitMQ HostPort */}} {{- define "idxworker.rabbitmq.hostport" }} {{- $rmqPort := .Values.idxworker.rabbitmqHostPort }} -{{- if and (include "rmq.enabled" .) (not $rmqPort) -}} +{{- if and ((.Values.rabbitmq).enabled) (not $rmqPort) -}} {{ $rmqPort = .Values.rabbitmq.service.ports.amqp }} {{- end }} {{- $rmqPort }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index c35c1128..e7a45397 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -133,8 +133,8 @@ spec: - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: - name: {{ required "rabbitmq.existingPasswordSecret IS REQUIRED" .Values.rabbitmq.existingPasswordSecret }} - key: {{ .Values.rabbitmq.passwordKey }} + name: {{ include "idxworker.rabbitmq.secret.name" . }} + key: {{ required "idxworker.rabbitmqPasswordKey IS REQUIRED" .Values.idxworker.rabbitmqPasswordKey }} optional: false {{- if .Values.solr.auth.enabled }} - name: SOLR_ADMIN_PASSWORD diff --git a/helm/templates/rabbitmq.yaml b/helm/templates/rabbitmq.yaml new file mode 100644 index 00000000..06e81107 --- /dev/null +++ b/helm/templates/rabbitmq.yaml @@ -0,0 +1,34 @@ +### RabbitMQ Cluster Configuration +## -------------------------------------- +## This manifest deploys a RabbitMQ cluster using the RabbitMQ Cluster Operator. +## See: +## https://www.rabbitmq.com/kubernetes/operator/using-operator +## https://www.rabbitmq.com/docs/production-checklist +## https://github.com/rabbitmq/cluster-operator/tree/main/docs/examples/production-ready + +apiVersion: rabbitmq.com/v1beta1 +kind: RabbitmqCluster +metadata: + name: {{ include "idxworker.rmq.fullname" . }} + labels: + app: rabbitmq +spec: + replicas: {{ .Values.rabbitmq.replicaCount }} + resources: + {{ toYaml .Values.rabbitmq.resources | nindent 4 }} + rabbitmq: + {{- if .Values.rabbitmq.envConfig }} + envConfig: | + {{- range $k, $v := .Values.rabbitmq.envConfig }} + {{ $k }}={{ $v | quote }} + {{- end }} + {{- end }} + {{- if .Values.rabbitmq.additionalConfig }} + additionalConfig: | + {{- range $k, $v := .Values.rabbitmq.additionalConfig }} + {{ $k }} = {{ $v }} + {{- end }} + {{- end }} + persistence: + storageClassName: {{ .Values.rabbitmq.persistence.storageClassName }} + storage: {{ .Values.rabbitmq.persistence.size }} diff --git a/helm/values.yaml b/helm/values.yaml index e21f67a6..2786d23e 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -174,15 +174,33 @@ idxworker: ## solrVerConflictMaxTries: 25000 - ## @param idxworker.rabbitmqHostname hostname of the rabbitmq service to use - ## Leave unset (rabbitmqHostname: "") to automatically populate when using rmq bitnami subchart + ## @param idxworker.rabbitmqHostname RMQ host to be called by indexer. Leave blank to autopopulate + ## from the bundled rabbitmq operator installation (if rabbitmq.enabled) ## rabbitmqHostname: "" - ## @param idxworker.rabbitmqHostPort hostport of the rabbitmq service - ## Leave unset (rabbitmqHostPort: "") to automatically populate when using rmq bitnami subchart + ## @param idxworker.rabbitmqHostPort RMQ port to be called by indexer. (Doesn't set rmq's port!) + ## Only tells the indexer which port to use in the connection string. ## - rabbitmqHostPort: "" + rabbitmqHostPort: "5672" + + ## @param idxworker.rabbitmqUsername The username needed for rabbitmq access. Leave blank to autopopulate + ## from 'idxworker.rabbitmqSecret' + ## + rabbitmqUsername: "" + + ## @param idxworker.rabbitmqSecret Secret holding rmq credentials. Leave blank to autopopulate + ## from the bundled rabbitmq operator installation (if rabbitmq.enabled) + ## + rabbitmqSecret: "" + + ## @param idxworker.rabbitmqUserKey key associated with rabbitmq username in existing secret + ## + rabbitmqUserKey: "username" + + ## @param idxworker.rabbitmqPasswordKey key associated with rabbitmq password in existing secret + ## + rabbitmqPasswordKey: "password" ## @param idxworker.data_directory Location of data within the metacat shared volume ## @@ -315,65 +333,79 @@ idxworker: ## extraEnvVars: [] -## @section RabbitMQ Bitnami Sub-Chart Configuration +## @section RabbitMQ Configuration +## For a production example of a multi-zone Kubernetes deployment with 3 worker nodes, each in a +## different zone, see: +## https://github.com/rabbitmq/cluster-operator/tree/main/docs/examples/production-ready ## rabbitmq: enabled: true - ## As of 8/25/25, Bitnami charges for secure container images, unless we use the "latest" tag. - ## As a stopgap, we reference the legacy images, which are still available for free (but note - ## that newer versions will not become available in the future, so we need to find an alternative - ## source for images...) - ## @param postgresql.global.security.allowInsecureImages Allow non-bitnami-hardened images - ## @param rabbitmq.image.repository source repo for main image - ## @param postgresql.volumePermissions.image.repository source repo for volumePermissions image - global: - security: - allowInsecureImages: true - image: - repository: bitnamilegacy/rabbitmq - volumePermissions: - image: - repository: bitnamilegacy/os-shell - - ## @param rabbitmq.fullnameOverride String to fully override rabbitmq.fullname template (optional) - ## Takes precedence over rabbitmq.nameOverride. - ## - fullnameOverride: "" - ## @param rabbitmq.nameOverride REQUIRED partial override for resourcename used for pods, PVCs etc - ## Maintains the release name, so the resulting resource name for the pods etc. will begin: - ## myrelease-nameOverride-... + ## Automatically prepends the release name, so the resulting resource name for the pods etc. will + ## begin: --... ## - ## We change this with every change in rmq subchart version, so that we can use a new PV/PVC for - ## each release. This means each new installation is a fresh install, instead of being an - ## upgrade - which would be a lot more onerous (see rabbitMQ docs). + ## We change this with every change in RabbitMQ app version, so that we can use a new PV/PVC for + ## each release. This means each new installation is a fresh install, instead of being an upgrade, + ## which would be a lot more onerous (see rabbitMQ docs). ## - ## Convention is to use 'rabbitmq', followed by the rabbitmq app version (not the chart version), - ## with periods replaced by dashes; e.g.: - ## nameOverride: "rabbitmq-3-13-7" ## for rabbitmq app version 3.13.7 (Bitnami chart v.14.7.0) + ## Convention is to use 'rmq', followed by the rabbitmq app version, with periods replaced by + ## dashes; e.g.: + ## nameOverride: "rmq-4-1-3" ## for rabbitmq app version 4.1.3 ## - nameOverride: "rabbitmq-3-13-7" - - persistence: - size: 10Gi - #replicaCount: 3 - #If you change the number of the max priority, the existing queue must be deleted, and consumers - # must use the same number. - #max.priority: 10 + nameOverride: "rmq-4-1-3" - ## @param rabbitmq.username the username for rabbitmq access + ## @param rabbitmq.replicaCount Number of desired rabbitmq pods (always use an odd number) + ## see: https://www.rabbitmq.com/docs/clustering#node-count ## - username: rmq + replicaCount: 1 - ## @param rabbitmq.existingPasswordSecret the k8s secret holding the rabbitmq password - ## (must be associated with key: 'rabbitmq-password') + ## @param rabbitmq.resources Resource requests and limits for rabbitmq pods (OVERRIDE THESE!) ## - existingPasswordSecret: "" - - ## @param rabbitmq.passwordKey key associated with the rabbitmq password in the existing secret + ## NOTE: + ## CPU: For production, the ABSOLUTE MINIMUM is 2 CPUs per RabbitMQ node (and 4 CPUs + ## RECOMMENDED). + ## RMQ will work poorly with 1 CPU, which is why it's not recommended for production + ## workloads + ## MEMORY: For production, min. 2GB of RAM is recommended, increasing to 4Gi or even 8 - 10Gi, + ## depending on load. It is recommended to keep the memory requests and limits both at the + ## same value. ## - passwordKey: "password" + resources: + requests: + cpu: 500m + memory: 500Mi + limits: + cpu: 800m + memory: 500Mi + + persistence: + ## @param rabbitmq.persistence.storageClassName Storage class name for rabbitmq data PV + ## Leave blank ("") to use the default storage class for the cluster + ## + storageClassName: "" + + ## @param rabbitmq.persistence Size of persistent volume for rabbitmq data + ## + size: 10Gi + + ## @param rabbitmq.envConfig Additional rabbitmq environment variable settings + ## See: + ## https://www.rabbitmq.com/kubernetes/operator/using-operator#env-config + ## https://www.rabbitmq.com/docs/configure#customise-environment + ## Example: + ## envConfig: + ## RABBITMQ_USE_LONGNAME: "true" + envConfig: {} + + ## @param rabbitmq.additionalConfig Additional rabbitmq configuration settings + ## See: + ## https://www.rabbitmq.com/docs/configure#config-items + ## https://www.rabbitmq.com/docs/production-checklist + ## https://github.com/rabbitmq/cluster-operator/tree/main/docs/examples/production-ready + ## + additionalConfig: + disk_free_limit.relative: "1.0" ## @section Solr Bitnami Sub-Chart Configuration ## From 2aaa16a915b37e0f9a89187dcac420e7ed700e92 Mon Sep 17 00:00:00 2001 From: Matthew B <106352182+artntek@users.noreply.github.com> Date: Tue, 18 Nov 2025 15:55:21 -0800 Subject: [PATCH 4/4] get rmq username from env --- helm/config/dataone-indexer.properties | 4 ++-- helm/templates/_helpers.tpl | 20 +++----------------- helm/templates/deployment.yaml | 6 ++++++ 3 files changed, 11 insertions(+), 19 deletions(-) diff --git a/helm/config/dataone-indexer.properties b/helm/config/dataone-indexer.properties index 3b754cd1..ee6d59d0 100644 --- a/helm/config/dataone-indexer.properties +++ b/helm/config/dataone-indexer.properties @@ -6,8 +6,8 @@ index.tdb.directory={{ .Values.idxworker.tripleDbDirectory }} #The section for the rabbitMQ configuration index.rabbitmq.hostname={{ include "idxworker.rabbitmq.hostname" . }} index.rabbitmq.hostport={{ include "idxworker.rabbitmq.hostport" . }} -index.rabbitmq.username={{ include "idxworker.rabbitmq.user" . }} -## index.rabbitmq.password will be read from RABBITMQ_PASSWORD env var +## index.rabbitmq.username & index.rabbitmq.password will be read from env vars +index.rabbitmq.username=${env:RABBITMQ_USERNAME} index.rabbitmq.password=${env:RABBITMQ_PASSWORD} #If changing max priority, existing queue must be deleted, and consumers must use the same number index.rabbitmq.max.priority=10 diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 62495621..e51c8a6b 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -115,8 +115,8 @@ Create a default fully qualified app name for the embedded RabbitMQ Cluster Oper We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "idxworker.rmq.fullname" -}} -{{- $name := default "rmq" .Values.rabbitmq.nameOverride }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- $name := default "rmq" .Values.rabbitmq.nameOverride | trunc 63 | trimSuffix "-" }} +{{- printf "%s-%s" .Release.Name $name }} {{- end }} {{/* @@ -130,20 +130,6 @@ If RabbitMQ Secret Name not defined, infer from bundled RMQ Cluster Operator, or {{- required "idxworker.rabbitmqSecret REQUIRED if not using bundled RMQ Operator" $rmqSecret }} {{- end }} -{{/* -If RabbitMQ username not defined, infer from bundled RMQ Cluster Operator secret, or error out. -*/}} -{{- define "idxworker.rabbitmq.user" }} -{{- $rmqUser := .Values.idxworker.rabbitmqUsername }} -{{- if and ((.Values.rabbitmq).enabled) (not $rmqUser) }} -{{- $key := .Values.idxworker.rabbitmqUserKey | default "username" }} -{{- $secrets := (include "idxworker.rabbitmq.secret.name" .) }} -{{- $secretData := (lookup "v1" "Secret" .Release.Namespace $secrets).data | default dict -}} -{{- $rmqUser = ((get $secretData $key) | b64dec) }} -{{- end }} -{{- required "idxworker.rabbitmqUsername REQUIRED if not using bundled RMQ Operator" $rmqUser }} -{{- end }} - {{/* set RabbitMQ HostName */}} @@ -161,7 +147,7 @@ set RabbitMQ HostPort {{- define "idxworker.rabbitmq.hostport" }} {{- $rmqPort := .Values.idxworker.rabbitmqHostPort }} {{- if and ((.Values.rabbitmq).enabled) (not $rmqPort) -}} -{{ $rmqPort = .Values.rabbitmq.service.ports.amqp }} +{{ $rmqPort = .Values.idxworker.rabbitmqHostPort }} {{- end }} {{- $rmqPort }} {{- end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index e7a45397..b8406ae4 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -130,6 +130,12 @@ spec: # If 'false', the secret must exist before the pod can start # App versions before v2.3.4 will read this value from a config file, not the env var. optional: true + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "idxworker.rabbitmq.secret.name" . }} + key: {{ required "idxworker.rabbitmqUserKey IS REQUIRED" .Values.idxworker.rabbitmqUserKey }} + optional: false - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: