From 5370790b137cf08c284265a1cca03a65624489ca Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Wed, 5 May 2021 18:35:43 +0200 Subject: [PATCH] feat: add rabbitmq support to kubezero-mq --- charts/kubezero-mq/Chart.yaml | 9 +++- charts/kubezero-mq/README.md | 24 ++++++++- .../{ => nats}/grafana-dashboards.yaml | 0 .../templates/rabbitmq/istio-service.yaml | 35 +++++++++++++ .../rabbitmq/server-certificate.yaml | 16 ++++++ charts/kubezero-mq/update.sh | 2 +- charts/kubezero-mq/values.yaml | 52 +++++++++++++++++++ 7 files changed, 133 insertions(+), 5 deletions(-) rename charts/kubezero-mq/templates/{ => nats}/grafana-dashboards.yaml (100%) create mode 100644 charts/kubezero-mq/templates/rabbitmq/istio-service.yaml create mode 100644 charts/kubezero-mq/templates/rabbitmq/server-certificate.yaml diff --git a/charts/kubezero-mq/Chart.yaml b/charts/kubezero-mq/Chart.yaml index e4aa269..b8d74fd 100644 --- a/charts/kubezero-mq/Chart.yaml +++ b/charts/kubezero-mq/Chart.yaml @@ -1,13 +1,14 @@ apiVersion: v2 name: kubezero-mq -description: KubeZero umbrella chart for MQ systems like NATS +description: KubeZero umbrella chart for MQ systems like NATS, RabbitMQ type: application -version: 0.1.1 +version: 0.2.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: - kubezero - nats + - rabbitmq maintainers: - name: Quarky9 dependencies: @@ -18,4 +19,8 @@ dependencies: version: 0.8.3 #repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled + - name: rabbitmq + version: 8.13.1 + repository: https://charts.bitnami.com/bitnami + condition: rabbitmq.enabled kubeVersion: ">= 1.18.0" diff --git a/charts/kubezero-mq/README.md b/charts/kubezero-mq/README.md index c0f5cf0..a28e836 100644 --- a/charts/kubezero-mq/README.md +++ b/charts/kubezero-mq/README.md @@ -1,8 +1,8 @@ # kubezero-mq -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -KubeZero umbrella chart for MQ systems like NATS +KubeZero umbrella chart for MQ systems like NATS, RabbitMQ **Homepage:** @@ -19,6 +19,7 @@ Kubernetes: `>= 1.18.0` | Repository | Name | Version | |------------|------|---------| | | nats | 0.8.3 | +| https://charts.bitnami.com/bitnami | rabbitmq | 8.13.1 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | ## Values @@ -31,6 +32,25 @@ Kubernetes: `>= 1.18.0` | nats.nats.image | string | `"nats:2.2.1-alpine3.13"` | | | nats.nats.jetstream.enabled | bool | `true` | | | nats.natsbox.enabled | bool | `false` | | +| rabbitmq.auth.erlangCookie | string | `"randomlongerlangcookie"` | | +| rabbitmq.auth.password | string | `"supersecret"` | | +| rabbitmq.auth.tls.enabled | bool | `false` | | +| rabbitmq.auth.tls.existingSecret | string | `"rabbitmq-server-certificate"` | | +| rabbitmq.auth.tls.existingSecretFullChain | bool | `true` | | +| rabbitmq.auth.tls.failIfNoPeerCert | bool | `false` | | +| rabbitmq.clustering.forceBoot | bool | `true` | | +| rabbitmq.enabled | bool | `false` | | +| rabbitmq.hosts | list | `[]` | hostnames of rabbitmq services, used for Istio and TLS | +| rabbitmq.istio.enabled | bool | `false` | | +| rabbitmq.