rabbitmq-cluster-operator
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
20
##
21
global:
22
imageRegistry: ""
23
## E.g.
24
## imagePullSecrets:
25
## - myRegistryKeySecretName
26
##
27
imagePullSecrets: []
28
defaultStorageClass: ""
29
storageClass: ""
30
## Security parameters
31
##
32
security:
33
## @param global.security.allowInsecureImages Allows skipping image verification
34
allowInsecureImages: false
35
## Compatibility adaptations for Kubernetes platforms
36
##
37
compatibility:
38
## Compatibility adaptations for Openshift
39
##
40
openshift:
41
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
42
##
43
adaptSecurityContext: auto
44
org: ""
45
## @section Common parameters
46
##
47
48
## @param kubeVersion Override Kubernetes version
49
##
50
kubeVersion: ""
51
## @param nameOverride String to partially override common.names.fullname
52
##
53
nameOverride: ""
54
## @param fullnameOverride String to fully override common.names.fullname
55
##
56
fullnameOverride: ""
57
## @param commonLabels Labels to add to all deployed objects
58
##
59
commonLabels: {}
60
## @param commonAnnotations Annotations to add to all deployed objects
61
##
62
commonAnnotations: {}
63
## @param clusterDomain Kubernetes cluster domain name
64
##
65
clusterDomain: cluster.local
66
## @param extraDeploy Array of extra objects to deploy with the release
67
##
68
extraDeploy: []
69
## Enable diagnostic mode in the deployment(s)/statefulset(s)
70
##
71
diagnosticMode:
72
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled)
73
##
74
enabled: false
75
## @section RabbitMQ Cluster Operator Parameters
76
##
77
78
## Iamguarded RabbitMQ Image
79
## @param rabbitmqImage.registry [default: REGISTRY_NAME] RabbitMQ Image registry
80
## @param rabbitmqImage.repository [default: REPOSITORY_NAME/rabbitmq] RabbitMQ Image repository
81
## @skip rabbitmqImage.tag RabbitMQ Image tag (immutable tags are recommended)
82
## @param rabbitmqImage.digest RabbitMQ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
83
## @param rabbitmqImage.pullSecrets RabbitMQ Image pull secrets
84
##
85
rabbitmqImage:
86
registry: cgr.dev
87
repository: chainguard-private/rabbitmq-iamguarded
88
tag: 4.2.4
89
digest: ""
90
## Optionally specify an array of imagePullSecrets.
91
## Secrets must be manually created in the namespace.
92
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-rabbitmqImage-private-registry/
93
## e.g:
94
## pullSecrets:
95
## - myRegistryKeySecretName
96
##
97
pullSecrets: []
98
## Iamguarded RabbitMQ Default User Credential Updater Image
99
## @param credentialUpdaterImage.registry [default: REGISTRY_NAME] RabbitMQ Default User Credential Updater image registry
100
## @param credentialUpdaterImage.repository [default: REPOSITORY_NAME/rmq-default-credential-updater] RabbitMQ Default User Credential Updater image repository
101
## @skip credentialUpdaterImage.tag RabbitMQ Default User Credential Updater image tag (immutable tags are recommended)
102
## @param credentialUpdaterImage.digest RabbitMQ Default User Credential Updater image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
103
## @param credentialUpdaterImage.pullSecrets RabbitMQ Default User Credential Updater image pull secrets
104
##
105
credentialUpdaterImage:
106
registry: cgr.dev
107
repository: chainguard-private/rabbitmq-default-user-credential-updater-iamguarded
108
tag: 1.0.11
109
digest: ""
110
## Optionally specify an array of imagePullSecrets.
111
## Secrets must be manually created in the namespace.
112
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-credentialUpdaterImage-private-registry/
113
## e.g:
114
## pullSecrets:
115
## - myRegistryKeySecretName
116
##
117
pullSecrets: []
118
clusterOperator:
119
## Iamguarded RabbitMQ Cluster Operator image
120
## @param clusterOperator.image.registry [default: REGISTRY_NAME] RabbitMQ Cluster Operator image registry
121
## @param clusterOperator.image.repository [default: REPOSITORY_NAME/rabbitmq-cluster-operator] RabbitMQ Cluster Operator image repository
122
## @skip clusterOperator.image.tag RabbitMQ Cluster Operator image tag (immutable tags are recommended)
123
## @param clusterOperator.image.digest RabbitMQ Cluster Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
124
## @param clusterOperator.image.pullPolicy RabbitMQ Cluster Operator image pull policy
125
## @param clusterOperator.image.pullSecrets RabbitMQ Cluster Operator image pull secrets
126
##
127
image:
128
registry: cgr.dev
129
repository: chainguard-private/rabbitmq-cluster-operator-iamguarded
130
tag: 2.19.1
131
digest: ""
132
## Specify a imagePullPolicy
133
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
134
##
135
pullPolicy: IfNotPresent
136
## Optionally specify an array of imagePullSecrets.
137
## Secrets must be manually created in the namespace.
138
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
139
## e.g:
140
## pullSecrets:
141
## - myRegistryKeySecretName
142
##
143
pullSecrets: []
144
## @param clusterOperator.revisionHistoryLimit sets number of replicaset to keep in k8s
145
##
146
revisionHistoryLimit: 10
147
## @param clusterOperator.watchAllNamespaces Watch for resources in all namespaces
148
##
149
watchAllNamespaces: true
150
## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true)
151
##
152
watchNamespaces: []
153
## @param clusterOperator.replicaCount Number of RabbitMQ Cluster Operator replicas to deploy
154
##
155
replicaCount: 1
156
## @param clusterOperator.schedulerName Alternative scheduler
157
##
158
schedulerName: ""
159
## @param clusterOperator.topologySpreadConstraints Topology Spread Constraints for pod assignment
160
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
161
## The value is evaluated as a template
162
##
163
topologySpreadConstraints: []
164
## @param clusterOperator.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully
165
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
166
##
167
terminationGracePeriodSeconds: ""
168
## Configure extra options for RabbitMQ Cluster Operator containers' liveness and readiness probes
169
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
170
## @param clusterOperator.livenessProbe.enabled Enable livenessProbe on RabbitMQ Cluster Operator nodes
171
## @param clusterOperator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
172
## @param clusterOperator.livenessProbe.periodSeconds Period seconds for livenessProbe
173
## @param clusterOperator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
174
## @param clusterOperator.livenessProbe.failureThreshold Failure threshold for livenessProbe
175
## @param clusterOperator.livenessProbe.successThreshold Success threshold for livenessProbe
176
##
177
livenessProbe:
178
enabled: true
179
initialDelaySeconds: 5
180
periodSeconds: 30
181
timeoutSeconds: 5
182
successThreshold: 1
183
failureThreshold: 5
184
## @param clusterOperator.readinessProbe.enabled Enable readinessProbe on RabbitMQ Cluster Operator nodes
185
## @param clusterOperator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
186
## @param clusterOperator.readinessProbe.periodSeconds Period seconds for readinessProbe
187
## @param clusterOperator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
188
## @param clusterOperator.readinessProbe.failureThreshold Failure threshold for readinessProbe
189
## @param clusterOperator.readinessProbe.successThreshold Success threshold for readinessProbe
190
##
191
readinessProbe:
192
enabled: true
193
initialDelaySeconds: 5
194
periodSeconds: 30
195
timeoutSeconds: 5
196
successThreshold: 1
197
failureThreshold: 5
198
## @param clusterOperator.startupProbe.enabled Enable startupProbe on RabbitMQ Cluster Operator nodes
199
## @param clusterOperator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
200
## @param clusterOperator.startupProbe.periodSeconds Period seconds for startupProbe
201
## @param clusterOperator.startupProbe.timeoutSeconds Timeout seconds for startupProbe
202
## @param clusterOperator.startupProbe.failureThreshold Failure threshold for startupProbe
203
## @param clusterOperator.startupProbe.successThreshold Success threshold for startupProbe
204
##
205
startupProbe:
206
enabled: false
207
initialDelaySeconds: 5
208
periodSeconds: 30
209
timeoutSeconds: 5
210
successThreshold: 1
211
failureThreshold: 5
212
## @param clusterOperator.customLivenessProbe Custom livenessProbe that overrides the default one
213
##
214
customLivenessProbe: {}
215
## @param clusterOperator.customReadinessProbe Custom readinessProbe that overrides the default one
216
##
217
customReadinessProbe: {}
218
## @param clusterOperator.customStartupProbe Custom startupProbe that overrides the default one
219
##
220
customStartupProbe: {}
221
## RabbitMQ Cluster Operator resource requests and limits
222
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
223
## @param clusterOperator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if clusterOperator.resources is set (clusterOperator.resources is recommended for production).
224
##
225
resourcesPreset: "nano"
226
## @param clusterOperator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
227
## Example:
228
## resources:
229
## requests:
230
## cpu: 2
231
## memory: 512Mi
232
## limits:
233
## cpu: 3
234
## memory: 1024Mi
235
##
236
resources: {}
237
## Pod Disruption Budget configuration
238
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
239
## @param clusterOperator.pdb.create Enable a Pod Disruption Budget creation
240
## @param clusterOperator.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
241
## @param clusterOperator.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
242
##
243
pdb:
244
create: true
245
minAvailable: ""
246
maxUnavailable: ""
247
## Configure Pods Security Context
248
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
249
## @param clusterOperator.podSecurityContext.enabled Enabled RabbitMQ Cluster Operator pods' Security Context
250
## @param clusterOperator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
251
## @param clusterOperator.podSecurityContext.sysctls Set kernel settings using the sysctl interface
252
## @param clusterOperator.podSecurityContext.supplementalGroups Set filesystem extra groups
253
## @param clusterOperator.podSecurityContext.fsGroup Set RabbitMQ Cluster Operator pod's Security Context fsGroup
254
##
255
podSecurityContext:
256
enabled: true
257
fsGroupChangePolicy: Always
258
sysctls: []
259
supplementalGroups: []
260
fsGroup: 1001
261
## Configure Container Security Context
262
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
263
## @param clusterOperator.containerSecurityContext.enabled Enabled containers' Security Context
264
## @param clusterOperator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
265
## @param clusterOperator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
266
## @param clusterOperator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
267
## @param clusterOperator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
268
## @param clusterOperator.containerSecurityContext.privileged Set container's Security Context privileged
269
## @param clusterOperator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
270
## @param clusterOperator.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
271
## @param clusterOperator.containerSecurityContext.capabilities.drop List of capabilities to be dropped
272
## @param clusterOperator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
273
##
274
containerSecurityContext:
275
enabled: true
276
seLinuxOptions: {}
277
runAsUser: 1001
278
runAsGroup: 1001
279
runAsNonRoot: true
280
privileged: false
281
readOnlyRootFilesystem: true
282
allowPrivilegeEscalation: false
283
capabilities:
284
drop: ["ALL"]
285
seccompProfile:
286
type: "RuntimeDefault"
287
## @param clusterOperator.command Override default container command (useful when using custom images)
288
##
289
command: []
290
## @param clusterOperator.args Override default container args (useful when using custom images)
291
##
292
args: []
293
## @param clusterOperator.automountServiceAccountToken Mount Service Account token in pod
294
##
295
automountServiceAccountToken: true
296
## @param clusterOperator.hostAliases RabbitMQ Cluster Operator pods host aliases
297
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
298
##
299
hostAliases: []
300
## @param clusterOperator.podLabels Extra labels for RabbitMQ Cluster Operator pods
301
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
302
##
303
podLabels: {}
304
## @param clusterOperator.podAnnotations Annotations for RabbitMQ Cluster Operator pods
305
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
306
##
307
podAnnotations: {}
308
## @param clusterOperator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
309
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
310
##
311
podAffinityPreset: ""
312
## @param clusterOperator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
313
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
314
##
315
podAntiAffinityPreset: soft
316
## Node affinity preset
317
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
318
##
319
nodeAffinityPreset:
320
## @param clusterOperator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
321
##
322
type: ""
323
## @param clusterOperator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
324
##
325
key: ""