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | +| rabbitmq.metrics.enabled | bool | `false` | | +| rabbitmq.metrics.serviceMonitor.enabled | bool | `false` | | +| rabbitmq.pdb.create | bool | `true` | | +| rabbitmq.podAntiAffinityPreset | string | `""` | | +| rabbitmq.replicaCount | int | `1` | | +| rabbitmq.resources.requests.cpu | string | `"100m"` | | +| rabbitmq.resources.requests.memory | string | `"256Mi"` | | +| rabbitmq.topologySpreadConstraints | string | `"- maxSkew: 1\n topologyKey: topology.kubernetes.io/zone\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}\n- maxSkew: 1\n topologyKey: kubernetes.io/hostname\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}"` | | ## Resources diff --git a/charts/kubezero-mq/templates/grafana-dashboards.yaml b/charts/kubezero-mq/templates/nats/grafana-dashboards.yaml similarity index 100% rename from charts/kubezero-mq/templates/grafana-dashboards.yaml rename to charts/kubezero-mq/templates/nats/grafana-dashboards.yaml diff --git a/charts/kubezero-mq/templates/rabbitmq/istio-service.yaml b/charts/kubezero-mq/templates/rabbitmq/istio-service.yaml new file mode 100644 index 0000000..038510e --- /dev/null +++ b/charts/kubezero-mq/templates/rabbitmq/istio-service.yaml @@ -0,0 +1,35 @@ +{{- if .Values.rabbitmq.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: rabbit-amqp + namespace: {{ .Release.Namespace }} + labels: +{{ include "kubezero-lib.labels" . | indent 4 }} +spec: + gateways: + - {{ .Values.rabbitmq.istio.gateway }} + hosts: +{{ toYaml .Values.rabbitmq.hosts | indent 2 }} + tcp: + - match: + - port: 5672 + route: + - destination: + host: rabbitmq-headless + port: + number: 5672 + - match: + - port: 5671 + route: + - destination: + host: rabbitmq-headless + port: + number: 5671 + http: + - route: + - destination: + host: rabbitmq-headless + port: + number: 15672 +{{- end }} diff --git a/charts/kubezero-mq/templates/rabbitmq/server-certificate.yaml b/charts/kubezero-mq/templates/rabbitmq/server-certificate.yaml new file mode 100644 index 0000000..5a70471 --- /dev/null +++ b/charts/kubezero-mq/templates/rabbitmq/server-certificate.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rabbitmq.auth.tls.enabled }} +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: rabbitmq-server-certificate + namespace: {{ .Release.Namespace }} + labels: +{{ include "kubezero-lib.labels" . | indent 4 }} +spec: + secretName: rabbitmq-server-certificate + issuerRef: + name: letsencrypt-dns-prod + kind: ClusterIssuer + dnsNames: +{{ toYaml .Values.rabbitmq.hosts | indent 2 }} +{{- end }} diff --git a/charts/kubezero-mq/update.sh b/charts/kubezero-mq/update.sh index 5455a72..121b645 100755 --- a/charts/kubezero-mq/update.sh +++ b/charts/kubezero-mq/update.sh @@ -11,4 +11,4 @@ cp -r k8s/helm/charts/nats/* charts/nats/ rm -rf k8s # Fetch dashboards -../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml +../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/nats/grafana-dashboards.yaml diff --git a/charts/kubezero-mq/values.yaml b/charts/kubezero-mq/values.yaml index 218f301..8f0ba34 100644 --- a/charts/kubezero-mq/values.yaml +++ b/charts/kubezero-mq/values.yaml @@ -1,3 +1,4 @@ +# nats nats: enabled: false @@ -15,3 +16,54 @@ nats: exporter: serviceMonitor: enabled: false + +# rabbitmq +rabbitmq: + enabled: false + + # rabbitmq.hosts -- hostnames of rabbitmq services, used for Istio and TLS + hosts: [] + + istio: + enabled: false + gateway: istio-ingress/private-ingressgateway + + auth: + password: "supersecret" + erlangCookie: "randomlongerlangcookie" + tls: + enabled: false + failIfNoPeerCert: false + existingSecret: rabbitmq-server-certificate + existingSecretFullChain: true + + clustering: + forceBoot: true + + resources: + requests: + memory: 256Mi + cpu: 100m + + replicaCount: 1 + + podAntiAffinityPreset: "" + topologySpreadConstraints: |- + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + + pdb: + create: true + + metrics: + enabled: false + serviceMonitor: + enabled: false