326
## @param clusterOperator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
327
## E.g.
328
## values:
329
## - e2e-az1
330
## - e2e-az2
331
##
332
values: []
333
## @param clusterOperator.affinity Affinity for RabbitMQ Cluster Operator pods assignment
334
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
335
## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
336
##
337
affinity: {}
338
## @param clusterOperator.nodeSelector Node labels for RabbitMQ Cluster Operator pods assignment
339
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
340
##
341
nodeSelector: {}
342
## @param clusterOperator.tolerations Tolerations for RabbitMQ Cluster Operator pods assignment
343
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
344
##
345
tolerations: []
346
## @param clusterOperator.updateStrategy.type RabbitMQ Cluster Operator statefulset strategy type
347
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
348
##
349
updateStrategy:
350
## StrategyType
351
## Can be set to RollingUpdate or OnDelete
352
##
353
type: RollingUpdate
354
## @param clusterOperator.priorityClassName RabbitMQ Cluster Operator pods' priorityClassName
355
##
356
priorityClassName: ""
357
## @param clusterOperator.lifecycleHooks for the RabbitMQ Cluster Operator container(s) to automate configuration before or after startup
358
##
359
lifecycleHooks: {}
360
## @param clusterOperator.containerPorts.metrics RabbitMQ Cluster Operator container port (used for metrics)
361
##
362
containerPorts:
363
metrics: 9782
364
## @param clusterOperator.extraEnvVars Array with extra environment variables to add to RabbitMQ Cluster Operator nodes
365
## e.g:
366
## extraEnvVars:
367
## - name: FOO
368
## value: "bar"
369
##
370
extraEnvVars: []
371
## @param clusterOperator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for RabbitMQ Cluster Operator nodes
372
##
373
extraEnvVarsCM: ""
374
## @param clusterOperator.extraEnvVarsSecret Name of existing Secret containing extra env vars for RabbitMQ Cluster Operator nodes
375
##
376
extraEnvVarsSecret: ""
377
## @param clusterOperator.extraVolumes Optionally specify extra list of additional volumes for the RabbitMQ Cluster Operator pod(s)
378
##
379
extraVolumes: []
380
## @param clusterOperator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the RabbitMQ Cluster Operator container(s)
381
##
382
extraVolumeMounts: []
383
## @param clusterOperator.sidecars Add additional sidecar containers to the RabbitMQ Cluster Operator pod(s)
384
## e.g:
385
## sidecars:
386
## - name: your-image-name
387
## image: your-image
388
## imagePullPolicy: Always
389
## ports:
390
## - name: portname
391
## containerPort: 1234
392
##
393
sidecars: []
394
## @param clusterOperator.initContainers Add additional init containers to the RabbitMQ Cluster Operator pod(s)
395
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
396
## e.g:
397
## initContainers:
398
## - name: your-image-name
399
## image: your-image
400
## imagePullPolicy: Always
401
## command: ['sh', '-c', 'echo "hello world"']
402
##
403
initContainers: []
404
## Network Policies
405
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
406
##
407
networkPolicy:
408
## @param clusterOperator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
409
##
410
enabled: true
411
## @param clusterOperator.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
412
##
413
kubeAPIServerPorts: [443, 6443, 8443]
414
## @param clusterOperator.networkPolicy.allowExternal Don't require injector label for connections
415
## The Policy model to apply. When set to false, only pods with the correct
416
## injector label will have network access to the ports injector is listening
417
## on. When true, injector will accept connections from any source
418
## (with the correct destination port).
419
##
420
allowExternal: true
421
## @param clusterOperator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
422
##
423
allowExternalEgress: true
424
## @param clusterOperator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
425
## e.g:
426
## extraIngress:
427
## - ports:
428
## - port: 1234
429
## from:
430
## - podSelector:
431
## - matchLabels:
432
## - role: frontend
433
## - podSelector:
434
## - matchExpressions:
435
## - key: role
436
## operator: In
437
## values:
438
## - frontend
439
extraIngress: []
440
## @param clusterOperator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
441
## e.g:
442
## extraEgress:
443
## - ports:
444
## - port: 1234
445
## to:
446
## - podSelector:
447
## - matchLabels:
448
## - role: frontend
449
## - podSelector:
450
## - matchExpressions:
451
## - key: role
452
## operator: In
453
## values:
454
## - frontend
455
##
456
extraEgress: []
457
## @param clusterOperator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
458
## @param clusterOperator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
459
##
460
ingressNSMatchLabels: {}
461
ingressNSPodMatchLabels: {}
462
## RBAC configuration
463
##
464
rbac:
465
## @param clusterOperator.rbac.create Specifies whether RBAC resources should be created
466
##
467
create: true
468
## ClusterRole parameters
469
##
470
clusterRole:
471
## @param clusterOperator.rbac.clusterRole.customRules Define custom access rules for the ClusterRole
472
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
473
## e.g:
474
## customRules:
475
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
476
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
477
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
478
customRules: []
479
## @param clusterOperator.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array.
480
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
481
## e.g:
482
## extraRules:
483
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
484
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
485
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
486
extraRules: []
487
## ServiceAccount configuration
488
##
489
serviceAccount:
490
## @param clusterOperator.serviceAccount.create Specifies whether a ServiceAccount should be created
491
##
492
create: true
493
## @param clusterOperator.serviceAccount.name The name of the ServiceAccount to use.
494
## If not set and create is true, a name is generated using the common.names.fullname template
495
##
496
name: ""
497
## @param clusterOperator.serviceAccount.annotations Add annotations
498
##
499
annotations: {}
500
## @param clusterOperator.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
501
##
502
automountServiceAccountToken: false
503
## @section RabbitMQ Cluster Operator Metrics parameters
504
##
505
metrics:
506
## Metrics service parameters
507
##
508
service:
509
## @param clusterOperator.metrics.service.enabled Create a service for accessing the metrics endpoint
510
##
511
enabled: false
512
## @param clusterOperator.metrics.service.type RabbitMQ Cluster Operator metrics service type
513
##
514
type: ClusterIP
515
## @param clusterOperator.metrics.service.ports.http RabbitMQ Cluster Operator metrics service HTTP port
516
##
517
ports:
518
http: 80
519
## Node ports to expose
520
## @param clusterOperator.metrics.service.nodePorts.http Node port for HTTP
521
## NOTE: choose port between <30000-32767>
522
##
523
nodePorts:
524
http: ""
525
## @param clusterOperator.metrics.service.clusterIP RabbitMQ Cluster Operator metrics service Cluster IP
526
## e.g.:
527
## clusterIP: None
528
##
529
clusterIP: ""
530
## @param clusterOperator.metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
531
##
532
extraPorts: []
533
## @param clusterOperator.metrics.service.loadBalancerIP RabbitMQ Cluster Operator metrics service Load Balancer IP
534
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
535
##
536
loadBalancerIP: ""
537
## @param clusterOperator.metrics.service.loadBalancerSourceRanges RabbitMQ Cluster Operator metrics service Load Balancer sources
538
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
539
## e.g:
540
## loadBalancerSourceRanges:
541
## - 10.10.10.0/24
542
##
543
loadBalancerSourceRanges: []
544
## @param clusterOperator.metrics.service.externalTrafficPolicy RabbitMQ Cluster Operator metrics service external traffic policy
545
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
546
##
547
externalTrafficPolicy: Cluster
548
## @param clusterOperator.metrics.service.annotations [object] Additional custom annotations for RabbitMQ Cluster Operator metrics service
549
##
550
annotations:
551
prometheus.io/scrape: "true"
552
prometheus.io/port: "{{ .Values.clusterOperator.metrics.service.ports.http }}"
553
## @param clusterOperator.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
554
## If "ClientIP", consecutive client requests will be directed to the same Pod
555
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
556
##
557
sessionAffinity: None
558
## @param clusterOperator.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
559
## sessionAffinityConfig:
560
## clientIP:
561
## timeoutSeconds: 300
562
##
563
sessionAffinityConfig: {}
564
serviceMonitor:
565
## @param clusterOperator.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
566
##
567
enabled: false
568
## @param clusterOperator.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
569
## e.g:
570
## namespace: monitoring
571
##
572
namespace: ""
573
## @param clusterOperator.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
574
##
575
jobLabel: app.kubernetes.io/name
576
## @param clusterOperator.metrics.serviceMonitor.honorLabels Honor metrics labels
577
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
578
##
579
honorLabels: false
580
## @param clusterOperator.metrics.serviceMonitor.selector Prometheus instance selector labels
581
## e.g:
582
## selector:
583
## prometheus: my-prometheus
584
##
585
selector: {}
586
## @param clusterOperator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
587
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
588
## e.g:
589
## scrapeTimeout: 10s
590
##
591
scrapeTimeout: ""
592
## @param clusterOperator.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
593
##
594
interval: ""
595
## DEPRECATED: Use clusterOperator.metrics.serviceMonitor.labels instead
596
## This value will be removed in a future release
597
## additionalLabels: {}
598
599
## @param clusterOperator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
600
##
601
metricRelabelings: []
602
## @param clusterOperator.metrics.serviceMonitor.relabelings Specify general relabeling
603
##
604
relabelings: []
605
## @param clusterOperator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
606
##
607
labels: {}
608
## @param clusterOperator.metrics.serviceMonitor.path Define the path used by ServiceMonitor to scrap metrics
609
## Could be /metrics for aggregated metrics or /metrics/per-object for more details
610
##
611
path: ""
612
## @param clusterOperator.metrics.serviceMonitor.params Define the HTTP URL parameters used by ServiceMonitor
613
##
614
params: {}
615
podMonitor:
616
## @param clusterOperator.metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator
617
##
618
enabled: false
619
## @param clusterOperator.metrics.podMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
620
##
621
jobLabel: app.kubernetes.io/name
622
## @param clusterOperator.metrics.podMonitor.namespace Namespace which Prometheus is running in
623
##
624
namespace: ""
625
## @param clusterOperator.metrics.podMonitor.honorLabels Honor metrics labels
626
##
627
honorLabels: false
628
## @param clusterOperator.metrics.podMonitor.selector Prometheus instance selector labels
629
selector: {}
630
## @param clusterOperator.metrics.podMonitor.interval Specify the interval at which metrics should be scraped
631
##
632
interval: 30s
633
## @param clusterOperator.metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
634
##
635
scrapeTimeout: 30s
636
## @param clusterOperator.metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus
637
##
638
additionalLabels: {}
639
## @param clusterOperator.metrics.podMonitor.path Define HTTP path to scrape for metrics.
640
##
641
path: ""
642
## @param clusterOperator.metrics.podMonitor.relabelings Specify general relabeling
643
##
644
relabelings: []
645
## @param clusterOperator.metrics.podMonitor.metricRelabelings Specify additional relabeling of metrics
646
##
647
metricRelabelings: []
648
## @param clusterOperator.metrics.podMonitor.params Define the HTTP URL parameters used by PodMonitor
649
##
650
params: {}
651
## @section RabbitMQ Messaging Topology Operator Parameters
652
##
653
msgTopologyOperator:
654
## @param msgTopologyOperator.enabled Deploy RabbitMQ Messaging Topology Operator as part of the installation
655
##
656
enabled: true
657
## Iamguarded RabbitMQ Messaging Topology Operator image
658
## @param msgTopologyOperator.image.registry [default: REGISTRY_NAME] RabbitMQ Messaging Topology Operator image registry
659
## @param msgTopologyOperator.image.repository [default: REPOSITORY_NAME/rmq-messaging-topology-operator] RabbitMQ Messaging Topology Operator image repository
660
## @skip msgTopologyOperator.image.tag RabbitMQ Messaging Topology Operator image tag (immutable tags are recommended)
661
## @param msgTopologyOperator.image.digest RabbitMQ Messaging Topology Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
662
## @param msgTopologyOperator.image.pullPolicy RabbitMQ Messaging Topology Operator image pull policy
663
## @param msgTopologyOperator.image.pullSecrets RabbitMQ Messaging Topology Operator image pull secrets
664
##
665
image:
666
registry: cgr.dev
667
repository: chainguard-private/rabbitmq-messaging-topology-operator-iamguarded
668
tag: 1.18.3
669
digest: ""
670
## Specify a imagePullPolicy
671
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
672
##
673
pullPolicy: IfNotPresent
674
## Optionally specify an array of imagePullSecrets.
675
## Secrets must be manually created in the namespace.
676
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
677
## e.g:
678
## pullSecrets:
679
## - myRegistryKeySecretName
680
##
681
pullSecrets: []
682
## @param msgTopologyOperator.revisionHistoryLimit sets number of replicaset to keep in k8s
683
##
684
revisionHistoryLimit: 10
685
## @param msgTopologyOperator.watchAllNamespaces Watch for resources in all namespaces
686
##
687
watchAllNamespaces: true
688
## @param msgTopologyOperator.watchNamespaces [array] Watch for resources in the given namespaces ## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true)
689
##
690
watchNamespaces: []
691
## @param msgTopologyOperator.replicaCount Number of RabbitMQ Messaging Topology Operator replicas to deploy
692
##
693
replicaCount: 1
694
## @param msgTopologyOperator.topologySpreadConstraints Topology Spread Constraints for pod assignment
695
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
696
## The value is evaluated as a template
697
##
698
topologySpreadConstraints: []
699
## @param msgTopologyOperator.schedulerName Alternative scheduler
700
##
701
schedulerName: ""
702
## @param msgTopologyOperator.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully
703
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
704
##
705
terminationGracePeriodSeconds: ""
706
## @param msgTopologyOperator.hostNetwork Boolean
707
##
708
hostNetwork: "false"
709
## @param msgTopologyOperator.dnsPolicy Alternative DNS policy
710
##
711
dnsPolicy: "ClusterFirst"
712
## Configure extra options for RabbitMQ Messaging Topology Operator containers' liveness and readiness probes
713
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
714
## @param msgTopologyOperator.livenessProbe.enabled Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes
715
## @param msgTopologyOperator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
716
## @param msgTopologyOperator.livenessProbe.periodSeconds Period seconds for livenessProbe
717
## @param msgTopologyOperator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
718
## @param msgTopologyOperator.livenessProbe.failureThreshold Failure threshold for livenessProbe
719
## @param msgTopologyOperator.livenessProbe.successThreshold Success threshold for livenessProbe
720
##
721
livenessProbe:
722
enabled: true
723
initialDelaySeconds: 5
724
periodSeconds: 30
725
timeoutSeconds: 5
726
successThreshold: 1
727
failureThreshold: 5
728
## @param msgTopologyOperator.readinessProbe.enabled Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes
729
## @param msgTopologyOperator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
730
## @param msgTopologyOperator.readinessProbe.periodSeconds Period seconds for readinessProbe
731
## @param msgTopologyOperator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
732
## @param msgTopologyOperator.readinessProbe.failureThreshold Failure threshold for readinessProbe
733
## @param msgTopologyOperator.readinessProbe.successThreshold Success threshold for readinessProbe
734
##
735
readinessProbe:
736
enabled: true
737
initialDelaySeconds: 5
738
periodSeconds: 30
739
timeoutSeconds: 5
740
successThreshold: 1
741
failureThreshold: 5
742
## @param msgTopologyOperator.startupProbe.enabled Enable startupProbe on RabbitMQ Messaging Topology Operator nodes
743
## @param msgTopologyOperator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
744
## @param msgTopologyOperator.startupProbe.periodSeconds Period seconds for startupProbe
745
## @param msgTopologyOperator.startupProbe.timeoutSeconds Timeout seconds for startupProbe
746
## @param msgTopologyOperator.startupProbe.failureThreshold Failure threshold for startupProbe
747
## @param msgTopologyOperator.startupProbe.successThreshold Success threshold for startupProbe
748
##
749
startupProbe:
750
enabled: false
751
initialDelaySeconds: 5
752
periodSeconds: 30
753
timeoutSeconds: 5
754
successThreshold: 1
755
failureThreshold: 5
756
## @param msgTopologyOperator.customLivenessProbe Custom livenessProbe that overrides the default one
757
##
758
customLivenessProbe: {}
759
## @param msgTopologyOperator.customReadinessProbe Custom readinessProbe that overrides the default one
760
##
761
customReadinessProbe: {}
762
## @param msgTopologyOperator.customStartupProbe Custom startupProbe that overrides the default one
763
##
764
customStartupProbe: {}
765
## @param msgTopologyOperator.skipCreateAdmissionWebhookConfig skip creation of ValidationWebhookConfiguration
766
##
767
skipCreateAdmissionWebhookConfig: false
768
## @param msgTopologyOperator.existingWebhookCertSecret name of a secret containing the certificates (use it to avoid certManager creating one)
769
##
770
existingWebhookCertSecret: ""
771
## @param msgTopologyOperator.existingWebhookCertCABundle PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false)
772
##
773
existingWebhookCertCABundle: ""
774
## RabbitMQ Messaging Topology Operator resource requests and limits
775
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
776
## @param msgTopologyOperator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if msgTopologyOperator.resources is set (msgTopologyOperator.resources is recommended for production).
777
##
778
resourcesPreset: "nano"
779
## @param msgTopologyOperator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
780
## Example:
781
## resources:
782
## requests:
783
## cpu: 2
784
## memory: 512Mi
785
## limits:
786
## cpu: 3
787
## memory: 1024Mi
788
##
789
resources: {}
790
## Pod Disruption Budget configuration
791
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
792
## @param msgTopologyOperator.pdb.create Enable a Pod Disruption Budget creation
793
## @param msgTopologyOperator.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
794
## @param msgTopologyOperator.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
795
##
796
pdb:
797
create: true
798
minAvailable: ""
799
maxUnavailable: ""
800
## Configure Pods Security Context
801
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
802
## @param msgTopologyOperator.podSecurityContext.enabled Enabled RabbitMQ Messaging Topology Operator pods' Security Context
803
## @param msgTopologyOperator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
804
## @param msgTopologyOperator.podSecurityContext.sysctls Set kernel settings using the sysctl interface
805
## @param msgTopologyOperator.podSecurityContext.supplementalGroups Set filesystem extra groups
806
## @param msgTopologyOperator.podSecurityContext.fsGroup Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup
807
##
808
podSecurityContext:
809
enabled: true
810
fsGroupChangePolicy: Always
811
sysctls: []
812
supplementalGroups: []
813
fsGroup: 1001
814
## Configure Container Security Context
815
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
816
## @param msgTopologyOperator.containerSecurityContext.enabled Enabled containers' Security Context
817
## @param msgTopologyOperator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
818
## @param msgTopologyOperator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
819
## @param msgTopologyOperator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
820
## @param msgTopologyOperator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
821
## @param msgTopologyOperator.containerSecurityContext.privileged Set container's Security Context privileged
822
## @param msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
823
## @param msgTopologyOperator.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
824
## @param msgTopologyOperator.containerSecurityContext.capabilities.drop List of capabilities to be dropped
825
## @param msgTopologyOperator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
826
##
827
containerSecurityContext:
828
enabled: true
829
seLinuxOptions: {}
830
runAsUser: 1001
831
runAsGroup: 1001
832
runAsNonRoot: true
833
privileged: false
834
readOnlyRootFilesystem: true
835
allowPrivilegeEscalation: false
836
capabilities:
837
drop: ["ALL"]
838
seccompProfile:
839
type: "RuntimeDefault"
840
## @param msgTopologyOperator.fullnameOverride String to fully override rmqco.msgTopologyOperator.fullname template
841
##
842
fullnameOverride: ""
843
## @param msgTopologyOperator.command Override default container command (useful when using custom images)
844
##
845
command: []
846
## @param msgTopologyOperator.args Override default container args (useful when using custom images)
847
##
848
args: []
849
## @param msgTopologyOperator.automountServiceAccountToken Mount Service Account token in pod
850
##
851
automountServiceAccountToken: true
852
## @param msgTopologyOperator.hostAliases RabbitMQ Messaging Topology Operator pods host aliases
853
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
854
##
855
hostAliases: []
856
## @param msgTopologyOperator.podLabels Extra labels for RabbitMQ Messaging Topology Operator pods
857
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
858
##
859
podLabels: {}
860
## @param msgTopologyOperator.podAnnotations Annotations for RabbitMQ Messaging Topology Operator pods
861
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
862
##
863
podAnnotations: {}
864
## @param msgTopologyOperator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
865
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
866
##
867
podAffinityPreset: ""
868
## @param msgTopologyOperator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
869
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
870
##
871
podAntiAffinityPreset: soft
872
## Node affinity preset
873
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
874
##
875
nodeAffinityPreset:
876
## @param msgTopologyOperator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
877
##
878
type: ""
879
## @param msgTopologyOperator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
880
##
881
key: ""
882
## @param msgTopologyOperator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
883
## E.g.
884
## values:
885
## - e2e-az1
886
## - e2e-az2
887
##
888
values: []
889
## @param msgTopologyOperator.affinity Affinity for RabbitMQ Messaging Topology Operator pods assignment
890
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
891
## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
892
##
893
affinity: {}
894
## @param msgTopologyOperator.nodeSelector Node labels for RabbitMQ Messaging Topology Operator pods assignment
895
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
896
##
897
nodeSelector: {}
898
## @param msgTopologyOperator.tolerations Tolerations for RabbitMQ Messaging Topology Operator pods assignment
899
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
900
##
901
tolerations: []
902
## @param msgTopologyOperator.updateStrategy.type RabbitMQ Messaging Topology Operator statefulset strategy type
903
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
904
##
905
updateStrategy:
906
## StrategyType
907
## Can be set to RollingUpdate or OnDelete
908
##
909
type: RollingUpdate
910
## @param msgTopologyOperator.priorityClassName RabbitMQ Messaging Topology Operator pods' priorityClassName
911
##
912
priorityClassName: ""
913
## @param msgTopologyOperator.lifecycleHooks for the RabbitMQ Messaging Topology Operator container(s) to automate configuration before or after startup
914
##
915
lifecycleHooks: {}
916
## @param msgTopologyOperator.containerPorts.metrics RabbitMQ Messaging Topology Operator container port (used for metrics)
917
##
918
containerPorts:
919
metrics: 8080
920
## @param msgTopologyOperator.extraEnvVars Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes
921
## e.g:
922
## extraEnvVars:
923
## - name: FOO
924
## value: "bar"
925
##
926
extraEnvVars: []
927
## @param msgTopologyOperator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes
928
##
929
extraEnvVarsCM: ""
930
## @param msgTopologyOperator.extraEnvVarsSecret Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes
931
##
932
extraEnvVarsSecret: ""
933
## @param msgTopologyOperator.extraVolumes Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s)
934
##
935
extraVolumes: []
936
## @param msgTopologyOperator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s)
937
##
938
extraVolumeMounts: []
939
## @param msgTopologyOperator.sidecars Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s)
940
## e.g:
941
## sidecars:
942
## - name: your-image-name
943
## image: your-image
944
## imagePullPolicy: Always
945
## ports:
946
## - name: portname
947
## containerPort: 1234
948
##
949
sidecars: []
950
## @param msgTopologyOperator.initContainers Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s)
951
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
952
## e.g:
953
## initContainers:
954
## - name: your-image-name
955
## image: your-image
956
## imagePullPolicy: Always
957
## command: ['sh', '-c', 'echo "hello world"']
958
##
959
initContainers: []
960
## Webhook service parameters
961
##
962
service:
963
## @param msgTopologyOperator.service.type RabbitMQ Messaging Topology Operator webhook service type
964
##
965
type: ClusterIP
966
## @param msgTopologyOperator.service.ports.webhook RabbitMQ Messaging Topology Operator webhook service HTTP port
967
##
968
ports:
969
webhook: 443
970
## Node ports to expose
971
## @param msgTopologyOperator.service.nodePorts.http Node port for HTTP
972
## NOTE: choose port between <30000-32767>
973
##
974
nodePorts:
975
http: ""
976
## @param msgTopologyOperator.service.clusterIP RabbitMQ Messaging Topology Operator webhook service Cluster IP
977
## e.g.:
978
## clusterIP: None
979
##
980
clusterIP: ""
981
## @param msgTopologyOperator.service.loadBalancerIP RabbitMQ Messaging Topology Operator webhook service Load Balancer IP
982
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
983
##
984
loadBalancerIP: ""
985
## @param msgTopologyOperator.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
986
##
987
extraPorts: []
988
## @param msgTopologyOperator.service.loadBalancerSourceRanges RabbitMQ Messaging Topology Operator webhook service Load Balancer sources
989
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
990
## e.g:
991
## loadBalancerSourceRanges:
992
## - 10.10.10.0/24
993
##
994
loadBalancerSourceRanges: []
995
## @param msgTopologyOperator.service.externalTrafficPolicy RabbitMQ Messaging Topology Operator webhook service external traffic policy
996
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
997
##
998
externalTrafficPolicy: Cluster
999
## @param msgTopologyOperator.service.annotations Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service
1000
##
1001
annotations: {}
1002
## @param msgTopologyOperator.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1003
## If "ClientIP", consecutive client requests will be directed to the same Pod
1004
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1005
##
1006
sessionAffinity: None
1007
## @param msgTopologyOperator.service.sessionAffinityConfig Additional settings for the sessionAffinity
1008
## sessionAffinityConfig:
1009
## clientIP:
1010
## timeoutSeconds: 300
1011
##
1012
sessionAffinityConfig: {}
1013
## Network Policies
1014
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1015
##
1016
networkPolicy:
1017
## @param msgTopologyOperator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1018
##
1019
enabled: true
1020
## @param msgTopologyOperator.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
1021
##
1022
kubeAPIServerPorts: [443, 6443, 8443]
1023
## @param msgTopologyOperator.networkPolicy.allowExternal Don't require injector label for connections
1024
## The Policy model to apply. When set to false, only pods with the correct
1025
## injector label will have network access to the ports injector is listening
1026
## on. When true, injector will accept connections from any source
1027
## (with the correct destination port).
1028
##
1029
allowExternal: true
1030
## @param msgTopologyOperator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1031
##
1032
allowExternalEgress: true
1033
## @param msgTopologyOperator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1034
## e.g:
1035
## extraIngress:
1036
## - ports:
1037
## - port: 1234
1038
## from:
1039
## - podSelector:
1040
## - matchLabels:
1041
## - role: frontend
1042
## - podSelector:
1043
## - matchExpressions:
1044
## - key: role
1045
## operator: In
1046
## values:
1047
## - frontend
1048
extraIngress: []
1049
## @param msgTopologyOperator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1050
## e.g:
1051
## extraEgress:
1052
## - ports:
1053
## - port: 1234
1054
## to:
1055
## - podSelector:
1056
## - matchLabels:
1057
## - role: frontend
1058
## - podSelector:
1059
## - matchExpressions:
1060
## - key: role
1061
## operator: In
1062
## values:
1063
## - frontend
1064
##
1065
extraEgress: []
1066
## @param msgTopologyOperator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1067
## @param msgTopologyOperator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1068
##
1069
ingressNSMatchLabels: {}
1070
ingressNSPodMatchLabels: {}
1071
## RBAC configuration
1072
##
1073
rbac:
1074
## @param msgTopologyOperator.rbac.create Specifies whether RBAC resources should be created
1075
##
1076
create: true
1077
## ClusterRole parameters
1078
##
1079
clusterRole:
1080
## @param msgTopologyOperator.rbac.clusterRole.customRules Define custom access rules for the ClusterRole
1081
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
1082
## e.g:
1083
## customRules:
1084
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
1085
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
1086
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
1087
customRules: []
1088
## @param msgTopologyOperator.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array.
1089
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
1090
## e.g:
1091
## extraRules:
1092
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
1093
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
1094
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
1095
extraRules: []
1096
## ServiceAccount configuration
1097
##
1098
serviceAccount:
1099
## @param msgTopologyOperator.serviceAccount.create Specifies whether a ServiceAccount should be created
1100
##
1101
create: true
1102
## @param msgTopologyOperator.serviceAccount.name The name of the ServiceAccount to use.
1103
## If not set and create is true, a name is generated using the common.names.fullname template
1104
##
1105
name: ""
1106
## @param msgTopologyOperator.serviceAccount.annotations Add annotations
1107
##
1108
annotations: {}
1109
## @param msgTopologyOperator.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
1110
##
1111
automountServiceAccountToken: false
1112
## @section RabbitMQ Messaging Topology Operator parameters
1113
##
1114
metrics:
1115
## Metrics service parameters
1116
##
1117
service:
1118
## @param msgTopologyOperator.metrics.service.enabled Create a service for accessing the metrics endpoint
1119
##
1120
enabled: false
1121
## @param msgTopologyOperator.metrics.service.type RabbitMQ Cluster Operator metrics service type
1122
##
1123
type: ClusterIP
1124
## @param msgTopologyOperator.metrics.service.ports.http RabbitMQ Cluster Operator metrics service HTTP port
1125
##
1126
ports:
1127
http: 80
1128
## Node ports to expose
1129
## @param msgTopologyOperator.metrics.service.nodePorts.http Node port for HTTP
1130
## NOTE: choose port between <30000-32767>
1131
##
1132
nodePorts:
1133
http: ""
1134
## @param msgTopologyOperator.metrics.service.clusterIP RabbitMQ Cluster Operator metrics service Cluster IP
1135
## e.g.:
1136
## clusterIP: None
1137
##
1138
clusterIP: ""
1139
## @param msgTopologyOperator.metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1140
##
1141
extraPorts: []
1142
## @param msgTopologyOperator.metrics.service.loadBalancerIP RabbitMQ Cluster Operator metrics service Load Balancer IP
1143
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1144
##
1145
loadBalancerIP: ""
1146
## @param msgTopologyOperator.metrics.service.loadBalancerSourceRanges RabbitMQ Cluster Operator metrics service Load Balancer sources
1147
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1148
## e.g:
1149
## loadBalancerSourceRanges:
1150
## - 10.10.10.0/24
1151
##
1152
loadBalancerSourceRanges: []
1153
## @param msgTopologyOperator.metrics.service.externalTrafficPolicy RabbitMQ Cluster Operator metrics service external traffic policy
1154
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1155
##
1156
externalTrafficPolicy: Cluster
1157
## @param msgTopologyOperator.metrics.service.annotations [object] Additional custom annotations for RabbitMQ Cluster Operator metrics service
1158
##
1159
annotations:
1160
prometheus.io/scrape: "true"
1161
prometheus.io/port: "{{ .Values.msgTopologyOperator.metrics.service.ports.http }}"
1162
## @param msgTopologyOperator.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1163
## If "ClientIP", consecutive client requests will be directed to the same Pod
1164
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1165
##
1166
sessionAffinity: None
1167
## @param msgTopologyOperator.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
1168
## sessionAffinityConfig:
1169
## clientIP:
1170
## timeoutSeconds: 300
1171
##
1172
sessionAffinityConfig: {}
1173
serviceMonitor:
1174
## @param msgTopologyOperator.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
1175
##
1176
enabled: false
1177
## @param msgTopologyOperator.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
1178
## e.g:
1179
## namespace: monitoring
1180
##
1181
namespace: ""
1182
## @param msgTopologyOperator.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
1183
##
1184
jobLabel: app.kubernetes.io/name
1185
## DEPRECATED: Use msgTopologyOperator.metrics.serviceMonitor.labels instead.
1186
## This value will be removed in a future release
1187
## additionalLabels: {}
1188
1189
## @param msgTopologyOperator.metrics.serviceMonitor.selector Prometheus instance selector labels
1190
## e.g:
1191
## selector:
1192
## prometheus: my-prometheus
1193
##
1194
selector: {}
1195
## @param msgTopologyOperator.metrics.serviceMonitor.honorLabels Honor metrics labels
1196
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1197
##
1198
honorLabels: false
1199
## @param msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
1200
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1201
## e.g:
1202
## scrapeTimeout: 10s
1203
##
1204
scrapeTimeout: ""
1205
## @param msgTopologyOperator.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
1206
##
1207
interval: ""
1208
## @param msgTopologyOperator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
1209
##
1210
metricRelabelings: []
1211
## @param msgTopologyOperator.metrics.serviceMonitor.relabelings Specify general relabeling
1212
##
1213
relabelings: []
1214
## @param msgTopologyOperator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
1215
##
1216
labels: {}
1217
podMonitor:
1218
## @param msgTopologyOperator.metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator
1219
##
1220
enabled: false
1221
## @param msgTopologyOperator.metrics.podMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
1222
##
1223
jobLabel: app.kubernetes.io/name
1224
## @param msgTopologyOperator.metrics.podMonitor.namespace Namespace which Prometheus is running in
1225
##
1226
namespace: ""
1227
## @param msgTopologyOperator.metrics.podMonitor.honorLabels Honor metrics labels
1228
##
1229
honorLabels: false
1230
## @param msgTopologyOperator.metrics.podMonitor.selector Prometheus instance selector labels
1231
selector: {}
1232
## @param msgTopologyOperator.metrics.podMonitor.interval Specify the interval at which metrics should be scraped
1233
##
1234
interval: 30s
1235
## @param msgTopologyOperator.metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
1236
##
1237
scrapeTimeout: 30s
1238
## @param msgTopologyOperator.metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus
1239
##
1240
additionalLabels: {}
1241
## @param msgTopologyOperator.metrics.podMonitor.relabelings Specify general relabeling
1242
##
1243
relabelings: []
1244
## @param msgTopologyOperator.metrics.podMonitor.metricRelabelings Specify additional relabeling of metrics
1245
##
1246
metricRelabelings: []
1247
## @section cert-manager parameters
1248
##
1249
1250
## @param useCertManager Deploy cert-manager objects (Issuer and Certificate) for webhooks
1251
##
1252
useCertManager: false
1253